Examples with Expression com.yahoo.elide.core.security.permissions.expressions.Expression used on opensource projects

Search in sources :

Example 16 with Expression

use of com.yahoo.elide.core.security.permissions.expressions.Expression in project elide by yahoo.

the class PermissionExpressionNormalizationVisitor method visitAndExpression.

@Override
public Expression visitAndExpression(AndExpression andExpression) {
    Expression left = andExpression.getLeft();
    Expression right = andExpression.getRight();
    return new AndExpression(left.accept(this), right.accept(this));
}
Also used : AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) NotExpression(com.yahoo.elide.core.security.permissions.expressions.NotExpression)

Example 17 with Expression

use of com.yahoo.elide.core.security.permissions.expressions.Expression in project elide by yahoo.

the class PermissionExpressionVisitor method visitAND.

@Override
public Expression visitAND(ExpressionParser.ANDContext ctx) {
    Expression left = visit(ctx.left);
    Expression right = visit(ctx.right);
    return new AndExpression(left, right);
}
Also used : AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) NotExpression(com.yahoo.elide.core.security.permissions.expressions.NotExpression)

Example 18 with Expression

use of com.yahoo.elide.core.security.permissions.expressions.Expression in project elide by yahoo.

the class PermissionExpressionBuilder method buildUserCheckEntityAndAnyFieldExpression.

/**
 * Build an expression that strictly evaluates UserCheck's and ignores other checks for an entity.
 * expression = (entityRule AND (field1Rule OR field2Rule ... OR fieldNRule))
 * <p>
 * NOTE: This method returns _NO_ commit checks.
 *
 * @param resourceClass   Resource class
 * @param annotationClass Annotation class
 * @param scope    Request scope
 * @param <A>             type parameter
 * @return User check expression to evaluate
 */
public <A extends Annotation> Expression buildUserCheckEntityAndAnyFieldExpression(final Type<?> resourceClass, final Class<A> annotationClass, Set<String> requestedFields, final RequestScope scope) {
    final Function<Check, Expression> leafBuilderFn = (check) -> new CheckExpression(check, null, scope, null, cache);
    ParseTree classPermissions = entityDictionary.getPermissionsForClass(resourceClass, annotationClass);
    Expression entityExpression = normalizedExpressionFromParseTree(classPermissions, leafBuilderFn);
    Expression anyFieldExpression = buildAnyFieldOnlyExpression(new PermissionCondition(annotationClass, resourceClass), leafBuilderFn, requestedFields);
    if (entityExpression == null) {
        return anyFieldExpression;
    }
    return new AndExpression(entityExpression, anyFieldExpression);
}
Also used : CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) PermissionExpressionNormalizationVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionNormalizationVisitor) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) Function(java.util.function.Function) FAILURE(com.yahoo.elide.core.security.permissions.expressions.Expression.Results.FAILURE) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) PersistentResource(com.yahoo.elide.core.PersistentResource) PermissionExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionVisitor) ParseTree(org.antlr.v4.runtime.tree.ParseTree) NO_EVALUATION_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) RequestScope(com.yahoo.elide.core.RequestScope) ChangeSpec(com.yahoo.elide.core.security.ChangeSpec) Check(com.yahoo.elide.core.security.checks.Check) PermissionToFilterExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Set(java.util.Set) Collectors(java.util.stream.Collectors) EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) List(java.util.List) ReadPermission(com.yahoo.elide.annotation.ReadPermission) Type(com.yahoo.elide.core.type.Type) Annotation(java.lang.annotation.Annotation) FALSE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION) TRUE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.TRUE_USER_CHECK_EXPRESSION) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) Check(com.yahoo.elide.core.security.checks.Check) ParseTree(org.antlr.v4.runtime.tree.ParseTree) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression)

Example 19 with Expression

use of com.yahoo.elide.core.security.permissions.expressions.Expression in project elide by yahoo.

the class PermissionExpressionBuilder method buildAnyFieldOnlyExpression.

/**
 * Builds disjunction of permission expression of all requested fields.
 * If the field permission is null, then return default SUCCESSFUL_EXPRESSION.
 * expression = (field1Rule OR field2Rule ... OR fieldNRule)
 * @param condition The condition which triggered this permission expression check
 * @param checkFn check function
 * @param requestedFields The list of requested fields
 * @return Expression
 */
private Expression buildAnyFieldOnlyExpression(final PermissionCondition condition, final Function<Check, Expression> checkFn, final Set<String> requestedFields) {
    Type<?> resourceClass = condition.getEntityClass();
    Class<? extends Annotation> annotationClass = condition.getPermission();
    OrExpression allFieldsExpression = new OrExpression(FAILURE, null);
    List<String> fields = entityDictionary.getAllExposedFields(resourceClass);
    boolean fieldExpressionUsed = false;
    for (String field : fields) {
        if (requestedFields != null && !requestedFields.contains(field)) {
            continue;
        }
        ParseTree fieldPermissions = entityDictionary.getPermissionsForField(resourceClass, field, annotationClass);
        Expression fieldExpression = normalizedExpressionFromParseTree(fieldPermissions, checkFn);
        if (fieldExpression == null) {
            return SUCCESSFUL_EXPRESSION;
        }
        fieldExpressionUsed = true;
        allFieldsExpression = new OrExpression(allFieldsExpression, fieldExpression);
    }
    if (!fieldExpressionUsed) {
        return SUCCESSFUL_EXPRESSION;
    }
    return new AnyFieldExpression(condition, allFieldsExpression);
}
Also used : AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) SpecificFieldExpression(com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) AndExpression(com.yahoo.elide.core.security.permissions.expressions.AndExpression) AnyFieldExpression(com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) OrExpression(com.yahoo.elide.core.security.permissions.expressions.OrExpression) ParseTree(org.antlr.v4.runtime.tree.ParseTree)

Example 20 with Expression

use of com.yahoo.elide.core.security.permissions.expressions.Expression in project elide by yahoo.

the class AbstractPermissionExecutor method checkPermissions.

