use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class AbstractReadDtoService method toCriteria.
/**
* Constructs find / count jpa criteria from given filter and permissions
*
* @param filter
* @param applyFetchMode fetch related entities in the master select
* @param permission
* @return
*/
protected Specification<E> toCriteria(F filter, boolean applyFetchMode, BasePermission... permission) {
return new Specification<E>() {
private static final long serialVersionUID = 1L;
public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
List<Predicate> predicates = new ArrayList<>();
// if filter is null, no filter predicates will be built
if (filter != null) {
predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
}
//
// permissions are not evaluated, if no permission was given
// or authorizable type is null (=> authorization policies are not supported)
BasePermission[] permissions = PermissionUtils.trimNull(permission);
if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
if (authorizableType != null && authorizableType.getType() != null) {
boolean usePermissionOperatorOr = false;
if (filter instanceof PermissionContext) {
PermissionContext permissionContext = (PermissionContext) filter;
usePermissionOperatorOr = permissionContext.usePermissionOperatorOr();
}
if (usePermissionOperatorOr) {
predicates.add(getAuthorizationManager().getPredicateOr(root, query, builder, permissions));
} else {
predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
}
}
}
//
// check IN predicates limit
predicates.forEach(predicate -> {
checkFilterSizeExceeded(predicate);
});
// include referenced entity in "master" select => reduces number of sub selects
if (applyFetchMode) {
// FIXME: is needed in new hibernate?
// applyFetchMode(root);
}
//
return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
}
};
}
Aggregations