Search in sources :

Example 6 with AuthorizableType

use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.

the class AbstractReadDtoService method toCriteria.

/**
 * Constructs find / count jpa criteria from given filter and permissions
 *
 * @param filter
 * @param applyFetchMode fetch related entities in the master select
 * @param permission
 * @return
 */
protected Specification<E> toCriteria(F filter, boolean applyFetchMode, BasePermission... permission) {
    return new Specification<E>() {

        private static final long serialVersionUID = 1L;

        public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
            List<Predicate> predicates = new ArrayList<>();
            // if filter is null, no filter predicates will be built
            if (filter != null) {
                predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
            }
            // 
            // permissions are not evaluated, if no permission was given
            // or authorizable type is null (=> authorization policies are not supported)
            BasePermission[] permissions = PermissionUtils.trimNull(permission);
            if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
                AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
                if (authorizableType != null && authorizableType.getType() != null) {
                    boolean usePermissionOperatorOr = false;
                    if (filter instanceof PermissionContext) {
                        PermissionContext permissionContext = (PermissionContext) filter;
                        usePermissionOperatorOr = permissionContext.usePermissionOperatorOr();
                    }
                    if (usePermissionOperatorOr) {
                        predicates.add(getAuthorizationManager().getPredicateOr(root, query, builder, permissions));
                    } else {
                        predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
                    }
                }
            }
            // 
            // check IN predicates limit
            predicates.forEach(predicate -> {
                checkFilterSizeExceeded(predicate);
            });
            // include referenced entity in "master" select  => reduces number of sub selects
            if (applyFetchMode) {
            // FIXME: is needed in new hibernate?
            // applyFetchMode(root);
            }
            // 
            return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
        }
    };
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) Root(javax.persistence.criteria.Root) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) ArrayList(java.util.ArrayList) PermissionContext(eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext) Specification(org.springframework.data.jpa.domain.Specification) AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType) Predicate(javax.persistence.criteria.Predicate) InPredicate(org.hibernate.query.criteria.internal.predicate.InPredicate) ExistsPredicate(org.hibernate.query.criteria.internal.predicate.ExistsPredicate) AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService) BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)

Aggregations

AuthorizableType (eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)6 AuthorizableService (eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)3 BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)2 ArrayList (java.util.ArrayList)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 CriteriaQuery (javax.persistence.criteria.CriteriaQuery)2 Predicate (javax.persistence.criteria.Predicate)2 Root (javax.persistence.criteria.Root)2 Test (org.junit.Test)2 Specification (org.springframework.data.jpa.domain.Specification)2 AbstractDto (eu.bcvsolutions.idm.core.api.dto.AbstractDto)1 BaseFilter (eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)1 PermissionContext (eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext)1 IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)1 AbstractEvaluatorIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)1 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)1 HashSet (java.util.HashSet)1 ExistsPredicate (org.hibernate.query.criteria.internal.predicate.ExistsPredicate)1 InPredicate (org.hibernate.query.criteria.internal.predicate.InPredicate)1