Example 6 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class UserSettingServiceBean method copySettings.
@Override
public void copySettings(UserDetails fromUser, UserDetails toUser) {
Preconditions.checkNotNullArgument(fromUser);
Preconditions.checkNotNullArgument(toUser);
MetaClass metaClass = metadata.getClass(UiSetting.class);
CrudEntityContext entityContext = new CrudEntityContext(metaClass);
accessManager.applyRegisteredConstraints(entityContext);
if (!entityContext.isCreatePermitted()) {
throw new AccessDeniedException("entity", metaClass.getName());
}
transaction.executeWithoutResult(status -> {
Query deleteSettingsQuery = entityManager.createQuery("delete from ui_Setting s where s.username = ?1");
deleteSettingsQuery.setParameter(1, toUser.getUsername());
deleteSettingsQuery.executeUpdate();
});
Map<UUID, UiTablePresentation> presentationsMap = copyPresentations(fromUser, toUser);
copyUserFolders(fromUser, toUser, presentationsMap);
Map<UUID, FilterEntity> filtersMap = copyFilters(fromUser, toUser);
transaction.executeWithoutResult(status -> {
TypedQuery<UiSetting> q = entityManager.createQuery("select s from ui_Setting s where s.username = ?1", UiSetting.class);
q.setParameter(1, fromUser.getUsername());
List<UiSetting> fromUserSettings = q.getResultList();
for (UiSetting currSetting : fromUserSettings) {
UiSetting newSetting = metadata.create(UiSetting.class);
newSetting.setUsername(toUser.getUsername());
newSetting.setName(currSetting.getName());
try {
Document doc = dom4JTools.readDocument(currSetting.getValue());
List<Element> components = doc.getRootElement().element("components").elements("component");
for (Element component : components) {
Attribute presentationAttr = component.attribute("presentation");
if (presentationAttr != null) {
UUID presentationId = UuidProvider.fromString(presentationAttr.getValue());
UiTablePresentation newPresentation = presentationsMap.get(presentationId);
if (newPresentation != null) {
presentationAttr.setValue(newPresentation.getId().toString());
}
}
Element defaultFilterEl = component.element("defaultFilter");
if (defaultFilterEl != null) {
Attribute idAttr = defaultFilterEl.attribute("id");
if (idAttr != null) {
UUID filterId = UuidProvider.fromString(idAttr.getValue());
FilterEntity newFilter = filtersMap.get(filterId);
if (newFilter != null) {
idAttr.setValue(newFilter.getId().toString());
}
}
}
}
newSetting.setValue(dom4JTools.writeDocument(doc, true));
} catch (Exception e) {
newSetting.setValue(currSetting.getValue());
}
entityManager.persist(newSetting);
}
});
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
TypedQuery(javax.persistence.TypedQuery)
Query(javax.persistence.Query)
FilterEntity(com.haulmont.cuba.security.entity.FilterEntity)
Attribute(org.dom4j.Attribute)
Element(org.dom4j.Element)
Document(org.dom4j.Document)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
CrudEntityContext(io.jmix.core.accesscontext.CrudEntityContext)
UiTablePresentation(io.jmix.uidata.entity.UiTablePresentation)
UiSetting(io.jmix.uidata.entity.UiSetting)
UUID(java.util.UUID)
Example 7 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class DataStoreInMemoryCrudListener method entityDeleting.
@Override
public void entityDeleting(DataStoreEntityDeletingEvent event) {
SaveContext context = event.getSaveContext();
for (Object entity : event.getEntities()) {
MetaClass metaClass = metadata.getClass(entity);
InMemoryCrudEntityContext entityContext = new InMemoryCrudEntityContext(metaClass, applicationContext);
accessManager.applyConstraints(entityContext, context.getAccessConstraints());
if (!entityContext.isDeletePermitted(entity)) {
throw new AccessDeniedException("entity", entity.toString(), "delete");
}
}
}
Also used :
InMemoryCrudEntityContext(io.jmix.core.accesscontext.InMemoryCrudEntityContext)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
MetaClass(io.jmix.core.metamodel.model.MetaClass)
Example 8 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class FoldersServiceBean method checkImportPermissions.
