diff --git a/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java b/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java index 280e53f03..d273fc314 100644 --- a/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java +++ b/li.strolch.agent/src/main/java/li/strolch/search/StrolchSearch.java @@ -8,7 +8,6 @@ import li.strolch.model.StrolchModelConstants; import li.strolch.model.StrolchRootElement; import li.strolch.persistence.api.StrolchTransaction; import li.strolch.privilege.base.PrivilegeException; -import li.strolch.privilege.model.PrivilegeContext; import li.strolch.privilege.model.Restrictable; import li.strolch.utils.dbc.DBC; import li.strolch.utils.helper.ExceptionHelper; @@ -85,8 +84,7 @@ public abstract class StrolchSearch */ public RootElementSearchResult search(StrolchTransaction tx) { try { - PrivilegeContext privilegeContext = tx.getContainer().getPrivilegeHandler().validate(tx.getCertificate()); - privilegeContext.validateAction(this); + tx.getPrivilegeContext().validateAction(this); } catch (PrivilegeException e) { throw new StrolchAccessDeniedException(tx.getCertificate(), this, ExceptionHelper.getExceptionMessage(e), e); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java index 43e9885fd..c5ad1b4b4 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/ReportResource.java @@ -32,6 +32,7 @@ import li.strolch.model.Tags; import li.strolch.model.parameter.StringParameter; import li.strolch.persistence.api.StrolchTransaction; import li.strolch.privilege.model.Certificate; +import li.strolch.privilege.model.SimpleRestrictable; import li.strolch.report.Report; import li.strolch.report.ReportSearch; import li.strolch.rest.RestfulStrolchComponent; @@ -67,12 +68,11 @@ public class ReportResource { realm = RestfulStrolchComponent.getInstance().getContainer().getRealm(cert).getRealm(); try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) { - - List ids = new ReportSearch().search(tx).orderByName(false).toList(); + List reports = new ReportSearch(tx).search(tx).orderByName(false).toList(); // create final array JsonArray array = new JsonArray(); - ids.forEach(res -> { + reports.forEach(res -> { JsonObject o = new JsonObject(); o.addProperty(Tags.Json.ID, res.getId()); o.addProperty(Tags.Json.NAME, res.getName()); @@ -107,6 +107,7 @@ public class ReportResource { JsonArray result = new JsonArray(); try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) { + tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id)); Report report = new Report(tx, id); @@ -160,6 +161,7 @@ public class ReportResource { } try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) { + tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id)); // get report Report report = new Report(tx, id); @@ -259,6 +261,8 @@ public class ReportResource { } try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) { + tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id)); + long start = System.nanoTime(); // get report @@ -351,6 +355,7 @@ public class ReportResource { } try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, realm, getContext())) { + tx.getPrivilegeContext().validateAction(new SimpleRestrictable(ReportSearch.class.getName(), id)); // get report Report report = new Report(tx, id); diff --git a/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java b/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java index 0fe68c429..77d55674f 100644 --- a/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java +++ b/li.strolch.service/src/main/java/li/strolch/report/ReportSearch.java @@ -2,16 +2,26 @@ package li.strolch.report; import static li.strolch.report.ReportConstants.TYPE_REPORT; +import java.util.Set; + +import li.strolch.persistence.api.StrolchTransaction; +import li.strolch.privilege.model.IPrivilege; import li.strolch.search.ResourceSearch; /** * Query to get report resources * - * @author mvoigt + * @author Robert von Burg */ public class ReportSearch extends ResourceSearch { - public ReportSearch() { + public ReportSearch(StrolchTransaction tx) { types(TYPE_REPORT); + + IPrivilege reportPrivilege = tx.getPrivilegeContext().getPrivilege(ReportSearch.class.getName()); + if (!reportPrivilege.isAllAllowed()) { + Set allowedReportIds = reportPrivilege.getAllowList(); + where(id().isIn(allowedReportIds)); + } } }