From 8a6da3f02715f0b6f33e4aa96973e79b3ec04d14 Mon Sep 17 00:00:00 2001 From: Andrus Adamchik Date: Sun, 5 Dec 2021 11:46:21 +0200 Subject: [PATCH] Per-entity CRUD filters for update/delete operations #502 .. renaming create/update/delete filters to "authorizers". The new name is more appropriate as they fail entire requests, not just exclude disallowed operations .. moving from "filter" to "access" package --- .../compiler/CayenneAgEntityBuilder.java | 14 ++--- .../cayenne/GET_ReadAccess_OverlayIT.java | 2 +- .../io/agrest/cayenne/GET_ReadFilterIT.java | 2 +- .../main/java/io/agrest/ResourceEntity.java | 2 +- .../main/java/io/agrest/SelectBuilder.java | 4 +- .../main/java/io/agrest/UpdateBuilder.java | 2 +- .../access/AllowAllCreateAuthorizer.java | 29 ++++++++++ .../access/AllowAllDeleteAuthorizer.java | 27 ++++++++++ .../AllowAllReadFilter.java | 2 +- .../access/AllowAllUpdateAuthorizer.java | 29 ++++++++++ .../CreateAuthorizer.java} | 12 ++--- .../DeleteAuthorizer.java} | 12 ++--- .../{filter => access}/PropertyFilter.java | 2 +- .../PropertyFilteringRulesBuilder.java | 2 +- .../agrest/{filter => access}/ReadFilter.java | 2 +- .../UpdateAuthorizer.java} | 12 ++--- .../compiler/AnnotationsAgEntityBuilder.java | 14 ++--- .../constraints/ConstrainedAgEntity.java | 2 +- .../io/agrest/constraints/Constraint.java | 2 +- .../constraints/ConstraintsBuilder.java | 2 +- .../encoder/CompositeEntityEncoderFilter.java | 2 +- .../encoder/EncoderEntityCondition.java | 2 +- .../java/io/agrest/encoder/EncoderMethod.java | 2 +- .../encoder/EncoderObjectCondition.java | 2 +- .../agrest/encoder/EntityEncoderFilter.java | 2 +- .../encoder/EntityEncoderFilterBuilder.java | 2 +- .../io/agrest/encoder/FilterChainEncoder.java | 2 +- .../agrest/filter/AllowAllCreateFilter.java | 29 ---------- .../agrest/filter/AllowAllDeleteFilter.java | 27 ---------- .../agrest/filter/AllowAllUpdateFilter.java | 29 ---------- .../main/java/io/agrest/meta/AgEntity.java | 20 +++---- .../java/io/agrest/meta/AgEntityOverlay.java | 54 +++++++++---------- .../java/io/agrest/meta/DefaultAgEntity.java | 38 ++++++------- .../java/io/agrest/meta/LazyAgEntity.java | 20 +++---- .../processor/select/FilterDataStage.java | 2 +- .../update/AuthorizeChangesStage.java | 12 ++--- .../PropertyFilteringRulesBuilderTest.java | 3 +- 37 files changed, 212 insertions(+), 211 deletions(-) create mode 100644 agrest-engine/src/main/java/io/agrest/access/AllowAllCreateAuthorizer.java create mode 100644 agrest-engine/src/main/java/io/agrest/access/AllowAllDeleteAuthorizer.java rename agrest-engine/src/main/java/io/agrest/{filter => access}/AllowAllReadFilter.java (94%) create mode 100644 agrest-engine/src/main/java/io/agrest/access/AllowAllUpdateAuthorizer.java rename agrest-engine/src/main/java/io/agrest/{filter/CreateFilter.java => access/CreateAuthorizer.java} (58%) rename agrest-engine/src/main/java/io/agrest/{filter/DeleteFilter.java => access/DeleteAuthorizer.java} (56%) rename agrest-engine/src/main/java/io/agrest/{filter => access}/PropertyFilter.java (96%) rename agrest-engine/src/main/java/io/agrest/{filter => access}/PropertyFilteringRulesBuilder.java (99%) rename agrest-engine/src/main/java/io/agrest/{filter => access}/ReadFilter.java (96%) rename agrest-engine/src/main/java/io/agrest/{filter/UpdateFilter.java => access/UpdateAuthorizer.java} (60%) delete mode 100644 agrest-engine/src/main/java/io/agrest/filter/AllowAllCreateFilter.java delete mode 100644 agrest-engine/src/main/java/io/agrest/filter/AllowAllDeleteFilter.java delete mode 100644 agrest-engine/src/main/java/io/agrest/filter/AllowAllUpdateFilter.java rename agrest-engine/src/test/java/io/agrest/{filter => access}/PropertyFilteringRulesBuilderTest.java (97%) diff --git a/agrest-cayenne/src/main/java/io/agrest/cayenne/compiler/CayenneAgEntityBuilder.java b/agrest-cayenne/src/main/java/io/agrest/cayenne/compiler/CayenneAgEntityBuilder.java index d4252cc8c..49c6c65f5 100644 --- a/agrest-cayenne/src/main/java/io/agrest/cayenne/compiler/CayenneAgEntityBuilder.java +++ b/agrest-cayenne/src/main/java/io/agrest/cayenne/compiler/CayenneAgEntityBuilder.java @@ -1,10 +1,10 @@ package io.agrest.cayenne.compiler; import io.agrest.compiler.AnnotationsAgEntityBuilder; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; import io.agrest.meta.AgAttribute; import io.agrest.meta.AgDataMap; import io.agrest.meta.AgEntity; @@ -207,9 +207,9 @@ protected AgEntity buildEntity() { relationships, rootDataResolver != null ? rootDataResolver : ThrowingRootDataResolver.getInstance(), ReadFilter.allowsAllFilter(), - CreateFilter.allowsAllFilter(), - UpdateFilter.allowsAllFilter(), - DeleteFilter.allowsAllFilter()); + CreateAuthorizer.allowsAllFilter(), + UpdateAuthorizer.allowsAllFilter(), + DeleteAuthorizer.allowsAllFilter()); } /** diff --git a/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadAccess_OverlayIT.java b/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadAccess_OverlayIT.java index 0027f59be..552b0bcd2 100644 --- a/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadAccess_OverlayIT.java +++ b/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadAccess_OverlayIT.java @@ -2,7 +2,7 @@ import io.agrest.Ag; import io.agrest.DataResponse; -import io.agrest.filter.PropertyFilteringRulesBuilder; +import io.agrest.access.PropertyFilteringRulesBuilder; import io.agrest.cayenne.cayenne.main.E2; import io.agrest.cayenne.cayenne.main.E3; import io.agrest.cayenne.cayenne.main.E4; diff --git a/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadFilterIT.java b/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadFilterIT.java index cb4e2f180..1e22faa9a 100644 --- a/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadFilterIT.java +++ b/agrest-cayenne/src/test/java/io/agrest/cayenne/GET_ReadFilterIT.java @@ -7,7 +7,7 @@ import io.agrest.cayenne.cayenne.main.E4; import io.agrest.cayenne.unit.AgCayenneTester; import io.agrest.cayenne.unit.DbTest; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import io.agrest.meta.AgEntity; import io.bootique.junit5.BQTestTool; import org.apache.cayenne.Cayenne; diff --git a/agrest-engine/src/main/java/io/agrest/ResourceEntity.java b/agrest-engine/src/main/java/io/agrest/ResourceEntity.java index f49a41980..c0329a1df 100644 --- a/agrest-engine/src/main/java/io/agrest/ResourceEntity.java +++ b/agrest-engine/src/main/java/io/agrest/ResourceEntity.java @@ -3,7 +3,7 @@ import io.agrest.base.protocol.Exp; import io.agrest.base.protocol.Sort; import io.agrest.encoder.EntityEncoderFilter; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import io.agrest.meta.AgAttribute; import io.agrest.meta.AgEntity; diff --git a/agrest-engine/src/main/java/io/agrest/SelectBuilder.java b/agrest-engine/src/main/java/io/agrest/SelectBuilder.java index 90eb1b7fa..03ca539c2 100644 --- a/agrest-engine/src/main/java/io/agrest/SelectBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/SelectBuilder.java @@ -3,8 +3,8 @@ import io.agrest.constraints.Constraint; import io.agrest.encoder.Encoder; import io.agrest.encoder.EntityEncoderFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.ReadFilter; +import io.agrest.access.PropertyFilter; import io.agrest.meta.AgEntity; import io.agrest.meta.AgEntityOverlay; import io.agrest.processor.Processor; diff --git a/agrest-engine/src/main/java/io/agrest/UpdateBuilder.java b/agrest-engine/src/main/java/io/agrest/UpdateBuilder.java