Package ubic.gemma.persistence.util
Class AclQueryUtils
- java.lang.Object
-
- ubic.gemma.persistence.util.AclQueryUtils
-
public class AclQueryUtils extends Object
Utilities for integrating ACL intoQuery.To build a query, sequentially proceed as follows:
- form your select clause and your jointures
- concatenate
formAclRestrictionClause(String)orformNativeAclJoinClause(String)in the jointure section - form where clause and add your constraints
- concatenate
formNativeAclRestrictionClause(SessionFactoryImplementor)in the clause section (only for native queries) - bind all your parameters
- bind ACL-specific parameters with
addAclParameters(Query, Class)to the query object
- Author:
- poirigui
-
-
Field Summary
Fields Modifier and Type Field Description static StringAOI_ALIASAlias used byformAclRestrictionClause(String, int)andformNativeAclJoinClause(String)for the object identityAclObjectIdentityand the owner identityAclSid.static StringSID_ALIASAlias used byformAclRestrictionClause(String, int)andformNativeAclJoinClause(String)for the object identityAclObjectIdentityand the owner identityAclSid.
-
Constructor Summary
Constructors Constructor Description AclQueryUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidaddAclParameters(Query query, Class<? extends gemma.gsec.model.Securable> aoiType)BindQueryparameters to a join clause generated withformAclRestrictionClause(String)and add ACL restriction parameters defined informAclRestrictionClause(String).static StringformAclRestrictionClause(String aoiIdColumn)Create a HQL restriction clause with theBasePermission.READpermission.static StringformAclRestrictionClause(String aoiIdColumn, int mask)Create an HQL join clause forAclObjectIdentity,AclGrantedAuthoritySidand a restriction clause to limit the result only to objects the current user can access.static StringformNativeAclJoinClause(String aoiIdColumn)Native SQL flavour of the ACL jointure.static StringformNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor)Native flavour of the ACL restriction clause with aBasePermission.READpermission.static StringformNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor, int mask)Native flavour of the ACL restriction clause.
-
-
-
Field Detail
-
AOI_ALIAS
public static final String AOI_ALIAS
Alias used byformAclRestrictionClause(String, int)andformNativeAclJoinClause(String)for the object identityAclObjectIdentityand the owner identityAclSid.- See Also:
- Constant Field Values
-
SID_ALIAS
public static final String SID_ALIAS
Alias used byformAclRestrictionClause(String, int)andformNativeAclJoinClause(String)for the object identityAclObjectIdentityand the owner identityAclSid.- See Also:
- Constant Field Values
-
-
Method Detail
-
formAclRestrictionClause
public static String formAclRestrictionClause(String aoiIdColumn)
Create a HQL restriction clause with theBasePermission.READpermission.- See Also:
formAclRestrictionClause(String, int)
-
formAclRestrictionClause
public static String formAclRestrictionClause(String aoiIdColumn, int mask)
Create an HQL join clause forAclObjectIdentity,AclGrantedAuthoritySidand a restriction clause to limit the result only to objects the current user can access.Ensure that you use
addAclParameters(Query, Class)afterward to bind the query parameters.Important note: when using this, ensure that you have a
group byclause in your query, otherwise entities with multiple ACL entries will be duplicated in the results.FIXME: this ACL jointure is really annoying because it is one-to-many, maybe handling everything in a sub-query would be preferable?
- Parameters:
aoiIdColumn- column name to match against the ACL object identity, the object class is passed viaaddAclParameters(Query, Class)afterwardmask- a mask with requested permissions- Returns:
- clause to add to the query after any jointure
-
formNativeAclJoinClause
public static String formNativeAclJoinClause(String aoiIdColumn)
Native SQL flavour of the ACL jointure.Note: unlike the HQL version, this query uses
onto restrict the jointure, so you can define thewhereclause yourself.Important note: when using this, ensure that you have a
group byclause in your query, otherwise entities with multiple ACL entries will be duplicated in the results.- Parameters:
aoiIdColumn- column name to match against the ACL object identity, the object class is passed viaaddAclParameters(Query, Class)afterward- See Also:
formAclRestrictionClause(String)
-
formNativeAclRestrictionClause
public static String formNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor)
Native flavour of the ACL restriction clause with aBasePermission.READpermission.
-
formNativeAclRestrictionClause
public static String formNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor, int mask)
Native flavour of the ACL restriction clause.- Parameters:
sessionFactoryImplementor- a session factory implementor that will be used to adjust the SQL generated based on the dialectmask- a mask with requested permissions- See Also:
formAclRestrictionClause(String, int)
-
addAclParameters
public static void addAclParameters(Query query, Class<? extends gemma.gsec.model.Securable> aoiType) throws QueryParameterException
BindQueryparameters to a join clause generated withformAclRestrictionClause(String)and add ACL restriction parameters defined informAclRestrictionClause(String).This method also work for native queries formed with
formNativeAclJoinClause(String)andformNativeAclRestrictionClause(SessionFactoryImplementor).- Parameters:
query- aQueryobject that contains the join and restriction clausesaoiType- the AOI type to be bound in the query- Throws:
QueryParameterException- if any defined parameters are missing, which is typically due to a missing priorformAclRestrictionClause(String).
-
-