use of com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector in project conquery by bakdata.
the class QueryDescription method authorize.
/**
* Check implementation specific permissions. Is called after all visitors have been registered and executed.
*/
default void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors) {
NamespacedIdentifiableCollector nsIdCollector = QueryUtils.getVisitor(visitors, NamespacedIdentifiableCollector.class);
ExternalIdChecker externalIdChecker = QueryUtils.getVisitor(visitors, QueryUtils.ExternalIdChecker.class);
if (nsIdCollector == null) {
throw new IllegalStateException();
}
// Generate DatasetPermissions
final Set<Dataset> datasets = nsIdCollector.getIdentifiables().stream().map(NamespacedIdentifiable::getDataset).collect(Collectors.toSet());
subject.authorize(datasets, Ability.READ);
// Generate ConceptPermissions
final Set<Concept> concepts = nsIdCollector.getIdentifiables().stream().filter(ConceptElement.class::isInstance).map(ConceptElement.class::cast).map(ConceptElement::getConcept).collect(Collectors.toSet());
subject.authorize(concepts, Ability.READ);
subject.authorize(collectRequiredQueries(), Ability.READ);
// Check if the query contains parts that require to resolve external IDs. If so the subject must have the preserve_id permission on the dataset.
if (externalIdChecker.resolvesExternalIds()) {
subject.authorize(submittedDataset, Ability.PRESERVE_ID);
}
}
Aggregations