SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -1,10 +1,12 @@
 package org.springframework.security.access.expression;
 
+import java.io.Serializable;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
 import org.springframework.context.ApplicationContext;
+import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.core.Authentication;
@@ -30,6 +32,12 @@ public abstract class SecurityExpressionRoot {
 
     /** Allows "denyAll" expression */
     public final boolean denyAll = false;
+    private PermissionEvaluator permissionEvaluator;
+    public final String read = "read";
+    public final String write = "write";
+    public final String create = "create";
+    public final String delete = "delete";
+    public final String admin = "administration";
 
     public SecurityExpressionRoot(Authentication a) {
         if (a == null) {
@@ -116,4 +124,16 @@ public abstract class SecurityExpressionRoot {
 
         return roles;
     }
+
+    public boolean hasPermission(Object target, Object permission) {
+        return permissionEvaluator.hasPermission(authentication, target, permission);
+    }
+
+    public boolean hasPermission(Object targetId, String targetType, Object permission) {
+        return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
+    }
+
+    public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
+        this.permissionEvaluator = permissionEvaluator;
+    }
 }

core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java

@@ -14,27 +14,13 @@ import org.springframework.security.core.Authentication;
  * @since 3.0
  */
 class MethodSecurityExpressionRoot extends SecurityExpressionRoot {
-    private PermissionEvaluator permissionEvaluator;
     private Object filterObject;
     private Object returnObject;
-    public final String read = "read";
-    public final String write = "write";
-    public final String create = "create";
-    public final String delete = "delete";
-    public final String admin = "administration";
 
     MethodSecurityExpressionRoot(Authentication a) {
         super(a);
     }
 
-    public boolean hasPermission(Object target, Object permission) {
-        return permissionEvaluator.hasPermission(authentication, target, permission);
-    }
-
-    public boolean hasPermission(Object targetId, String targetType, Object permission) {
-        return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
-    }
-
     public void setFilterObject(Object filterObject) {
         this.filterObject = filterObject;
     }
@@ -51,8 +37,4 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot {
         return returnObject;
     }
 
-    public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
-        this.permissionEvaluator = permissionEvaluator;
-    }
-
 }