From 35bae4283d417d07c8cc6903748e3bb4fb5a6683 Mon Sep 17 00:00:00 2001
From: "Brian M. Long" <brian@inteligr8.com>
Date: Thu, 9 Jan 2025 11:53:48 -0500
Subject: [PATCH] get authorities from AuthorityService

---
 .../alfresco/asie/rest/AbstractWebScript.java      | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java
index 3faf467..230a640 100644
--- a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java
+++ b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java
@@ -4,15 +4,18 @@ import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.extensions.webscripts.Description.RequiredAuthentication;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.extensions.webscripts.WebScriptException;
 import org.springframework.extensions.webscripts.WebScriptRequest;
@@ -28,6 +31,9 @@ public abstract class AbstractWebScript extends org.springframework.extensions.w
 	@Value("${inteligr8.asie.allowedAuthorities}")
 	private String authorizedAuthoritiesStr;
 	
+	@Autowired
+	private AuthorityService authorityService;
+	
 	private Set<String> authorizedAuthorities;
 	
 	@Override
@@ -69,7 +75,13 @@ public abstract class AbstractWebScript extends org.springframework.extensions.w
 				return true;
 		}
 		
-		this.logger.trace("Not authorized: user '{}'; authorities: {}", AuthenticationUtil.getFullyAuthenticatedUser(), AuthenticationUtil.getFullAuthentication().getAuthorities());
+		Set<String> authorities = this.authorityService.getAuthoritiesForUser(AuthenticationUtil.getFullyAuthenticatedUser());
+		if (authorities != null) {
+			if (!Collections.disjoint(this.getAuthorities(), authorities))
+				return true;
+		}
+		
+		this.logger.trace("Not authorized: user '{}'; authorities: {} + {}", AuthenticationUtil.getFullyAuthenticatedUser(), AuthenticationUtil.getFullAuthentication().getAuthorities(), authorities);
 		return false;
 	}