public static String[] getInaccessibleAttributes(Entity entity) { SecurityState state = getSecurityState(entity); return state != null ? getInaccessibleAttributes(state) : null; }
public static byte[] getSecurityToken(Entity entity) { SecurityState state = getSecurityState(entity); return state != null ? getSecurityToken(state) : null; }
public static String[] getFilteredAttributes(BaseGenericIdEntity entity) { SecurityState state = getSecurityState(entity); return state != null ? getFilteredAttributes(state) : null; }
public static Multimap<String, Object> getFilteredData(Entity entity) { SecurityState state = getSecurityState(entity); return state != null ? getFilteredData(state) : null; }
protected SecurityState getSecurityState(Entity entity) { return BaseEntityInternalAccess.supportsSecurityState(entity) ? BaseEntityInternalAccess.getSecurityState(entity) : null; }
public static Entity copyCompositions(Entity source) { Preconditions.checkNotNullArgument(source, "source is null"); Entity dest; try { dest = source.getClass().newInstance(); } catch (InstantiationException | IllegalAccessException e) { throw new RuntimeException(e); } copyCompositions(source, dest); if (BaseEntityInternalAccess.supportsSecurityState(source)) { BaseEntityInternalAccess.setSecurityState(dest, BaseEntityInternalAccess.getSecurityState(source)); } return dest; }
SecurityState securityState = getSecurityState(entity); if (securityState != null) { byte[] securityToken = getSecurityToken(securityState);
protected void checkRequiredAttributes(Entity entity) { SecurityState securityState = getSecurityState(entity); if (securityState != null && !securityState.getRequiredAttributes().isEmpty()) { for (MetaProperty metaProperty : entity.getMetaClass().getProperties()) { String propertyName = metaProperty.getName(); if (BaseEntityInternalAccess.isRequired(securityState, propertyName) && entity.getValue(propertyName) == null) { throw new RowLevelSecurityException(format("Attribute [%s] is required for entity %s", propertyName, entity), entity.getMetaClass().getName()); } } } }
SecurityState securityState = getSecurityState(entity); if (getSecurityToken(entity) == null) { return;
@Override public SecurityState computeSecurityState(Entity entity) { Preconditions.checkNotNullArgument(entity, "entity is null"); SecurityState state; String storeName = metadataTools.getStoreName(metadata.getClassNN(entity.getClass())); Transaction tx = persistence.createTransaction(storeName); try { EntityManager em = persistence.getEntityManager(storeName); Entity managedEntity = em.merge(entity); support.setupAttributeAccess(managedEntity); state = BaseEntityInternalAccess.getSecurityState(managedEntity); // do not commit the transaction } finally { tx.end(); } return state; } }
FetchGroupTracker fetchGroupTracker = (FetchGroupTracker) entity; FetchGroup fetchGroup = fetchGroupTracker._persistence_getFetchGroup(); SecurityState securityState = getSecurityState(entity); if (fetchGroup != null) { List<String> attributesToRemove = new ArrayList<>();
@Override public void visit(Entity entity, MetaProperty property) { MetaClass metaClass = metadata.getClassNN(entity.getClass()); if (!security.isEntityAttrReadPermitted(metaClass, property.getName())) { addInaccessibleAttribute(entity, property.getName()); if (!metadataTools.isSystem(property) && !property.isReadOnly()) { setNullPropertyValue(entity, property); } } SecurityState securityState = BaseEntityInternalAccess.getSecurityState(entity); if (securityState != null && securityState.getHiddenAttributes().contains(property.getName())) { addInaccessibleAttribute(entity, property.getName()); if (!metadataTools.isSystem(property)) { setNullPropertyValue(entity, property); } } } }
@Override public void visit(Entity entity, MetaProperty property) { MetaClass metaClass = metadata.getClassNN(entity.getClass()); String propertyName = property.getName(); if (!security.isEntityAttrReadPermitted(metaClass, propertyName)) { addInaccessibleAttribute(entity, propertyName); if (!metadataTools.isSystem(property) && !property.isReadOnly()) { setNullPropertyValue(entity, property); } } SecurityState securityState = BaseEntityInternalAccess.getSecurityState(entity); if (securityState != null && securityState.getHiddenAttributes().contains(property.getName())) { addInaccessibleAttribute(entity, property.getName()); if (!metadataTools.isSystem(property)) { setNullPropertyValue(entity, property); } } } }
@Override public void visit(Entity entity, MetaProperty property) { MetaClass metaClass = metadata.getClassNN(entity.getClass()); if (!security.isEntityAttrReadPermitted(metaClass, property.getName())) { addInaccessibleAttribute((BaseGenericIdEntity) entity, property.getName()); if (!metadataTools.isSystem(property) && !property.isReadOnly()) { // Using reflective access to field because the attribute can be unfetched if loading not partial entities, // which is the case when in-memory constraints exist BaseEntityInternalAccess.setValue(entity, property.getName(), null); } } SecurityState securityState = BaseEntityInternalAccess.getSecurityState(entity); if (securityState != null && securityState.getHiddenAttributes().contains(property.getName())) { if (!metadataTools.isSystem(property)) { // Using reflective access to field because the attribute can be unfetched if loading not partial entities, // which is the case when in-memory constraints exist BaseEntityInternalAccess.setValue(entity, property.getName(), null); } } } }
persistenceSecurity.assertTokenForREST(srcEntity, regularView); persistenceSecurity.restoreSecurityState(srcEntity); srcSecurityState = BaseEntityInternalAccess.getSecurityState(srcEntity); dstSecurityState = BaseEntityInternalAccess.getSecurityState(dstEntity);
persistenceSecurity.assertTokenForREST(srcEmbeddedEntity, regularView); persistenceSecurity.restoreSecurityState(srcEmbeddedEntity); srcSecurityState = BaseEntityInternalAccess.getSecurityState(srcEmbeddedEntity); dstSecurityState = BaseEntityInternalAccess.getSecurityState(dstEmbeddedEntity);