public ConstraintCheckType getCheckType() { return ConstraintCheckType.fromId(checkType); }
protected void setupVisibility() { Constraint item = getItem(); asList(groovyScript, groovyScriptLabel) .forEach(component -> component.setVisible(item.getCheckType().memory())); asList(joinClause, joinClauseLabel, whereClause, whereClauseLabel) .forEach(component -> component.setVisible(item.getCheckType().database() && item.getOperationType() != ConstraintOperationType.CREATE && item.getOperationType() != ConstraintOperationType.DELETE && item.getOperationType() != ConstraintOperationType.UPDATE)); asList(code, codeLabel) .forEach(component -> component.setVisible(item.getOperationType() == ConstraintOperationType.CUSTOM)); if (item.getOperationType() != ConstraintOperationType.ALL && item.getOperationType() != ConstraintOperationType.CUSTOM && item.getOperationType() != ConstraintOperationType.READ) { item.setCheckType(ConstraintCheckType.MEMORY); type.setEnabled(false); } else { type.setEnabled(true); } if (!item.getCheckType().database()) { item.setJoinClause(null); item.setWhereClause(null); } }
@Override public boolean hasInMemoryConstraints(MetaClass metaClass, ConstraintOperationType... operationTypes) { List<ConstraintData> constraints = getConstraints(metaClass, constraint -> constraint.getCheckType().memory() && constraint.getOperationType() != null && Arrays.asList(operationTypes).contains(constraint.getOperationType()) ); return !constraints.isEmpty(); }
@Override public boolean applyConstraints(Query query) { QueryParser parser = QueryTransformerFactory.createParser(query.getQueryString()); String entityName = parser.getEntityName(); List<ConstraintData> constraints = getConstraints(metadata.getClassNN(entityName), constraint -> constraint.getCheckType().database() && (constraint.getOperationType() == ConstraintOperationType.READ || constraint.getOperationType() == ConstraintOperationType.ALL)); if (constraints.isEmpty()) return false; QueryTransformer transformer = QueryTransformerFactory.createTransformer(query.getQueryString()); for (ConstraintData constraint : constraints) { processConstraint(transformer, constraint, entityName); } query.setQueryString(transformer.getResult()); for (String paramName : transformer.getAddedParams()) { setQueryParam(query, paramName); } return true; }
public void setCheckType(ConstraintCheckType checkType) { this.checkType = checkType != null ? checkType.getId() : null; }
if (item.getCheckType().database()) { String jpql = new SecurityJpqlGenerator().generateJpql(filterParser.getRoot()); constraint.setWhereClause(jpql); if (item.getCheckType().memory()) { String groovy = new GroovyGenerator().generateGroovy(filterParser.getRoot()); constraint.setGroovyScript(groovy);
@Override public boolean isPermitted(Entity entity, String customCode) { return isPermitted(entity, constraint -> customCode.equals(constraint.getCode()) && constraint.getCheckType().memory()); }
@Override public boolean isPermitted(Entity entity, ConstraintOperationType targetOperationType) { return isPermitted(entity, constraint -> { ConstraintOperationType operationType = constraint.getOperationType(); return constraint.getCheckType().memory() && ( (targetOperationType == ALL && operationType != CUSTOM) || operationType == targetOperationType || operationType == ALL ); }); }
protected boolean isPermittedInMemory(Entity entity) { return isPermitted(entity, constraint -> constraint.getCheckType().memory() && (constraint.getOperationType() == ConstraintOperationType.READ || constraint.getOperationType() == ConstraintOperationType.ALL)); }
protected boolean isPermitted(Entity entity, ConstraintData constraint) { String metaClassName = entity.getMetaClass().getName(); String groovyScript = constraint.getGroovyScript(); if (constraint.getCheckType().memory() && StringUtils.isNotBlank(groovyScript)) { try { Object o = evaluateConstraintScript(entity, groovyScript); if (Boolean.FALSE.equals(o)) { log.trace("Entity does not match security constraint. Entity class [{}]. Entity [{}]. Constraint [{}].", metaClassName, entity.getId(), constraint.getCheckType()); return false; } } catch (Exception e) { log.error("An error occurred while applying constraint's Groovy script. The entity has been filtered out." + "Entity class [{}]. Entity [{}].", metaClassName, entity.getId(), e); return false; } } return true; }