Example 6 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class BasicPersistenceModule method add.
@Override
public EntityResult add(PersistencePackage persistencePackage, boolean includeRealEntityObject) throws ServiceException {
EntityResult entityResult = new EntityResult();
Entity entity = persistencePackage.getEntity();
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
ForeignKey foreignKey = (ForeignKey) persistencePerspective.getPersistencePerspectiveItems().get(PersistencePerspectiveItemType.FOREIGNKEY);
if (foreignKey != null && !foreignKey.getMutable()) {
throw new SecurityServiceException("Entity not mutable");
}
try {
Class<?>[] entities = persistenceManager.getPolymorphicEntities(persistencePackage.getCeilingEntityFullyQualifiedClassname());
Map<String, FieldMetadata> mergedUnfilteredProperties = persistenceManager.getDynamicEntityDao().getMergedProperties(persistencePackage.getCeilingEntityFullyQualifiedClassname(), entities, foreignKey, persistencePerspective.getAdditionalNonPersistentProperties(), persistencePerspective.getAdditionalForeignKeys(), MergedPropertyType.PRIMARY, persistencePerspective.getPopulateToOneFields(), persistencePerspective.getIncludeFields(), persistencePerspective.getExcludeFields(), persistencePerspective.getConfigurationKey(), "");
Map<String, FieldMetadata> mergedProperties = filterOutCollectionMetadata(mergedUnfilteredProperties);
String idProperty = null;
for (String property : mergedProperties.keySet()) {
if (((BasicFieldMetadata) mergedProperties.get(property)).getFieldType() == SupportedFieldType.ID) {
idProperty = property;
break;
}
}
if (idProperty == null) {
throw new RuntimeException("Could not find a primary key property in the passed entity with type: " + entity.getType()[0]);
}
Object primaryKey = null;
try {
primaryKey = getPrimaryKey(entity, mergedProperties);
} catch (Exception e) {
// don't do anything - this is a valid case
}
if (primaryKey == null) {
Serializable instance = (Serializable) Class.forName(entity.getType()[0]).newInstance();
instance = createPopulatedInstance(instance, entity, mergedProperties, false);
if (foreignKey != null && foreignKey.getSortField() != null) {
ExtensionResultHolder<Serializable> result = new ExtensionResultHolder<Serializable>();
extensionManager.getProxy().rebalanceForAdd(this, persistencePackage, instance, mergedProperties, result);
instance = result.getResult();
}
instance = persistenceManager.getDynamicEntityDao().merge(instance);
if (includeRealEntityObject) {
entityResult.setEntityBackingObject(instance);
}
List<Serializable> entityList = new ArrayList<Serializable>(1);
entityList.add(instance);
entity = getRecords(mergedProperties, entityList, null, null, null)[0];
entityResult.setEntity(entity);
return entityResult;
} else {
return update(persistencePackage, primaryKey, includeRealEntityObject);
}
} catch (Exception e) {
throw new ServiceException("Problem adding new entity : " + e.getMessage(), e);
}
}
Also used :
AdminMainEntity(org.broadleafcommerce.common.admin.domain.AdminMainEntity)
Entity(org.broadleafcommerce.openadmin.dto.Entity)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
Serializable(java.io.Serializable)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
ArrayList(java.util.ArrayList)
EntityResult(org.broadleafcommerce.openadmin.dto.EntityResult)
ForeignKey(org.broadleafcommerce.openadmin.dto.ForeignKey)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
PersistenceException(org.broadleafcommerce.openadmin.server.service.persistence.PersistenceException)
CriteriaConversionException(org.broadleafcommerce.openadmin.server.service.persistence.module.criteria.CriteriaConversionException)
BeansException(org.springframework.beans.BeansException)
ValidationException(org.broadleafcommerce.openadmin.server.service.ValidationException)
ParentEntityPersistenceException(org.broadleafcommerce.openadmin.server.service.persistence.ParentEntityPersistenceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
CriteriaTransferObject(org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)
ExtensionResultHolder(org.broadleafcommerce.common.extension.ExtensionResultHolder)
Example 7 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class BasicPersistenceModule method update.
protected EntityResult update(PersistencePackage persistencePackage, Object primaryKey, boolean includeRealEntity) throws ServiceException {
EntityResult entityResult = new EntityResult();
Entity entity = persistencePackage.getEntity();
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
ForeignKey foreignKey = (ForeignKey) persistencePerspective.getPersistencePerspectiveItems().get(PersistencePerspectiveItemType.FOREIGNKEY);
if (foreignKey != null && !foreignKey.getMutable()) {
throw new SecurityServiceException("Entity not mutable");
}
try {
Class<?>[] entities = persistenceManager.getPolymorphicEntities(persistencePackage.getCeilingEntityFullyQualifiedClassname());
Map<String, FieldMetadata> mergedProperties = persistenceManager.getDynamicEntityDao().getMergedProperties(persistencePackage.getCeilingEntityFullyQualifiedClassname(), entities, foreignKey, persistencePerspective.getAdditionalNonPersistentProperties(), persistencePerspective.getAdditionalForeignKeys(), MergedPropertyType.PRIMARY, persistencePerspective.getPopulateToOneFields(), persistencePerspective.getIncludeFields(), persistencePerspective.getExcludeFields(), persistencePerspective.getConfigurationKey(), "");
if (primaryKey == null) {
primaryKey = getPrimaryKey(entity, mergedProperties);
}
Serializable instance = persistenceManager.getDynamicEntityDao().retrieve(Class.forName(entity.getType()[0]), primaryKey);
Assert.isTrue(instance != null, "Entity not found");
if (!entity.isValidationFailure()) {
// Re-Balance the list if it is a Foreign Key toMany collection with a sort field property
if (foreignKey != null && foreignKey.getSortField() != null && entity.findProperty(foreignKey.getSortField()) != null && entity.findProperty(foreignKey.getSortField()).getValue() != null) {
ExtensionResultHolder<Serializable> result = new ExtensionResultHolder<Serializable>();
extensionManager.getProxy().rebalanceForUpdate(this, persistencePackage, instance, mergedProperties, primaryKey, result);
instance = result.getResult();
} else {
instance = createPopulatedInstance(instance, entity, mergedProperties, false, persistencePackage.isValidateUnsubmittedProperties());
}
instance = persistenceManager.getDynamicEntityDao().merge(instance);
if (includeRealEntity) {
entityResult.setEntityBackingObject(instance);
}
List<Serializable> entityList = new ArrayList<Serializable>(1);
entityList.add(instance);
entity = getRecords(mergedProperties, entityList, null, null, null)[0];
entityResult.setEntity(entity);
return entityResult;
} else {
entityResult.setEntity(entity);
return entityResult;
}
} catch (Exception e) {
throw new ServiceException("Problem updating entity : " + e.getMessage(), e);
}
}
Also used :
AdminMainEntity(org.broadleafcommerce.common.admin.domain.AdminMainEntity)
Entity(org.broadleafcommerce.openadmin.dto.Entity)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
Serializable(java.io.Serializable)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
ArrayList(java.util.ArrayList)
EntityResult(org.broadleafcommerce.openadmin.dto.EntityResult)
ForeignKey(org.broadleafcommerce.openadmin.dto.ForeignKey)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
PersistenceException(org.broadleafcommerce.openadmin.server.service.persistence.PersistenceException)
CriteriaConversionException(org.broadleafcommerce.openadmin.server.service.persistence.module.criteria.CriteriaConversionException)
BeansException(org.springframework.beans.BeansException)
ValidationException(org.broadleafcommerce.openadmin.server.service.ValidationException)
ParentEntityPersistenceException(org.broadleafcommerce.openadmin.server.service.persistence.ParentEntityPersistenceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
ExtensionResultHolder(org.broadleafcommerce.common.extension.ExtensionResultHolder)
Example 8 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class MapStructurePersistenceModule method add.
@Override
public Entity add(PersistencePackage persistencePackage) throws ServiceException {
String[] customCriteria = persistencePackage.getCustomCriteria();
if (customCriteria != null && customCriteria.length > 0) {
LOG.warn("custom persistence handlers and custom criteria not supported for add types other than BASIC");
}
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
Entity entity = persistencePackage.getEntity();
MapStructure mapStructure = (MapStructure) persistencePerspective.getPersistencePerspectiveItems().get(PersistencePerspectiveItemType.MAPSTRUCTURE);
if (!mapStructure.getMutable()) {
throw new SecurityServiceException("Field not mutable");
}
try {
Map<String, FieldMetadata> ceilingMergedProperties = getSimpleMergedProperties(entity.getType()[0], persistencePerspective);
String mapKey = entity.findProperty(mapStructure.getKeyPropertyName()).getValue();
if (StringUtils.isEmpty(mapKey)) {
entity.addValidationError(mapStructure.getKeyPropertyName(), RequiredPropertyValidator.ERROR_MESSAGE);
LOG.debug("No key property passed in for map, failing validation");
}
if (ceilingMergedProperties.containsKey(mapStructure.getMapProperty() + FieldManager.MAPFIELDSEPARATOR + mapKey)) {
throw new ServiceException("\"" + mapKey + "\" is a reserved property name.");
}
Serializable instance = persistenceManager.getDynamicEntityDao().retrieve(Class.forName(entity.getType()[0]), Long.valueOf(entity.findProperty("symbolicId").getValue()));
Assert.isTrue(instance != null, "Entity not found");
FieldManager fieldManager = getFieldManager();
Map map = (Map) fieldManager.getFieldValue(instance, mapStructure.getMapProperty());
if (map.containsKey(mapKey)) {
entity.addValidationError(mapStructure.getKeyPropertyName(), "keyExistsValidationError");
}
if (StringUtils.isNotBlank(mapStructure.getMapKeyValueProperty())) {
Property p = entity.findProperty("key");
Property newP = new Property();
newP.setName(mapStructure.getMapKeyValueProperty());
newP.setValue(p.getValue());
newP.setIsDirty(p.getIsDirty());
entity.addProperty(newP);
}
PersistentClass persistentClass = persistenceManager.getDynamicEntityDao().getPersistentClass(mapStructure.getValueClassName());
Map<String, FieldMetadata> valueUnfilteredMergedProperties;
if (persistentClass == null) {
valueUnfilteredMergedProperties = persistenceManager.getDynamicEntityDao().getPropertiesForPrimitiveClass(((SimpleValueMapStructure) mapStructure).getValuePropertyName(), ((SimpleValueMapStructure) mapStructure).getValuePropertyFriendlyName(), Class.forName(mapStructure.getValueClassName()), Class.forName(entity.getType()[0]), MergedPropertyType.MAPSTRUCTUREVALUE);
} else {
String valueClassName = mapStructure.getValueClassName();
Class<?>[] mapEntities = persistenceManager.getPolymorphicEntities(valueClassName);
valueUnfilteredMergedProperties = persistenceManager.getDynamicEntityDao().getMergedProperties(valueClassName, mapEntities, null, new String[] {}, new ForeignKey[] {}, MergedPropertyType.MAPSTRUCTUREVALUE, persistencePerspective.getPopulateToOneFields(), persistencePerspective.getIncludeFields(), persistencePerspective.getExcludeFields(), persistencePerspective.getConfigurationKey(), "");
}
Map<String, FieldMetadata> valueMergedProperties = filterOutCollectionMetadata(valueUnfilteredMergedProperties);
if (persistentClass != null) {
Serializable valueInstance = (Serializable) Class.forName(mapStructure.getValueClassName()).newInstance();
valueInstance = createPopulatedInstance(valueInstance, entity, valueMergedProperties, false);
if (valueInstance instanceof ValueAssignable) {
// This is likely a OneToMany map (see productAttributes) whose map key is actually the name field from
// the mapped entity.
((ValueAssignable) valueInstance).setName(entity.findProperty(mapStructure.getKeyPropertyName()).getValue());
}
if (mapStructure.getManyToField() != null) {
// Need to fulfill a bi-directional association back to the parent entity
fieldManager.setFieldValue(valueInstance, mapStructure.getManyToField(), instance);
}
valueInstance = persistenceManager.getDynamicEntityDao().persist(valueInstance);
/*
* TODO this map manipulation code currently assumes the key value is a String. This should be widened to accept
* additional types of primitive objects.
*/
map.put(mapKey, valueInstance);
} else {
String propertyName = ((SimpleValueMapStructure) mapStructure).getValuePropertyName();
String value = entity.findProperty(propertyName).getValue();
Object convertedPrimitive = convertPrimitiveBasedOnType(propertyName, value, valueMergedProperties);
map.put(mapKey, convertedPrimitive);
}
Entity[] responses = getMapRecords(instance, mapStructure, ceilingMergedProperties, valueMergedProperties, entity.findProperty("symbolicId"), null);
for (Entity response : responses) {
if (response.findProperty(mapStructure.getKeyPropertyName()).getValue().equals(persistencePackage.getEntity().findProperty(mapStructure.getKeyPropertyName()).getValue())) {
return response;
}
}
return responses[0];
} catch (Exception e) {
throw new ServiceException("Problem updating entity : " + e.getMessage(), e);
}
}
Also used :
Entity(org.broadleafcommerce.openadmin.dto.Entity)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
Serializable(java.io.Serializable)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
ForeignKey(org.broadleafcommerce.openadmin.dto.ForeignKey)
ParseException(java.text.ParseException)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
MapStructure(org.broadleafcommerce.openadmin.dto.MapStructure)
SimpleValueMapStructure(org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)
ValueAssignable(org.broadleafcommerce.common.value.ValueAssignable)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
PersistentClass(org.hibernate.mapping.PersistentClass)
CriteriaTransferObject(org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)
Map(java.util.Map)
Property(org.broadleafcommerce.openadmin.dto.Property)
SimpleValueMapStructure(org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)
PersistentClass(org.hibernate.mapping.PersistentClass)
Example 9 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class MapStructurePersistenceModule method update.
@Override
public Entity update(PersistencePackage persistencePackage) throws ServiceException {
String[] customCriteria = persistencePackage.getCustomCriteria();
if (customCriteria != null && customCriteria.length > 0) {
LOG.warn("custom persistence handlers and custom criteria not supported for update types other than BASIC");
}
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
Entity entity = persistencePackage.getEntity();
MapStructure mapStructure = (MapStructure) persistencePerspective.getPersistencePerspectiveItems().get(PersistencePerspectiveItemType.MAPSTRUCTURE);
if (!mapStructure.getMutable()) {
throw new SecurityServiceException("Field not mutable");
}
try {
Map<String, FieldMetadata> ceilingMergedProperties = getSimpleMergedProperties(entity.getType()[0], persistencePerspective);
String mapKey = entity.findProperty(mapStructure.getKeyPropertyName()).getValue();
if (ceilingMergedProperties.containsKey(mapStructure.getMapProperty() + FieldManager.MAPFIELDSEPARATOR + mapKey)) {
throw new ServiceException("\"" + mapKey + "\" is a reserved property name.");
}
Serializable instance = persistenceManager.getDynamicEntityDao().retrieve(Class.forName(entity.getType()[0]), Long.valueOf(entity.findProperty("symbolicId").getValue()));
Assert.isTrue(instance != null, "Entity not found");
FieldManager fieldManager = getFieldManager();
Map map = (Map) fieldManager.getFieldValue(instance, mapStructure.getMapProperty());
PersistentClass persistentClass = persistenceManager.getDynamicEntityDao().getPersistentClass(mapStructure.getValueClassName());
Map<String, FieldMetadata> valueUnfilteredMergedProperties;
if (persistentClass == null) {
valueUnfilteredMergedProperties = persistenceManager.getDynamicEntityDao().getPropertiesForPrimitiveClass(((SimpleValueMapStructure) mapStructure).getValuePropertyName(), ((SimpleValueMapStructure) mapStructure).getValuePropertyFriendlyName(), Class.forName(mapStructure.getValueClassName()), Class.forName(entity.getType()[0]), MergedPropertyType.MAPSTRUCTUREVALUE);
} else {
String valueClassName = mapStructure.getValueClassName();
Class<?>[] mapEntities = persistenceManager.getPolymorphicEntities(valueClassName);
valueUnfilteredMergedProperties = persistenceManager.getDynamicEntityDao().getMergedProperties(valueClassName, mapEntities, null, new String[] {}, new ForeignKey[] {}, MergedPropertyType.MAPSTRUCTUREVALUE, persistencePerspective.getPopulateToOneFields(), persistencePerspective.getIncludeFields(), persistencePerspective.getExcludeFields(), persistencePerspective.getConfigurationKey(), "");
}
Map<String, FieldMetadata> valueMergedProperties = filterOutCollectionMetadata(valueUnfilteredMergedProperties);
if (StringUtils.isEmpty(mapKey)) {
entity.addValidationError(mapStructure.getKeyPropertyName(), RequiredPropertyValidator.ERROR_MESSAGE);
LOG.debug("No key property passed in for map, failing validation");
}
populate: {
if (persistentClass != null) {
Serializable valueInstance = (Serializable) map.get(entity.findProperty("priorKey").getValue());
if (valueInstance == null) {
valueInstance = procureSandBoxMapValue(mapStructure, entity);
if (valueInstance == null) {
break populate;
}
}
if (map.get(mapKey) != null && !map.get(mapKey).equals(valueInstance)) {
entity.addValidationError(mapStructure.getKeyPropertyName(), "keyExistsValidationError");
}
if (StringUtils.isNotBlank(mapStructure.getMapKeyValueProperty())) {
Property p = entity.findProperty("key");
Property newP = new Property();
newP.setName(mapStructure.getMapKeyValueProperty());
newP.setValue(p.getValue());
newP.setIsDirty(p.getIsDirty());
entity.addProperty(newP);
}
// allow validation on other properties in order to show key validation errors along with all the other properties
// validation errors
valueInstance = createPopulatedInstance(valueInstance, entity, valueMergedProperties, false);
if (StringUtils.isNotEmpty(mapKey) && !entity.isValidationFailure()) {
if (!entity.findProperty("priorKey").getValue().equals(mapKey)) {
map.remove(entity.findProperty("priorKey").getValue());
}
/*
* TODO this map manipulation code currently assumes the key value is a String. This should be widened to accept
* additional types of primitive objects.
*/
map.put(entity.findProperty(mapStructure.getKeyPropertyName()).getValue(), valueInstance);
}
} else {
if (StringUtils.isNotEmpty(mapKey) && !entity.isValidationFailure()) {
map.put(entity.findProperty(mapStructure.getKeyPropertyName()).getValue(), entity.findProperty(((SimpleValueMapStructure) mapStructure).getValuePropertyName()).getValue());
}
}
}
instance = persistenceManager.getDynamicEntityDao().merge(instance);
Entity[] responses = getMapRecords(instance, mapStructure, ceilingMergedProperties, valueMergedProperties, entity.findProperty("symbolicId"), null);
for (Entity response : responses) {
if (response.findProperty(mapStructure.getKeyPropertyName()).getValue().equals(persistencePackage.getEntity().findProperty(mapStructure.getKeyPropertyName()).getValue())) {
return response;
}
}
// could be empty if reverting a sandbox item that has experienced a deletion. make sure to at least return an empty instance of Entity.
return ArrayUtils.isEmpty(responses) ? new Entity() : responses[0];
} catch (Exception e) {
throw new ServiceException("Problem updating entity : " + e.getMessage(), e);
}
}
Also used :
Entity(org.broadleafcommerce.openadmin.dto.Entity)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
Serializable(java.io.Serializable)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
ForeignKey(org.broadleafcommerce.openadmin.dto.ForeignKey)
ParseException(java.text.ParseException)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
MapStructure(org.broadleafcommerce.openadmin.dto.MapStructure)
SimpleValueMapStructure(org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
PersistentClass(org.hibernate.mapping.PersistentClass)
Map(java.util.Map)
Property(org.broadleafcommerce.openadmin.dto.Property)
SimpleValueMapStructure(org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)
PersistentClass(org.hibernate.mapping.PersistentClass)
Example 10 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class FormBuilderServiceImpl method setReadOnlyState.
/**
* The given <b>entityForm</b> is marked as readonly for the following cases:
* <ol>
* <li>All of the properties from <b>cmd</b> are readonly</b></li>
* <li>The user does not have the security to {@link EntityOperationType#UPDATE} the given class name represented by
* the <b>entityForm</b> (determined by {@link #getSecurityClassname(EntityForm, ClassMetadata)})</li>
* <li>The user does not have the security necessary to modify the given <b>entity</b> according to the
* {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}</li>
* </ol>
*
* @param entityForm the form being generated
* @param cmd the metatadata used to build the <b>entityForm</b> for the <b>entity</b>
* @param entity the entity being edited
* @see {@link SecurityVerifier#securityCheck(String, EntityOperationType)}
* @see {@link #getSecurityClassname(EntityForm, ClassMetadata)}
* @see {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}
*/
protected void setReadOnlyState(EntityForm entityForm, ClassMetadata cmd, Entity entity) {
boolean readOnly = true;
// If all of the fields are read only, we'll mark the form as such
for (Property property : cmd.getProperties()) {
FieldMetadata fieldMetadata = property.getMetadata();
if (fieldMetadata instanceof BasicFieldMetadata) {
readOnly = ((BasicFieldMetadata) fieldMetadata).getReadOnly() != null && ((BasicFieldMetadata) fieldMetadata).getReadOnly();
if (!readOnly) {
break;
}
} else {
readOnly = ((CollectionMetadata) fieldMetadata).isMutable();
if (!readOnly) {
break;
}
}
}
if (!readOnly) {
// If the user does not have edit permissions, we will go ahead and make the form read only to prevent confusion
try {
String securityEntityClassname = getSecurityClassname(entityForm, cmd);
adminRemoteSecurityService.securityCheck(securityEntityClassname, EntityOperationType.UPDATE);
} catch (ServiceException e) {
if (e instanceof SecurityServiceException) {
readOnly = true;
}
}
}
// are not readonly, then check the row-level security
if (!readOnly) {
readOnly = !rowLevelSecurityService.canUpdate(adminRemoteSecurityService.getPersistentAdminUser(), entity);
}
if (readOnly) {
entityForm.setReadOnly();
// If someone has replaced RowLevelSecurityService, check here to make sure the replacement implements the expected interface
if (rowLevelSecurityService instanceof ExceptionAwareRowLevelSecurityProvider) {
EntityFormModifierConfiguration entityFormModifierConfiguration = ((ExceptionAwareRowLevelSecurityProvider) rowLevelSecurityService).getUpdateDenialExceptions();
for (EntityFormModifierData<EntityFormModifierDataPoint> data : entityFormModifierConfiguration.getData()) {
for (EntityFormModifier modifier : entityFormModifierConfiguration.getModifier()) {
if (modifier.isQualified(data.getModifierType())) {
modifier.modifyEntityForm(new EntityFormModifierRequest().withEntityForm(entityForm).withConfiguration(data).withCurrentUser(adminRemoteSecurityService.getPersistentAdminUser()).withEntity(entity).withRowLevelSecurityService(rowLevelSecurityService));
}
}
}
}
}
}
Also used :
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
EntityFormModifierDataPoint(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierDataPoint)
EntityFormModifier(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifier)
EntityFormModifierConfiguration(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierConfiguration)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
EntityFormModifierRequest(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierRequest)
ExceptionAwareRowLevelSecurityProvider(org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider)
Property(org.broadleafcommerce.openadmin.dto.Property)
Aggregations
SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)11
ServiceException (org.broadleafcommerce.common.exception.ServiceException)10
BasicFieldMetadata (org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)10
FieldMetadata (org.broadleafcommerce.openadmin.dto.FieldMetadata)10
Serializable (java.io.Serializable)9
InvocationTargetException (java.lang.reflect.InvocationTargetException)9
Entity (org.broadleafcommerce.openadmin.dto.Entity)9
PersistencePerspective (org.broadleafcommerce.openadmin.dto.PersistencePerspective)9
CriteriaTransferObject (org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)6
ForeignKey (org.broadleafcommerce.openadmin.dto.ForeignKey)5
Map (java.util.Map)4
ParseException (java.text.ParseException)3
ArrayList (java.util.ArrayList)3
AdminMainEntity (org.broadleafcommerce.common.admin.domain.AdminMainEntity)3
AdornedTargetList (org.broadleafcommerce.openadmin.dto.AdornedTargetList)3
MapStructure (org.broadleafcommerce.openadmin.dto.MapStructure)3
Property (org.broadleafcommerce.openadmin.dto.Property)3
SimpleValueMapStructure (org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)3
ValidationException (org.broadleafcommerce.openadmin.server.service.ValidationException)3
ParentEntityPersistenceException (org.broadleafcommerce.openadmin.server.service.persistence.ParentEntityPersistenceException)3
