Search in sources :

Example 1 with ExceptionAwareRowLevelSecurityProvider

use of org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider in project BroadleafCommerce by BroadleafCommerce.

the class FormBuilderServiceImpl method buildCollectionListGrid.

@Override
public ListGrid buildCollectionListGrid(String containingEntityId, DynamicResultSet drs, Property field, String sectionKey, List<SectionCrumb> sectionCrumbs) throws ServiceException {
    FieldMetadata fmd = field.getMetadata();
    // Get the class metadata for this particular field
    PersistencePackageRequest ppr = PersistencePackageRequest.fromMetadata(fmd, sectionCrumbs);
    if (field != null) {
        ppr.setSectionEntityField(field.getName());
    }
    ClassMetadata cmd = adminEntityService.getClassMetadata(ppr).getDynamicResultSet().getClassMetaData();
    List<Field> headerFields = new ArrayList<>();
    ListGrid.Type type = null;
    boolean editable = false;
    boolean sortable = false;
    boolean readOnly = false;
    boolean hideIdColumn = false;
    boolean canFilterAndSort = true;
    boolean modalSingleSelectable = false;
    boolean modalMultiSelectable = false;
    boolean selectize = false;
    boolean isMedia = false;
    boolean isLookup = false;
    String sortProperty = null;
    FieldWrapper wrapper = new FieldWrapper();
    ArrayList<FieldDTO> defaultWrapperFields = new ArrayList<>();
    String idProperty = "id";
    for (Property property : cmd.getProperties()) {
        if (property.getMetadata() instanceof BasicFieldMetadata && SupportedFieldType.ID == ((BasicFieldMetadata) property.getMetadata()).getFieldType() && // make sure it's a property for this entity - not an association
        !property.getName().contains(".")) {
            idProperty = property.getName();
            break;
        }
    }
    // kind of field this is.
    if (fmd instanceof BasicFieldMetadata) {
        readOnly = ((BasicFieldMetadata) fmd).getReadOnly();
        modalSingleSelectable = true;
        for (Property p : cmd.getProperties()) {
            if (p.getMetadata() instanceof BasicFieldMetadata) {
                BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                if (SupportedFieldType.ID.equals(md.getFieldType())) {
                    idProperty = md.getName();
                }
                if (md.isProminent() != null && md.isProminent() && !ArrayUtils.contains(getGridHiddenVisibilities(), md.getVisibility())) {
                    Field hf = createHeaderField(p, md);
                    headerFields.add(hf);
                    defaultWrapperFields.add(constructFieldDTOFromFieldData(hf, md));
                }
                if (md.getIsFilter() != null && md.getIsFilter()) {
                    Field f = createHeaderField(p, md);
                    wrapper.getFields().add(constructFieldDTOFromFieldData(f, md));
                }
            }
        }
        type = ListGrid.Type.TO_ONE;
    } else if (fmd instanceof BasicCollectionMetadata) {
        BasicCollectionMetadata bcm = (BasicCollectionMetadata) fmd;
        readOnly = !bcm.isMutable();
        if (AddMethodType.LOOKUP.equals(bcm.getAddMethodType())) {
            isLookup = true;
        }
        if (AddMethodType.SELECTIZE_LOOKUP.equals(bcm.getAddMethodType())) {
            Property p = cmd.getPMap().get(bcm.getSelectizeVisibleField());
            if (p != null) {
                BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                Field hf = createHeaderField(p, md);
                headerFields.add(hf);
                wrapper.getFields().add(constructFieldDTOFromFieldData(hf, md));
            }
        } else {
            for (Property p : cmd.getProperties()) {
                if (p.getMetadata() instanceof BasicFieldMetadata) {
                    BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                    if (md.isProminent() != null && md.isProminent() && !ArrayUtils.contains(getGridHiddenVisibilities(), md.getVisibility())) {
                        Field hf = createHeaderField(p, md);
                        headerFields.add(hf);
                        defaultWrapperFields.add(constructFieldDTOFromFieldData(hf, md));
                    }
                    if (md.getIsFilter() != null && md.getIsFilter()) {
                        Field f = createHeaderField(p, md);
