com.orientechnologies.orient.core.metadata.security.ORestrictedOperation.getFieldName java code examples

/**
 * Add doc to field _allowRead if it doesn't exists in _allowRead set
 * @param doc {@link ODocument} role document
 * @return {@link com.orientechnologies.orient.core.hook.ORecordHook.RESULT} returns super.onBeforeCreate(doc)
 */
@Override
public RESULT onRecordBeforeCreate(ODocument doc) {
  Set<ODocument> allowRead = doc.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Set.class);
  if (allowRead == null || !allowRead.contains(doc)) {
    allowRead = allowRead != null ? new LinkedHashSet<>(allowRead) : new LinkedHashSet<>();
    allowRead.add(doc);
    doc.field(ORestrictedOperation.ALLOW_READ.getFieldName(), allowRead);
  }
  return super.onRecordBeforeCreate(doc);
}

@Override
public OIdentifiable allowRole(final ODocument iDocument, final ORestrictedOperation iOperation, final String iRoleName) {
 final ORID role = getRoleRID(iRoleName);
 if (role == null)
  throw new IllegalArgumentException("Role '" + iRoleName + "' not found");
 return allowIdentity(iDocument, iOperation.getFieldName(), role);
}

@Override
public OIdentifiable denyRole(final ODocument iDocument, final ORestrictedOperation iOperation, final String iRoleName) {
 final ORID role = getRoleRID(iRoleName);
 if (role == null)
  throw new IllegalArgumentException("Role '" + iRoleName + "' not found");
 return disallowIdentity(iDocument, iOperation.getFieldName(), role);
}

@Override
public OIdentifiable allowUser(final ODocument iDocument, final ORestrictedOperation iOperation, final String iUserName) {
 final ORID user = getUserRID(iUserName);
 if (user == null)
  throw new IllegalArgumentException("User '" + iUserName + "' not found");
 return allowIdentity(iDocument, iOperation.getFieldName(), user);
}

@Override
public OIdentifiable denyUser(final ODocument iDocument, final ORestrictedOperation iOperation, final String iUserName) {
 final ORID user = getUserRID(iUserName);
 if (user == null)
  throw new IllegalArgumentException("User '" + iUserName + "' not found");
 return disallowIdentity(iDocument, iOperation.getFieldName(), user);
}

private ODocument updateAndGetUserReader(ODatabaseDocument db) {
  String sql = String.format("select from %s where name = ?", OUser.CLASS_NAME);
  List<ODocument> docs = db.query(new OSQLSynchQuery<>(sql, 1), "reader");
  ODocument reader = docs.get(0);
  Set<OIdentifiable> users = reader.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Set.class);
  if (users == null || users.isEmpty()) {
    reader.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singleton(reader));
  } else {
    users.add(reader);
    reader.field(ORestrictedOperation.ALLOW_READ.getFieldName(), users);
  }
  reader.save();
  return reader;
}

doc.field(ORestrictedOperation.ALLOW_READ.getFieldName(), doc);
doc.field(ORestrictedOperation.ALLOW_UPDATE.getFieldName(), doc);

String fieldNames = cls.getCustom(OSecurityShared.ONCREATE_FIELD);
if (fieldNames == null)
 fieldNames = ORestrictedOperation.ALLOW_ALL.getFieldName();
final String[] fields = fieldNames.split(",");
String identityType = cls.getCustom(OSecurityShared.ONCREATE_IDENTITY_TYPE);

private void updateReaderPermissions(ODatabaseDocument db, ODocument reader, ODocument perspective) {
  ORole role = db.getMetadata().getSecurity().getRole("reader");
  role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, null, 0);
  role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag());
  role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, 0);
  role.grant(OSecurityHelper.FEATURE_RESOURCE, SchemaPage.SCHEMA_FEATURE, 0);
  role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(reader));
  role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective);
  role.save();
  perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singleton(role.getDocument()));
  perspective.save();
}

.isAllowed((Set<OIdentifiable>) doc.field(ORestrictedOperation.ALLOW_ALL.getFieldName()),
  (Set<OIdentifiable>) doc.field(iAllowOperation.getFieldName()));

private void updateOrienteerUserRoleDoc(ODatabaseDocument db, ODocument perspective) {
  OSecurity security = db.getMetadata().getSecurity();
  ORole role = security.getRole(ORIENTEER_USER_ROLE);
  if (role == null) {
    ORole reader = security.getRole("reader");
    role = security.createRole(ORIENTEER_USER_ROLE, reader, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
  }
  role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_WIDGET, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_DASHBOARD, READ.getPermissionFlag());
  // TODO: remove this after release with fix for roles in OrientDB: https://github.com/orientechnologies/orientdb/issues/8338
  role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag());
  role.grant(ResourceGeneric.SCHEMA, null, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLUSTER, "internal", READ.getPermissionFlag());
  role.grant(ResourceGeneric.RECORD_HOOK, "", READ.getPermissionFlag());
  role.grant(ResourceGeneric.DATABASE, null, READ.getPermissionFlag());
  role.grant(ResourceGeneric.DATABASE, "systemclusters", READ.getPermissionFlag());
  role.grant(ResourceGeneric.DATABASE, "function", READ.getPermissionFlag());
  role.grant(ResourceGeneric.DATABASE, "command", READ.getPermissionFlag());
  role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, READ.getPermissionFlag());
  role.grant(ResourceGeneric.CLASS, OrienteerUser.CLASS_NAME, OrientPermission.combinedPermission(READ, UPDATE));
  role.grant(ResourceGeneric.DATABASE, "cluster", OrientPermission.combinedPermission(READ, UPDATE));
  role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument()));
  role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective);
  role.save();
  perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument()));
  perspective.save();
}

Popular methods of ORestrictedOperation

Popular in Java

Parsing JSON documents to java classes using gson
getSystemService (Context)
getApplicationContext (Context)
putExtra (Intent)
Time (java.sql)
Java representation of an SQL TIME value. Provides utilities to format and parse the time's represen
Executor (java.util.concurrent)
An object that executes submitted Runnable tasks. This interface provides a way of decoupling task s
Pattern (java.util.regex)
Patterns are compiled regular expressions. In many cases, convenience methods such as String#matches
Filter (javax.servlet)
A filter is an object that performs filtering tasks on either the request to a resource (a servlet o
JPanel (javax.swing)
Join (org.hibernate.mapping)
Top Vim plugins

How to use getFieldNamemethodin com.orientechnologies.orient.core.metadata.security.ORestrictedOperation

Best Java code snippets using com.orientechnologies.orient.core.metadata.security.ORestrictedOperation.getFieldName (Showing top 11 results out of 315)

How to use
getFieldName
method
in
com.orientechnologies.orient.core.metadata.security.ORestrictedOperation