index 7d799c493..8db4f5d71 100644 --- a/agrest-engine/src/main/java/io/agrest/UpdateBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/UpdateBuilder.java @@ -1,7 +1,7 @@ package io.agrest; import io.agrest.constraints.Constraint; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.PropertyFilter; import io.agrest.meta.AgEntity; import io.agrest.meta.AgEntityOverlay; import io.agrest.processor.Processor; diff --git a/agrest-engine/src/main/java/io/agrest/access/AllowAllCreateAuthorizer.java b/agrest-engine/src/main/java/io/agrest/access/AllowAllCreateAuthorizer.java new file mode 100644 index 000000000..141796393 --- /dev/null +++ b/agrest-engine/src/main/java/io/agrest/access/AllowAllCreateAuthorizer.java @@ -0,0 +1,29 @@ +package io.agrest.access; + +import io.agrest.EntityUpdate; + +/** + * @since 4.8 + */ +final class AllowAllCreateAuthorizer implements CreateAuthorizer { + + static final AllowAllCreateAuthorizer instance = new AllowAllCreateAuthorizer(); + + private AllowAllCreateAuthorizer() { + } + + @Override + public boolean isAllowed(EntityUpdate update) { + return true; + } + + @Override + public boolean allowsAll() { + return true; + } + + @Override + public CreateAuthorizer andThen(CreateAuthorizer another) { + return another; + } +} diff --git a/agrest-engine/src/main/java/io/agrest/access/AllowAllDeleteAuthorizer.java b/agrest-engine/src/main/java/io/agrest/access/AllowAllDeleteAuthorizer.java new file mode 100644 index 000000000..518be1d97 --- /dev/null +++ b/agrest-engine/src/main/java/io/agrest/access/AllowAllDeleteAuthorizer.java @@ -0,0 +1,27 @@ +package io.agrest.access; + +/** + * @since 4.8 + */ +final class AllowAllDeleteAuthorizer implements DeleteAuthorizer { + + static final AllowAllDeleteAuthorizer instance = new AllowAllDeleteAuthorizer(); + + private AllowAllDeleteAuthorizer() { + } + + @Override + public boolean isAllowed(T object) { + return true; + } + + @Override + public boolean allowsAll() { + return true; + } + + @Override + public DeleteAuthorizer andThen(DeleteAuthorizer another) { + return another; + } +} diff --git a/agrest-engine/src/main/java/io/agrest/filter/AllowAllReadFilter.java b/agrest-engine/src/main/java/io/agrest/access/AllowAllReadFilter.java similarity index 94% rename from agrest-engine/src/main/java/io/agrest/filter/AllowAllReadFilter.java rename to agrest-engine/src/main/java/io/agrest/access/AllowAllReadFilter.java index 857a288c1..f30441a11 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/AllowAllReadFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/AllowAllReadFilter.java @@ -1,4 +1,4 @@ -package io.agrest.filter; +package io.agrest.access; /** * @since 4.8 diff --git a/agrest-engine/src/main/java/io/agrest/access/AllowAllUpdateAuthorizer.java b/agrest-engine/src/main/java/io/agrest/access/AllowAllUpdateAuthorizer.java new file mode 100644 index 000000000..9d8d14fbf --- /dev/null +++ b/agrest-engine/src/main/java/io/agrest/access/AllowAllUpdateAuthorizer.java @@ -0,0 +1,29 @@ +package io.agrest.access; + +import io.agrest.EntityUpdate; + +/** + * @since 4.8 + */ +final class AllowAllUpdateAuthorizer implements UpdateAuthorizer { + + static final AllowAllUpdateAuthorizer instance = new AllowAllUpdateAuthorizer(); + + private AllowAllUpdateAuthorizer() { + } + + @Override + public boolean isAllowed(T object, EntityUpdate update) { + return true; + } + + @Override + public boolean allowsAll() { + return true; + } + + @Override + public UpdateAuthorizer andThen(UpdateAuthorizer another) { + return another; + } +} diff --git a/agrest-engine/src/main/java/io/agrest/filter/CreateFilter.java b/agrest-engine/src/main/java/io/agrest/access/CreateAuthorizer.java