com.haulmont.cuba.core.sys

Class PersistenceSecurityImpl

java.lang.Object

com.haulmont.cuba.core.sys.SecurityImpl

com.haulmont.cuba.core.sys.PersistenceSecurityImpl

All Implemented Interfaces:

Security, PersistenceSecurity

public class PersistenceSecurityImpl
extends SecurityImpl
implements PersistenceSecurity

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	PersistenceSecurityImpl.EntityId

Field Summary

Fields

Modifier and Type	Field and Description
protected AttributeSecuritySupport	attributeSecuritySupport
protected Configuration	configuration
protected EntityStates	entityStates
protected Persistence	persistence
protected ReferenceToEntitySupport	referenceToEntitySupport
protected SecurityTokenManager	securityTokenManager

Fields inherited from class com.haulmont.cuba.core.sys.SecurityImpl

extendedEntities, metadata, metadataTools, persistenceSecurityService, scripting, userSessionSource

Fields inherited from interface com.haulmont.cuba.core.PersistenceSecurity

CONSTRAINT_PARAM_SESSION_ATTR, CONSTRAINT_PARAM_USER_GROUP_ID, CONSTRAINT_PARAM_USER_ID, CONSTRAINT_PARAM_USER_LOGIN, NAME

Constructor Summary

Constructors

Constructor and Description
PersistenceSecurityImpl()

Method Summary

Modifier and Type	Method and Description
void	applyConstraints(java.util.Collection<Entity> entities) Applies in-memory constraints to the entity fields by filtered data
void	applyConstraints(Entity entity) Applies in-memory constraints to the entity by filtered data
protected void	applyConstraints(Entity entity, java.util.Set<PersistenceSecurityImpl.EntityId> handled)
boolean	applyConstraints(Query query) Modifies the query depending on current user's security constraints.
protected void	assertSecurityConstraints(Entity entity, java.util.function.BiPredicate<Entity,MetaProperty> predicate)
void	assertToken(Entity entity) Validate that security token exists for specific cases.
protected void	assertTokenForAttributeAccess(Entity entity)
void	assertTokenForREST(Entity entity, View view) Validate that security token for REST exists for specific cases.
void	calculateFilteredData(java.util.Collection<Entity> entities) Calculate filtered data
void	calculateFilteredData(Entity entity) Calculate filtered data
protected boolean	calculateFilteredData(Entity entity, java.util.Set<PersistenceSecurityImpl.EntityId> handled, boolean checkPermitted)
java.lang.Object	evaluateConstraintScript(Entity entity, java.lang.String groovyScript)
protected void	fillGroovyConstraintsContext(java.util.Map<java.lang.String,java.lang.Object> context) Override if you need specific context variables in Groovy constraints.
boolean	filterByConstraints(java.util.Collection<Entity> entities) Filter entities in collection by in-memory constraints
boolean	filterByConstraints(Entity entity) Filter entity by in-memory constraints
boolean	hasInMemoryReadConstraints(MetaClass metaClass) Check if there are registered memory read constraints for the metaClass or it's original metaClass
protected boolean	isNotPermittedInMemory(Entity entity)
boolean	isPermitted(Entity entity, ConstraintOperationType operationType) Check if the operation type is permitted for the entity
boolean	isPermitted(Entity entity, EntityOp operation) Check if the operation type is permitted for the entity
boolean	isPermitted(Entity entity, java.lang.String customCode) Check the special constraint permission for the entity
protected java.lang.Object	parseValue(java.lang.Class<?> clazz, java.lang.String string)
protected void	processConstraint(QueryTransformer transformer, JpqlAccessConstraint constraint, java.lang.String entityName)
void	restoreFilteredData(Entity entity) Restores filtered data from security token
void	restoreSecurityState(Entity entity) Reads security token and restores security state
protected java.lang.Object	runGroovyScript(Entity entity, java.lang.String groovyScript)
void	setQueryParam(Query query, java.lang.String paramName) Sets the query param to a value provided by user session (see constants above).
ConstraintValidationResult	validateConstraintScript(java.lang.String entityType, java.lang.String groovyScript) Validate groovy access constraint script

