protected boolean isPermittedInMemory(Entity entity) { return isPermitted(entity, constraint -> constraint.getCheckType().memory() && (constraint.getOperationType() == ConstraintOperationType.READ || constraint.getOperationType() == ConstraintOperationType.ALL)); }
/** * INTERNAL */ public void addConstraint(Constraint constraint) { String entityName = constraint.getEntityName(); List<ConstraintData> list = constraints.computeIfAbsent(entityName, k -> new ArrayList<>()); list.add(new ConstraintData(constraint)); }
@Override public boolean isPermitted(Entity entity, String customCode) { return isPermitted(entity, constraint -> customCode.equals(constraint.getCode()) && constraint.getCheckType().memory()); }
protected void processConstraint(QueryTransformer transformer, ConstraintData constraint, String entityName) { String join = constraint.getJoin(); String where = constraint.getWhereClause(); try { if (StringUtils.isBlank(join)) { if (!StringUtils.isBlank(where)) { transformer.addWhere(where); } } else { transformer.addJoinAndWhere(join, where); } } catch (JpqlSyntaxException e) { log.error("Syntax errors found in constraint's JPQL expressions. Entity [{}]. Constraint ID [{}].", entityName, constraint.getId(), e); throw new RowLevelSecurityException( "Syntax errors found in constraint's JPQL expressions. Please see the logs.", entityName); } catch (Exception e) { log.error("An error occurred when applying security constraint. Entity [{}]. Constraint ID [{}].", entityName, constraint.getId(), e); throw new RowLevelSecurityException( "An error occurred when applying security constraint. Please see the logs.", entityName); } }
protected boolean isPermitted(Entity entity, ConstraintData constraint) { String metaClassName = entity.getMetaClass().getName(); String groovyScript = constraint.getGroovyScript(); if (constraint.getCheckType().memory() && StringUtils.isNotBlank(groovyScript)) { try { Object o = evaluateConstraintScript(entity, groovyScript); if (Boolean.FALSE.equals(o)) { log.trace("Entity does not match security constraint. Entity class [{}]. Entity [{}]. Constraint [{}].", metaClassName, entity.getId(), constraint.getCheckType()); return false; } } catch (Exception e) { log.error("An error occurred while applying constraint's Groovy script. The entity has been filtered out." + "Entity class [{}]. Entity [{}].", metaClassName, entity.getId(), e); return false; } } return true; }
/** * INTERNAL */ public void removeConstraint(Constraint constraintToRemove) { String entityName = constraintToRemove.getEntityName(); List<ConstraintData> constraintDataList = this.constraints.get(entityName); if (constraintDataList != null && !constraintDataList.isEmpty()) { for (ConstraintData constraintData : new ArrayList<>(constraintDataList)) { if (constraintToRemove.getId().equals(constraintData.getId())) constraintDataList.remove(constraintData); } } }
@Override public boolean hasInMemoryConstraints(MetaClass metaClass, ConstraintOperationType... operationTypes) { List<ConstraintData> constraints = getConstraints(metaClass, constraint -> constraint.getCheckType().memory() && constraint.getOperationType() != null && Arrays.asList(operationTypes).contains(constraint.getOperationType()) ); return !constraints.isEmpty(); }
@Override public boolean isPermitted(Entity entity, ConstraintOperationType targetOperationType) { return isPermitted(entity, constraint -> { ConstraintOperationType operationType = constraint.getOperationType(); return constraint.getCheckType().memory() && ( (targetOperationType == ALL && operationType != CUSTOM) || operationType == targetOperationType || operationType == ALL ); }); }
@Override public boolean applyConstraints(Query query) { QueryParser parser = QueryTransformerFactory.createParser(query.getQueryString()); String entityName = parser.getEntityName(); List<ConstraintData> constraints = getConstraints(metadata.getClassNN(entityName), constraint -> constraint.getCheckType().database() && (constraint.getOperationType() == ConstraintOperationType.READ || constraint.getOperationType() == ConstraintOperationType.ALL)); if (constraints.isEmpty()) return false; QueryTransformer transformer = QueryTransformerFactory.createTransformer(query.getQueryString()); for (ConstraintData constraint : constraints) { processConstraint(transformer, constraint, entityName); } query.setQueryString(transformer.getResult()); for (String paramName : transformer.getAddedParams()) { setQueryParam(query, paramName); } return true; }