similarity index 58% rename from agrest-engine/src/main/java/io/agrest/filter/CreateFilter.java rename to agrest-engine/src/main/java/io/agrest/access/CreateAuthorizer.java index c5fa31d07..c2f17c104 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/CreateFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/CreateAuthorizer.java @@ -1,16 +1,16 @@ -package io.agrest.filter; +package io.agrest.access; import io.agrest.EntityUpdate; /** - * Per-entity filter used to implement object CREATE access policies. + * Per-entity predicate-like object used to implement object CREATE access policies. * * @since 4.8 */ -public interface CreateFilter { +public interface CreateAuthorizer { - static CreateFilter allowsAllFilter() { - return AllowAllCreateFilter.instance; + static CreateAuthorizer allowsAllFilter() { + return AllowAllCreateAuthorizer.instance; } boolean isAllowed(EntityUpdate update); @@ -22,7 +22,7 @@ default boolean allowsAll() { return false; } - default CreateFilter andThen(CreateFilter another) { + default CreateAuthorizer andThen(CreateAuthorizer another) { if (another.allowsAll()) { return this; } diff --git a/agrest-engine/src/main/java/io/agrest/filter/DeleteFilter.java b/agrest-engine/src/main/java/io/agrest/access/DeleteAuthorizer.java similarity index 56% rename from agrest-engine/src/main/java/io/agrest/filter/DeleteFilter.java rename to agrest-engine/src/main/java/io/agrest/access/DeleteAuthorizer.java index d8ac36b1f..fe9efb915 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/DeleteFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/DeleteAuthorizer.java @@ -1,14 +1,14 @@ -package io.agrest.filter; +package io.agrest.access; /** - * Per-entity filter used to implement object DELETE access policies. + * Per-entity predicate-like object used to implement object DELETE access policies. * * @since 4.8 */ -public interface DeleteFilter { +public interface DeleteAuthorizer { - static DeleteFilter allowsAllFilter() { - return AllowAllDeleteFilter.instance; + static DeleteAuthorizer allowsAllFilter() { + return AllowAllDeleteAuthorizer.instance; } boolean isAllowed(T object); @@ -20,7 +20,7 @@ default boolean allowsAll() { return false; } - default DeleteFilter andThen(DeleteFilter another) { + default DeleteAuthorizer andThen(DeleteAuthorizer another) { if (another.allowsAll()) { return this; } diff --git a/agrest-engine/src/main/java/io/agrest/filter/PropertyFilter.java b/agrest-engine/src/main/java/io/agrest/access/PropertyFilter.java similarity index 96% rename from agrest-engine/src/main/java/io/agrest/filter/PropertyFilter.java rename to agrest-engine/src/main/java/io/agrest/access/PropertyFilter.java index 48dd598fb..dd4a99658 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/PropertyFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/PropertyFilter.java @@ -1,4 +1,4 @@ -package io.agrest.filter; +package io.agrest.access; import java.util.Objects; diff --git a/agrest-engine/src/main/java/io/agrest/filter/PropertyFilteringRulesBuilder.java b/agrest-engine/src/main/java/io/agrest/access/PropertyFilteringRulesBuilder.java similarity index 99% rename from agrest-engine/src/main/java/io/agrest/filter/PropertyFilteringRulesBuilder.java rename to agrest-engine/src/main/java/io/agrest/access/PropertyFilteringRulesBuilder.java index 7b61ee57b..cd5ba198e 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/PropertyFilteringRulesBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/access/PropertyFilteringRulesBuilder.java @@ -1,4 +1,4 @@ -package io.agrest.filter; +package io.agrest.access; import io.agrest.PathConstants; import io.agrest.meta.AgEntity; diff --git a/agrest-engine/src/main/java/io/agrest/filter/ReadFilter.java