use of io.crnk.core.engine.filter.ResourceFilter in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImplTest method checkMergeFieldFilterWithNoneNone.
@Test
public void checkMergeFieldFilterWithNoneNone() {
ResourceFilter filter2 = Mockito.mock(ResourceFilter.class);
filters.add(filter2);
setFieldBehavior(HttpMethod.GET, FilterBehavior.NONE);
Mockito.when(filter2.filterField(Mockito.eq(resourceField), Mockito.eq(HttpMethod.GET))).thenReturn(FilterBehavior.NONE);
Assert.assertEquals(FilterBehavior.NONE, directory.get(resourceField, HttpMethod.GET));
Mockito.verify(filter, Mockito.times(1)).filterField(Mockito.eq(resourceField), Mockito.any(HttpMethod.class));
Mockito.verify(filter2, Mockito.times(1)).filterField(Mockito.eq(resourceField), Mockito.any(HttpMethod.class));
}
use of io.crnk.core.engine.filter.ResourceFilter in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImpl method get.
@Override
public FilterBehavior get(ResourceField field, HttpMethod method) {
Map<Object, FilterBehavior> map = getCache(method);
FilterBehavior behavior = map.get(field);
if (behavior != null) {
return behavior;
}
behavior = FilterBehavior.NONE;
for (ResourceFilter filter : filters) {
behavior = behavior.merge(filter.filterField(field, method));
if (behavior == FilterBehavior.FORBIDDEN) {
break;
}
}
if (field.getResourceFieldType() == ResourceFieldType.RELATIONSHIP) {
// for relationships opposite site must also be accessible (at least with GET)
String oppositeResourceType = field.getOppositeResourceType();
RegistryEntry oppositeRegistryEntry = resourceRegistry.getEntry(oppositeResourceType);
if (oppositeRegistryEntry != null) {
PreconditionUtil.assertNotNull(oppositeResourceType, oppositeRegistryEntry);
ResourceInformation oppositeResourceInformation = oppositeRegistryEntry.getResourceInformation();
// consider checking more than GET? intersection/union of multiple?
behavior = behavior.merge(get(oppositeResourceInformation, HttpMethod.GET));
} else {
LOGGER.warn("opposite side {} not found", oppositeResourceType);
}
}
map.put(field, behavior);
return behavior;
}
use of io.crnk.core.engine.filter.ResourceFilter in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImpl method get.
@Override
public FilterBehavior get(ResourceInformation resourceInformation, HttpMethod method) {
Map<Object, FilterBehavior> map = getCache(method);
FilterBehavior behavior = map.get(resourceInformation);
if (behavior != null) {
return behavior;
}
behavior = FilterBehavior.NONE;
for (ResourceFilter filter : filters) {
behavior = behavior.merge(filter.filterResource(resourceInformation, method));
if (behavior == FilterBehavior.FORBIDDEN) {
break;
}
}
map.put(resourceInformation, behavior);
return behavior;
}
use of io.crnk.core.engine.filter.ResourceFilter in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImplTest method checkMergeResourceFilterWithForbiddenNone.
@Test
public void checkMergeResourceFilterWithForbiddenNone() {
ResourceFilter filter2 = Mockito.mock(ResourceFilter.class);
filters.add(filter2);
setResourceBehavior(HttpMethod.GET, FilterBehavior.FORBIDDEN);
Mockito.when(filter2.filterResource(Mockito.eq(resourceInformation), Mockito.eq(HttpMethod.GET))).thenReturn(FilterBehavior.NONE);
Assert.assertEquals(FilterBehavior.FORBIDDEN, directory.get(resourceInformation, HttpMethod.GET));
Mockito.verify(filter, Mockito.times(1)).filterResource(Mockito.eq(resourceInformation), Mockito.any(HttpMethod.class));
// loop breaks after first filter as FORBIDDEN is hardest filter
Mockito.verify(filter2, Mockito.times(0)).filterResource(Mockito.eq(resourceInformation), Mockito.any(HttpMethod.class));
}
use of io.crnk.core.engine.filter.ResourceFilter in project crnk-framework by crnk-project.
the class ResourceFilterDirectoryImplTest method checkMergeFieldFilterWithNoneForbidden.
@Test
public void checkMergeFieldFilterWithNoneForbidden() {
ResourceFilter filter2 = Mockito.mock(ResourceFilter.class);
filters.add(filter2);
setFieldBehavior(HttpMethod.GET, FilterBehavior.NONE);
Mockito.when(filter2.filterField(Mockito.eq(resourceField), Mockito.eq(HttpMethod.GET))).thenReturn(FilterBehavior.FORBIDDEN);
Assert.assertEquals(FilterBehavior.FORBIDDEN, directory.get(resourceField, HttpMethod.GET));
Mockito.verify(filter, Mockito.times(1)).filterField(Mockito.eq(resourceField), Mockito.any(HttpMethod.class));
Mockito.verify(filter2, Mockito.times(1)).filterField(Mockito.eq(resourceField), Mockito.any(HttpMethod.class));
}
Aggregations