Example 1 with InvalidQueryException
use of org.craftercms.profile.exceptions.InvalidQueryException in project profile by craftercms.
the class ProfileServiceImpl method validateQuery.
protected void validateQuery(Tenant tenant, String query) throws ProfileException {
if (QUERY_TENANT_PATTERN.matcher(query).find()) {
throw new InvalidQueryException(ERROR_KEY_TENANT_NOT_ALLOWED);
}
if (QUERY_WHERE_PATTERN.matcher(query).find()) {
throw new InvalidQueryException(ERROR_KEY_WHERE_NOT_ALLOWED);
}
for (AttributeDefinition definition : tenant.getAttributeDefinitions()) {
if (!attributePermissionEvaluator.isAllowed(definition, AttributeAction.READ_ATTRIBUTE.toString())) {
String attributeName = definition.getName();
Pattern pattern = Pattern.compile(String.format(QUERY_ATTRIBUTE_PATTERN_FORMAT, attributeName));
if (pattern.matcher(query).find()) {
throw new InvalidQueryException(ERROR_KEY_ATTRIBUTE_NOT_ALLOWED, attributeName);
}
}
}
}
Also used :
Pattern(java.util.regex.Pattern)
AttributeDefinition(org.craftercms.profile.api.AttributeDefinition)
InvalidQueryException(org.craftercms.profile.exceptions.InvalidQueryException)
Aggregations
Pattern (java.util.regex.Pattern)1
AttributeDefinition (org.craftercms.profile.api.AttributeDefinition)1
InvalidQueryException (org.craftercms.profile.exceptions.InvalidQueryException)1
