/**
* Uses the {@link SecurityEventContextResolver} to add conditions to neutralQuery to limit the
* security events which the current user can view.
*
* @param neutralQuery
*/
@Override
protected void listSecurityCheck(NeutralQuery neutralQuery) {
Set<String> idsToFilter = new HashSet<String>();
idsToFilter.addAll(securityEventContextResolver.findAccessible(null));
// At present, multiple "in" queries do not get joined together properly by the Mongo Query
// converter.
// Therefore, explicitly check for pre-existing "in" queries or "=" queries and combine them
// here manually.
boolean foundIdInQuery = false;
for (NeutralCriteria criterion : neutralQuery.getCriteria()) {
if ("_id".equals(criterion.getKey())) {
foundIdInQuery = true;
if (NeutralCriteria.CRITERIA_IN.equals(criterion.getOperator())) {
Set<String> values = new HashSet<String>();
for (String idValue : (Iterable<String>) criterion.getValue()) {
values.add(idValue);
}
values.retainAll(idsToFilter);
criterion.setValue(values);
} else if (NeutralCriteria.OPERATOR_EQUAL.equals(criterion.getOperator())) {
Set<String> values = new HashSet<String>();
values.add((String) criterion.getValue());
values.retainAll(idsToFilter);
criterion.setOperator(NeutralCriteria.CRITERIA_IN);
criterion.setValue(values);
} else {
throw new UnsupportedOperationException(
"do not know how to handle additional _id criterion with operator "
+ criterion.getOperator());
}
}
}
if (!foundIdInQuery) {
neutralQuery.addCriteria(
new NeutralCriteria("_id", NeutralCriteria.CRITERIA_IN, idsToFilter));
}
}