                        wrapper.getFields().add(constructFieldDTOFromFieldData(f, md));
                    }
                }
            }
        }
        type = ListGrid.Type.BASIC;
        if (AddMethodType.PERSIST.equals(bcm.getAddMethodType()) || AddMethodType.PERSIST_EMPTY.equals(bcm.getAddMethodType())) {
            editable = true;
        } else if (AddMethodType.SELECTIZE_LOOKUP.equals(bcm.getAddMethodType())) {
            selectize = true;
            modalSingleSelectable = true;
        } else {
            modalSingleSelectable = true;
        }
        sortable = StringUtils.isNotBlank(bcm.getSortProperty());
        if (sortable) {
            sortProperty = bcm.getSortProperty();
        }
    } else if (fmd instanceof AdornedTargetCollectionMetadata) {
        modalSingleSelectable = true;
        readOnly = !((AdornedTargetCollectionMetadata) fmd).isMutable();
        AdornedTargetCollectionMetadata atcmd = (AdornedTargetCollectionMetadata) fmd;
        if (AdornedTargetAddMethodType.LOOKUP.equals(atcmd.getAdornedTargetAddMethodType())) {
            isLookup = true;
        }
        if (AdornedTargetAddMethodType.SELECTIZE_LOOKUP.equals(atcmd.getAdornedTargetAddMethodType())) {
            selectize = true;
            Property p = cmd.getPMap().get(atcmd.getSelectizeVisibleField());
            if (p != null) {
                BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                Field hf = createHeaderField(p, md);
                headerFields.add(hf);
                wrapper.getFields().add(constructFieldDTOFromFieldData(hf, md));
            }
        } else {
            for (String fieldName : atcmd.getGridVisibleFields()) {
                Property p = cmd.getPMap().get(fieldName);
                if (p != null) {
                    BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                    Field hf = createHeaderField(p, md);
                    headerFields.add(hf);
                    wrapper.getFields().add(constructFieldDTOFromFieldData(hf, md));
                }
            }
        }
        type = ListGrid.Type.ADORNED;
        if (atcmd.getMaintainedAdornedTargetFields().length > 0) {
            editable = true;
        }
        AdornedTargetList adornedList = (AdornedTargetList) atcmd.getPersistencePerspective().getPersistencePerspectiveItems().get(PersistencePerspectiveItemType.ADORNEDTARGETLIST);
        sortable = StringUtils.isNotBlank(adornedList.getSortField());
        if (sortable) {
            sortProperty = adornedList.getSortField();
        }
    } else if (fmd instanceof MapMetadata) {
        readOnly = !((MapMetadata) fmd).isMutable();
        MapMetadata mmd = (MapMetadata) fmd;
        Property p2 = cmd.getPMap().get("key");
        BasicFieldMetadata keyMd = (BasicFieldMetadata) p2.getMetadata();
        keyMd.setFriendlyName(getMapKeyFriendlyName(p2));
        Field hf = createHeaderField(p2, keyMd);
        headerFields.add(hf);
        wrapper.getFields().add(constructFieldDTOFromFieldData(hf, keyMd));
        if (mmd.isSimpleValue()) {
            Property valueProperty = cmd.getPMap().get("value");
            BasicFieldMetadata valueMd = (BasicFieldMetadata) valueProperty.getMetadata();
            valueMd.setFriendlyName("Value");
            hf = createHeaderField(valueProperty, valueMd);
            headerFields.add(hf);
            wrapper.getFields().add(constructFieldDTOFromFieldData(hf, valueMd));
            idProperty = "key";
            hideIdColumn = true;
        } else {
            for (Property p : cmd.getProperties()) {
                if (p.getMetadata() instanceof BasicFieldMetadata) {
                    BasicFieldMetadata md = (BasicFieldMetadata) p.getMetadata();
                    String valueClassName = mmd.getValueClassName();
                    if (!StringUtils.isEmpty(mmd.getToOneTargetProperty())) {
                        Class<?> clazz;
                        try {
                            clazz = Class.forName(mmd.getValueClassName());
                        } catch (ClassNotFoundException e) {
                            throw ExceptionHelper.refineException(e);
                        }
                        java.lang.reflect.Field nestedField = FieldManager.getSingleField(clazz, mmd.getToOneTargetProperty());
                        ManyToOne manyToOne = nestedField.getAnnotation(ManyToOne.class);
                        if (manyToOne != null && !manyToOne.targetEntity().getName().equals(void.class.getName())) {
                            valueClassName = manyToOne.targetEntity().getName();
                        } else {
                            OneToOne oneToOne = nestedField.getAnnotation(OneToOne.class);
                            if (oneToOne != null && !oneToOne.targetEntity().getName().equals(void.class.getName())) {
                                valueClassName = oneToOne.targetEntity().getName();
                            }
                        }
                    }
                    if (md.getTargetClass().equals(valueClassName)) {
                        if (md.isProminent() != null && md.isProminent() && !ArrayUtils.contains(getGridHiddenVisibilities(), md.getVisibility())) {
                            hf = createHeaderField(p, md);
                            headerFields.add(hf);
                            defaultWrapperFields.add(constructFieldDTOFromFieldData(hf, md));
                            // Is this a media listgrid
                            if (hf.getFieldType().equals("ASSET_LOOKUP")) {
                                isMedia = true;
                            }
                        }
                        if (md.getIsFilter() != null && md.getIsFilter()) {
                            wrapper.getFields().add(constructFieldDTOFromFieldData(hf, md));
                        }
                    }
                }
            }
        }
        type = ListGrid.Type.MAP;
        editable = true;
        canFilterAndSort = false;
    }
    String ceilingType = "";
    if (fmd instanceof BasicFieldMetadata) {
        ceilingType = cmd.getCeilingType();
    } else if (fmd instanceof CollectionMetadata) {
        ceilingType = ((CollectionMetadata) fmd).getCollectionCeilingEntity();
    }
    if (CollectionUtils.isEmpty(headerFields)) {
        String message = "There are no listgrid header fields configured for the class " + ceilingType + " and property '" + StringUtil.sanitize(field.getName()) + "'.";
        if (selectize && (type == ListGrid.Type.ADORNED || type == ListGrid.Type.ADORNED_WITH_FORM)) {
            message += " Please configure 'selectizeVisibleField' in your @AdminPresentationAdornedTargetCollection configuration";
        } else if (type == ListGrid.Type.ADORNED || type == ListGrid.Type.ADORNED_WITH_FORM) {
            message += " Please configure 'gridVisibleFields' in your @AdminPresentationAdornedTargetCollection configuration";
        } else if (selectize && type == ListGrid.Type.BASIC) {
            message += " Please configure 'selectizeVisibleField' in your @AdminPresentationCollection configuration";
        } else {
            message += " Please mark some @AdminPresentation fields with 'prominent = true'";
        }
        LOG.error(message);
    }
    ListGrid listGrid = createListGrid(ceilingType, headerFields, type, drs, sectionKey, fmd.getOrder(), idProperty, sectionCrumbs, sortProperty);
    listGrid.setSubCollectionFieldName(field.getName());
    listGrid.setFriendlyName(field.getMetadata().getFriendlyName());
    if (StringUtils.isEmpty(listGrid.getFriendlyName())) {
        listGrid.setFriendlyName(field.getName());
    }
    listGrid.setContainingEntityId(containingEntityId);
    listGrid.setIsReadOnly(readOnly);
    listGrid.setHideIdColumn(hideIdColumn);
    listGrid.setCanFilterAndSort(canFilterAndSort);
    // Set up the filter builder params
    Date c = new Date();
    String friendlyName = field.getMetadata().getFriendlyName();
    String jsonFriendlyName = friendlyName.replaceAll(" ", "_");
    listGrid.setJsonFieldName(jsonFriendlyName + c.getTime() + "Json");
    listGrid.setFriendlyName(friendlyName);
    listGrid.setFieldBuilder("RULE_SIMPLE");
    if (CollectionUtils.isEmpty(wrapper.getFields())) {
        wrapper.setFields(defaultWrapperFields);
    }
    listGrid.setFieldWrapper(wrapper);
    String blankJsonString = "{\"data\":[]}";
    listGrid.setJson(blankJsonString);
    DataWrapper dw = convertJsonToDataWrapper(blankJsonString);
    if (dw != null) {
        listGrid.setDataWrapper(dw);
    }
    if (editable) {
        listGrid.getRowActions().add(DefaultListGridActions.UPDATE);
    }
    if (readOnly) {
        listGrid.getRowActions().add(DefaultListGridActions.VIEW);
    }
