Example 1 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class EntityLogBrowser method onInstancePickerLookup.
@Subscribe("instancePicker.lookup")
public void onInstancePickerLookup(Action.ActionPerformedEvent event) {
final MetaClass metaClass = instancePicker.getMetaClass();
if (instancePicker.isEditable()) {
if (metaClass == null) {
throw new IllegalStateException("Please specify metaclass or property for PickerField");
}
if (!secureOperations.isEntityReadPermitted(metaClass, policyStore)) {
notifications.create(Notifications.NotificationType.ERROR).withCaption(messages.getMessage(EntityLogBrowser.class, "entityAccessDeniedMessage")).show();
return;
}
try {
Screen lookup = screenBuilders.lookup(instancePicker).withSelectHandler(items -> {
if (!items.isEmpty()) {
Object item = items.iterator().next();
instancePicker.setValue(item);
}
}).build();
lookup.addAfterCloseListener(afterCloseEvent -> instancePicker.focus());
lookup.show();
} catch (AccessDeniedException ex) {
notifications.create(Notifications.NotificationType.ERROR).withCaption(messages.getMessage(EntityLogBrowser.class, "entityScreenAccessDeniedMessage")).show();
return;
}
}
}
Also used :
EntityLogItem(io.jmix.audit.entity.EntityLogItem)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
CollectionLoader(io.jmix.ui.model.CollectionLoader)
java.util(java.util)
PolicyStore(io.jmix.security.constraint.PolicyStore)
Autowired(org.springframework.beans.factory.annotation.Autowired)
io.jmix.core(io.jmix.core)
EntityLog(io.jmix.audit.EntityLog)
SecureOperations(io.jmix.security.constraint.SecureOperations)
StringUtils(org.apache.commons.lang3.StringUtils)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
LookupComponent(io.jmix.ui.screen.LookupComponent)
Action(io.jmix.ui.action.Action)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Range(io.jmix.core.metamodel.model.Range)
DialogAction(io.jmix.ui.action.DialogAction)
io.jmix.ui(io.jmix.ui)
Nullable(javax.annotation.Nullable)
EntityLogAttr(io.jmix.audit.entity.EntityLogAttr)
DataContext(io.jmix.ui.model.DataContext)
LoggedEntity(io.jmix.audit.entity.LoggedEntity)
CollectionContainer(io.jmix.ui.model.CollectionContainer)
Collectors(java.util.stream.Collectors)
DateUtils(org.apache.commons.lang3.time.DateUtils)
UserRepository(io.jmix.core.security.UserRepository)
LoggedAttribute(io.jmix.audit.entity.LoggedAttribute)
EnumClass(io.jmix.core.metamodel.datatype.impl.EnumClass)
io.jmix.ui.screen(io.jmix.ui.screen)
MetaProperty(io.jmix.core.metamodel.model.MetaProperty)
io.jmix.ui.component(io.jmix.ui.component)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
Example 2 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class FoldersServiceBean method importFolder.
@Override
public Folder importFolder(Folder parentFolder, byte[] bytes) throws IOException {
if (!security.isEntityOpPermitted(Folder.class, EntityOp.CREATE)) {
throw new AccessDeniedException("entity", Folder.class.getSimpleName(), "create");
}
Folder folder = null;
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
ZipArchiveInputStream archiveReader;
archiveReader = new ZipArchiveInputStream(byteArrayInputStream);
ZipArchiveEntry archiveEntry;
while (((archiveEntry = archiveReader.getNextZipEntry()) != null) && (folder == null)) {
if (archiveEntry.getName().equals("folder.xml")) {
String xml = new String(IOUtils.toByteArray(archiveReader), StandardCharsets.UTF_8);
folder = (Folder) createXStream().fromXML(xml);
}
}
byteArrayInputStream.close();
if (folder != null) {
if (folder.equals(parentFolder)) {
throw new RuntimeException("Cannot import the folder to itself. Select another parent folder.");
}
try (Transaction tx = persistence.createTransaction()) {
List<Folder> allParentFolders = findAllParentFolders(parentFolder, new ArrayList<>());
if (allParentFolders.contains(folder)) {
throw new RuntimeException("Cannot import the folder. The imported folder is found among ancestors of the target parent folder. " + "Select another parent folder.");
}
tx.commit();
}
// all parent folders starting with the target parent folder
checkImportPermissions(folder);
folder.setParent(parentFolder);
Transaction tx = persistence.createTransaction();
try {
EntityManager em = persistence.getEntityManager();
em.setSoftDeletion(false);
Folder existingFolder = em.find(Folder.class, folder.getId());
if (existingFolder != null) {
checkImportPermissions(existingFolder);
folder.setVersion(existingFolder.getVersion());
folder.setCreateTs(existingFolder.getCreateTs());
folder.setCreatedBy(existingFolder.getCreatedBy());
} else {
UserDetails user = userSessionSource.getUserSession().getUser();
folder.setCreatedBy(user.getUsername().toLowerCase());
folder.setCreateTs(timeSource.currentTimestamp());
folder.setUpdatedBy(null);
folder.setUpdateTs(null);
folder.setVersion(0);
}
em.merge(folder);
tx.commit();
} finally {
tx.end();
}
}
return folder;
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
EntityManager(com.haulmont.cuba.core.EntityManager)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Transaction(com.haulmont.cuba.core.Transaction)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ZipArchiveInputStream(org.apache.commons.compress.archivers.zip.ZipArchiveInputStream)
ZipArchiveEntry(org.apache.commons.compress.archivers.zip.ZipArchiveEntry)
AppFolder(com.haulmont.cuba.core.entity.AppFolder)
SearchFolder(com.haulmont.cuba.security.entity.SearchFolder)
Folder(com.haulmont.cuba.core.entity.Folder)
Example 3 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class DataStoreCrudListener method beforeEntitySave.