protected void checkImportPermissions(Folder folder) {
UserSession userSession = userSessionSource.getUserSession();
if (folder instanceof SearchFolder) {
SearchFolder searchFolder = (SearchFolder) folder;
String currentUsername = userSession.getUser().getUsername();
if (searchFolder.getUsername() != null && !currentUsername.equals(searchFolder.getUsername())) {
throw new AccessDeniedException("entity", Folder.class.getSimpleName());
}
if (searchFolder.getUsername() == null && !security.isSpecificPermitted("cuba.gui.searchFolder.global")) {
throw new AccessDeniedException("entity", Folder.class.getSimpleName());
}
}
if (folder instanceof AppFolder) {
if (!security.isSpecificPermitted("cuba.gui.appFolder.global")) {
throw new AccessDeniedException("entity", Folder.class.getSimpleName());
}
}
}
Also used :
AppFolder(com.haulmont.cuba.core.entity.AppFolder)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
UserSession(com.haulmont.cuba.security.global.UserSession)
SearchFolder(com.haulmont.cuba.security.entity.SearchFolder)
AppFolder(com.haulmont.cuba.core.entity.AppFolder)
SearchFolder(com.haulmont.cuba.security.entity.SearchFolder)
Folder(com.haulmont.cuba.core.entity.Folder)
Example 9 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class LoginScreenSupport method checkLoginToUi.
protected void checkLoginToUi(AuthDetails authDetails, Authentication authentication) {
Authentication currentAuthentication = SecurityContextHelper.getAuthentication();
UiLoginToUiContext loginToUiContext = new UiLoginToUiContext();
try {
SecurityContextHelper.setAuthentication(authentication);
accessManager.applyRegisteredConstraints(loginToUiContext);
} finally {
SecurityContextHelper.setAuthentication(currentAuthentication);
}
if (!loginToUiContext.isPermitted()) {
log.warn("Attempt of login to UI for user '{}' without '{}' permission", authDetails.getUsername(), loginToUiContext.getName());
throw new AccessDeniedException("specific", loginToUiContext.getName());
}
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
Authentication(org.springframework.security.core.Authentication)
UiLoginToUiContext(io.jmix.securityui.accesscontext.UiLoginToUiContext)
Example 10 with AccessDeniedException
use of io.jmix.core.security.AccessDeniedException in project jmix by jmix-framework.
the class LastSecurityFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException {
logRequest(request);
parseRequestLocale(request);
try {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (applicationEventPublisher != null && authentication != null) {
BeforeInvocationEvent beforeInvocationEvent = new BeforeInvocationEvent(authentication, request, response);
applicationEventPublisher.publishEvent(beforeInvocationEvent);
boolean invocationPrevented = beforeInvocationEvent.isInvocationPrevented();
try {
if (!invocationPrevented) {
filterChain.doFilter(request, response);
} else {
log.debug("Request invocation prevented by BeforeInvocationEvent handler");
int errorCode = beforeInvocationEvent.getErrorCode();
if (errorCode > 0) {
String errorMessage = beforeInvocationEvent.getErrorMessage();
if (Strings.isNullOrEmpty(errorMessage)) {
log.warn("Send an error response with error code: {}", errorCode);
response.sendError(errorCode);
} else {
log.warn("Send an error response with error code: {} and message: {}", errorCode, errorMessage);
response.sendError(errorCode, errorMessage);
}
}
}
} finally {
applicationEventPublisher.publishEvent(new AfterInvocationEvent(authentication, request, response, invocationPrevented));
}
} else {
filterChain.doFilter(request, response);
}
} catch (AccessDeniedException e) {
log.error("Access denied", e);
response.sendError(HttpServletResponse.SC_FORBIDDEN);
} catch (Exception e) {
log.error("Error during API call", e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Also used :
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
AfterInvocationEvent(io.jmix.securityoauth2.event.AfterInvocationEvent)
BeforeInvocationEvent(io.jmix.securityoauth2.event.BeforeInvocationEvent)
IOException(java.io.IOException)
AccessDeniedException(io.jmix.core.security.AccessDeniedException)
Aggregations
AccessDeniedException (io.jmix.core.security.AccessDeniedException)14
MetaClass (io.jmix.core.metamodel.model.MetaClass)8
CrudEntityContext (io.jmix.core.accesscontext.CrudEntityContext)3
AppFolder (com.haulmont.cuba.core.entity.AppFolder)2
Folder (com.haulmont.cuba.core.entity.Folder)2
SearchFolder (com.haulmont.cuba.security.entity.SearchFolder)2
InMemoryCrudEntityContext (io.jmix.core.accesscontext.InMemoryCrudEntityContext)2
MetaProperty (io.jmix.core.metamodel.model.MetaProperty)2
UiShowScreenContext (io.jmix.ui.accesscontext.UiShowScreenContext)2
UiSetting (io.jmix.uidata.entity.UiSetting)2
UiTablePresentation (io.jmix.uidata.entity.UiTablePresentation)2
Nullable (javax.annotation.Nullable)2
Query (javax.persistence.Query)2
TypedQuery (javax.persistence.TypedQuery)2
Attribute (org.dom4j.Attribute)2
Document (org.dom4j.Document)2
Element (org.dom4j.Element)2
Authentication (org.springframework.security.core.Authentication)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
EntityManager (com.haulmont.cuba.core.EntityManager)1