    if (sortable) {
        listGrid.setCanFilterAndSort(false);
        listGrid.setIsSortable(true);
    }
    if (modalSingleSelectable) {
        if (readOnly) {
            listGrid.addModalRowAction(DefaultListGridActions.SINGLE_SELECT.clone().withForListGridReadOnly(true));
        } else {
            listGrid.addModalRowAction(DefaultListGridActions.SINGLE_SELECT);
        }
    }
    listGrid.setSelectType(ListGrid.SelectType.SINGLE_SELECT);
    if (selectize) {
        listGrid.setSelectizeUrl(buildSelectizeUrl(listGrid));
        listGrid.setSelectType(ListGrid.SelectType.SELECTIZE);
    }
    if (modalMultiSelectable) {
        listGrid.addModalRowAction(DefaultListGridActions.MULTI_SELECT);
        listGrid.setSelectType(ListGrid.SelectType.MULTI_SELECT);
    }
    listGrid.getRowActions().add(DefaultListGridActions.REMOVE);
    if (fmd.getManualFetch()) {
        listGrid.setManualFetch(true);
        listGrid.getToolbarActions().add(DefaultListGridActions.MANUAL_FETCH);
    }
    if (isMedia) {
        listGrid.setListGridType(ListGrid.Type.ASSET_GRID);
    }
    extensionManager.getProxy().modifyListGrid(listGrid.getClassName(), listGrid);
    // If someone has replaced RowLevelSecurityService, check here to make sure the replacement implements the expected interface
    if (rowLevelSecurityService instanceof ExceptionAwareRowLevelSecurityProvider) {
        EntityFormModifierConfiguration entityFormModifierConfiguration = ((ExceptionAwareRowLevelSecurityProvider) rowLevelSecurityService).getUpdateDenialExceptions();
        for (EntityFormModifierData<EntityFormModifierDataPoint> data : entityFormModifierConfiguration.getData()) {
            for (EntityFormModifier modifier : entityFormModifierConfiguration.getModifier()) {
                if (modifier.isQualified(data.getModifierType())) {
                    modifier.modifyListGrid(new EntityFormModifierRequest().withListGrid(listGrid).withConfiguration(data).withCurrentUser(adminRemoteSecurityService.getPersistentAdminUser()).withRowLevelSecurityService(rowLevelSecurityService));
                }
            }
        }
    }
    return listGrid;
}
Also used : ClassMetadata(org.broadleafcommerce.openadmin.dto.ClassMetadata) FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata) BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata) ArrayList(java.util.ArrayList) PersistencePackageRequest(org.broadleafcommerce.openadmin.server.domain.PersistencePackageRequest) EntityFormModifier(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifier) ManyToOne(javax.persistence.ManyToOne) EntityFormModifierConfiguration(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierConfiguration) DataWrapper(org.broadleafcommerce.openadmin.web.rulebuilder.dto.DataWrapper) CodeField(org.broadleafcommerce.openadmin.web.form.entity.CodeField) RuleBuilderField(org.broadleafcommerce.openadmin.web.form.component.RuleBuilderField) Field(org.broadleafcommerce.openadmin.web.form.entity.Field) ComboField(org.broadleafcommerce.openadmin.web.form.entity.ComboField) MediaField(org.broadleafcommerce.openadmin.web.form.component.MediaField) OneToOne(javax.persistence.OneToOne) FieldWrapper(org.broadleafcommerce.openadmin.web.rulebuilder.dto.FieldWrapper) Property(org.broadleafcommerce.openadmin.dto.Property) AdornedTargetList(org.broadleafcommerce.openadmin.dto.AdornedTargetList) MapMetadata(org.broadleafcommerce.openadmin.dto.MapMetadata) FieldDTO(org.broadleafcommerce.openadmin.web.rulebuilder.dto.FieldDTO) BasicCollectionMetadata(org.broadleafcommerce.openadmin.dto.BasicCollectionMetadata) AdornedTargetCollectionMetadata(org.broadleafcommerce.openadmin.dto.AdornedTargetCollectionMetadata) CollectionMetadata(org.broadleafcommerce.openadmin.dto.CollectionMetadata) EntityFormModifierDataPoint(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierDataPoint) ListGrid(org.broadleafcommerce.openadmin.web.form.component.ListGrid) Date(java.util.Date) BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata) EntityFormModifierRequest(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierRequest) ExceptionAwareRowLevelSecurityProvider(org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider) BasicCollectionMetadata(org.broadleafcommerce.openadmin.dto.BasicCollectionMetadata) AdornedTargetCollectionMetadata(org.broadleafcommerce.openadmin.dto.AdornedTargetCollectionMetadata)