Methods inherited from class com.haulmont.cuba.core.sys.SecurityImpl

checkSpecificPermission, getConstraints, hasConstraints, hasInMemoryConstraints, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrReadPermitted, isEntityAttrReadPermitted, isEntityAttrUpdatePermitted, isEntityAttrUpdatePermitted, isEntityOpPermitted, isEntityOpPermitted, isScreenPermitted, isSpecificPermitted

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.haulmont.cuba.core.PersistenceSecurity

restoreSecurityStateAndFilteredData

Methods inherited from interface com.haulmont.cuba.core.global.Security

checkSpecificPermission, hasConstraints, hasInMemoryConstraints, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrReadPermitted, isEntityAttrReadPermitted, isEntityAttrUpdatePermitted, isEntityAttrUpdatePermitted, isEntityOpPermitted, isEntityOpPermitted, isScreenPermitted, isSpecificPermitted

Field Detail

securityTokenManager

@Inject
protected SecurityTokenManager securityTokenManager

configuration

@Inject
protected Configuration configuration

persistence

@Inject
protected Persistence persistence

referenceToEntitySupport

@Inject
protected ReferenceToEntitySupport referenceToEntitySupport

attributeSecuritySupport

@Inject
protected AttributeSecuritySupport attributeSecuritySupport

entityStates

@Inject
protected EntityStates entityStates

Constructor Detail

PersistenceSecurityImpl

public PersistenceSecurityImpl()

Method Detail

applyConstraints

public boolean applyConstraints(Query query)

Description copied from interface: PersistenceSecurity

Modifies the query depending on current user's security constraints.

Specified by:

applyConstraints in interface PersistenceSecurity

Parameters:

query - query to modify

Returns:

true if any constraints have been applied

setQueryParam

public void setQueryParam(Query query,
                          java.lang.String paramName)

Description copied from interface: PersistenceSecurity

Sets the query param to a value provided by user session (see constants above).

Specified by:

setQueryParam in interface PersistenceSecurity

Parameters:

query - Query instance

paramName - parameter to set

filterByConstraints

public boolean filterByConstraints(java.util.Collection<Entity> entities)

Description copied from interface: PersistenceSecurity

Filter entities in collection by in-memory constraints

Specified by:

filterByConstraints in interface PersistenceSecurity

Parameters:

entities - - collection of entities that will be filtered

Returns:

true if some items were filtered out

filterByConstraints

public boolean filterByConstraints(Entity entity)

Description copied from interface: PersistenceSecurity

Filter entity by in-memory constraints

Specified by:

filterByConstraints in interface PersistenceSecurity

Parameters:

entity - - entity that will be filtered

Returns:

true, if entity should be filtered out from client output

applyConstraints

public void applyConstraints(java.util.Collection<Entity> entities)

Description copied from interface: PersistenceSecurity

Applies in-memory constraints to the entity fields by filtered data

Specified by:

applyConstraints in interface PersistenceSecurity

Parameters:

entities - - collection of entities

applyConstraints

public void applyConstraints(Entity entity)

Description copied from interface: PersistenceSecurity

Applies in-memory constraints to the entity by filtered data

Specified by:

applyConstraints in interface PersistenceSecurity

Parameters:

entity - -

calculateFilteredData

public void calculateFilteredData(Entity entity)

Description copied from interface: PersistenceSecurity

Calculate filtered data

Specified by:

calculateFilteredData in interface PersistenceSecurity

Parameters:

entity - for which will calculate filtered data

calculateFilteredData

public void calculateFilteredData(java.util.Collection<Entity> entities)

Description copied from interface: PersistenceSecurity

Calculate filtered data

Specified by:

calculateFilteredData in interface PersistenceSecurity

Parameters:

entities - - collection of entities for which will calculate filtered data

restoreSecurityState

public void restoreSecurityState(Entity entity)

