/** * Apply security constraints for query to select reports available by roles and screen restrictions */ public void applySecurityPolicies(LoadContext lc, @Nullable String screen, @Nullable User user) { QueryTransformer transformer = queryTransformerFactory.transformer(lc.getQuery().getQueryString()); if (screen != null) { transformer.addWhereAsIs("r.screensIdx like :screen escape '\\'"); lc.getQuery().setParameter("screen", wrapIdxParameterForSearch(screen)); } if (user != null) { List<UserRole> userRoles = user.getUserRoles(); boolean superRole = userRoles.stream().anyMatch(userRole -> userRole.getRole().getType() == RoleType.SUPER); if (!superRole) { StringBuilder roleCondition = new StringBuilder("r.rolesIdx is null"); for (int i = 0; i < userRoles.size(); i++) { UserRole ur = userRoles.get(i); String paramName = "role" + (i + 1); roleCondition.append(" or r.rolesIdx like :").append(paramName).append(" escape '\\'"); lc.getQuery().setParameter(paramName, wrapIdxParameterForSearch(ur.getRole().getId().toString())); } transformer.addWhereAsIs(roleCondition.toString()); } } lc.getQuery().setQueryString(transformer.getResult()); }
/** * Apply constraints for query to select reports which have input parameter with class matching inputValueMetaClass */ public void applyPoliciesByEntityParameters(LoadContext lc, @Nullable MetaClass inputValueMetaClass) { if (inputValueMetaClass != null) { QueryTransformer transformer = queryTransformerFactory.transformer(lc.getQuery().getQueryString()); StringBuilder parameterTypeCondition = new StringBuilder("r.inputEntityTypesIdx like :type escape '\\'"); lc.getQuery().setParameter("type", wrapIdxParameterForSearch(inputValueMetaClass.getName())); List<MetaClass> ancestors = inputValueMetaClass.getAncestors(); for (int i = 0; i < ancestors.size(); i++) { MetaClass metaClass = ancestors.get(i); String paramName = "type" + (i + 1); parameterTypeCondition.append(" or r.inputEntityTypesIdx like :").append(paramName).append(" escape '\\'"); lc.getQuery().setParameter(paramName, wrapIdxParameterForSearch(metaClass.getName())); } transformer.addWhereAsIs(String.format("(%s)", parameterTypeCondition.toString())); lc.getQuery().setQueryString(transformer.getResult()); } }
transformer.replaceWithSelectEntityVariable("tempEntityAlias"); transformer.addFirstSelectionSource(String.format("%s tempEntityAlias", nestedEntityName)); transformer.addWhereAsIs(String.format("tempEntityAlias.id = %s.id", nestedEntityPath)); transformer.addEntityInGroupBy("tempEntityAlias"); result = transformer.getResult();