- // Check with the Authorizer\r
- AuthorizationResponse aresp = authz.decide(req);\r
- if (!aresp.isAuthorized()) {\r
- message = "Policy Engine disallows access.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
- eventlogger.info(elr);\r
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
- return;\r
+ /*\r
+ * START - AAF changes\r
+ * TDP EPIC US# 307413\r
+ * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+ */\r
+ String aafInstance = sub.getAafInstance();\r
+ if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {\r
+ AuthorizationResponse aresp = authz.decide(req);\r
+ if (!aresp.isAuthorized()) {\r
+ message = "Policy Engine disallows access.";\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ } else {\r
+ String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);\r
+ eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+ if (!req.isUserInRole(permission)) {\r
+ message = "AAF disallows access to permission - " + permission;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r