@Override public void assertMayProcess(String className, long id, Details details) throws GraphException { if (!(acceptableGroups == null || acceptableGroups.contains(id))) { throw new GraphException("user is not an owner of group " + id); } } }
/** * Construct a new {@link IObject}. * @return an unloaded {@link IObject} corresponding to this {@link CI} * @throws GraphException if the {@link IObject} could not be constructed */ IObject toIObject() throws GraphException { try { final Class<? extends IObject> actualClass = (Class<? extends IObject>) Class.forName(className); return actualClass.getConstructor(Long.class, boolean.class).newInstance(id, false); } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException e) { throw new GraphException( "no invocable constructor for: new " + className + "(Long.valueOf(" + id + "L), false)"); } }
/** * Effect the change. * @param namedTerms the name dictionary of matched terms * @return the details of the changed term * @throws GraphException if the named term is not defined in the matching */ Details toChanged(Map<String, Details> namedTerms) throws GraphException { final Details details = namedTerms.get(namedTerm); if (details == null) { throw new GraphException("policy rule: reference to unknown term " + namedTerm); } if (action != null) { details.action = action; } if (orphan != null) { details.orphan = orphan; } if (isOverridePermissions) { details.isCheckPermissions = false; } return details; }
/** * Assert that {@link #unlinkTargets(boolean)} need not be called. * @throws GraphException if any model objects are to be {@link Action#DELETE}d */ public void assertNoUnlinking() throws GraphException { if (!progress.contains(Milestone.PLANNED)) { throw new IllegalStateException("operation not yet planned"); } if (!planning.deleted.isEmpty()) { throw new GraphException("cannot bypass unlinking step if any model objects are to be deleted"); } progress.add(Milestone.UNLINKED); }
@Override public boolean isMatch(Details object, String parameter) throws GraphException { if (object.groupId == null) { return false; } final boolean isInvert; if (parameter.startsWith("!")) { parameter = parameter.substring(1); isInvert = true; } else { isInvert = false; } final GroupMarker sought = groupsByName.get(parameter); if (sought == null) { throw new GraphException("unknown group: " + parameter); } final GroupMarker actual = groupsById.get(object.groupId); return isInvert != (sought == actual); } }
@Override public boolean isMatch(Details object, String parameter) throws GraphException { if (object.groupId == null) { return false; } final String permissions = groupPermissions.get(object.groupId); if (permissions == null) { throw new GraphException("no group permissions for " + object); } if (parameter.length() != permissions.length()) { throw new GraphException( "parameter " + parameter + " has different length from permissions " + permissions + " on " + object); } int index = permissions.length(); while (--index >= 0) { final char parameterChar = parameter.charAt(index); if (parameterChar != '?' && parameterChar != permissions.charAt(index)) { return false; } } return true; } }
@Override void execute(Function<Object, IObject> mapping) throws GraphException { try { @SuppressWarnings("unchecked") final Iterator<IObject> linkedTos = (Iterator<IObject>) reader.invoke(original); boolean stillWriting = true; while (linkedTos.hasNext()) { final IObject linkedTo = linkedTos.next(); final IObject duplicateOfLinkedTo = mapping.apply(linkedTo); if (stillWriting && duplicateOfLinkedTo != null) { if (written.add(duplicateOfLinkedTo)) { writer.invoke(duplicate, duplicateOfLinkedTo); } } else if (isOrdered) { /* cannot easily update other than by appending so skip the rest for now */ stillWriting = false; } } } catch (NestedNullException | ReflectiveOperationException e) { throw new GraphException( "cannot set property " + property + " on duplicate " + duplicate.getClass().getName()); } } }
@Override void execute(Function<Object, IObject> mapping) throws GraphException { final Object duplicateValue = GraphUtil.copyComplexValue(mapping, value); if (duplicateValue != null) { try { PropertyUtils.setNestedProperty(duplicate, property, duplicateValue); } catch (NestedNullException | ReflectiveOperationException e) { throw new GraphException( "cannot set property " + property + " on duplicate " + duplicate.getClass().getName()); } } } }
final Set<CI> violations = Sets.difference(objects, planning.mayDelete); if (!violations.isEmpty()) { throw new GraphException("not permitted to delete " + Joiner.on(", ").join(violations)); final Set<CI> violations = Sets.difference(objects, planning.mayUpdate); if (!violations.isEmpty()) { throw new GraphException("not permitted to update " + Joiner.on(", ").join(violations)); final Set<CI> violations = Sets.difference(objects, planning.mayChmod); if (!violations.isEmpty()) { throw new GraphException("not permitted to change permissions on " + Joiner.on(", ").join(violations)); final Set<CI> violations = Sets.difference(objects, planning.mayChgrp); if (!violations.isEmpty()) { throw new GraphException("not permitted to move " + Joiner.on(", ").join(violations)); final Set<CI> violations = Sets.difference(objects, planning.mayChown); if (!violations.isEmpty()) { throw new GraphException("not permitted to give " + Joiner.on(", ").join(violations)); final Set<CI> violations = Sets.difference(objects, planning.owns); if (!violations.isEmpty()) { throw new GraphException("does not own " + Joiner.on(", ").join(violations));
