mirror of
https://github.com/Kingsrook/qqq.git
synced 2025-07-18 13:10:44 +00:00
CE-1955 Add transaction to validateSecurityFields
This commit is contained in:
@ -320,7 +320,7 @@ public class DeleteAction
|
|||||||
QTableMetaData table = deleteInput.getTable();
|
QTableMetaData table = deleteInput.getTable();
|
||||||
List<QRecord> primaryKeysNotFound = validateRecordsExistAndCanBeAccessed(deleteInput, oldRecordList.get());
|
List<QRecord> primaryKeysNotFound = validateRecordsExistAndCanBeAccessed(deleteInput, oldRecordList.get());
|
||||||
|
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(table, oldRecordList.get(), ValidateRecordSecurityLockHelper.Action.DELETE);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(table, oldRecordList.get(), ValidateRecordSecurityLockHelper.Action.DELETE, deleteInput.getTransaction());
|
||||||
|
|
||||||
///////////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////////
|
||||||
// after all validations, run the pre-delete customizer, if there is one //
|
// after all validations, run the pre-delete customizer, if there is one //
|
||||||
|
|||||||
@ -258,7 +258,7 @@ public class InsertAction extends AbstractQActionFunction<InsertInput, InsertOut
|
|||||||
}
|
}
|
||||||
|
|
||||||
runPreInsertCustomizerIfItIsTime(insertInput, isPreview, preInsertCustomizer, AbstractPreInsertCustomizer.WhenToRun.BEFORE_SECURITY_CHECKS);
|
runPreInsertCustomizerIfItIsTime(insertInput, isPreview, preInsertCustomizer, AbstractPreInsertCustomizer.WhenToRun.BEFORE_SECURITY_CHECKS);
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(insertInput.getTable(), insertInput.getRecords(), ValidateRecordSecurityLockHelper.Action.INSERT);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(insertInput.getTable(), insertInput.getRecords(), ValidateRecordSecurityLockHelper.Action.INSERT, insertInput.getTransaction());
|
||||||
|
|
||||||
runPreInsertCustomizerIfItIsTime(insertInput, isPreview, preInsertCustomizer, AbstractPreInsertCustomizer.WhenToRun.AFTER_ALL_VALIDATIONS);
|
runPreInsertCustomizerIfItIsTime(insertInput, isPreview, preInsertCustomizer, AbstractPreInsertCustomizer.WhenToRun.AFTER_ALL_VALIDATIONS);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -261,7 +261,7 @@ public class UpdateAction
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(table, updateInput.getRecords(), ValidateRecordSecurityLockHelper.Action.UPDATE);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(table, updateInput.getRecords(), ValidateRecordSecurityLockHelper.Action.UPDATE, updateInput.getTransaction());
|
||||||
}
|
}
|
||||||
|
|
||||||
if(updateInput.getInputSource().shouldValidateRequiredFields())
|
if(updateInput.getInputSource().shouldValidateRequiredFields())
|
||||||
@ -374,7 +374,7 @@ public class UpdateAction
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(table, updateInput.getRecords(), ValidateRecordSecurityLockHelper.Action.UPDATE);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(table, updateInput.getRecords(), ValidateRecordSecurityLockHelper.Action.UPDATE, updateInput.getTransaction());
|
||||||
|
|
||||||
for(QRecord record : page)
|
for(QRecord record : page)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -28,6 +28,7 @@ import java.util.Collections;
|
|||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import com.kingsrook.qqq.backend.core.actions.QBackendTransaction;
|
||||||
import com.kingsrook.qqq.backend.core.actions.tables.QueryAction;
|
import com.kingsrook.qqq.backend.core.actions.tables.QueryAction;
|
||||||
import com.kingsrook.qqq.backend.core.context.QContext;
|
import com.kingsrook.qqq.backend.core.context.QContext;
|
||||||
import com.kingsrook.qqq.backend.core.exceptions.QException;
|
import com.kingsrook.qqq.backend.core.exceptions.QException;
|
||||||
@ -83,7 +84,7 @@ public class ValidateRecordSecurityLockHelper
|
|||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
**
|
**
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
public static void validateSecurityFields(QTableMetaData table, List<QRecord> records, Action action) throws QException
|
public static void validateSecurityFields(QTableMetaData table, List<QRecord> records, Action action, QBackendTransaction transaction) throws QException
|
||||||
{
|
{
|
||||||
MultiRecordSecurityLock locksToCheck = getRecordSecurityLocks(table, action);
|
MultiRecordSecurityLock locksToCheck = getRecordSecurityLocks(table, action);
|
||||||
if(locksToCheck == null || CollectionUtils.nullSafeIsEmpty(locksToCheck.getLocks()))
|
if(locksToCheck == null || CollectionUtils.nullSafeIsEmpty(locksToCheck.getLocks()))
|
||||||
@ -101,7 +102,7 @@ public class ValidateRecordSecurityLockHelper
|
|||||||
// actually check lock values //
|
// actually check lock values //
|
||||||
////////////////////////////////
|
////////////////////////////////
|
||||||
Map<Serializable, RecordWithErrors> errorRecords = new HashMap<>();
|
Map<Serializable, RecordWithErrors> errorRecords = new HashMap<>();
|
||||||
evaluateRecordLocks(table, records, action, locksToCheck, errorRecords, new ArrayList<>(), madeUpPrimaryKeys);
|
evaluateRecordLocks(table, records, action, locksToCheck, errorRecords, new ArrayList<>(), madeUpPrimaryKeys, transaction);