/**
 * First attempts to check user permissions (by looking in the cache and if not present by executing user
 * permissions).  If user permissions don't short circuit the check, run the provided expression executor.
 *
 * @param <A> type parameter
 * @param resourceClass Resource class
 * @param annotationClass Annotation class
 * @param fields Set of all field names that is being accessed
 * @param expressionSupplier Builds a permission expression.
 * @param expressionExecutor Evaluates the expression (post user check evaluation)
 */
protected <A extends Annotation> ExpressionResult checkPermissions(Type<?> resourceClass, Class<A> annotationClass, Set<String> fields, Supplier<Expression> expressionSupplier, Optional<Function<Expression, ExpressionResult>> expressionExecutor) {
    // If the user check has already been evaluated before, return the result directly and save the building cost
    ImmutableSet<String> immutableFields = fields == null ? null : ImmutableSet.copyOf(fields);
    ExpressionResult expressionResult = userPermissionCheckCache.get(Triple.of(annotationClass, resourceClass, immutableFields));
    if (expressionResult == PASS) {
        return expressionResult;
    }
    Expression expression = expressionSupplier.get();
    if (expressionResult == null) {
        expressionResult = executeExpressions(expression, annotationClass, Expression.EvaluationMode.USER_CHECKS_ONLY);
        userPermissionCheckCache.put(Triple.of(annotationClass, resourceClass, immutableFields), expressionResult);
        if (expressionResult == PASS) {
            return expressionResult;
        }
    }
    return expressionExecutor.map(executor -> executor.apply(expression)).orElse(expressionResult);
}
Also used : PASS(com.yahoo.elide.core.security.permissions.ExpressionResult.PASS) Getter(lombok.Getter) HashMap(java.util.HashMap) DEFERRED(com.yahoo.elide.core.security.permissions.ExpressionResult.DEFERRED) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) Function(java.util.function.Function) Supplier(java.util.function.Supplier) DeletePermission(com.yahoo.elide.annotation.DeletePermission) PermissionExpressionBuilder(com.yahoo.elide.core.security.permissions.PermissionExpressionBuilder) Map(java.util.Map) Triple(org.apache.commons.lang3.tuple.Triple) RequestScope(com.yahoo.elide.core.RequestScope) ImmutableSet(com.google.common.collect.ImmutableSet) Logger(org.slf4j.Logger) Set(java.util.Set) LinkedBlockingQueue(java.util.concurrent.LinkedBlockingQueue) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) ForbiddenAccessException(com.yahoo.elide.core.exceptions.ForbiddenAccessException) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) ReadPermission(com.yahoo.elide.annotation.ReadPermission) ExpressionResultCache(com.yahoo.elide.core.security.permissions.ExpressionResultCache) Type(com.yahoo.elide.core.type.Type) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) Queue(java.util.Queue) AllArgsConstructor(lombok.AllArgsConstructor) FAIL(com.yahoo.elide.core.security.permissions.ExpressionResult.FAIL) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression)

Aggregations

Expression (com.yahoo.elide.core.security.permissions.expressions.Expression)24 Test (org.junit.jupiter.api.Test)12 CheckExpression (com.yahoo.elide.core.security.permissions.expressions.CheckExpression)11 AndExpression (com.yahoo.elide.core.security.permissions.expressions.AndExpression)8 OrExpression (com.yahoo.elide.core.security.permissions.expressions.OrExpression)8 ParseTree (org.antlr.v4.runtime.tree.ParseTree)8 FilterExpression (com.yahoo.elide.core.filter.expression.FilterExpression)7 ReadPermission (com.yahoo.elide.annotation.ReadPermission)5 PersistentResource (com.yahoo.elide.core.PersistentResource)5 RequestScope (com.yahoo.elide.core.RequestScope)5 OrFilterExpression (com.yahoo.elide.core.filter.expression.OrFilterExpression)5 ChangeSpec (com.yahoo.elide.core.security.ChangeSpec)5 Type (com.yahoo.elide.core.type.Type)5 Function (java.util.function.Function)5 ForbiddenAccessException (com.yahoo.elide.core.exceptions.ForbiddenAccessException)4 ExpressionResult (com.yahoo.elide.core.security.permissions.ExpressionResult)4 AnyFieldExpression (com.yahoo.elide.core.security.permissions.expressions.AnyFieldExpression)4 SpecificFieldExpression (com.yahoo.elide.core.security.permissions.expressions.SpecificFieldExpression)4 Annotation (java.lang.annotation.Annotation)4 Set (java.util.Set)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial