Example 51 with Predicate
use of javax.persistence.criteria.Predicate in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManager method getPredicate.
@Override
public <E extends Identifiable> Predicate getPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder, BasePermission... permission) {
Assert.notNull(permission);
//
// disjunction - no data by default
final List<Predicate> predicates = Lists.newArrayList(builder.disjunction());
//
service.getEnabledPolicies(securityService.getCurrentId(), root.getJavaType()).forEach(policy -> {
if (!supportsEntityType(policy, root.getJavaType())) {
// TODO: compatibility issues - agendas without authorization support
} else {
AuthorizationEvaluator<E> evaluator = getEvaluator(policy);
if (evaluator != null && evaluator.supports(root.getJavaType())) {
Predicate predicate = evaluator.getPredicate(root, query, builder, policy, permission);
if (predicate != null) {
predicates.add(predicate);
}
}
}
});
return builder.or(predicates.toArray(new Predicate[predicates.size()]));
}
Also used :
Predicate(javax.persistence.criteria.Predicate)
Example 52 with Predicate
use of javax.persistence.criteria.Predicate in project CzechIdMng by bcvsolutions.
the class AbstractReadDtoService method findEntities.
protected Page<E> findEntities(F filter, Pageable pageable, BasePermission... permission) {
// transform filter to criteria
Specification<E> criteria = new Specification<E>() {
public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
List<Predicate> predicates = new ArrayList<>();
// if filter is null, no filter predicates will be built
if (filter != null) {
predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
}
//
// permisions are not evaluated, if no permission was given or authorizable type is null (=> authorization policies are not supported)
BasePermission[] permissions = PermissionUtils.trimNull(permission);
if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
if (authorizableType != null && authorizableType.getType() != null) {
predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
}
}
//
return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
}
};
return getRepository().findAll(criteria, pageable);
}
Also used :
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
Root(javax.persistence.criteria.Root)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
ArrayList(java.util.ArrayList)
Specification(org.springframework.data.jpa.domain.Specification)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Predicate(javax.persistence.criteria.Predicate)
AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
Example 53 with Predicate
use of javax.persistence.criteria.Predicate in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleAttributeService method getPredicateForRuleByContract.
/**
* Return predicate for given rule by contract
*
* @param rule
* @param root
* @param query
* @param cb
* @return
*/
private Predicate getPredicateForRuleByContract(IdmAutomaticRoleAttributeRuleDto rule, Root<IdmIdentityContract> root, CriteriaQuery<?> query, CriteriaBuilder cb, boolean pass) {
//
Metamodel metamodel = entityManager.getMetamodel();
if (rule.getType() == AutomaticRoleAttributeRuleType.CONTRACT) {
SingularAttribute<? super IdmIdentityContract, ?> singularAttribute = metamodel.entity(IdmIdentityContract.class).getSingularAttribute(rule.getAttributeName());
Path<Object> path = root.get(singularAttribute.getName());
return getPredicateWithComparsion(path, castToType(singularAttribute, rule.getValue()), cb, rule.getComparison(), !pass);
} else if (rule.getType() == AutomaticRoleAttributeRuleType.CONTRACT_EAV) {
IdmFormAttributeDto formAttributeDto = formAttributeService.get(rule.getFormAttribute());
//
Object value = getEavValue(rule.getValue(), formAttributeDto.getPersistentType());
//
Subquery<IdmIdentityContractFormValue> subquery = query.subquery(IdmIdentityContractFormValue.class);
Root<IdmIdentityContractFormValue> subRoot = subquery.from(IdmIdentityContractFormValue.class);
subquery.select(subRoot);
//
Path<?> path = subRoot.get(getSingularAttributeForEav(formAttributeDto.getPersistentType()));
//
subquery.where(cb.and(cb.equal(subRoot.get(IdmIdentityContractFormValue_.owner), root), cb.equal(subRoot.get(IdmIdentityContractFormValue_.formAttribute).get(AbstractFormValue_.id), formAttributeDto.getId()), getPredicateWithComparsion(path, value, cb, rule.getComparison(), null)));
//
Predicate existsInEav = getPredicateForConnection(subquery, cb, pass);
//
return existsInEav;
} else if (rule.getType() == AutomaticRoleAttributeRuleType.IDENTITY_EAV) {
IdmFormAttributeDto formAttributeDto = formAttributeService.get(rule.getFormAttribute());
//
Object value = getEavValue(rule.getValue(), formAttributeDto.getPersistentType());
//
Subquery<IdmIdentity> subquery = query.subquery(IdmIdentity.class);
Root<IdmIdentity> subRoot = subquery.from(IdmIdentity.class);
subquery.select(subRoot);
Subquery<IdmIdentityFormValue> subQueryIdentityEav = query.subquery(IdmIdentityFormValue.class);
Root<IdmIdentityFormValue> subRootIdentityEav = subQueryIdentityEav.from(IdmIdentityFormValue.class);
subQueryIdentityEav.select(subRootIdentityEav);
//
Path<?> path = subRootIdentityEav.get(getSingularAttributeForEav(formAttributeDto.getPersistentType()));
subQueryIdentityEav.where(cb.and(cb.equal(subRootIdentityEav.get(IdmIdentityFormValue_.owner), subRoot), cb.equal(root.get(IdmIdentityContract_.identity), subRoot), cb.equal(subRootIdentityEav.get(IdmIdentityFormValue_.formAttribute).get(AbstractFormValue_.id), formAttributeDto.getId()), getPredicateWithComparsion(path, value, cb, rule.getComparison(), null)));
//
Predicate existsInEav = getPredicateForConnection(subQueryIdentityEav, cb, pass);
//
subquery.where(cb.and(cb.equal(subRoot.get(IdmIdentity_.id), root.get(IdmIdentityContract_.identity).get(AbstractEntity_.id)), existsInEav));
//
return cb.exists(subquery);
} else if (rule.getType() == AutomaticRoleAttributeRuleType.IDENTITY) {
Subquery<IdmIdentity> subquery = query.subquery(IdmIdentity.class);
Root<IdmIdentity> subRoot = subquery.from(IdmIdentity.class);
subquery.select(subRoot);
//
SingularAttribute<? super IdmIdentity, ?> singularAttribute = metamodel.entity(IdmIdentity.class).getSingularAttribute(rule.getAttributeName());
Path<Object> path = subRoot.get(singularAttribute.getName());
//
subquery.where(// correlation attr
cb.and(// correlation attr
cb.equal(subRoot.get(IdmIdentity_.id), root.get(IdmIdentityContract_.identity).get(AbstractEntity_.id)), getPredicateWithComparsion(path, castToType(singularAttribute, rule.getValue()), cb, rule.getComparison(), null)));
//
return getPredicateForConnection(subquery, cb, pass);
} else {
throw new UnsupportedOperationException("Type: " + rule.getType().name() + ", isn't supported for contract rules!");
}
}
Also used :
Path(javax.persistence.criteria.Path)
Root(javax.persistence.criteria.Root)
IdmIdentityFormValue(eu.bcvsolutions.idm.core.model.entity.eav.IdmIdentityFormValue)
Subquery(javax.persistence.criteria.Subquery)
Predicate(javax.persistence.criteria.Predicate)
SingularAttribute(javax.persistence.metamodel.SingularAttribute)
IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)
Metamodel(javax.persistence.metamodel.Metamodel)
IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity)
IdmIdentityContract(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract)
IdmIdentityContractFormValue(eu.bcvsolutions.idm.core.model.entity.eav.IdmIdentityContractFormValue)
Example 54 with Predicate
use of javax.persistence.criteria.Predicate in project CzechIdMng by bcvsolutions.
the class DefaultIdmIdentityContractService method toPredicates.
