public String doIntercept()

in app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UISecurityInterceptor.java [42:124]

• 62 lines of code
• 19 McCabe index (conditional complexity)

    public String doIntercept(ActionInvocation invocation) throws Exception {

        if (log.isDebugEnabled()) {
            log.debug("Entering UISecurityInterceptor");
        }

        final Object action = invocation.getAction();

        // is this one of our own UIAction classes?
        if (action instanceof UISecurityEnforced && action instanceof UIAction) {

            if (log.isDebugEnabled()) {
                log.debug("action is UISecurityEnforced ... enforcing security rules");
            }

            final UISecurityEnforced theAction = (UISecurityEnforced) action;

            // are we requiring an authenticated user?
            if (theAction.isUserRequired()) {

                UserManager umgr = WebloggerFactory.getWeblogger()
                        .getUserManager();

                User authenticatedUser = ((UIAction) theAction)
                        .getAuthenticatedUser();
                if (authenticatedUser == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("DENIED: required user not found");
                    }
                    return UIAction.DENIED;
                }

                // are we also enforcing global permissions?
                if (theAction.requiredGlobalPermissionActions() != null
                        && !theAction.requiredGlobalPermissionActions().isEmpty()) {
                    GlobalPermission perm = new GlobalPermission(theAction.requiredGlobalPermissionActions());
                    if (!umgr.checkPermission(perm, authenticatedUser)) {
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("DENIED: user %s does not have permission = %s",
                                authenticatedUser.getUserName(), perm));
                        }
                        return UIAction.DENIED;
                    }
                }

                // are we requiring a valid action weblog?
                if (theAction.isWeblogRequired()) {

                    Weblog actionWeblog = ((UIAction) theAction)
                            .getActionWeblog();
                    if (actionWeblog == null) {
                        if (log.isWarnEnabled()) {
                            log.warn(String.format("User %s unable to process action %s " +
                                    "because no weblog was defined (Check JSP form provides weblog value).",
                                authenticatedUser.getUserName(), ((UIAction) theAction).getActionName()));
                        }
                        return UIAction.DENIED;
                    }

                    // are we also enforcing a specific weblog permission?
                    if (theAction.requiredWeblogPermissionActions() != null
                            && !theAction.requiredWeblogPermissionActions()
                                    .isEmpty()) {
                        WeblogPermission required = new WeblogPermission(
                                actionWeblog,
                                theAction.requiredWeblogPermissionActions());

                        if (!umgr.checkPermission(required, authenticatedUser)) {
                            if (log.isDebugEnabled()) {
                                log.debug(String.format("DENIED: user %s does not have required weblog permissions %s",
                                    authenticatedUser.getUserName(), required));
                            }
                            return UIAction.DENIED;
                        }
                    }
                }

            }

        }

        return invocation.invoke();
    }