@Override public boolean isAllowed(ODocument iDocument, ORestrictedOperation iAllowOperation, boolean iReadOriginal) { database = ODatabaseRecordThreadLocal.INSTANCE.get(); return super.isAllowed(iDocument, iAllowOperation, iReadOriginal); }
changed = ORestrictedAccessHook.onRecordBeforeCreate(doc, this);
@Override public boolean isAllowed(ODocument iDocument, ORestrictedOperation iAllowOperation, boolean iReadOriginal) { database = ODatabaseRecordThreadLocal.instance().get(); return super.isAllowed(iDocument, iAllowOperation, iReadOriginal); }
private boolean checkSecurity(OIdentifiable value) { try { // TODO check this! execDb.checkSecurity(ORule.ResourceGeneric.CLASS, ORole.PERMISSION_READ, ((ODocument) value.getRecord()).getClassName()); } catch (OSecurityException ignore) { return false; } return ORestrictedAccessHook.isAllowed((ODatabaseDocumentInternal) execDb, (ODocument) value.getRecord(), ORestrictedOperation.ALLOW_READ, false); }
@Override public boolean beforeReadOperations(OIdentifiable identifiable) { if (identifiable instanceof ODocument) { ODocument doc = (ODocument) identifiable; OImmutableClass clazz = ODocumentInternal.getImmutableSchemaClass(this, doc); if (clazz != null) { if (clazz.isTriggered()) { ORecordHook.RESULT val = OClassTrigger.onRecordBeforeRead(doc, this); if (val == ORecordHook.RESULT.SKIP) { return true; } } if (clazz.isRestricted()) { if (!ORestrictedAccessHook.isAllowed(this, doc, ORestrictedOperation.ALLOW_READ, false)) { return true; } } } } return callbackHooks(ORecordHook.TYPE.BEFORE_READ, identifiable) == ORecordHook.RESULT.SKIP; }
@Override public void beforeDeleteOperations(OIdentifiable id, String iClusterName) { checkClusterSecurity(ORole.PERMISSION_DELETE, id, iClusterName); if (id instanceof ODocument) { ODocument doc = (ODocument) id; OImmutableClass clazz = ODocumentInternal.getImmutableSchemaClass(this, doc); if (clazz != null) { if (clazz.isTriggered()) { OClassTrigger.onRecordBeforeDelete(doc, this); } if (clazz.isRestricted()) { if (!ORestrictedAccessHook.isAllowed(this, doc, ORestrictedOperation.ALLOW_DELETE, true)) throw new OSecurityException("Cannot delete record " + doc.getIdentity() + ": the resource has restricted access"); } } } callbackHooks(ORecordHook.TYPE.BEFORE_DELETE, id); }
if (!ORestrictedAccessHook.isAllowed(this, doc, ORestrictedOperation.ALLOW_UPDATE, true)) throw new OSecurityException("Cannot update record " + doc.getIdentity() + ": the resource has restricted access");