Class PermissionMatrixEvaluationServiceImpl
java.lang.Object
ch.tocco.nice2.dms.impl.security.policyprocessor.PermissionMatrixEvaluationServiceImpl
- All Implemented Interfaces:
PermissionMatrixEvaluationService
@Component
public class PermissionMatrixEvaluationServiceImpl
extends Object
implements PermissionMatrixEvaluationService
Service that efficiently queries the Node_right permissions for CMS/DMS entities.
The
CriteriaQueryBuilder is modelling the following query:
select pk from nice_page np where
not exists
(select pk from nice_node_right nnr where nnr.fk_page = np.pk and fk_node_permission = ?)
or np.pk in
(select fk_page from nice_node_right
inner join nice_role nr where fk_node_permission = ? and nr.unique_id in( ? )
)
This is much faster than using ACLs that use a much more inefficient query.
The results can be cached during the transaction as this policy processor is often called for multiple entities.
This class uses the QueryHints.QUERY_BY_KEYS hint.
This hint might be set if the the query searches for specific primary keys (for example when EntityManager.get(PrimaryKey)
is used or when the Guard evaluates a condition (see PermissionEvaluator)).
If the (maximum) resulting keys are known they can be used to restrict the results of the subquery which improves the
performance drastically (as indexes on the fk_* columns can be used).-
Constructor Summary
ConstructorsConstructorDescriptionPermissionMatrixEvaluationServiceImpl(PersistenceService persistenceService) -
Method Summary
Modifier and TypeMethodDescriptioncreateCondition(EntityModel target, String nodePermission, Principal principal)
-
Constructor Details
-
PermissionMatrixEvaluationServiceImpl
-
-
Method Details
-
createCondition
- Specified by:
createConditionin interfacePermissionMatrixEvaluationService- Parameters:
target- entity that should be checkednodePermission- which Node_permission to check (for example 'read')principal- the principal- Returns:
- a condition for all currently accessible entities (according to the Node_right matrix)
-