Sometimes it might be desirable to perform a security check in code, without using the @Restrict annotation. In this situation, simply use Identity.checkRestriction() to evaluate a security expression, like this:
public void deleteCustomer() {
Identity.instance().checkRestriction("#{s:hasPermission('customer','delete',
selectedCustomer)}");
}
If the expression specified doesn't evaluate to true, either
if the user is not logged in, a NotLoggedInException exception is thrown or
if the user is logged in, an AuthorizationException exception is thrown.
It is also possible to call the hasRole() and hasPermission() methods directly from Java code:
if (!Identity.instance().hasRole("admin"))
throw new AuthorizationException("Must be admin to perform this action");
if (!Identity.instance().hasPermission("customer", "create", null))
throw new AuthorizationException("You may not create new customers");