Example 6 with NamespacedIdentifiableCollector
use of com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector in project conquery by bakdata.
the class QueryDescription method authorize.
/**
* Check implementation specific permissions. Is called after all visitors have been registered and executed.
*/
default void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors) {
NamespacedIdentifiableCollector nsIdCollector = QueryUtils.getVisitor(visitors, NamespacedIdentifiableCollector.class);
ExternalIdChecker externalIdChecker = QueryUtils.getVisitor(visitors, QueryUtils.ExternalIdChecker.class);
if (nsIdCollector == null) {
throw new IllegalStateException();
}
// Generate DatasetPermissions
final Set<Dataset> datasets = nsIdCollector.getIdentifiables().stream().map(NamespacedIdentifiable::getDataset).collect(Collectors.toSet());
subject.authorize(datasets, Ability.READ);
// Generate ConceptPermissions
final Set<Concept> concepts = nsIdCollector.getIdentifiables().stream().filter(ConceptElement.class::isInstance).map(ConceptElement.class::cast).map(ConceptElement::getConcept).collect(Collectors.toSet());
subject.authorize(concepts, Ability.READ);
subject.authorize(collectRequiredQueries(), Ability.READ);
// Check if the query contains parts that require to resolve external IDs. If so the subject must have the preserve_id permission on the dataset.
if (externalIdChecker.resolvesExternalIds()) {
subject.authorize(submittedDataset, Ability.PRESERVE_ID);
}
}
Also used :
Concept(com.bakdata.conquery.models.datasets.concepts.Concept)
NamespacedIdentifiableCollector(com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector)
ConceptElement(com.bakdata.conquery.models.datasets.concepts.ConceptElement)
QueryUtils(com.bakdata.conquery.util.QueryUtils)
Dataset(com.bakdata.conquery.models.datasets.Dataset)
ExternalIdChecker(com.bakdata.conquery.util.QueryUtils.ExternalIdChecker)
Aggregations
NamespacedIdentifiableCollector (com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector)6
Dataset (com.bakdata.conquery.models.datasets.Dataset)3
QueryUtils (com.bakdata.conquery.util.QueryUtils)3
QueryDescription (com.bakdata.conquery.apiv1.query.QueryDescription)2
Concept (com.bakdata.conquery.models.datasets.concepts.Concept)2
ConceptElement (com.bakdata.conquery.models.datasets.concepts.ConceptElement)2
ExternalIdChecker (com.bakdata.conquery.util.QueryUtils.ExternalIdChecker)2
CQElement (com.bakdata.conquery.apiv1.query.CQElement)1
ConceptQuery (com.bakdata.conquery.apiv1.query.ConceptQuery)1
ExternalUpload (com.bakdata.conquery.apiv1.query.ExternalUpload)1
ExternalUploadResult (com.bakdata.conquery.apiv1.query.ExternalUploadResult)1
Query (com.bakdata.conquery.apiv1.query.Query)1
SecondaryIdQuery (com.bakdata.conquery.apiv1.query.SecondaryIdQuery)1
CQAnd (com.bakdata.conquery.apiv1.query.concept.specific.CQAnd)1
CQExternal (com.bakdata.conquery.apiv1.query.concept.specific.external.CQExternal)1
ResultRendererProvider (com.bakdata.conquery.io.result.ResultRender.ResultRendererProvider)1
MetaStorage (com.bakdata.conquery.io.storage.MetaStorage)1
ExecutionMetrics (com.bakdata.conquery.metrics.ExecutionMetrics)1
AuthorizationHelper (com.bakdata.conquery.models.auth.AuthorizationHelper)1
AuthorizationHelper.buildDatasetAbilityMap (com.bakdata.conquery.models.auth.AuthorizationHelper.buildDatasetAbilityMap)1
