Examples with AnyFieldExpression com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression used on opensource projects

Search in sources :

Example 1 with AnyFieldExpression

use of com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression in project elide by yahoo.

the class PermissionExpressionBuilder method buildAnyFieldExpression.

/**
 * Build an expression representing any field on an entity.
 *
 * @param condition       The condition which triggered this permission expression check
 * @param checkFn         check function
 * @param scope           RequestScope
 * @param requestedFields The list of requested fields
 * @return Expressions
 */
private Expression buildAnyFieldExpression(final PermissionCondition condition, final Function<Check, Expression> checkFn, final Set<String> requestedFields, final RequestScope scope) {
    Type<?> resourceClass = condition.getEntityClass();
    Class<? extends Annotation> annotationClass = condition.getPermission();
    ParseTree classPermissions = entityDictionary.getPermissionsForClass(resourceClass, annotationClass);
    Expression entityExpression = normalizedExpressionFromParseTree(classPermissions, checkFn);
    OrExpression allFieldsExpression = new OrExpression(FAILURE, null);
    List<String> fields = entityDictionary.getAllExposedFields(resourceClass);
    boolean entityExpressionUsed = false;
    boolean fieldExpressionUsed = false;
    for (String field : fields) {
        if (requestedFields != null && !requestedFields.contains(field)) {
            continue;
        }
        ParseTree fieldPermissions = entityDictionary.getPermissionsForField(resourceClass, field, annotationClass);
        Expression fieldExpression = normalizedExpressionFromParseTree(fieldPermissions, checkFn);
        if (fieldExpression == null) {
            if (entityExpressionUsed) {
                continue;
            }
            if (entityExpression == null) {
                // One field had no permissions set - so we allow the action.
                return SUCCESSFUL_EXPRESSION;
            }
            fieldExpression = entityExpression;
            entityExpressionUsed = true;
        } else {
            fieldExpressionUsed = true;
        }
        allFieldsExpression = new OrExpression(allFieldsExpression, fieldExpression);
    }
    if (!fieldExpressionUsed) {
        // If there are no permissions, allow access...
        if (entityExpression == null) {
            return SUCCESSFUL_EXPRESSION;
        }
        return new AnyFieldExpression(condition, entityExpression);
    }
    return new AnyFieldExpression(condition, allFieldsExpression);
}
Also used : AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) ParseTree(org.antlr.v4.runtime.tree.ParseTree)

Example 2 with AnyFieldExpression

use of com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression in project elide by yahoo.

the class PermissionExpressionBuilder method buildUserCheckEntityAndAnyFieldExpression.

/**
 * Build an expression that strictly evaluates UserCheck's and ignores other checks for an entity.
 * expression = (entityRule AND (field1Rule OR field2Rule ... OR fieldNRule))
 * <p>
 * NOTE: This method returns _NO_ commit checks.
 *
 * @param resourceClass   Resource class
 * @param annotationClass Annotation class
 * @param scope    Request scope
 * @param <A>             type parameter
 * @return User check expression to evaluate
 */
public <A extends Annotation> Expression buildUserCheckEntityAndAnyFieldExpression(final Type<?> resourceClass, final Class<A> annotationClass, Set<String> requestedFields, final RequestScope scope) {
    final Function<Check, Expression> leafBuilderFn = (check) -> new CheckExpression(check, null, scope, null, cache);
    ParseTree classPermissions = entityDictionary.getPermissionsForClass(resourceClass, annotationClass);
    Expression entityExpression = normalizedExpressionFromParseTree(classPermissions, leafBuilderFn);
    Expression anyFieldExpression = buildAnyFieldOnlyExpression(new PermissionCondition(annotationClass, resourceClass), leafBuilderFn, requestedFields);
    if (entityExpression == null) {
        return anyFieldExpression;
    }
    return new AndExpression(entityExpression, anyFieldExpression);
}
Also used : CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) PermissionExpressionNormalizationVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionNormalizationVisitor) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) Function(java.util.function.Function) FAILURE(com.yahoo.elide.core.security.permissions.expressions.Expression.Results.FAILURE) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) PersistentResource(com.yahoo.elide.core.PersistentResource) PermissionExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionVisitor) ParseTree(org.antlr.v4.runtime.tree.ParseTree) NO_EVALUATION_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) RequestScope(com.yahoo.elide.core.RequestScope) ChangeSpec(com.yahoo.elide.core.security.ChangeSpec) Check(com.yahoo.elide.core.security.checks.Check) PermissionToFilterExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Set(java.util.Set) Collectors(java.util.stream.Collectors) EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) List(java.util.List) ReadPermission(com.yahoo.elide.annotation.ReadPermission) Type(com.yahoo.elide.core.type.Type) Annotation(java.lang.annotation.Annotation) FALSE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION) TRUE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.TRUE_USER_CHECK_EXPRESSION) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) Check(com.yahoo.elide.core.security.checks.Check) ParseTree(org.antlr.v4.runtime.tree.ParseTree) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression)