Example 2 with ExceptionAwareRowLevelSecurityProvider

use of org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider in project BroadleafCommerce by BroadleafCommerce.

the class FormBuilderServiceImpl method setReadOnlyState.

/**
 * The given <b>entityForm</b> is marked as readonly for the following cases:
 * <ol>
 *  <li>All of the properties from <b>cmd</b> are readonly</b></li>
 *  <li>The user does not have the security to {@link EntityOperationType#UPDATE} the given class name represented by
 *  the <b>entityForm</b> (determined by {@link #getSecurityClassname(EntityForm, ClassMetadata)})</li>
 *  <li>The user does not have the security necessary to modify the given <b>entity</b> according to the
 *  {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}</li>
 * </ol>
 *
 * @param entityForm the form being generated
 * @param cmd the metatadata used to build the <b>entityForm</b> for the <b>entity</b>
 * @param entity the entity being edited
 * @see {@link SecurityVerifier#securityCheck(String, EntityOperationType)}
 * @see {@link #getSecurityClassname(EntityForm, ClassMetadata)}
 * @see {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}
 */
protected void setReadOnlyState(EntityForm entityForm, ClassMetadata cmd, Entity entity) {
    boolean readOnly = true;
    // If all of the fields are read only, we'll mark the form as such
    for (Property property : cmd.getProperties()) {
        FieldMetadata fieldMetadata = property.getMetadata();
        if (fieldMetadata instanceof BasicFieldMetadata) {
            readOnly = ((BasicFieldMetadata) fieldMetadata).getReadOnly() != null && ((BasicFieldMetadata) fieldMetadata).getReadOnly();
            if (!readOnly) {
                break;
            }
        } else {
            readOnly = ((CollectionMetadata) fieldMetadata).isMutable();
            if (!readOnly) {
                break;
            }
        }
    }
    if (!readOnly) {
        // If the user does not have edit permissions, we will go ahead and make the form read only to prevent confusion
        try {
            String securityEntityClassname = getSecurityClassname(entityForm, cmd);
            adminRemoteSecurityService.securityCheck(securityEntityClassname, EntityOperationType.UPDATE);
        } catch (ServiceException e) {
            if (e instanceof SecurityServiceException) {
                readOnly = true;
            }
        }
    }
    // are not readonly, then check the row-level security
    if (!readOnly) {
        readOnly = !rowLevelSecurityService.canUpdate(adminRemoteSecurityService.getPersistentAdminUser(), entity);
    }
    if (readOnly) {
        entityForm.setReadOnly();
        // If someone has replaced RowLevelSecurityService, check here to make sure the replacement implements the expected interface
        if (rowLevelSecurityService instanceof ExceptionAwareRowLevelSecurityProvider) {
            EntityFormModifierConfiguration entityFormModifierConfiguration = ((ExceptionAwareRowLevelSecurityProvider) rowLevelSecurityService).getUpdateDenialExceptions();
            for (EntityFormModifierData<EntityFormModifierDataPoint> data : entityFormModifierConfiguration.getData()) {
                for (EntityFormModifier modifier : entityFormModifierConfiguration.getModifier()) {
                    if (modifier.isQualified(data.getModifierType())) {
                        modifier.modifyEntityForm(new EntityFormModifierRequest().withEntityForm(entityForm).withConfiguration(data).withCurrentUser(adminRemoteSecurityService.getPersistentAdminUser()).withEntity(entity).withRowLevelSecurityService(rowLevelSecurityService));
                    }
                }
            }
        }
    }
}
Also used : SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException) FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata) BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata) EntityFormModifierDataPoint(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierDataPoint) EntityFormModifier(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifier) EntityFormModifierConfiguration(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierConfiguration) ServiceException(org.broadleafcommerce.common.exception.ServiceException) SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException) BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata) EntityFormModifierRequest(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierRequest) ExceptionAwareRowLevelSecurityProvider(org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider) Property(org.broadleafcommerce.openadmin.dto.Property)

Aggregations

BasicFieldMetadata (org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)2 FieldMetadata (org.broadleafcommerce.openadmin.dto.FieldMetadata)2 Property (org.broadleafcommerce.openadmin.dto.Property)2 EntityFormModifier (org.broadleafcommerce.openadmin.server.security.service.EntityFormModifier)2 EntityFormModifierConfiguration (org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierConfiguration)2 EntityFormModifierDataPoint (org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierDataPoint)2 EntityFormModifierRequest (org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierRequest)2 ExceptionAwareRowLevelSecurityProvider (org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 ManyToOne (javax.persistence.ManyToOne)1 OneToOne (javax.persistence.OneToOne)1 SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)1 ServiceException (org.broadleafcommerce.common.exception.ServiceException)1 AdornedTargetCollectionMetadata (org.broadleafcommerce.openadmin.dto.AdornedTargetCollectionMetadata)1 AdornedTargetList (org.broadleafcommerce.openadmin.dto.AdornedTargetList)1 BasicCollectionMetadata (org.broadleafcommerce.openadmin.dto.BasicCollectionMetadata)1 ClassMetadata (org.broadleafcommerce.openadmin.dto.ClassMetadata)1 CollectionMetadata (org.broadleafcommerce.openadmin.dto.CollectionMetadata)1 MapMetadata (org.broadleafcommerce.openadmin.dto.MapMetadata)1