Package ubic.gemma.persistence.util

Class AclQueryUtils

java.lang.Object
ubic.gemma.persistence.util.AclQueryUtils
public class AclQueryUtils extends Object
Utilities for integrating ACL into Query.

To build a query, sequentially proceed as follows:

  1. form your select clause and your jointures
  2. concatenate formAclRestrictionClause(String) or formNativeAclJoinClause(String) in the jointure section
  3. form where clause and add your constraints
  4. concatenate formNativeAclRestrictionClause(SessionFactoryImplementor) in the clause section (only for native queries)
  5. bind all your parameters
  6. bind ACL-specific parameters with addAclParameters(Query, Class) to the query object
Author:
poirigui

  • Field Details

  • Constructor Details

    • AclQueryUtils

      public AclQueryUtils()

  • Method Details

    • requiresCountDistinct

      public static boolean requiresCountDistinct()
      Indicate if the ACL query requires a count(distinct ...) clause.

      FIXME: remove the need for a distinct altogether by using a sub-query to apply ACLs (see #784)

    • requiresGroupBy

      public static boolean requiresGroupBy()
      Indicate if the ACL query requires a group by clause.

      FIXME: remove the need for a count distinct altogether by using a sub-query to apply ACLs (see #784)

    • formAclRestrictionClause

      public static String formAclRestrictionClause(String aoiIdColumn)
      Create an HQL restriction clause with the BasePermission.READ permission.
      See Also:

    • formAclRestrictionClause

      public static String formAclRestrictionClause(String aoiIdColumn, int mask)
      Create an HQL join clause for AclObjectIdentity, AclGrantedAuthoritySid and a restriction clause to limit the result only to objects the current user can access.

      Ensure that you use addAclParameters(Query, Class) afterward to bind the query parameters.

      Important note: when using this, ensure that you have a group by clause in your query, otherwise entities with multiple ACL entries will be duplicated in the results. You can use requiresGroupBy() to tell if a group by clause is required and requiresCountDistinct() when counting results.

      FIXME: this ACL jointure is really annoying because it is one-to-many, maybe handling everything in a sub-query would be preferable?

      Parameters:
      aoiIdColumn - column name to match against the ACL object identity, the object class is passed via addAclParameters(Query, Class) afterward
      mask - a mask with requested permissions
      Returns:
      clause to add to the query after any jointure

    • formNativeAclJoinClause

      public static String formNativeAclJoinClause(String aoiIdColumn)
      Native SQL flavour of the ACL jointure.

      Note: unlike the HQL version, this query uses on to restrict the jointure, so you can define the where clause yourself.

      Important note: when using this, ensure that you have a group by clause in your query, otherwise entities with multiple ACL entries will be duplicated in the results.

      Parameters:
      aoiIdColumn - column name to match against the ACL object identity, the object class is passed via addAclParameters(Query, Class) afterward
      See Also:

    • formNativeAclRestrictionClause

      public static String formNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor)
      Native flavour of the ACL restriction clause with a BasePermission.READ permission.
      See Also:

    • formNativeAclRestrictionClause

      public static String formNativeAclRestrictionClause(SessionFactoryImplementor sessionFactoryImplementor, int mask)
      Native flavour of the ACL restriction clause.
      Parameters:
      sessionFactoryImplementor - a session factory implementor that will be used to adjust the SQL generated based on the dialect
      mask - a mask with requested permissions
      See Also:

    • addAclParameters

      public static void addAclParameters(Query query, Class<? extends Securable> aoiType) throws QueryParameterException
      Bind Query parameters to a join clause generated with formAclRestrictionClause(String) and add ACL restriction parameters defined in formAclRestrictionClause(String).

      This method also work for native queries formed with formNativeAclJoinClause(String) and formNativeAclRestrictionClause(SessionFactoryImplementor).

      Parameters:
      query - a Query object that contains the join and restriction clauses
      aoiType - the AOI type to be bound in the query
      Throws:
      QueryParameterException - if any defined parameters are missing, which is typically due to a missing prior formAclRestrictionClause(String).