Package org.openbravo.dal.security
Class EntityAccessChecker
- java.lang.Object
-
- org.openbravo.dal.security.EntityAccessChecker
-
- All Implemented Interfaces:
OBNotSingleton
,OBProvidable
public class EntityAccessChecker extends Object implements OBNotSingleton
This class is responsible for determining the allowed read/write access for a combination of user and Entity. It uses the window-role access information and the window-table relation to determine which tables are readable and writable for a user. If the user has readWrite access to a Window then also the related Table/Entity is writable.In addition this class implements the concept of derived readable. Any entity refered to from a readable/writable entity is a derived readable. A user may read (but not write) the following properties from a deriver readable entity: id and identifier properties. Access to any other property or changing a property on a derived readable entity results in a OBSecurityException. Derived readable checks are done when a value is retrieved of an object (@see BaseOBObject#get(String)).
This class is used from the
SecurityChecker
which combines all entity security checks.- Author:
- mtaal
- See Also:
Entity
,Property
,SecurityChecker
-
-
Constructor Summary
Constructors Constructor Description EntityAccessChecker()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
calculateCachedElements()
This method calculates all the information that could be cached in order to improve performance in entityAccessChecker process.void
checkDerivedAccess(Entity entity)
Checks if an entity is derived for current user.boolean
checkProcessAccess(String processId)
Checks if a process is accessible for current user.void
checkReadable(Entity entity)
Checks if an entity is readable for this user.void
checkReadableAccess(Entity entity)
Checks if an entity is readable for current user.void
checkWritable(Entity entity)
Checks if an entity is writable for this user.void
checkWritableAccess(Entity entity)
Checks if an entity is writable for current user.void
dump()
Dumps the readable, writable, derived readable entities.Set<Entity>
getDerivedEntitiesFromProcess()
Set<Entity>
getDerivedReadableEntities()
OBContext
getObContext()
Set<Entity>
getReadableEntities()
String
getRoleId()
Set<Entity>
getWritableEntities()
static boolean
hasCorrectAccessLevel(String userLevel, int accessLevel)
Checks if a certain user access level and a certain data access level match.void
initialize()
Reads the windows from the database using the current role of the user.boolean
isDerivedReadable(Entity entity)
boolean
isWritable(Entity entity)
void
setObContext(OBContext obContext)
void
setRoleId(String roleId)
-
-
-
Method Detail
-
calculateCachedElements
public static void calculateCachedElements()
This method calculates all the information that could be cached in order to improve performance in entityAccessChecker process. The static block only gets called once, when the class itself is initialized.
-
initialize
public void initialize()
Reads the windows from the database using the current role of the user. Then it iterates through the windows and tabs to determine which entities are readable/writable for that user. In addition non-readable and derived-readable entities are computed. Besides derived entities from process definition are being computed too.- See Also:
ModelProvider
-
hasCorrectAccessLevel
public static boolean hasCorrectAccessLevel(String userLevel, int accessLevel)
Checks if a certain user access level and a certain data access level match. Meaning that with a certain user access level it is allowed to view something with a certain data access level.- Parameters:
userLevel
- the user level as defined in the role of the useraccessLevel
- the data access level defined in the table- Returns:
- true if access is allowed, false otherwise
-
dump
public void dump()
Dumps the readable, writable, derived readable entities. For debugging purposes.
-
isDerivedReadable
public boolean isDerivedReadable(Entity entity)
- Parameters:
entity
- the entity to check- Returns:
- true if the entity is derived readable for this user, otherwise false is returned.
-
isWritable
public boolean isWritable(Entity entity)
- Parameters:
entity
- the entity to check- Returns:
- true if the entity is writable for this user, otherwise false is returned.
-
checkWritable
public void checkWritable(Entity entity)
Checks if an entity is writable for this user. If not then a OBSecurityException is thrown.- Parameters:
entity
- the entity to check- Throws:
OBSecurityException
-
checkReadable
public void checkReadable(Entity entity)
Checks if an entity is readable for this user. If not then a OBSecurityException is thrown.- Parameters:
entity
- the entity to check- Throws:
OBSecurityException
-
checkReadableAccess
public void checkReadableAccess(Entity entity)
Checks if an entity is readable for current user. It is not take into account admin mode.- Parameters:
entity
- the entity to check
-
checkDerivedAccess
public void checkDerivedAccess(Entity entity)
Checks if an entity is derived for current user. It is not take into account admin mode.- Parameters:
entity
- the entity to check
-
checkWritableAccess
public void checkWritableAccess(Entity entity)
Checks if an entity is writable for current user. It is not take into account admin mode.- Parameters:
entity
- the entity to check
-
checkProcessAccess
public boolean checkProcessAccess(String processId)
Checks if a process is accessible for current user. It is not take into account admin mode.
-
getRoleId
public String getRoleId()
-
setRoleId
public void setRoleId(String roleId)
-
getObContext
public OBContext getObContext()
-
setObContext
public void setObContext(OBContext obContext)
-
-