@Override
public void beforeEntitySave(DataStoreBeforeEntitySaveEvent event) {
SaveContext context = event.getSaveContext();
Collection<AccessConstraint<?>> accessConstraints = context.getAccessConstraints();
if (accessConstraints.isEmpty()) {
return;
}
Map<MetaClass, CrudEntityContext> accessCache = new HashMap<>();
for (Object entity : context.getEntitiesToSave()) {
if (entity == null) {
continue;
}
MetaClass metaClass = metadata.getClass(entity);
CrudEntityContext entityContext = accessCache.computeIfAbsent(metaClass, key -> evaluateCrudAccess(key, accessConstraints));
if (entityStates.isNew(entity)) {
if (!entityContext.isCreatePermitted()) {
throw new AccessDeniedException("entity", metaClass.getName(), "create");
}
} else if (!entityContext.isUpdatePermitted()) {
throw new AccessDeniedException("entity", metaClass.getName(), "update");
}
}
for (Object entity : context.getEntitiesToRemove()) {
if (entity == null) {
continue;
}
MetaClass metaClass = metadata.getClass(entity);
CrudEntityContext entityContext = accessCache.computeIfAbsent(metaClass, key -> evaluateCrudAccess(key, accessConstraints));
if (!entityContext.isDeletePermitted()) {
throw new AccessDeniedException("entity", metaClass.getName(), "update");
}
}
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
CrudEntityContext(io.jmix.core.accesscontext.CrudEntityContext)
HashMap(java.util.HashMap)
AccessConstraint(io.jmix.core.constraint.AccessConstraint)
Example 4 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class DataStoreInMemoryCrudListener method entitySaving.
@Override
public void entitySaving(DataStoreEntitySavingEvent event) {
SaveContext context = event.getSaveContext();
for (Object entity : event.getEntities()) {
MetaClass metaClass = metadata.getClass(entity);
InMemoryCrudEntityContext entityContext = new InMemoryCrudEntityContext(metaClass, applicationContext);
accessManager.applyConstraints(entityContext, context.getAccessConstraints());
if (isNew(context, entity)) {
if (!entityContext.isCreatePermitted(entity)) {
throw new AccessDeniedException("entity", entity.toString(), "create");
}
} else {
if (!entityContext.isUpdatePermitted(entity)) {
throw new AccessDeniedException("entity", entity.toString(), "update");
}
}
}
}
Also used :
InMemoryCrudEntityContext(io.jmix.core.accesscontext.InMemoryCrudEntityContext)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
Example 5 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class CollectionPropertyDatasourceImpl method checkPermission.
protected void checkPermission() {
Security security = AppBeans.get(Security.NAME);
MetaClass parentMetaClass = masterDs.getMetaClass();
if (!security.isEntityAttrPermitted(parentMetaClass, metaProperty.getName(), EntityAttrAccess.MODIFY)) {
throw new AccessDeniedException("attribute", parentMetaClass + "." + metaProperty.getName());
}
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
Security(com.haulmont.cuba.core.global.Security)
Aggregations
AccessDeniedException (io.jmix.core.security.AccessDeniedException)14
MetaClass (io.jmix.core.metamodel.model.MetaClass)8
CrudEntityContext (io.jmix.core.accesscontext.CrudEntityContext)3
AppFolder (com.haulmont.cuba.core.entity.AppFolder)2
Folder (com.haulmont.cuba.core.entity.Folder)2
SearchFolder (com.haulmont.cuba.security.entity.SearchFolder)2
InMemoryCrudEntityContext (io.jmix.core.accesscontext.InMemoryCrudEntityContext)2
MetaProperty (io.jmix.core.metamodel.model.MetaProperty)2
UiShowScreenContext (io.jmix.ui.accesscontext.UiShowScreenContext)2
UiSetting (io.jmix.uidata.entity.UiSetting)2
UiTablePresentation (io.jmix.uidata.entity.UiTablePresentation)2
Nullable (javax.annotation.Nullable)2
Query (javax.persistence.Query)2
TypedQuery (javax.persistence.TypedQuery)2
Attribute (org.dom4j.Attribute)2
Document (org.dom4j.Document)2
Element (org.dom4j.Element)2
Authentication (org.springframework.security.core.Authentication)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
EntityManager (com.haulmont.cuba.core.EntityManager)1