@Override
protected List<Predicate> toPredicates(Root<IdmIdentityContract> root, CriteriaQuery<?> query, CriteriaBuilder builder, IdmIdentityContractFilter filter) {
List<Predicate> predicates = super.toPredicates(root, query, builder, filter);
// quick
if (StringUtils.isNotEmpty(filter.getText())) {
Path<IdmTreeNode> wp = root.get(IdmIdentityContract_.workPosition);
predicates.add(builder.or(builder.like(builder.lower(root.get(IdmIdentityContract_.position)), "%" + filter.getText().toLowerCase() + "%"), builder.like(builder.lower(wp.get(IdmTreeNode_.name)), "%" + filter.getText().toLowerCase() + "%"), builder.like(builder.lower(wp.get(IdmTreeNode_.code)), "%" + filter.getText().toLowerCase() + "%")));
}
if (filter.getIdentity() != null) {
predicates.add(builder.equal(root.get(IdmIdentityContract_.identity).get(AbstractEntity_.id), filter.getIdentity()));
}
if (filter.getValidTill() != null) {
predicates.add(builder.lessThanOrEqualTo(root.get(IdmIdentityContract_.validTill), filter.getValidTill()));
}
if (filter.getValidFrom() != null) {
predicates.add(builder.greaterThanOrEqualTo(root.get(IdmIdentityContract_.validFrom), filter.getValidFrom()));
}
if (filter.getExterne() != null) {
predicates.add(builder.equal(root.get(IdmIdentityContract_.externe), filter.getExterne()));
}
if (filter.getDisabled() != null) {
predicates.add(builder.equal(root.get(IdmIdentityContract_.disabled), filter.getDisabled()));
}
if (filter.getMain() != null) {
predicates.add(builder.equal(root.get(IdmIdentityContract_.main), filter.getMain()));
}
if (filter.getValid() != null) {
if (filter.getValid()) {
final LocalDate today = LocalDate.now();
predicates.add(builder.and(builder.or(builder.lessThanOrEqualTo(root.get(IdmIdentityContract_.validFrom), today), builder.isNull(root.get(IdmIdentityContract_.validFrom))), builder.or(builder.greaterThanOrEqualTo(root.get(IdmIdentityContract_.validTill), today), builder.isNull(root.get(IdmIdentityContract_.validTill))), builder.equal(root.get(IdmIdentityContract_.disabled), Boolean.FALSE)));
} else {
final LocalDate today = LocalDate.now();
predicates.add(builder.or(builder.lessThan(root.get(IdmIdentityContract_.validTill), today), builder.greaterThan(root.get(IdmIdentityContract_.validFrom), today), builder.equal(root.get(IdmIdentityContract_.disabled), Boolean.TRUE)));
}
}
if (filter.getValidNowOrInFuture() != null) {
if (filter.getValidNowOrInFuture()) {
predicates.add(builder.and(builder.or(builder.greaterThanOrEqualTo(root.get(IdmIdentityContract_.validTill), LocalDate.now()), builder.isNull(root.get(IdmIdentityContract_.validTill))), builder.equal(root.get(IdmIdentityContract_.disabled), Boolean.FALSE)));
} else {
predicates.add(builder.lessThan(root.get(IdmIdentityContract_.validTill), LocalDate.now()));
}
}
if (filter.getState() != null) {
predicates.add(builder.equal(root.get(IdmIdentityContract_.state), filter.getState()));
}
// property, if is property filled and it isn't find in defined properties return disjunction
boolean exitsProperty = filter.getProperty() == null ? true : false;
if (StringUtils.equals(IdmIdentityContract_.position.getName(), filter.getProperty())) {
exitsProperty = true;
predicates.add(builder.equal(root.get(IdmIdentityContract_.position), filter.getValue()));
}
if (StringUtils.equals(IdmIdentityContract_.state.getName(), filter.getProperty())) {
exitsProperty = true;
predicates.add(builder.equal(root.get(IdmIdentityContract_.state), filter.getValue()));
}
if (StringUtils.equals(IdmIdentityContract_.description.getName(), filter.getProperty())) {
exitsProperty = true;
predicates.add(builder.equal(root.get(IdmIdentityContract_.description), filter.getValue()));
}
if (!exitsProperty) {
predicates.add(builder.disjunction());
}
//
return predicates;
}
Also used :
IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode)
LocalDate(org.joda.time.LocalDate)
Predicate(javax.persistence.criteria.Predicate)
Example 55 with Predicate
use of javax.persistence.criteria.Predicate in project CzechIdMng by bcvsolutions.
the class DefaultIdmIdentityRoleService method toPredicates.
