protected MeshVertex handleBranchSchema(DataFetchingEnvironment env) { GraphQLContext gc = env.getContext(); Branch branch = env.getSource(); Stream<? extends SchemaContainerVersion> schemas = StreamSupport.stream(branch.findActiveSchemaVersions().spliterator(), false); // We need to handle permissions dedicately since we check the schema container perm and not the schema container version perm. return handleUuidNameArgsNoPerm(env, uuid -> schemas.filter(schema -> { SchemaContainer container = schema.getSchemaContainer(); return container.getUuid().equals(uuid) && gc.getUser().hasPermission(container, READ_PERM); }).findFirst().get(), name -> schemas.filter(schema -> schema.getName().equals(name) && gc.getUser().hasPermission(schema .getSchemaContainer(), READ_PERM)).findFirst().get()); }
protected Page<SchemaContainerVersion> handleBranchSchemas(DataFetchingEnvironment env) { GraphQLContext gc = env.getContext(); Branch branch = env.getSource(); Stream<? extends SchemaContainerVersion> schemas = StreamSupport.stream(branch.findActiveSchemaVersions().spliterator(), false).filter( schema -> gc.getUser().hasPermission(schema.getSchemaContainer(), READ_PERM)); return new DynamicStreamPageImpl<>(schemas, getPagingInfo(env)); }
@Override public <T extends MeshCoreVertex<?, ?>> T requiresPerm(T vertex, GraphPermission... permission) { for (GraphPermission perm : permission) { if (getUser().hasPermission(vertex, perm)) { return vertex; } } throw missingPerm(vertex.getTypeInfo().getType(), vertex.getUuid()); }
public GraphQLObjectType createType() { Builder schemaType = newObject().name(MICROSCHEMA_TYPE_NAME).description("Microschema"); interfaceTypeProvider.addCommonFields(schemaType); // .name schemaType.field(newFieldDefinition().name("name").description("Name of the microschema").type(GraphQLString)); // .version schemaType.field(newFieldDefinition().name("version").description("Version of the microschema.").type(GraphQLInt)); // .description schemaType.field(newFieldDefinition().name("description").description("Description of the microschema.").type(GraphQLString)); schemaType.field(newPagingFieldWithFetcher("projects", "Projects that this schema is assigned to", (env) -> { GraphQLContext gc = env.getContext(); MicroschemaContainer microschema = env.getSource(); return microschema.findReferencedBranches().keySet().stream() .map(Branch::getProject) .distinct() .filter(it -> gc.getUser().hasPermission(it, GraphPermission.READ_PERM)) .collect(Collectors.toList()); }, PROJECT_REFERENCE_PAGE_TYPE_NAME)); // .fields // TODO add fields return schemaType.build(); }
/** * Load the object by name and check the given permission. * * @param ac * Context to be used in order to check user permissions * @param name * Name of the object that should be loaded * @param perm * Permission that must be granted in order to load the object * @return */ default T findByName(InternalActionContext ac, String name, GraphPermission perm) { T element = findByName(name); if (element == null) { throw error(NOT_FOUND, "object_not_found_for_name", name); } MeshAuthUser requestUser = ac.getUser(); String elementUuid = element.getUuid(); if (requestUser.hasPermission(element, perm)) { return element; } else { throw error(FORBIDDEN, "error_missing_perm", elementUuid, perm.getRestPerm().getName()); } }
if (requestUser.hasPermission(element, perm)) { return element; } else {