Example 3 with AnyFieldExpression

use of com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression in project elide by yahoo.

the class PermissionExpressionBuilder method buildAnyFieldOnlyExpression.

/**
 * Builds disjunction of permission expression of all requested fields.
 * If the field permission is null, then return default SUCCESSFUL_EXPRESSION.
 * expression = (field1Rule OR field2Rule ... OR fieldNRule)
 * @param condition The condition which triggered this permission expression check
 * @param checkFn check function
 * @param requestedFields The list of requested fields
 * @return Expression
 */
private Expression buildAnyFieldOnlyExpression(final PermissionCondition condition, final Function<Check, Expression> checkFn, final Set<String> requestedFields) {
    Type<?> resourceClass = condition.getEntityClass();
    Class<? extends Annotation> annotationClass = condition.getPermission();
    OrExpression allFieldsExpression = new OrExpression(FAILURE, null);
    List<String> fields = entityDictionary.getAllExposedFields(resourceClass);
    boolean fieldExpressionUsed = false;
    for (String field : fields) {
        if (requestedFields != null && !requestedFields.contains(field)) {
            continue;
        }
        ParseTree fieldPermissions = entityDictionary.getPermissionsForField(resourceClass, field, annotationClass);
        Expression fieldExpression = normalizedExpressionFromParseTree(fieldPermissions, checkFn);
        if (fieldExpression == null) {
            return SUCCESSFUL_EXPRESSION;
        }
        fieldExpressionUsed = true;
        allFieldsExpression = new OrExpression(allFieldsExpression, fieldExpression);
    }
    if (!fieldExpressionUsed) {
        return SUCCESSFUL_EXPRESSION;
    }
    return new AnyFieldExpression(condition, allFieldsExpression);
}
Also used : AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) ParseTree(org.antlr.v4.runtime.tree.ParseTree)

Aggregations

FilterExpression (com.yahoo.elide.core.filter.expression.FilterExpression)3 OrFilterExpression (com.yahoo.elide.core.filter.expression.OrFilterExpression)3 AndExpression (com.yahoo.elide.core.security.permissions.expressions.AndExpression)3 AnyFieldExpression (com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression)3 CheckExpression (com.yahoo.elide.core.security.permissions.expressions.CheckExpression)3 Expression (com.yahoo.elide.core.security.permissions.expressions.Expression)3 OrExpression (com.yahoo.elide.core.security.permissions.expressions.OrExpression)3 SpecificFieldExpression (com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression)3 ParseTree (org.antlr.v4.runtime.tree.ParseTree)3 ReadPermission (com.yahoo.elide.annotation.ReadPermission)1 PersistentResource (com.yahoo.elide.core.PersistentResource)1 RequestScope (com.yahoo.elide.core.RequestScope)1 EntityDictionary (com.yahoo.elide.core.dictionary.EntityDictionary)1 ChangeSpec (com.yahoo.elide.core.security.ChangeSpec)1 Check (com.yahoo.elide.core.security.checks.Check)1 FAILURE (com.yahoo.elide.core.security.permissions.expressions.Expression.Results.FAILURE)1 PermissionExpressionNormalizationVisitor (com.yahoo.elide.core.security.visitors.PermissionExpressionNormalizationVisitor)1 PermissionExpressionVisitor (com.yahoo.elide.core.security.visitors.PermissionExpressionVisitor)1 PermissionToFilterExpressionVisitor (com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor)1 FALSE_USER_CHECK_EXPRESSION (com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial