/** * Returns whether the current caller has access to all the given fields * based on the operation */ public boolean hasAccess(Set<Path> fields, Operation op) { for (Path x : fields) { if (!hasAccess(x, op)) { return false; } } return true; }
/** * Returns whether the current caller has access to all the given fields * based on the operation */ public boolean hasAccess(Set<Path> fields, Operation op) { for (Path x : fields) { if (!hasAccess(x, op)) { return false; } } return true; }
/** * Returns whether the current caller has access to all the given fields * based on the operation */ public boolean hasAccess(Set<Path> fields, Operation op) { for (Path x : fields) { if (!hasAccess(x, op)) { return false; } } return true; }
/** * Returns whether the current caller has access to the given field based on * the operation */ public boolean hasAccess(Path field, Operation op) { FieldTreeNode fn = md.resolve(field); if (fn != null) { if (fn instanceof Field) { return hasAccess((Field) fn, op); } else { return true; } } else { return false; } }
/** * Returns whether the current caller has access to the given field based on * the operation */ public boolean hasAccess(Path field, Operation op) { FieldTreeNode fn = md.resolve(field); if (fn != null) { if (fn instanceof Field) { return hasAccess((Field) fn, op); } else { return true; } } else { return false; } }
/** * Returns whether the current caller has access to the given field based on * the operation */ public boolean hasAccess(Path field, Operation op) { FieldTreeNode fn = md.resolve(field); if (fn != null) { if (fn instanceof Field) { return hasAccess((Field) fn, op); } else { return true; } } else { return false; } }
/** * Returns a set of fields that are inaccessible to the user for the given * operation */ public Set<Path> getInaccessibleFields(Operation op) { FieldCursor cursor = md.getFieldCursor(); Set<Path> fields = new HashSet<>(); while (cursor.next()) { FieldTreeNode fn = cursor.getCurrentNode(); if (fn instanceof Field && !hasAccess((Field) fn, op)) { fields.add(cursor.getCurrentPath()); } } return fields; }
/** * Returns a set of fields that are inaccessible to the user for the given * operation */ public Set<Path> getInaccessibleFields(Operation op) { FieldCursor cursor = md.getFieldCursor(); Set<Path> fields = new HashSet<>(); while (cursor.next()) { FieldTreeNode fn = cursor.getCurrentNode(); if (fn instanceof Field && !hasAccess((Field) fn, op)) { fields.add(cursor.getCurrentPath()); } } return fields; }
/** * Returns a set of fields that are inaccessible to the user for the given * operation */ public Set<Path> getInaccessibleFields(Operation op) { FieldCursor cursor = md.getFieldCursor(); Set<Path> fields = new HashSet<>(); while (cursor.next()) { FieldTreeNode fn = cursor.getCurrentNode(); if (fn instanceof Field && !hasAccess((Field) fn, op)) { fields.add(cursor.getCurrentPath()); } } return fields; }
/** * Checks if the caller has access to all the query fields. Returns false if * not, and sets the error status in ctx */ private boolean checkQueryAccess(OperationContext ctx, QueryExpression query) { boolean ret = true; if (query != null) { CompositeMetadata md = ctx.getTopLevelEntityMetadata(); FieldAccessRoleEvaluator eval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); AnalyzeQuery analyzer=new AnalyzeQuery(md,null); analyzer.iterate(query,Path.EMPTY); List<QueryFieldInfo> fields=analyzer.getFieldInfo(); LOGGER.debug("Checking access for query fields {}", fields); for (QueryFieldInfo field : fields) { LOGGER.debug("Access checking field {}", field.getFullFieldName()); if (eval.hasAccess(field.getFullFieldName(), FieldAccessRoleEvaluator.Operation.find)) { LOGGER.debug("Field {} is readable", field.getFullFieldName()); } else { LOGGER.debug("Field {} is not readable", field.getFullFieldName()); ctx.addError(Error.get(CrudConstants.ERR_NO_ACCESS, field.getFullFieldName().toString())); ctx.setStatus(OperationStatus.ERROR); ret = false; } } } return ret; }
/** * Checks if the caller has access to all the query fields. Returns false if * not, and sets the error status in ctx */ private boolean checkQueryAccess(OperationContext ctx, QueryExpression query) { boolean ret = true; if (query != null) { CompositeMetadata md = ctx.getTopLevelEntityMetadata(); FieldAccessRoleEvaluator eval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); AnalyzeQuery analyzer=new AnalyzeQuery(md,null); analyzer.iterate(query,Path.EMPTY); List<QueryFieldInfo> fields=analyzer.getFieldInfo(); LOGGER.debug("Checking access for query fields {}", fields); for (QueryFieldInfo field : fields) { LOGGER.debug("Access checking field {}", field.getFullFieldName()); if (eval.hasAccess(field.getFullFieldName(), FieldAccessRoleEvaluator.Operation.find)) { LOGGER.debug("Field {} is readable", field.getFullFieldName()); } else { LOGGER.debug("Field {} is not readable", field.getFullFieldName()); ctx.addError(Error.get(CrudConstants.ERR_NO_ACCESS, field.getFullFieldName().toString())); ctx.setStatus(OperationStatus.ERROR); ret = false; } } } return ret; }