Examples with PASS - com.yahoo.elide.core.security.permissions.ExpressionResult.PASS

Example 1 with PASS

use of com.yahoo.elide.core.security.permissions.ExpressionResult.PASS in project elide by yahoo.

the class ActivePermissionExecutor method checkPermissions.

/**
 * First attempts to check user permissions (by looking in the cache and if not present by executing user
 * permissions).  If user permissions don't short circuit the check, run the provided expression executor.
 *
 * @param <A> type parameter
 * @param resourceClass Resource class
 * @param annotationClass Annotation class
 * @param fields Set of all field names that is being accessed
 * @param expressionSupplier Builds a permission expression.
 * @param expressionExecutor Evaluates the expression (post user check evaluation)
 */
protected <A extends Annotation> ExpressionResult checkPermissions(Type<?> resourceClass, Class<A> annotationClass, Set<String> fields, Supplier<Expression> expressionSupplier, Optional<Function<Expression, ExpressionResult>> expressionExecutor) {
    // If the user check has already been evaluated before, return the result directly and save the building cost
    ImmutableSet<String> immutableFields = fields == null ? null : ImmutableSet.copyOf(fields);
    ExpressionResult expressionResult = userPermissionCheckCache.get(Triple.of(annotationClass, resourceClass, immutableFields));
    if (expressionResult == PASS) {
        return expressionResult;
    }
    Expression expression = expressionSupplier.get();
    if (expressionResult == null) {
        expressionResult = executeExpressions(expression, annotationClass, Expression.EvaluationMode.USER_CHECKS_ONLY);
        userPermissionCheckCache.put(Triple.of(annotationClass, resourceClass, immutableFields), expressionResult);
        if (expressionResult == PASS) {
            return expressionResult;
        }
    }
    return expressionExecutor.map(executor -> executor.apply(expression)).orElse(expressionResult);
}

Also used : PASS(com.yahoo.elide.core.security.permissions.ExpressionResult.PASS) Getter(lombok.Getter) HashMap(java.util.HashMap) DEFERRED(com.yahoo.elide.core.security.permissions.ExpressionResult.DEFERRED) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) Function(java.util.function.Function) Supplier(java.util.function.Supplier) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) DeletePermission(com.yahoo.elide.annotation.DeletePermission) PermissionExpressionBuilder(com.yahoo.elide.core.security.permissions.PermissionExpressionBuilder) Map(java.util.Map) PersistentResource(com.yahoo.elide.core.PersistentResource) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) Triple(org.apache.commons.lang3.tuple.Triple) RequestScope(com.yahoo.elide.core.RequestScope) ChangeSpec(com.yahoo.elide.core.security.ChangeSpec) ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) LinkedBlockingQueue(java.util.concurrent.LinkedBlockingQueue) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) ForbiddenAccessException(com.yahoo.elide.core.exceptions.ForbiddenAccessException) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) Slf4j(lombok.extern.slf4j.Slf4j) ReadPermission(com.yahoo.elide.annotation.ReadPermission) ExpressionResultCache(com.yahoo.elide.core.security.permissions.ExpressionResultCache) CreatePermission(com.yahoo.elide.annotation.CreatePermission) Type(com.yahoo.elide.core.type.Type) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) Queue(java.util.Queue) AllArgsConstructor(lombok.AllArgsConstructor) Collections(java.util.Collections) FAIL(com.yahoo.elide.core.security.permissions.ExpressionResult.FAIL) NonTransferable(com.yahoo.elide.annotation.NonTransferable) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression)

Example 2 with PASS

use of com.yahoo.elide.core.security.permissions.ExpressionResult.PASS in project elide by yahoo.

the class AbstractPermissionExecutor method checkPermissions.

