in src/zgoog_cl_content_repo_gcs.clas.abap [0:0]
METHOD check_authority.
DATA: lv_udata TYPE uslogond,
lv_status_text TYPE string,
lv_seckey TYPE string,
lv_signature TYPE sy-datar.
DATA: lt_r_crep_table TYPE RANGE OF tabname.
DATA: ls_r_crep_table LIKE LINE OF lt_r_crep_table.
DEFINE raise_error.
sy-msgid = &1.
sy-msgty = &2.
sy-msgno = &3.
sy-msgv1 = &4.
sy-msgv2 = &5.
sy-msgv3 = &6.
sy-msgv4 = &7.
END-OF-DEFINITION.
" Populate range with list of CREP tables for authorization check
REFRESH lt_r_crep_table.
ls_r_crep_table-sign = 'I'.
ls_r_crep_table-option = 'EQ'.
ls_r_crep_table-low = 'CREP'.
APPEND ls_r_crep_table TO lt_r_crep_table.
ls_r_crep_table-sign = 'I'.
ls_r_crep_table-option = 'EQ'.
ls_r_crep_table-low = 'CREPDESCR'.
APPEND ls_r_crep_table TO lt_r_crep_table.
ls_r_crep_table-sign = 'I'.
ls_r_crep_table-option = 'EQ'.
ls_r_crep_table-low = 'CREPDOCSP'.
APPEND ls_r_crep_table TO lt_r_crep_table.
LOOP AT lt_r_crep_table INTO ls_r_crep_table.
IF iv_read <> 0 OR iv_write <> 0.
CALL FUNCTION 'VIEW_AUTHORITY_CHECK'
EXPORTING
view_action = 'S'
view_name = ls_r_crep_table-low
no_warning_for_clientindep = 'X'
EXCEPTIONS
invalid_action = 1
no_authority = 2
no_clientindependent_authority = 3
table_not_found = 4
no_linedependent_authority = 5
OTHERS = 6.
IF sy-subrc <> 0.
raise_error 'CMS' 'E' '023' space space space space.
sy-subrc = 2.
ENDIF.
ENDIF.
IF sy-subrc <> 0 OR iv_write = 0.
CONTINUE.
ENDIF.
CALL FUNCTION 'VIEW_AUTHORITY_CHECK'
EXPORTING
view_action = 'U'
view_name = ls_r_crep_table-low
no_warning_for_clientindep = 'X'
EXCEPTIONS
invalid_action = 1
no_authority = 2
no_clientindependent_authority = 3
table_not_found = 4
no_linedependent_authority = 5
OTHERS = 6.
IF sy-subrc <> 0.
" Implement suitable error handling here
raise_error 'CMS' 'E' '019' space space space space.
sy-subrc = 1.
ELSE.
CALL FUNCTION 'SUSR_USER_LOGONDATA_GET'
EXPORTING
user_name = sy-uname
IMPORTING
user_logondata = lv_udata
EXCEPTIONS
user_name_not_exist = 1
OTHERS = 2.
IF sy-subrc = 0.
IF lv_udata-ustyp = 'S'.
lv_status_text
= 'Service user should not be used'(001).
sy-subrc = '1'.
ENDIF.
ENDIF.
ENDIF.
ENDLOOP.
IF sy-subrc = 0.
CALL FUNCTION 'SUSR_USER_LOGONDATA_GET'
EXPORTING
user_name = sy-uname
IMPORTING
user_logondata = lv_udata
EXCEPTIONS
user_name_not_exist = 1
OTHERS = 2.
IF sy-subrc = 0.
IF lv_udata-ustyp = 'S'.
lv_status_text
= 'Service user should not be used'(001).
sy-subrc = '1'.
ENDIF.
ENDIF.
ENDIF.
" Avoid anonymous access
IF go_server = go_server.
lv_status_text
= 'Explicit logon required'(002).
sy-subrc = 1.
ENDIF.
IF sy-subrc <> 0.
lv_seckey = get_parameter( iv_name = 'secKey' ).
IF lv_seckey IS NOT INITIAL.
get_parameter( iv_name = 'authId'
iv_mandatory = 'S' ).
get_parameter( iv_name = 'expiration'
iv_mandatory = 'S' ).
ENDIF.
lv_signature = check_signature( iv_docprot = ''
iv_contrep = '' ).
IF lv_signature = 'X'.
sy-subrc = 0.
ELSE.
sy-subrc = 1.
ENDIF.
ENDIF.
IF sy-subrc = 0.
CLEAR gs_error.
ENDIF.
IF sy-subrc <> 0.
IF lv_status_text IS NOT INITIAL.
CLEAR gs_error.
gs_error-status_text = lv_status_text.
ENDIF.
gs_error-status_code = 401.
gs_error-set_authenticate = 'X'.
ENDIF.