/** * Convert the indicated objects to {@link CI}s with their actual class identified. * @param objects the objects to query * @return {@link CI}s corresponding to the objects * @throws GraphException if any of the specified objects could not be queried */ private Collection<CI> objectsToCIs(SetMultimap<String, Long> objects) throws GraphException { final List<CI> returnValue = new ArrayList<CI>(objects.size()); for (final Entry<String, Collection<Long>> oneQueryClass : objects.asMap().entrySet()) { final String className = oneQueryClass.getKey(); final Collection<Long> ids = oneQueryClass.getValue(); final Collection<CI> retrieved = findObjectDetails(className, ids).values(); if (ids.size() != retrieved.size()) { throw new GraphException("cannot read all the specified objects of class " + className); } returnValue.addAll(retrieved); } return returnValue; }
@Override public void processInstances(String className, Collection<Long> ids) throws GraphException { final String rootQuery = "FROM " + className + " WHERE id IN (:ids)"; for (final List<Long> idsBatch : Iterables.partition(ids, BATCH_SIZE)) { final List<IObject> originals = session.createQuery(rootQuery).setParameterList("ids", idsBatch).list(); for (final IObject original : originals) { final IObject duplicate; try { duplicate = (IObject) Hibernate.getClass(original).newInstance(); } catch (InstantiationException | IllegalAccessException e) { throw new GraphException("cannot create a duplicate of " + original); } final String originalClass = Hibernate.getClass(original).getName(); final Long originalId = original.getId(); originalClassIdToDuplicates.put(Maps.immutableEntry(originalClass, originalId), duplicate); originalsToDuplicates.put(original, duplicate); } } }
final GraphPolicyRulePredicate predicate = predicates.get(predicateName); if (predicate == null) { throw new GraphException("unknown predicate: " + predicateName);
notNullable = Boolean.FALSE; } else { throw new GraphException(Joiner.on(' ').join("failed to parse match", leftTerm, equals, rightTerm));
LOGGER.debug(logMessage.toString()); throw new GraphException(message);
final Matcher matcher = CHANGE_PATTERN.matcher(change); if (!matcher.matches()) { throw new GraphException("failed to parse change " + change);
final SetMultimap<String, Long> permissionsOverrides) throws GraphException { if (CollectionUtils.isEmpty(startFrom)) { throw new GraphException(SkipHead.class.getSimpleName() + " requires the start classes to be named");
throw new GraphException("user " + userFromId + " is not an owner of group " + objectGroupId); throw new GraphException("user " + userId + " is not a member of group " + objectGroupId); .uniqueResult(); if (count > 0 || !linksToChown.add(new LinkDetails(linkType, parentId, childId))) { throw new GraphException("would have user " + userId + " owning multiple identical links");
throw new GraphException("cycle detected among " + Joiner.on(", ").join(planning.blockedBy.keySet()));
/** * Assert that the processor may operate upon the given objects with {@link Processor#processInstances(String, Collection)}. * Never fails for system types. * @param className a class name * @param ids instance IDs * @throws GraphException if the user does not have the necessary permissions for all of the objects */ private void assertMayBeProcessed(String className, Collection<Long> ids) throws GraphException { final Set<CI> objects = idsToCIs(className, ids); assertPermissions(objects, processor.getRequiredPermissions()); if (isCheckUserPermissions) { for (final CI object : Sets.difference(objects, planning.overrides)) { try { processor.assertMayProcess(object.className, object.id, planning.detailsNoted.get(object)); } catch (GraphException e) { throw new GraphException("cannot process " + object + ": " + e.message); } } } }
throw new GraphException("failed to parse match term " + term); termName = termNameGroup.substring(0, termNameGroup.length() - 1); if (graphPathBean.getClassForSimpleName(termName) != null) { throw new GraphException("redefined known class " + termName + " in " + term); prohibitedClass = graphPathBean.getClassForSimpleName(classNameGroup.substring(1)); if (prohibitedClass == null) { throw new GraphException("unknown class named in " + term); prohibitedClass = null; if (requiredClass == null) { throw new GraphException("unknown class named in " + term); final Matcher predicateMatcher = PREDICATE_PATTERN.matcher(remainingPredicates); if (!predicateMatcher.matches()) { throw new GraphException("failed to parse predicates suffixing match term " + term);