Search in sources :

Example 6 with NamespacedIdentifiableCollector

use of com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector in project conquery by bakdata.

the class QueryDescription method authorize.

/**
 * Check implementation specific permissions. Is called after all visitors have been registered and executed.
 */
default void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors) {
    NamespacedIdentifiableCollector nsIdCollector = QueryUtils.getVisitor(visitors, NamespacedIdentifiableCollector.class);
    ExternalIdChecker externalIdChecker = QueryUtils.getVisitor(visitors, QueryUtils.ExternalIdChecker.class);
    if (nsIdCollector == null) {
        throw new IllegalStateException();
    }
    // Generate DatasetPermissions
    final Set<Dataset> datasets = nsIdCollector.getIdentifiables().stream().map(NamespacedIdentifiable::getDataset).collect(Collectors.toSet());
    subject.authorize(datasets, Ability.READ);
    // Generate ConceptPermissions
    final Set<Concept> concepts = nsIdCollector.getIdentifiables().stream().filter(ConceptElement.class::isInstance).map(ConceptElement.class::cast).map(ConceptElement::getConcept).collect(Collectors.toSet());
    subject.authorize(concepts, Ability.READ);
    subject.authorize(collectRequiredQueries(), Ability.READ);
    // Check if the query contains parts that require to resolve external IDs. If so the subject must have the preserve_id permission on the dataset.
    if (externalIdChecker.resolvesExternalIds()) {
        subject.authorize(submittedDataset, Ability.PRESERVE_ID);
    }
}
Also used : Concept(com.bakdata.conquery.models.datasets.concepts.Concept) NamespacedIdentifiableCollector(com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector) ConceptElement(com.bakdata.conquery.models.datasets.concepts.ConceptElement) QueryUtils(com.bakdata.conquery.util.QueryUtils) Dataset(com.bakdata.conquery.models.datasets.Dataset) ExternalIdChecker(com.bakdata.conquery.util.QueryUtils.ExternalIdChecker)

Aggregations

NamespacedIdentifiableCollector (com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector)6 Dataset (com.bakdata.conquery.models.datasets.Dataset)3 QueryUtils (com.bakdata.conquery.util.QueryUtils)3 QueryDescription (com.bakdata.conquery.apiv1.query.QueryDescription)2 Concept (com.bakdata.conquery.models.datasets.concepts.Concept)2 ConceptElement (com.bakdata.conquery.models.datasets.concepts.ConceptElement)2 ExternalIdChecker (com.bakdata.conquery.util.QueryUtils.ExternalIdChecker)2 CQElement (com.bakdata.conquery.apiv1.query.CQElement)1 ConceptQuery (com.bakdata.conquery.apiv1.query.ConceptQuery)1 ExternalUpload (com.bakdata.conquery.apiv1.query.ExternalUpload)1 ExternalUploadResult (com.bakdata.conquery.apiv1.query.ExternalUploadResult)1 Query (com.bakdata.conquery.apiv1.query.Query)1 SecondaryIdQuery (com.bakdata.conquery.apiv1.query.SecondaryIdQuery)1 CQAnd (com.bakdata.conquery.apiv1.query.concept.specific.CQAnd)1 CQExternal (com.bakdata.conquery.apiv1.query.concept.specific.external.CQExternal)1 ResultRendererProvider (com.bakdata.conquery.io.result.ResultRender.ResultRendererProvider)1 MetaStorage (com.bakdata.conquery.io.storage.MetaStorage)1 ExecutionMetrics (com.bakdata.conquery.metrics.ExecutionMetrics)1 AuthorizationHelper (com.bakdata.conquery.models.auth.AuthorizationHelper)1 AuthorizationHelper.buildDatasetAbilityMap (com.bakdata.conquery.models.auth.AuthorizationHelper.buildDatasetAbilityMap)1