@Override
protected List<Predicate> toPredicates(Root<IdmIdentityRole> root, CriteriaQuery<?> query, CriteriaBuilder builder, IdmIdentityRoleFilter filter) {
List<Predicate> predicates = new ArrayList<>();
// id
if (filter.getId() != null) {
predicates.add(builder.equal(root.get(AbstractEntity_.id), filter.getId()));
}
// quick - by identity's username
if (StringUtils.isNotEmpty(filter.getText())) {
predicates.add(builder.like(builder.lower(root.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.username)), "%" + filter.getText().toLowerCase() + "%"));
}
if (filter.getIdentityId() != null) {
predicates.add(builder.equal(root.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), filter.getIdentityId()));
}
if (filter.getRoleId() != null) {
predicates.add(builder.equal(root.get(IdmIdentityRole_.role).get(IdmRole_.id), filter.getRoleId()));
}
if (filter.getRoleCatalogueId() != null) {
Subquery<IdmRoleCatalogueRole> roleCatalogueRoleSubquery = query.subquery(IdmRoleCatalogueRole.class);
Root<IdmRoleCatalogueRole> subRootRoleCatalogueRole = roleCatalogueRoleSubquery.from(IdmRoleCatalogueRole.class);
roleCatalogueRoleSubquery.select(subRootRoleCatalogueRole);
roleCatalogueRoleSubquery.where(builder.and(builder.equal(subRootRoleCatalogueRole.get(IdmRoleCatalogueRole_.role), root.get(IdmIdentityRole_.role)), builder.equal(subRootRoleCatalogueRole.get(IdmRoleCatalogueRole_.roleCatalogue).get(AbstractEntity_.id), filter.getRoleCatalogueId())));
predicates.add(builder.exists(roleCatalogueRoleSubquery));
}
// Only valid identity-role include check on contract validity too
if (filter.getValid() != null && filter.getValid()) {
final LocalDate today = LocalDate.now();
predicates.add(builder.and(RepositoryUtils.getValidPredicate(root, builder, today), RepositoryUtils.getValidPredicate(root.get(IdmIdentityRole_.identityContract), builder, today)));
}
// Only unvalid identity-role
if (filter.getValid() != null && !filter.getValid()) {
final LocalDate today = LocalDate.now();
predicates.add(builder.or(builder.lessThan(root.get(IdmIdentityRole_.validTill), today), builder.greaterThan(root.get(IdmIdentityRole_.validFrom), today)));
}
// is automatic role
if (filter.getAutomaticRole() != null) {
predicates.add(builder.isNotNull(root.get(IdmIdentityRole_.automaticRole)));
}
//
if (filter.getAutomaticRoleId() != null) {
predicates.add(builder.equal(root.get(IdmIdentityRole_.automaticRole).get(IdmAutomaticRole_.id), filter.getAutomaticRoleId()));
}
//
if (filter.getIdentityContractId() != null) {
predicates.add(builder.equal(root.get(IdmIdentityRole_.identityContract).get(AbstractEntity_.id), filter.getIdentityContractId()));
}
//
return predicates;
}
Also used :
ArrayList(java.util.ArrayList)
IdmRoleCatalogueRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole)
LocalDate(org.joda.time.LocalDate)
Predicate(javax.persistence.criteria.Predicate)
Aggregations
Predicate (javax.persistence.criteria.Predicate)59
EntityManager (javax.persistence.EntityManager)19
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)19
Test (org.junit.Test)17
AbstractMetamodelSpecificTest (org.hibernate.jpa.test.metamodel.AbstractMetamodelSpecificTest)11
ArrayList (java.util.ArrayList)9
Order (org.hibernate.jpa.test.metamodel.Order)8
HibernateException (org.hibernate.HibernateException)6
DAOException (org.jbei.ice.storage.DAOException)6
CriteriaQuery (javax.persistence.criteria.CriteriaQuery)5
Root (javax.persistence.criteria.Root)5
LinkedList (java.util.LinkedList)3
List (java.util.List)3
TypedQuery (javax.persistence.TypedQuery)3
Study (com.odysseusinc.arachne.portal.model.Study)2
IdmFormAttributeDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)2
IdmIdentityContract (eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract)2
IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)2
IdmRoleCatalogueRole (eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole)2
IdmTreeNode (eu.bcvsolutions.idm.core.model.entity.IdmTreeNode)2