/**
 * First attempts to check user permissions (by looking in the cache and if not present by executing user
 * permissions).  If user permissions don't short circuit the check, run the provided expression executor.
 *
 * @param <A> type parameter
 * @param resourceClass Resource class
 * @param annotationClass Annotation class
 * @param fields Set of all field names that is being accessed
 * @param expressionSupplier Builds a permission expression.
 * @param expressionExecutor Evaluates the expression (post user check evaluation)
 */
protected <A extends Annotation> ExpressionResult checkPermissions(Type<?> resourceClass, Class<A> annotationClass, Set<String> fields, Supplier<Expression> expressionSupplier, Optional<Function<Expression, ExpressionResult>> expressionExecutor) {
    // If the user check has already been evaluated before, return the result directly and save the building cost
    ImmutableSet<String> immutableFields = fields == null ? null : ImmutableSet.copyOf(fields);
    ExpressionResult expressionResult = userPermissionCheckCache.get(Triple.of(annotationClass, resourceClass, immutableFields));
    if (expressionResult == PASS) {
        return expressionResult;
    }
    Expression expression = expressionSupplier.get();
    if (expressionResult == null) {
        expressionResult = executeExpressions(expression, annotationClass, Expression.EvaluationMode.USER_CHECKS_ONLY);
        userPermissionCheckCache.put(Triple.of(annotationClass, resourceClass, immutableFields), expressionResult);
        if (expressionResult == PASS) {
            return expressionResult;
        }
    }
    return expressionExecutor.map(executor -> executor.apply(expression)).orElse(expressionResult);
}

Also used : PASS(com.yahoo.elide.core.security.permissions.ExpressionResult.PASS) Getter(lombok.Getter) HashMap(java.util.HashMap) DEFERRED(com.yahoo.elide.core.security.permissions.ExpressionResult.DEFERRED) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) Function(java.util.function.Function) Supplier(java.util.function.Supplier) DeletePermission(com.yahoo.elide.annotation.DeletePermission) PermissionExpressionBuilder(com.yahoo.elide.core.security.permissions.PermissionExpressionBuilder) Map(java.util.Map) Triple(org.apache.commons.lang3.tuple.Triple) RequestScope(com.yahoo.elide.core.RequestScope) ImmutableSet(com.google.common.collect.ImmutableSet) Logger(org.slf4j.Logger) Set(java.util.Set) LinkedBlockingQueue(java.util.concurrent.LinkedBlockingQueue) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) ForbiddenAccessException(com.yahoo.elide.core.exceptions.ForbiddenAccessException) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) ReadPermission(com.yahoo.elide.annotation.ReadPermission) ExpressionResultCache(com.yahoo.elide.core.security.permissions.ExpressionResultCache) Type(com.yahoo.elide.core.type.Type) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) Queue(java.util.Queue) AllArgsConstructor(lombok.AllArgsConstructor) FAIL(com.yahoo.elide.core.security.permissions.ExpressionResult.FAIL) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression)

Aggregations

ImmutableSet (com.google.common.collect.ImmutableSet)2 DeletePermission (com.yahoo.elide.annotation.DeletePermission)2 ReadPermission (com.yahoo.elide.annotation.ReadPermission)2 RequestScope (com.yahoo.elide.core.RequestScope)2 ForbiddenAccessException (com.yahoo.elide.core.exceptions.ForbiddenAccessException)2 PermissionExecutor (com.yahoo.elide.core.security.PermissionExecutor)2 ExpressionResult (com.yahoo.elide.core.security.permissions.ExpressionResult)2 DEFERRED (com.yahoo.elide.core.security.permissions.ExpressionResult.DEFERRED)2 FAIL (com.yahoo.elide.core.security.permissions.ExpressionResult.FAIL)2 PASS (com.yahoo.elide.core.security.permissions.ExpressionResult.PASS)2 ExpressionResultCache (com.yahoo.elide.core.security.permissions.ExpressionResultCache)2 PermissionExpressionBuilder (com.yahoo.elide.core.security.permissions.PermissionExpressionBuilder)2 Expression (com.yahoo.elide.core.security.permissions.expressions.Expression)2 Type (com.yahoo.elide.core.type.Type)2 Annotation (java.lang.annotation.Annotation)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Optional (java.util.Optional)2 Queue (java.util.Queue)2 Set (java.util.Set)2