bug:[CORE-1148]create revoke exemption for user role

PaladinCloud · Aug 2, 2023 · c1eb813 · c1eb813
1 parent 3a97fe0
commit c1eb813
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/...pac-api-commons/src/main/java/com/tmobile/pacman/api/commons/service/SecurityService.java b/...pac-api-commons/src/main/java/com/tmobile/pacman/api/commons/service/SecurityService.java
@@ -15,6 +15,7 @@
  ******************************************************************************/
 package com.tmobile.pacman.api.commons.service;
 
+import com.tmobile.pacman.api.commons.Constants;
 import com.tmobile.pacman.api.commons.config.RoleMappingLoader;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
@@ -31,6 +32,7 @@
 @Service
 public class SecurityService {
 
+	private static final String ADMIN_PERMISSION = "rule-admin";
 	@Autowired
 	private RoleMappingLoader roleMappingLoader;
 
@@ -56,4 +58,32 @@ public boolean hasPermission(Authentication authentication, String... permission
 				.anyMatch( allowedPermissions.stream().map(String::toLowerCase)
 								.collect(Collectors.toSet())::contains);
 	}
+
+	public boolean hasPermissionForIssueExemption(Authentication authentication, Constants.ExemptionActions action) {
+		List<String> allowedPermissions = getAllowedPermissions(authentication);
+		switch (action) {
+			/*for admin*/
+			case APPROVE_EXEMPTION_REQUEST:
+			case CANCEL_EXEMPTION_REQUEST:
+				return allowedPermissions.contains(ADMIN_PERMISSION);
+			/*for user*/
+			case CREATE_EXEMPTION_REQUEST:
+			case REVOKE_EXEMPTION_REQUEST:
+			default:
+				return !allowedPermissions.contains(ADMIN_PERMISSION);
+		}
+	}
+
+	private List<String> getAllowedPermissions(Authentication authentication) {
+		final Set<String> userRoles = authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
+		Map<String, List<String>> rolePermissionMappings = roleMappingLoader.getRoleList();
+		List<String> allowedPermissions = new ArrayList<>();
+		userRoles.forEach(role -> {
+			List<String> permissionList = rolePermissionMappings.get(role);
+			if (permissionList != null) {
+				allowedPermissions.addAll(permissionList);
+			}
+		});
+		return allowedPermissions;
+	}
 }