/** * Checks if the caller has access to all the query fields. Returns false if * not, and sets the error status in ctx */ private boolean checkQueryAccess(OperationContext ctx, QueryExpression query) { boolean ret = true; if (query != null) { CompositeMetadata md = ctx.getTopLevelEntityMetadata(); FieldAccessRoleEvaluator eval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); AnalyzeQuery analyzer=new AnalyzeQuery(md,null); analyzer.iterate(query,Path.EMPTY); List<QueryFieldInfo> fields=analyzer.getFieldInfo(); LOGGER.debug("Checking access for query fields {}", fields); for (QueryFieldInfo field : fields) { LOGGER.debug("Access checking field {}", field.getFullFieldName()); if (eval.hasAccess(field.getFullFieldName(), FieldAccessRoleEvaluator.Operation.find)) { LOGGER.debug("Field {} is readable", field.getFullFieldName()); } else { LOGGER.debug("Field {} is not readable", field.getFullFieldName()); ctx.addError(Error.get(CrudConstants.ERR_NO_ACCESS, field.getFullFieldName().toString())); ctx.setStatus(OperationStatus.ERROR); ret = false; } } } return ret; }
/** * Checks if the caller has access to all the query fields. Returns false if * not, and sets the error status in ctx */ private boolean checkQueryAccess(OperationContext ctx, QueryExpression query) { boolean ret = true; if (query != null) { CompositeMetadata md = ctx.getTopLevelEntityMetadata(); FieldAccessRoleEvaluator eval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); AnalyzeQuery analyzer=new AnalyzeQuery(md,null); analyzer.iterate(query,Path.EMPTY); List<QueryFieldInfo> fields=analyzer.getFieldInfo(); LOGGER.debug("Checking access for query fields {}", fields); for (QueryFieldInfo field : fields) { LOGGER.debug("Access checking field {}", field.getFullFieldName()); if (eval.hasAccess(field.getFullFieldName(), FieldAccessRoleEvaluator.Operation.find)) { LOGGER.debug("Field {} is readable", field.getFullFieldName()); } else { LOGGER.debug("Field {} is not readable", field.getFullFieldName()); ctx.addError(Error.get(CrudConstants.ERR_NO_ACCESS, field.getFullFieldName().toString())); ctx.setStatus(OperationStatus.ERROR); ret = false; } } } return ret; }
try { EntityMetadata md = ctx.getEntityMetadata(ctx.getEntityName()); FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); LOGGER.debug("Translating query {}", query); DBObject mongoQuery = xtranslator.translate(md, ExpressionTranslator.appendObjectType(query,ctx.getEntityName()));
DocTranslator translator = new DocTranslator(ctx, ctx.getFactory().getNodeFactory()); try { FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(ctx.getEntityMetadata(ctx.getEntityName()), ctx.getCallerRoles()); LOGGER.debug("saveOrInsert: Translating docs");
Translator translator = new Translator(ctx, ctx.getFactory().getNodeFactory()); try { FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(ctx.getEntityMetadata(ctx.getEntityName()), ctx.getCallerRoles()); LOGGER.debug("saveOrInsert: Translating docs");
EntityMetadata md = ctx.getEntityMetadata(ctx.getEntityName()); if (md.getAccess().getFind().hasAccess(ctx.getCallerRoles())) { FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); LOGGER.debug("Translating query {}", query); DBObject mongoQuery = query==null?null:translator.translate(md, query);
EntityMetadata md = ctx.getEntityMetadata(ctx.getEntityName()); if (md.getAccess().getFind().hasAccess(ctx.getCallerRoles())) { FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles()); LOGGER.debug("Translating query {}", query); DBObject mongoQuery = xtranslator.translate(md, ExpressionTranslator.appendObjectType(query,ctx.getEntityName()));
DBObject mongoQuery = translator.translate(md, query); LOGGER.debug("Translated query {}", mongoQuery); FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles());
ExpressionTranslator.appendObjectType(query,ctx.getEntityName())); LOGGER.debug("Translated query {}", mongoQuery); FieldAccessRoleEvaluator roleEval = new FieldAccessRoleEvaluator(md, ctx.getCallerRoles());