Examples with FilterExpression com.yahoo.elide.core.filter.expression.FilterExpression used on opensource projects

Example 21 with FilterExpression

use of com.yahoo.elide.core.filter.expression.FilterExpression in project elide by yahoo.

the class InMemoryStoreTransactionTest method testFilteringRequiresInMemoryPagination.

@Test
public void testFilteringRequiresInMemoryPagination() {
    FilterExpression expression = new InPredicate(new Path(Book.class, dictionary, "genre"), "Literary Fiction");
    PaginationImpl pagination = new PaginationImpl(ClassType.of(Book.class), 0, 2, 10, 10, true, false);
    EntityProjection projection = EntityProjection.builder().type(Book.class).filterExpression(expression).pagination(pagination).build();
    DataStoreIterable filterInMemory = new DataStoreIterableBuilder(books).filterInMemory(true).build();
    when(wrappedTransaction.loadObjects(any(), eq(scope))).thenReturn(filterInMemory);
    Collection<Object> loaded = Lists.newArrayList(inMemoryStoreTransaction.loadObjects(projection, scope));
    verify(wrappedTransaction, times(1)).loadObjects(any(EntityProjection.class), eq(scope));
    assertEquals(2, loaded.size());
    assertTrue(loaded.contains(book1));
    assertTrue(loaded.contains(book3));
    assertEquals(2, pagination.getPageTotals());
}

Example 22 with FilterExpression

use of com.yahoo.elide.core.filter.expression.FilterExpression in project elide by yahoo.

the class PersistentResourceTest method testFilterExpressionCollection.

@Test
public void testFilterExpressionCollection() {
    MultivaluedMap<String, String> queryParams = new MultivaluedHashMap<>();
    queryParams.add("filter[book.authors.name][infix]", "Hemingway");
    RequestScope scope = buildRequestScope("/", mock(DataStoreTransaction.class), new TestUser("1"), queryParams);
    Optional<FilterExpression> filter = scope.getLoadFilterExpression(ClassType.of(Book.class));
    FilterPredicate predicate = (FilterPredicate) filter.get();
    assertEquals("name", predicate.getField());
    assertEquals("authors.name", predicate.getFieldPath());
    assertEquals(Operator.INFIX, predicate.getOperator());
    assertEquals(Arrays.asList("Hemingway"), predicate.getValues());
    assertEquals("[Book].authors/[Author].name", predicate.getPath().toString());
}

Example 23 with FilterExpression

use of com.yahoo.elide.core.filter.expression.FilterExpression in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testCustomFilterJoin.

@Test
public void testCustomFilterJoin() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("genre==foo", ClassType.of(Book.class), true);
    Book book = new Book();
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    DataStoreTransaction tx = scope.getTransaction();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, GENRE)).thenReturn(ExpressionResult.DEFERRED);
    when(permissionExecutor.checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE)).thenThrow(new ForbiddenAccessException(ReadPermission.class));
    when(permissionExecutor.evaluateFilterJoinUserChecks(any(), any())).thenReturn(ExpressionResult.DEFERRED);
    when(permissionExecutor.handleFilterJoinReject(any(), any(), any())).thenAnswer(invocation -> {
        FilterPredicate filterPredicate = invocation.getArgument(0);
        PathElement pathElement = invocation.getArgument(1);
        ForbiddenAccessException reason = invocation.getArgument(2);
        assertEquals("Book", pathElement.getType().getSimpleName());
        assertEquals(GENRE, filterPredicate.getField());
        assertEquals("book.genre IN [foo]", filterPredicate.toString());
        // custom processing
        return "Book".equals(pathElement.getType().getSimpleName()) && filterPredicate.toString().matches("book.genre IN \\[\\w+\\]") && reason.getLoggedMessage().matches(".*Message=ReadPermission Denied.*\\n.*") ? ExpressionResult.DEFERRED : ExpressionResult.FAIL;
    });
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertTrue(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE);
    verify(permissionExecutor, never()).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, times(1)).handleFilterJoinReject(any(), any(), any());
    verify(tx, never()).getToManyRelation(any(), any(), any(), any());
}

Example 24 with FilterExpression

use of com.yahoo.elide.core.filter.expression.FilterExpression in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testUserChecksDeferred.

@Test
public void testUserChecksDeferred() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("authors.homeAddress==main", ClassType.of(Book.class), true);
    Book book = new Book();
    Author author = new Author();
    book.setAuthors(Collections.singleton(author));
    author.setBooks(Collections.singleton(book));
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PersistentResource<Author> resourceAuthor = new PersistentResource<>(author, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    DataStoreTransaction tx = scope.getTransaction();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS)).thenReturn(ExpressionResult.PASS);
    when(permissionExecutor.checkSpecificFieldPermissionsDeferred(resource, null, ReadPermission.class, AUTHORS)).thenReturn(ExpressionResult.PASS);
    when(permissionExecutor.getReadPermissionFilter(ClassType.of(Author.class), null)).thenReturn(Optional.empty());
    when(permissionExecutor.checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, HOME)).thenReturn(ExpressionResult.DEFERRED);
    when(permissionExecutor.checkSpecificFieldPermissions(resourceAuthor, null, ReadPermission.class, HOME)).thenThrow(ForbiddenAccessException.class);
    when(tx.getToManyRelation(eq(tx), eq(book), any(), eq(scope))).thenReturn(new DataStoreIterableBuilder(book.getAuthors()).build());
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertFalse(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS);
    verify(permissionExecutor, times(1)).getReadPermissionFilter(ClassType.of(Author.class), new HashSet<>());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, HOME);
    verify(permissionExecutor, times(1)).checkSpecificFieldPermissions(resourceAuthor, null, ReadPermission.class, HOME);
    verify(permissionExecutor, times(2)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, times(1)).handleFilterJoinReject(any(), any(), any());
    verify(tx, times(1)).getToManyRelation(eq(tx), eq(book), any(), eq(scope));
}

Example 25 with FilterExpression

use of com.yahoo.elide.core.filter.expression.FilterExpression in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testShortCircuitRejectDeferThenFail.

@Test
public void testShortCircuitRejectDeferThenFail() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("authors.homeAddress==main", ClassType.of(Book.class), true);
    Book book = new Book();
    Author author = new Author();
    book.setAuthors(Collections.singleton(author));
    author.setBooks(Collections.singleton(book));
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    DataStoreTransaction tx = scope.getTransaction();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS)).thenReturn(ExpressionResult.DEFERRED);
    when(permissionExecutor.checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, HOME)).thenThrow(ForbiddenAccessException.class);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertFalse(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS);
    verify(permissionExecutor, never()).getReadPermissionFilter(ClassType.of(Author.class), null);
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, HOME);
    verify(permissionExecutor, never()).checkSpecificFieldPermissions(any(), any(), any(), any());
    verify(permissionExecutor, never()).checkSpecificFieldPermissionsDeferred(any(), any(), any(), any());
    verify(permissionExecutor, times(2)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, times(1)).handleFilterJoinReject(any(), any(), any());
    verify(tx, never()).getToManyRelation(any(), any(), any(), any());
}