Example 1 with FilterBehavior
use of io.crnk.core.engine.filter.FilterBehavior in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImpl method get.
@Override
public FilterBehavior get(ResourceField field, HttpMethod method) {
Map<Object, FilterBehavior> map = getCache(method);
FilterBehavior behavior = map.get(field);
if (behavior != null) {
return behavior;
}
behavior = FilterBehavior.NONE;
for (ResourceFilter filter : filters) {
behavior = behavior.merge(filter.filterField(field, method));
if (behavior == FilterBehavior.FORBIDDEN) {
break;
}
}
if (field.getResourceFieldType() == ResourceFieldType.RELATIONSHIP) {
// for relationships opposite site must also be accessible (at least with GET)
String oppositeResourceType = field.getOppositeResourceType();
RegistryEntry oppositeRegistryEntry = resourceRegistry.getEntry(oppositeResourceType);
if (oppositeRegistryEntry != null) {
PreconditionUtil.assertNotNull(oppositeResourceType, oppositeRegistryEntry);
ResourceInformation oppositeResourceInformation = oppositeRegistryEntry.getResourceInformation();
// consider checking more than GET? intersection/union of multiple?
behavior = behavior.merge(get(oppositeResourceInformation, HttpMethod.GET));
} else {
LOGGER.warn("opposite side {} not found", oppositeResourceType);
}
}
map.put(field, behavior);
return behavior;
}
Also used :
ResourceFilter(io.crnk.core.engine.filter.ResourceFilter)
ResourceInformation(io.crnk.core.engine.information.resource.ResourceInformation)
FilterBehavior(io.crnk.core.engine.filter.FilterBehavior)
RegistryEntry(io.crnk.core.engine.registry.RegistryEntry)
Example 2 with FilterBehavior
use of io.crnk.core.engine.filter.FilterBehavior in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImpl method getCache.
private Map<Object, FilterBehavior> getCache(HttpMethod method) {
String key = ResourceFilterDirectoryImpl.class.getSimpleName() + method;
HttpRequestContext requestContext = requestContextProvider.getRequestContext();
if (requestContext == null) {
// e.g. testing
return new HashMap<>();
}
Map<Object, FilterBehavior> cache = (Map<Object, FilterBehavior>) requestContext.getRequestAttribute(key);
if (cache == null) {
cache = new HashMap<>();
requestContext.setRequestAttribute(key, cache);
}
return cache;
}
Also used :
HashMap(java.util.HashMap)
HttpRequestContext(io.crnk.core.engine.http.HttpRequestContext)
FilterBehavior(io.crnk.core.engine.filter.FilterBehavior)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 3 with FilterBehavior
use of io.crnk.core.engine.filter.FilterBehavior in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImpl method get.
@Override
public FilterBehavior get(ResourceInformation resourceInformation, HttpMethod method) {
Map<Object, FilterBehavior> map = getCache(method);
FilterBehavior behavior = map.get(resourceInformation);
if (behavior != null) {
return behavior;
}
behavior = FilterBehavior.NONE;
for (ResourceFilter filter : filters) {
behavior = behavior.merge(filter.filterResource(resourceInformation, method));
if (behavior == FilterBehavior.FORBIDDEN) {
break;
}
}
map.put(resourceInformation, behavior);
return behavior;
}
Also used :
ResourceFilter(io.crnk.core.engine.filter.ResourceFilter)
FilterBehavior(io.crnk.core.engine.filter.FilterBehavior)
Example 4 with FilterBehavior
use of io.crnk.core.engine.filter.FilterBehavior in project crnk-framework by crnk-project.
the class ResourceUpsert method canModifyField.
/**
* Allows to check whether the given field can be written.
*
* @param field from the information model or null if is a dynamic field (like JsonAny).
*/
protected boolean canModifyField(ResourceInformation resourceInformation, String fieldName, ResourceField field) {
if (field == null) {
return true;
}
HttpMethod method = getHttpMethod();
ResourceFieldAccess access = field.getAccess();
boolean modifiable = method == HttpMethod.POST ? access.isPostable() : access.isPatchable();
FilterBehavior filterBehavior = modifiable ? FilterBehavior.NONE : getDefaultFilterBehavior();
filterBehavior = filterBehavior.merge(resourceFilterDirectory.get(field, method));
if (filterBehavior == FilterBehavior.NONE) {
return true;
} else if (filterBehavior == FilterBehavior.FORBIDDEN) {
throw new ForbiddenException("field '" + fieldName + "' cannot be modified");
} else {
PreconditionUtil.assertEquals("unknown behavior", FilterBehavior.IGNORED, filterBehavior);
return false;
}
}
Also used :
ForbiddenException(io.crnk.core.exception.ForbiddenException)
FilterBehavior(io.crnk.core.engine.filter.FilterBehavior)
HttpMethod(io.crnk.core.engine.http.HttpMethod)
Aggregations
FilterBehavior (io.crnk.core.engine.filter.FilterBehavior)4
ResourceFilter (io.crnk.core.engine.filter.ResourceFilter)2
HttpMethod (io.crnk.core.engine.http.HttpMethod)1
HttpRequestContext (io.crnk.core.engine.http.HttpRequestContext)1
ResourceInformation (io.crnk.core.engine.information.resource.ResourceInformation)1
RegistryEntry (io.crnk.core.engine.registry.RegistryEntry)1
ForbiddenException (io.crnk.core.exception.ForbiddenException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
