Beispiel #1
0
  private void validateCredentialsForReading(EntityDto entity) {
    boolean authorized = false;
    SecurityMode securityMode = entity.getSecurityMode();
    SecurityMode readOnlySecurityMode = entity.getReadOnlySecurityMode();

    if (securityMode != null) {
      Set<String> securityMembers = entity.getSecurityMembers();
      authorized = entity.hasAccessToEntityFromSecurityMode(securityMode, securityMembers);
      if (!authorized) {
        if (readOnlySecurityMode != null) {
          Set<String> readOnlySecurityMembers = entity.getReadOnlySecurityMembers();
          authorized =
              entity.hasAccessToEntityFromSecurityMode(
                  readOnlySecurityMode, readOnlySecurityMembers);
          if (isAuthorizedByReadAccessOrIsInstanceRestriction(
              authorized, readOnlySecurityMode, securityMode)) {
            throw new SecurityException();
          }
        }
      }
    }
    if (!authorized && readOnlySecurityMode != null) {
      Set<String> readOnlySecurityMembers = entity.getReadOnlySecurityMembers();
      authorized =
          entity.hasAccessToEntityFromSecurityMode(readOnlySecurityMode, readOnlySecurityMembers);
      if (!authorized && !readOnlySecurityMode.isInstanceRestriction()) {
        throw new SecurityException();
      }
    }
  }
Beispiel #2
0
  private void processAnnotationScanningResults(
      List<EntityProcessorOutput> entityProcessorOutput,
      Map<String, List<LookupDto>> lookupProcessingResult) {
    Map<String, Long> entityIdMappings = new HashMap<>();

    for (EntityProcessorOutput result : entityProcessorOutput) {
      EntityDto processedEntity = result.getEntityProcessingResult();

      EntityDto entity = entityService.getEntityByClassName(processedEntity.getClassName());

      if (entity == null) {
        entity = entityService.createEntity(processedEntity);
      }
      entityIdMappings.put(entity.getClassName(), entity.getId());

      entityService.updateRestOptions(entity.getId(), result.getRestProcessingResult());
      entityService.updateTracking(entity.getId(), result.getTrackingProcessingResult());
      entityService.addFields(entity, result.getFieldProcessingResult());
      entityService.addFilterableFields(entity, result.getUiFilterableProcessingResult());
      entityService.addDisplayedFields(entity, result.getUiDisplayableProcessingResult());
      entityService.updateSecurityOptions(
          entity.getId(), processedEntity.getSecurityMode(), processedEntity.getSecurityMembers());
      entityService.updateMaxFetchDepth(entity.getId(), processedEntity.getMaxFetchDepth());
      entityService.addNonEditableFields(entity, result.getNonEditableProcessingResult());
    }

    for (Map.Entry<String, List<LookupDto>> entry : lookupProcessingResult.entrySet()) {
      entityService.addLookups(entityIdMappings.get(entry.getKey()), entry.getValue());
    }
  }
Beispiel #3
0
 private void validateCredentials(EntityDto entity) {
   boolean authorized;
   SecurityMode securityMode = entity.getSecurityMode();
   if (securityMode != null) {
     Set<String> securityMembers = entity.getSecurityMembers();
     authorized = entity.hasAccessToEntityFromSecurityMode(securityMode, securityMembers);
     if (!authorized && !securityMode.isInstanceRestriction()) {
       throw new SecurityException();
     }
   }
 }