[New] Added privileges for viewable reports

2018-11-08 10:48:23 +01:00 · 2018-11-08 10:48:23 +01:00 · 84cf1471ea
parent 02b959ab77
commit 84cf1471ea
3 changed files with 21 additions and 8 deletions
--- a/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java
+++ b/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java
@ -8,7 +8,6 @@ import li.strolch.model.StrolchModelConstants;
 import li.strolch.model.StrolchRootElement;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.privilege.base.PrivilegeException;
-import li.strolch.privilege.model.PrivilegeContext;
 import li.strolch.privilege.model.Restrictable;
 import li.strolch.utils.dbc.DBC;
 import li.strolch.utils.helper.ExceptionHelper;
@ -85,8 +84,7 @@ public abstract class StrolchSearch<T extends StrolchRootElement>
 	 */
 	public RootElementSearchResult<T> search(StrolchTransaction tx) {
 		try {
-			PrivilegeContext privilegeContext = tx.getContainer().getPrivilegeHandler().validate(tx.getCertificate());
-			privilegeContext.validateAction(this);
+			tx.getPrivilegeContext().validateAction(this);
 		} catch (PrivilegeException e) {
 			throw new StrolchAccessDeniedException(tx.getCertificate(), this, ExceptionHelper.getExceptionMessage(e),
 					e);
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java
@ -32,6 +32,7 @@ import li.strolch.model.Tags;
 import li.strolch.model.parameter.StringParameter;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.privilege.model.Certificate;
+import li.strolch.privilege.model.SimpleRestrictable;
 import li.strolch.report.Report;
 import li.strolch.report.ReportSearch;
 import li.strolch.rest.RestfulStrolchComponent;
@ -67,12 +68,11 @@ public class ReportResource {
 			realm = RestfulStrolchComponent.getInstance().getContainer().getRealm(cert).getRealm();

 		try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) {
-
-			List<Resource> ids = new ReportSearch().search(tx).orderByName(false).toList();
+			List<Resource> reports = new ReportSearch(tx).search(tx).orderByName(false).toList();

 			// create final array
 			JsonArray array = new JsonArray();
-			ids.forEach(res -> {
+			reports.forEach(res -> {
 				JsonObject o = new JsonObject();
 				o.addProperty(Tags.Json.ID, res.getId());
 				o.addProperty(Tags.Json.NAME, res.getName());
@ -107,6 +107,7 @@ public class ReportResource {

 		JsonArray result = new JsonArray();
 		try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) {
+			tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id));

 			Report report = new Report(tx, id);

@ -160,6 +161,7 @@ public class ReportResource {
 		}

 		try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) {
+			tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id));

 			// get report
 			Report report = new Report(tx, id);
@ -259,6 +261,8 @@ public class ReportResource {
 		}

 		try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) {
+			tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id));
+
 			long start = System.nanoTime();

 			// get report
@ -351,6 +355,7 @@ public class ReportResource {
 		}

 		try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) {
+			tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id));

 			// get report
 			Report report = new Report(tx, id);
--- a/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java
+++ b/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java
@ -2,16 +2,26 @@ package li.strolch.report;

 import static li.strolch.report.ReportConstants.TYPE_REPORT;

+import java.util.Set;
+
+import li.strolch.persistence.api.StrolchTransaction;
+import li.strolch.privilege.model.IPrivilege;
 import li.strolch.search.ResourceSearch;

 /**
 * Query to get report resources
 *
- * @author mvoigt
+ * @author Robert von Burg <eitch@eitchnet.ch>
 */
 public class ReportSearch extends ResourceSearch {

-	public ReportSearch() {
+	public ReportSearch(StrolchTransaction tx) {
 		types(TYPE_REPORT);
+
+		IPrivilege reportPrivilege = tx.getPrivilegeContext().getPrivilege(ReportSearch.class.getName());
+		if (!reportPrivilege.isAllAllowed()) {
+			Set<String> allowedReportIds = reportPrivilege.getAllowList();
+			where(id().isIn(allowedReportIds));
+		}
 	}
 }