@Override public void noteDetails(Session session, IObject object, String realClass, long id) { graphPolicy.noteDetails(session, object, realClass, id); }
@Override public GraphPolicy getCleanInstance() { return graphPolicy.getCleanInstance(); }
@Override public boolean isCondition(String name) { return graphPolicy.isCondition(name); }
@Override public final Set<Details> review(Map<String, Set<Details>> linkedFrom, Details rootObject, Map<String, Set<Details>> linkedTo, Set<String> notNullable, boolean isErrorRules) throws GraphException { /* note all the model objects that may be adjusted in review */ final Set<Details> allTerms = GraphPolicy.allObjects(linkedFrom.values(), rootObject, linkedTo.values()); /* allow isAdjustedBeforeReview to adjust objects before review */ final Set<Details> changedTerms = new HashSet<Details>(); for (final Details object : allTerms) { if (isAdjustedBeforeReview(object)) { changedTerms.add(object); } } /* do the review */ changedTerms.addAll(graphPolicy.review(linkedFrom, rootObject, linkedTo, notNullable, isErrorRules)); /* allow isAdjustedAfterReview to adjust objects after review */ for (final Details object : allTerms) { if (isAdjustedAfterReview(object)) { changedTerms.add(object); } } return changedTerms; } }
@Override public final Set<Details> review(Map<String, Set<Details>> linkedFrom, Details rootObject, Map<String, Set<Details>> linkedTo, Set<String> notNullable, boolean isErrorRules) throws GraphException { if (isSkipClass.apply(rootObject.subject.getClass())) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("halting review at " + rootObject); } /* request parameters specify to review no further */ return Collections.emptySet(); } else { /* do the review */ final Set<Details> changes = graphPolicy.review(linkedFrom, rootObject, linkedTo, notNullable, isErrorRules); final Iterator<Details> changesIterator = changes.iterator(); while (changesIterator.hasNext()) { final Details change = changesIterator.next(); if (change.action == Action.INCLUDE && isSkipClass.apply(change.subject.getClass())) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("forestalling policy-based change " + change); } /* do not act on skipped classes */ changesIterator.remove(); } } return changes; } } };
final Set<TermMatch> unmatchedTerms = new HashSet<TermMatch>(policyRule.termMatchers); final Set<Details> allTerms = unmatchedTerms.isEmpty() ? Collections.<Details>emptySet() : GraphPolicy.allObjects(linkedFrom.values(), rootObject, linkedTo.values()); final Set<RelationshipMatch> unmatchedRelationships = new HashSet<RelationshipMatch>(policyRule.relationshipMatchers); boolean isPossibleMatch = true;
@Override public void registerPredicate(GraphPolicyRulePredicate predicate) { graphPolicy.registerPredicate(predicate); }
graphPolicy.setCondition("to_private"); graphPolicy.registerPredicate(new GroupPredicate(securityRoles));
@Override public void setCondition(String name) { graphPolicy.setCondition(name); }
@Override public final Set<Details> review(Map<String, Set<Details>> linkedFrom, Details rootObject, Map<String, Set<Details>> linkedTo, Set<String> notNullable, boolean isErrorRules) throws GraphException { if (rootObject.action == startAction && isStartFrom.apply(rootObject.subject)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("deferring review of " + rootObject); } /* note which permissions overrides to start from */ final String className = rootObject.subject.getClass().getName(); final Long id = rootObject.subject.getId(); if (rootObject.isCheckPermissions) { permissionsOverrides.remove(className, id); } else { permissionsOverrides.put(className, id); } /* skip the review, start from this object in a later request */ return Collections.emptySet(); } else { /* do the review */ return graphPolicy.review(linkedFrom, rootObject, linkedTo, notNullable, isErrorRules); } } };
if (!policyRule.termMatchers.isEmpty()) { final Set<Details> allTerms = GraphPolicy.allObjects(linkedFrom.values(), rootObject, linkedTo.values()); for (final TermMatch matcher : policyRule.termMatchers) { for (final Details object : allTerms) {
@Override public void registerPredicate(GraphPolicyRulePredicate predicate) { graphPolicy.registerPredicate(predicate); }
@Override public void setCondition(String name) { graphPolicy.setCondition(name); }
@Override public void noteDetails(Session session, IObject object, String realClass, long id) { graphPolicy.noteDetails(session, object, realClass, id); }
final Set<Details> changes = policy.review(linkedFromDetails, objectDetails, linkedToDetails, notNullable, isErrorRules);
@Override public void registerPredicate(GraphPolicyRulePredicate predicate) { graphPolicy.registerPredicate(predicate); }
@Override public boolean isCondition(String name) { return graphPolicy.isCondition(name); }
@Override public void setCondition(String name) { graphPolicy.setCondition(name); }
throw new IllegalArgumentException("no graph traversal policy rules defined for request class " + requestClass); } else { graphPolicy = graphPolicy.getCleanInstance();
@Override public void noteDetails(Session session, IObject object, String realClass, long id) { graphPolicy.noteDetails(session, object, realClass, id); }