Description copied from interface: PersistenceSecurity

Reads security token and restores security state

Specified by:

restoreSecurityState in interface PersistenceSecurity

Parameters:

entity - - entity to restore security state

restoreFilteredData

public void restoreFilteredData(Entity entity)

Description copied from interface: PersistenceSecurity

Restores filtered data from security token

Specified by:

restoreFilteredData in interface PersistenceSecurity

Parameters:

entity - - entity to restore filtered data

assertToken

public void assertToken(Entity entity)

Description copied from interface: PersistenceSecurity

Validate that security token exists for specific cases. For example, security constraints exists

Specified by:

assertToken in interface PersistenceSecurity

Parameters:

entity - - entity to check security token

assertTokenForREST

public void assertTokenForREST(Entity entity,
                               View view)

Description copied from interface: PersistenceSecurity

Validate that security token for REST exists for specific cases. For example, security constraints exists

Specified by:

assertTokenForREST in interface PersistenceSecurity

Parameters:

entity - - entity to check security token

view - - view for entity

hasInMemoryReadConstraints

public boolean hasInMemoryReadConstraints(MetaClass metaClass)

Description copied from interface: PersistenceSecurity

Check if there are registered memory read constraints for the metaClass or it's original metaClass

Specified by:

hasInMemoryReadConstraints in interface PersistenceSecurity

assertSecurityConstraints

protected void assertSecurityConstraints(Entity entity,
                                         java.util.function.BiPredicate<Entity,MetaProperty> predicate)

assertTokenForAttributeAccess

protected void assertTokenForAttributeAccess(Entity entity)

processConstraint

protected void processConstraint(QueryTransformer transformer,
                                 JpqlAccessConstraint constraint,
                                 java.lang.String entityName)

applyConstraints

protected void applyConstraints(Entity entity,
                                java.util.Set<PersistenceSecurityImpl.EntityId> handled)

calculateFilteredData

protected boolean calculateFilteredData(Entity entity,
                                        java.util.Set<PersistenceSecurityImpl.EntityId> handled,
                                        boolean checkPermitted)

isPermitted

public boolean isPermitted(Entity entity,
                           EntityOp operation)

Description copied from interface: Security

Check if the operation type is permitted for the entity

Specified by:

isPermitted in interface Security

Overrides:

isPermitted in class SecurityImpl

isPermitted

public boolean isPermitted(Entity entity,
                           ConstraintOperationType operationType)

Description copied from interface: Security

Check if the operation type is permitted for the entity

Specified by:

isPermitted in interface Security

Overrides:

isPermitted in class SecurityImpl

isPermitted

public boolean isPermitted(Entity entity,
                           java.lang.String customCode)

Description copied from interface: Security

Check the special constraint permission for the entity

Specified by:

isPermitted in interface Security

Overrides:

isPermitted in class SecurityImpl

isNotPermittedInMemory

protected boolean isNotPermittedInMemory(Entity entity)

evaluateConstraintScript

public java.lang.Object evaluateConstraintScript(Entity entity,
                                                 java.lang.String groovyScript)

Specified by:

evaluateConstraintScript in interface Security

Overrides:

evaluateConstraintScript in class SecurityImpl

validateConstraintScript

public ConstraintValidationResult validateConstraintScript(java.lang.String entityType,
                                                           java.lang.String groovyScript)

Description copied from interface: PersistenceSecurity

Validate groovy access constraint script

Specified by:

validateConstraintScript in interface PersistenceSecurity

runGroovyScript

protected java.lang.Object runGroovyScript(Entity entity,
                                           java.lang.String groovyScript)

fillGroovyConstraintsContext

protected void fillGroovyConstraintsContext(java.util.Map<java.lang.String,java.lang.Object> context)

Override if you need specific context variables in Groovy constraints.

Parameters:

context - passed to Groovy evaluator

parseValue

protected java.lang.Object parseValue(java.lang.Class<?> clazz,
                                      java.lang.String string)