/** rewrites the subop of filter. */
@Override
public void visit(final OpFilter opFilter) {
if (LOG.isDebugEnabled()) {
LOG.debug("Starting visiting OpFilter");
}
addOp(OpFilter.filterBy(opFilter.getExprs(), rewriteOp1(opFilter)));
}
@Override
public void visit(final OpBGP opBGP) throws ReadDeniedException, AuthenticationRequiredException {
if (LOG.isDebugEnabled()) {
LOG.debug("Starting visiting OpBGP");
}
Object principal = securityEvaluator.getPrincipal();
if (!securityEvaluator.evaluate(principal, Action.Read, graphIRI)) {
if (silentFail) {
return;
} else {
throw new ReadDeniedException(SecuredItem.Util.modelPermissionMsg(graphIRI));
}
}
// if the user can read any triple just add the opBGP
if (securityEvaluator.evaluate(principal, Action.Read, graphIRI, Triple.ANY)) {
addOp(opBGP);
} else {
// add security filtering to the resulting triples
final List<Triple> newBGP = new ArrayList<>();
final List<Node> variables = new ArrayList<>();
// register all variables
for (final Triple t : opBGP.getPattern().getList()) {
newBGP.add(registerBGPTriple(t, variables));
}
// create the security function.
final SecuredFunction secFunc =
new SecuredFunction(graphIRI, securityEvaluator, variables, newBGP);
// create the filter
Op filter = OpFilter.filter(secFunc, new OpBGP(BasicPattern.wrap(newBGP)));
// add the filter
addOp(filter);
}
}