in src/java/org/apache/turbine/util/SecurityCheck.java [204:257]
public boolean hasPermission(String permission)
throws Exception
{
Permission permissionObject = null;
try
{
permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
}
catch (UnknownEntityException e)
{
if(initialize)
{
permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
securityService.getPermissionManager().addPermission(permissionObject);
Role role = null;
TurbineAccessControlList<?> acl = data.getACL();
RoleSet roles = acl.getRoles();
if(roles.size() > 0)
{
role = roles.toArray(new Role[0])[0];
}
if(role == null)
{
/*
* The User within data has no roles yet, let us grant the permission
* to the first role available through SecurityService.
*/
roles = securityService.getRoleManager().getAllRoles();
if(roles.size() > 0)
{
role = roles.toArray(new Role[0])[0];
}
}
if(role != null)
{
/*
* If we have no role, there is nothing we can do about it. So only grant it,
* if we have a role to grant it to.
*/
TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
modelManager.grant(role, permissionObject);
}
}
else
{
throw(e);
}
}
return hasPermission(permissionObject);
}