|
||||||
|
|
||||||
/////////////////////////////////
|
/////////////////////////////////
|
||||||
// propagate errors to records //
|
// propagate errors to records //
|
||||||
@ -141,7 +142,7 @@ public class ValidateRecordSecurityLockHelper
|
|||||||
** BUT - WRITE locks - in their case, we read the record no matter what, and in
|
** BUT - WRITE locks - in their case, we read the record no matter what, and in
|
||||||
** here we need to verify we have a key that allows us to WRITE the record.
|
** here we need to verify we have a key that allows us to WRITE the record.
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
private static void evaluateRecordLocks(QTableMetaData table, List<QRecord> records, Action action, RecordSecurityLock recordSecurityLock, Map<Serializable, RecordWithErrors> errorRecords, List<Integer> treePosition, Map<Serializable, QRecord> madeUpPrimaryKeys) throws QException
|
private static void evaluateRecordLocks(QTableMetaData table, List<QRecord> records, Action action, RecordSecurityLock recordSecurityLock, Map<Serializable, RecordWithErrors> errorRecords, List<Integer> treePosition, Map<Serializable, QRecord> madeUpPrimaryKeys, QBackendTransaction transaction) throws QException
|
||||||
{
|
{
|
||||||
if(recordSecurityLock instanceof MultiRecordSecurityLock multiRecordSecurityLock)
|
if(recordSecurityLock instanceof MultiRecordSecurityLock multiRecordSecurityLock)
|
||||||
{
|
{
|
||||||
@ -152,7 +153,7 @@ public class ValidateRecordSecurityLockHelper
|
|||||||
for(RecordSecurityLock childLock : CollectionUtils.nonNullList(multiRecordSecurityLock.getLocks()))
|
for(RecordSecurityLock childLock : CollectionUtils.nonNullList(multiRecordSecurityLock.getLocks()))
|
||||||
{
|
{
|
||||||
treePosition.add(i);
|
treePosition.add(i);
|
||||||
evaluateRecordLocks(table, records, action, childLock, errorRecords, treePosition, madeUpPrimaryKeys);
|
evaluateRecordLocks(table, records, action, childLock, errorRecords, treePosition, madeUpPrimaryKeys, transaction);
|
||||||
treePosition.remove(treePosition.size() - 1);
|
treePosition.remove(treePosition.size() - 1);
|
||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
@ -225,6 +226,7 @@ public class ValidateRecordSecurityLockHelper
|
|||||||
// query will be like (fkey1=? and fkey2=?) OR (fkey1=? and fkey2=?) OR (fkey1=? and fkey2=?) //
|
// query will be like (fkey1=? and fkey2=?) OR (fkey1=? and fkey2=?) OR (fkey1=? and fkey2=?) //
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
QueryInput queryInput = new QueryInput();
|
QueryInput queryInput = new QueryInput();
|
||||||
|
queryInput.setTransaction(transaction);
|
||||||
queryInput.setTableName(leftMostJoin.getLeftTable());
|
queryInput.setTableName(leftMostJoin.getLeftTable());
|
||||||
QQueryFilter filter = new QQueryFilter().withBooleanOperator(QQueryFilter.BooleanOperator.OR);
|
QQueryFilter filter = new QQueryFilter().withBooleanOperator(QQueryFilter.BooleanOperator.OR);
|
||||||
queryInput.setFilter(filter);
|
queryInput.setFilter(filter);
|
||||||
|
|||||||
@ -193,7 +193,7 @@ public class MemoryRecordStore
|
|||||||
if(recordMatches)
|
if(recordMatches)
|
||||||
{
|
{
|
||||||
qRecord.setErrors(new ArrayList<>());
|
qRecord.setErrors(new ArrayList<>());
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(input.getTable(), List.of(qRecord), ValidateRecordSecurityLockHelper.Action.SELECT);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(input.getTable(), List.of(qRecord), ValidateRecordSecurityLockHelper.Action.SELECT, null);
|
||||||
if(CollectionUtils.nullSafeHasContents(qRecord.getErrors()))
|
if(CollectionUtils.nullSafeHasContents(qRecord.getErrors()))
|
||||||
{
|
{
|
||||||
//////////////////////////////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|||||||
@ -101,7 +101,7 @@ public class StoreScriptRevisionProcessStep implements BackendStep
|
|||||||
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// in case the app added a security field to the scripts table, make sure the user is allowed to edit the script //
|
// in case the app added a security field to the scripts table, make sure the user is allowed to edit the script //
|
||||||
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
ValidateRecordSecurityLockHelper.validateSecurityFields(QContext.getQInstance().getTable(Script.TABLE_NAME), List.of(script), ValidateRecordSecurityLockHelper.Action.UPDATE);
|
ValidateRecordSecurityLockHelper.validateSecurityFields(QContext.getQInstance().getTable(Script.TABLE_NAME), List.of(script), ValidateRecordSecurityLockHelper.Action.UPDATE, transaction);
|
||||||
if(CollectionUtils.nullSafeHasContents(script.getErrors()))
|
if(CollectionUtils.nullSafeHasContents(script.getErrors()))
|
||||||
{
|
{
|
||||||
throw (new QPermissionDeniedException(script.getErrors().get(0).getMessage()));
|
throw (new QPermissionDeniedException(script.getErrors().get(0).getMessage()));
|
||||||
|
|||||||
Reference in New Issue
Block a user