Example 1 with PermissionContext
use of eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext in project CzechIdMng by bcvsolutions.
the class AbstractReadDtoService method toCriteria.
/**
* Constructs find / count jpa criteria from given filter and permissions
*
* @param filter
* @param applyFetchMode fetch related entities in the master select
* @param permission
* @return
*/
protected Specification<E> toCriteria(F filter, boolean applyFetchMode, BasePermission... permission) {
return new Specification<E>() {
private static final long serialVersionUID = 1L;
public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
List<Predicate> predicates = new ArrayList<>();
// if filter is null, no filter predicates will be built
if (filter != null) {
predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
}
//
// permissions are not evaluated, if no permission was given
// or authorizable type is null (=> authorization policies are not supported)
BasePermission[] permissions = PermissionUtils.trimNull(permission);
if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
if (authorizableType != null && authorizableType.getType() != null) {
boolean usePermissionOperatorOr = false;
if (filter instanceof PermissionContext) {
PermissionContext permissionContext = (PermissionContext) filter;
usePermissionOperatorOr = permissionContext.usePermissionOperatorOr();
}
if (usePermissionOperatorOr) {
predicates.add(getAuthorizationManager().getPredicateOr(root, query, builder, permissions));
} else {
predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
}
}
}
//
// check IN predicates limit
predicates.forEach(predicate -> {
checkFilterSizeExceeded(predicate);
});
// include referenced entity in "master" select => reduces number of sub selects
if (applyFetchMode) {
// FIXME: is needed in new hibernate?
// applyFetchMode(root);
}
//
return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
}
};
}
Also used :
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
Root(javax.persistence.criteria.Root)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
ArrayList(java.util.ArrayList)
PermissionContext(eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext)
Specification(org.springframework.data.jpa.domain.Specification)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Predicate(javax.persistence.criteria.Predicate)
InPredicate(org.hibernate.query.criteria.internal.predicate.InPredicate)
ExistsPredicate(org.hibernate.query.criteria.internal.predicate.ExistsPredicate)
AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)
Aggregations
PermissionContext (eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext)1
BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)1
IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)1
AuthorizableType (eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)1
AuthorizableService (eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)1
ArrayList (java.util.ArrayList)1
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)1
CriteriaQuery (javax.persistence.criteria.CriteriaQuery)1
Predicate (javax.persistence.criteria.Predicate)1
Root (javax.persistence.criteria.Root)1
ExistsPredicate (org.hibernate.query.criteria.internal.predicate.ExistsPredicate)1
InPredicate (org.hibernate.query.criteria.internal.predicate.InPredicate)1
Specification (org.springframework.data.jpa.domain.Specification)1
