protected List<Object> getPropertyColumns(EntityTableItems<E> entityTableSource, List<Column<E>> columnsOrder) { MetaClass entityMetaClass = entityTableSource.getEntityMetaClass(); return columnsOrder.stream() .filter(c -> { MetaPropertyPath propertyPath = c.getBoundProperty(); return propertyPath != null && security.isEntityAttrReadPermitted(entityMetaClass, propertyPath.toPathString()); }) .map(Column::getBoundProperty) .collect(Collectors.toList()); }
protected List<Column<E>> getInitialVisibleColumns() { EntityDataGridItems<E> entityDataGridSource = getEntityDataGridItems(); if (entityDataGridSource == null || entityDataGridSource.getState() == BindingState.INACTIVE) { return Collections.emptyList(); } MetaClass metaClass = entityDataGridSource.getEntityMetaClass(); return columnsOrder.stream() .filter(column -> { MetaPropertyPath propertyPath = column.getPropertyPath(); return propertyPath == null || security.isEntityAttrReadPermitted(metaClass, propertyPath.toString()); }) .collect(Collectors.toList()); }
protected List<Object> getInitialVisibleColumnIds(EntityTableItems<E> entityTableSource) { List<Object> result = new ArrayList<>(); MetaClass metaClass = entityTableSource.getEntityMetaClass(); for (Column column : columnsOrder) { if (column.getId() instanceof MetaPropertyPath) { MetaPropertyPath propertyPath = (MetaPropertyPath) column.getId(); if (security.isEntityAttrReadPermitted(metaClass, propertyPath.toString())) { result.add(column.getId()); } } else { result.add(column.getId()); } } return result; }
protected boolean loadVisible(Component component, Element element) { if (component instanceof DatasourceComponent && ((DatasourceComponent) component).getDatasource() != null) { DatasourceComponent wiredComponent = (DatasourceComponent) component; MetaClass metaClass = wiredComponent.getDatasource().getMetaClass(); MetaPropertyPath propertyPath = wiredComponent.getMetaPropertyPath(); if (propertyPath != null && !getSecurity().isEntityAttrReadPermitted(metaClass, propertyPath.toString())) { component.setVisible(false); return false; } } String visible = element.attributeValue("visible"); if (StringUtils.isNotEmpty(visible)) { boolean visibleValue = Boolean.parseBoolean(visible); component.setVisible(visibleValue); return visibleValue; } return true; }
protected void loadVisible(FieldGroup resultComponent, FieldGroup.FieldConfig field) { Element element = field.getXmlDescriptor(); if (element != null) { String visible = element.attributeValue("visible"); if (StringUtils.isNotEmpty(visible)) { field.setVisible(Boolean.parseBoolean(visible)); } } if (!field.isCustom() && BooleanUtils.isNotFalse(field.isVisible())) { MetaClass metaClass = getMetaClass(resultComponent, field); MetaPropertyPath propertyPath = getMetadataTools().resolveMetaPropertyPath(metaClass, field.getProperty()); checkNotNullArgument(propertyPath, "Could not resolve property path '%s' in '%s'", field.getId(), metaClass); if (!getSecurity().isEntityAttrReadPermitted(metaClass, propertyPath.toString())) { field.setVisible(false); } } }
security.isEntityAttrReadPermitted(metaClass, columnId.toString())) { component.setColumnCollapsed(column.getId(), true);
@Override public void visit(Entity entity, MetaProperty property) { MetaClass metaClass = metadata.getClassNN(entity.getClass()); if (!security.isEntityAttrReadPermitted(metaClass, property.getName())) { addInaccessibleAttribute((BaseGenericIdEntity) entity, property.getName()); if (!metadataTools.isSystem(property) && !property.isReadOnly()) { // Using reflective access to field because the attribute can be unfetched if loading not partial entities, // which is the case when in-memory constraints exist BaseEntityInternalAccess.setValue(entity, property.getName(), null); } } SecurityState securityState = BaseEntityInternalAccess.getSecurityState(entity); if (securityState != null && securityState.getHiddenAttributes().contains(property.getName())) { if (!metadataTools.isSystem(property)) { // Using reflective access to field because the attribute can be unfetched if loading not partial entities, // which is the case when in-memory constraints exist BaseEntityInternalAccess.setValue(entity, property.getName(), null); } } } }
protected void applyPermissions(Component fieldComponent) { if (fieldComponent instanceof DatasourceComponent) { DatasourceComponent dsComponent = (DatasourceComponent) fieldComponent; MetaPropertyPath propertyPath = dsComponent.getMetaPropertyPath(); Datasource datasource = dsComponent.getDatasource(); if (datasource != null && propertyPath != null) { MetaClass metaClass = datasource.getMetaClass(); Security security = getSecurity(); if (!security.isEntityAttrUpdatePermitted(metaClass, propertyPath.toString()) && dsComponent instanceof Component.Editable) { ((Component.Editable) dsComponent).setEditable(false); } if (!security.isEntityAttrReadPermitted(metaClass, propertyPath.toString())) { dsComponent.setVisible(false); } } } }
/** * Creates {@code CollectionPropertyContainer}. */ @SuppressWarnings("unchecked") public <E extends Entity> CollectionPropertyContainer<E> createCollectionContainer(Class<E> entityClass, InstanceContainer<? extends Entity> masterContainer, String property) { CollectionPropertyContainerImpl<E> container = new CollectionPropertyContainerImpl<>( metadata.getClassNN(entityClass), masterContainer, property); if (security.isEntityAttrReadPermitted(masterContainer.getEntityMetaClass(), property) && security.isEntityOpPermitted(entityClass, EntityOp.READ)) { masterContainer.addItemChangeListener(e -> { Entity item = masterContainer.getItemOrNull(); container.setItems(item != null ? item.getValue(property) : null); }); masterContainer.addItemPropertyChangeListener(e -> { if (e.getProperty().equals(property)) { container.setDisconnectedItems((Collection<E>) e.getValue()); } }); } return container; }
/** * Creates {@code InstancePropertyContainer}. */ @SuppressWarnings("unchecked") public <E extends Entity> InstancePropertyContainer<E> createInstanceContainer(Class<E> entityClass, InstanceContainer<? extends Entity> masterContainer, String property) { InstancePropertyContainerImpl<E> container = new InstancePropertyContainerImpl<>( metadata.getClassNN(entityClass), masterContainer, property); if (security.isEntityAttrReadPermitted(masterContainer.getEntityMetaClass(), property) && security.isEntityOpPermitted(entityClass, EntityOp.READ)) { masterContainer.addItemChangeListener(e -> { Entity item = masterContainer.getItemOrNull(); container.setItem(item != null ? item.getValue(property) : null); }); masterContainer.addItemPropertyChangeListener(e -> { if (e.getProperty().equals(property)) { container.setItem((E) e.getValue()); } }); } return container; }
protected void loadEditable(FieldGroup fieldGroup, FieldGroup.FieldConfig field) { if (fieldGroup.isEditable()) { MetaClass metaClass = rds.resolveCategorizedEntityClass(); MetaPropertyPath propertyPath = dynamicAttributesTools.getMetaPropertyPath(metaClass, field.getProperty()); checkNotNullArgument(propertyPath, "Could not resolve property path '%s' in '%s'", field.getId(), metaClass); boolean editableFromPermissions = security.isEntityAttrUpdatePermitted(metaClass, propertyPath.toString()); if (!editableFromPermissions) { field.setEditable(false); } boolean visibleFromPermissions = security.isEntityAttrReadPermitted(metaClass, propertyPath.toString()); if (!visibleFromPermissions) { field.setVisible(false); } } }
if (!security.isEntityAttrReadPermitted(metaPropertyPath)) { component.setVisible(false);
component.setVisible(security.isEntityAttrReadPermitted(entityValueSource.getEntityMetaClass(), propertyPath.toString()));