Search in sources :

Example 1 with PermissionsInfo

use of io.jmix.rest.impl.service.filter.data.PermissionsInfo in project jmix by jmix-framework.

the class PermissionsControllerManager method getPermissions.

public PermissionsInfo getPermissions() {
    PermissionsInfo permissionsInfo = new PermissionsInfo();
    List<String> authorities = currentUserSubstitution.getEffectiveUser().getAuthorities().stream().map(GrantedAuthority::getAuthority).filter(Objects::nonNull).collect(Collectors.toList());
    permissionsInfo.setAuthorities(authorities);
    List<ShortPermissionInfo> entityPermissions = new ArrayList<>();
    List<ShortPermissionInfo> entityAttributePermissions = new ArrayList<>();
    permissionsInfo.setEntities(entityPermissions);
    permissionsInfo.setEntityAttributes(entityAttributePermissions);
    for (MetaClass metaClass : metadata.getSession().getClasses()) {
        CrudEntityContext entityContext = new CrudEntityContext(metaClass);
        accessManager.applyRegisteredConstraints(entityContext);
        if (entityContext.isCreatePermitted()) {
            entityPermissions.add(new ShortPermissionInfo(getEntityTarget(metaClass, "create"), ALLOWED_CRUD_PERMISSION));
        }
        if (entityContext.isReadPermitted()) {
            entityPermissions.add(new ShortPermissionInfo(getEntityTarget(metaClass, "read"), ALLOWED_CRUD_PERMISSION));
        }
        if (entityContext.isUpdatePermitted()) {
            entityPermissions.add(new ShortPermissionInfo(getEntityTarget(metaClass, "update"), ALLOWED_CRUD_PERMISSION));
        }
        if (entityContext.isDeletePermitted()) {
            entityPermissions.add(new ShortPermissionInfo(getEntityTarget(metaClass, "delete"), ALLOWED_CRUD_PERMISSION));
        }
        for (MetaProperty metaProperty : metaClass.getProperties()) {
            EntityAttributeContext attributeContext = new EntityAttributeContext(metaClass, metaProperty.getName());
            accessManager.applyRegisteredConstraints(attributeContext);
            if (attributeContext.canModify()) {
                entityAttributePermissions.add(new ShortPermissionInfo(getEntityAttributeTarget(metaClass, metaProperty), MODIFY_ATTRIBUTE_PERMISSION));
            } else if (attributeContext.canView()) {
                entityAttributePermissions.add(new ShortPermissionInfo(getEntityAttributeTarget(metaClass, metaProperty), VIEW_ATTRIBUTE_PERMISSION));
            }
        }
    }
    List<ShortPermissionInfo> grantedSpecificPolicies = specificPolicyInfoRegistry.getSpecificPolicyInfos().stream().map(SpecificPolicyInfoRegistry.SpecificPolicyInfo::getName).filter(specificPolicyName -> {
        SpecificOperationAccessContext accessContext = new SpecificOperationAccessContext(specificPolicyName);
        accessManager.applyRegisteredConstraints(accessContext);
        return accessContext.isPermitted();
    }).map(specificPolicyName -> new ShortPermissionInfo(specificPolicyName, 1)).collect(Collectors.toList());
    permissionsInfo.setSpecifics(grantedSpecificPolicies);
    return permissionsInfo;
}
Also used : PermissionsInfo(io.jmix.rest.impl.service.filter.data.PermissionsInfo) PermissionsController(io.jmix.rest.impl.controller.PermissionsController) MetaClass(io.jmix.core.metamodel.model.MetaClass) PermissionsInfo(io.jmix.rest.impl.service.filter.data.PermissionsInfo) EntityAttributeContext(io.jmix.core.accesscontext.EntityAttributeContext) AccessManager(io.jmix.core.AccessManager) SpecificOperationAccessContext(io.jmix.core.accesscontext.SpecificOperationAccessContext) Autowired(org.springframework.beans.factory.annotation.Autowired) Metadata(io.jmix.core.Metadata) CrudEntityContext(io.jmix.core.accesscontext.CrudEntityContext) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) Objects(java.util.Objects) Component(org.springframework.stereotype.Component) List(java.util.List) MetaProperty(io.jmix.core.metamodel.model.MetaProperty) CurrentUserSubstitution(io.jmix.core.usersubstitution.CurrentUserSubstitution) SpecificPolicyInfoRegistry(io.jmix.core.security.SpecificPolicyInfoRegistry) ShortPermissionInfo(io.jmix.rest.impl.service.filter.data.ShortPermissionInfo) SpecificOperationAccessContext(io.jmix.core.accesscontext.SpecificOperationAccessContext) EntityAttributeContext(io.jmix.core.accesscontext.EntityAttributeContext) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) ShortPermissionInfo(io.jmix.rest.impl.service.filter.data.ShortPermissionInfo) SpecificPolicyInfoRegistry(io.jmix.core.security.SpecificPolicyInfoRegistry) MetaClass(io.jmix.core.metamodel.model.MetaClass) CrudEntityContext(io.jmix.core.accesscontext.CrudEntityContext) MetaProperty(io.jmix.core.metamodel.model.MetaProperty)

Aggregations

AccessManager (io.jmix.core.AccessManager)1 Metadata (io.jmix.core.Metadata)1 CrudEntityContext (io.jmix.core.accesscontext.CrudEntityContext)1 EntityAttributeContext (io.jmix.core.accesscontext.EntityAttributeContext)1 SpecificOperationAccessContext (io.jmix.core.accesscontext.SpecificOperationAccessContext)1 MetaClass (io.jmix.core.metamodel.model.MetaClass)1 MetaProperty (io.jmix.core.metamodel.model.MetaProperty)1 SpecificPolicyInfoRegistry (io.jmix.core.security.SpecificPolicyInfoRegistry)1 CurrentUserSubstitution (io.jmix.core.usersubstitution.CurrentUserSubstitution)1 PermissionsController (io.jmix.rest.impl.controller.PermissionsController)1 PermissionsInfo (io.jmix.rest.impl.service.filter.data.PermissionsInfo)1 ShortPermissionInfo (io.jmix.rest.impl.service.filter.data.ShortPermissionInfo)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Objects (java.util.Objects)1 Collectors (java.util.stream.Collectors)1 Autowired (org.springframework.beans.factory.annotation.Autowired)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 Component (org.springframework.stereotype.Component)1