Revision 7631d065
Added by Andreas Kohlbecker over 6 years ago
| cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/CdmSecurityHibernateInterceptor.java | ||
|---|---|---|
| 8 | 8 |
*/ |
| 9 | 9 |
package eu.etaxonomy.cdm.persistence.hibernate; |
| 10 | 10 |
|
| 11 |
|
|
| 12 |
|
|
| 11 |
import java.beans.Introspector; |
|
| 13 | 12 |
import java.io.Serializable; |
| 13 |
import java.util.ArrayList; |
|
| 14 |
import java.util.Collection; |
|
| 14 | 15 |
import java.util.EnumSet; |
| 15 | 16 |
import java.util.HashMap; |
| 16 | 17 |
import java.util.HashSet; |
| 18 |
import java.util.List; |
|
| 17 | 19 |
import java.util.Map; |
| 18 | 20 |
import java.util.Set; |
| 19 | 21 |
|
| ... | ... | |
| 32 | 34 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator; |
| 33 | 35 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation; |
| 34 | 36 |
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; |
| 37 |
|
|
| 35 | 38 |
/** |
| 36 | 39 |
* @author k.luther |
| 37 | 40 |
* @author a.kohlbecker |
| ... | ... | |
| 111 | 114 |
if (previousState == null){
|
| 112 | 115 |
return onSave(cdmEntity, id, currentState, propertyNames, null); |
| 113 | 116 |
} |
| 114 |
if (isModified(currentState, previousState, propertyNames, exculdeMap.get(baseType(cdmEntity)))) {
|
|
| 117 |
Set<String> excludes = exculdeMap.get(baseType(cdmEntity)); |
|
| 118 |
excludes.addAll(unprotectedCacheFields(currentState, previousState, propertyNames)); |
|
| 119 |
if (isModified(currentState, previousState, propertyNames, excludes)) {
|
|
| 115 | 120 |
// evaluate throws EvaluationFailedException |
| 121 |
//if(cdmEntity.getCreated()) |
|
| 116 | 122 |
checkPermissions(cdmEntity, Operation.UPDATE); |
| 117 | 123 |
logger.debug("Operation.UPDATE permission check suceeded - object update granted");
|
| 118 | 124 |
|
| ... | ... | |
| 126 | 132 |
return true; |
| 127 | 133 |
} |
| 128 | 134 |
|
| 135 |
/** |
|
| 136 |
* Detects all cache fields and the according protection flags. For cache fields which are not |
|
| 137 |
* protected the name of the cache field and of the protection flag are returned. |
|
| 138 |
* <p> |
|
| 139 |
* This method relies on the convention that the protection flag for cache fields are named like |
|
| 140 |
* {@code protected{CacheFieldName} } whereas the cache fields a always ending with "Cache"
|
|
| 141 |
* |
|
| 142 |
* @param currentState |
|
| 143 |
* @param previousState |
|
| 144 |
* @param propertyNames |
|
| 145 |
* @return |
|
| 146 |
*/ |
|
| 147 |
protected Collection<? extends String> unprotectedCacheFields(Object[] currentState, Object[] previousState, |
|
| 148 |
String[] propertyNames) {
|
|
| 149 |
|
|
| 150 |
List<String> excludes = new ArrayList<>(); |
|
| 151 |
for(int i = 0; i < propertyNames.length; i ++){
|
|
| 152 |
if(propertyNames[i].matches("^protected.*Cache$")){
|
|
| 153 |
if(currentState[i] instanceof Boolean && ((Boolean)currentState[i]) == false && currentState[i].equals(previousState[i])){
|
|
| 154 |
excludes.add(propertyNames[i]); |
|
| 155 |
String cacheFieldName = propertyNames[i].replace("protected", "");
|
|
| 156 |
cacheFieldName = Introspector.decapitalize(cacheFieldName); |
|
| 157 |
excludes.add(cacheFieldName); |
|
| 158 |
} |
|
| 159 |
} |
|
| 160 |
} |
|
| 161 |
|
|
| 162 |
return excludes; |
|
| 163 |
} |
|
| 164 |
|
|
| 129 | 165 |
private Class<? extends CdmBase> baseType(CdmBase cdmEntity) {
|
| 130 | 166 |
Class<? extends CdmBase> basetype = CdmBaseType.baseTypeFor(cdmEntity.getClass()); |
| 131 | 167 |
return basetype == null ? CdmBase.class : basetype; |
Also available in: Unified diff
fix #7021 excluding not protected cache fields from modification check in CdmSecurityHibernateInterceptor