Class PermissionMatrixEvaluationServiceImpl

All Implemented Interfaces:

@Component public class PermissionMatrixEvaluationServiceImpl extends Object implements PermissionMatrixEvaluationService
Service that efficiently queries the Node_right permissions for CMS/DMS entities. The CriteriaQueryBuilder is modelling the following query: select pk from nice_page np where not exists (select pk from nice_node_right nnr where nnr.fk_page = and fk_node_permission = ?) or in (select fk_page from nice_node_right inner join nice_role nr where fk_node_permission = ? and nr.unique_id in( ? ) ) This is much faster than using ACLs that use a much more inefficient query. The results can be cached during the transaction as this policy processor is often called for multiple entities. This class uses the QueryHints.QUERY_BY_KEYS hint. This hint might be set if the the query searches for specific primary keys (for example when EntityManager.get(PrimaryKey) is used or when the Guard evaluates a condition (see PermissionEvaluator)). If the (maximum) resulting keys are known they can be used to restrict the results of the subquery which improves the performance drastically (as indexes on the fk_* columns can be used).
  • Constructor Details

    • PermissionMatrixEvaluationServiceImpl

      public PermissionMatrixEvaluationServiceImpl(PersistenceService persistenceService)
  • Method Details

    • createCondition

      public Node createCondition(EntityModel target, String nodePermission, Principal principal)
      Specified by:
      createCondition in interface PermissionMatrixEvaluationService
      target - entity that should be checked
      nodePermission - which Node_permission to check (for example 'read')
      principal - the principal
      a condition for all currently accessible entities (according to the Node_right matrix)