b/agrest-engine/src/main/java/io/agrest/access/ReadFilter.java similarity index 96% rename from agrest-engine/src/main/java/io/agrest/filter/ReadFilter.java rename to agrest-engine/src/main/java/io/agrest/access/ReadFilter.java index 9ff875dc3..d2785269e 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/ReadFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/ReadFilter.java @@ -1,4 +1,4 @@ -package io.agrest.filter; +package io.agrest.access; /** * Per-entity filter used to implement object READ access policies. diff --git a/agrest-engine/src/main/java/io/agrest/filter/UpdateFilter.java b/agrest-engine/src/main/java/io/agrest/access/UpdateAuthorizer.java similarity index 60% rename from agrest-engine/src/main/java/io/agrest/filter/UpdateFilter.java rename to agrest-engine/src/main/java/io/agrest/access/UpdateAuthorizer.java index 990012348..d2da71dd8 100644 --- a/agrest-engine/src/main/java/io/agrest/filter/UpdateFilter.java +++ b/agrest-engine/src/main/java/io/agrest/access/UpdateAuthorizer.java @@ -1,16 +1,16 @@ -package io.agrest.filter; +package io.agrest.access; import io.agrest.EntityUpdate; /** - * Per-entity filter used to implement object UPDATE access policies. + * Per-entity predicate-like object used to implement object UPDATE access policies. * * @since 4.8 */ -public interface UpdateFilter { +public interface UpdateAuthorizer { - static UpdateFilter allowsAllFilter() { - return AllowAllUpdateFilter.instance; + static UpdateAuthorizer allowsAllFilter() { + return AllowAllUpdateAuthorizer.instance; } boolean isAllowed(T object, EntityUpdate update); @@ -22,7 +22,7 @@ default boolean allowsAll() { return false; } - default UpdateFilter andThen(UpdateFilter another) { + default UpdateAuthorizer andThen(UpdateAuthorizer another) { if (another.allowsAll()) { return this; } diff --git a/agrest-engine/src/main/java/io/agrest/compiler/AnnotationsAgEntityBuilder.java b/agrest-engine/src/main/java/io/agrest/compiler/AnnotationsAgEntityBuilder.java index 790bf7396..d172b1e1e 100644 --- a/agrest-engine/src/main/java/io/agrest/compiler/AnnotationsAgEntityBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/compiler/AnnotationsAgEntityBuilder.java @@ -5,10 +5,10 @@ import io.agrest.annotation.AgRelationship; import io.agrest.base.reflect.BeanAnalyzer; import io.agrest.base.reflect.PropertyGetter; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; import io.agrest.meta.AgDataMap; import io.agrest.meta.AgEntity; import io.agrest.meta.AgEntityOverlay; @@ -222,9 +222,9 @@ protected AgEntity buildEntity() { relationships, rootDataResolver != null ? rootDataResolver : ThrowingRootDataResolver.getInstance(), ReadFilter.allowsAllFilter(), - CreateFilter.allowsAllFilter(), - UpdateFilter.allowsAllFilter(), - DeleteFilter.allowsAllFilter()); + CreateAuthorizer.allowsAllFilter(), + UpdateAuthorizer.allowsAllFilter(), + DeleteAuthorizer.allowsAllFilter()); } /** diff --git a/agrest-engine/src/main/java/io/agrest/constraints/ConstrainedAgEntity.java b/agrest-engine/src/main/java/io/agrest/constraints/ConstrainedAgEntity.java index 32a19620a..c07693d0c 100644 --- a/agrest-engine/src/main/java/io/agrest/constraints/ConstrainedAgEntity.java +++ b/agrest-engine/src/main/java/io/agrest/constraints/ConstrainedAgEntity.java @@ -1,7 +1,7 @@ package io.agrest.constraints; import io.agrest.base.protocol.Exp; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.PropertyFilter; import io.agrest.meta.AgAttribute; import io.agrest.meta.AgEntity; diff --git a/agrest-engine/src/main/java/io/agrest/constraints/Constraint.java b/agrest-engine/src/main/java/io/agrest/constraints/Constraint.java index 93243a3be..a812e8199 100644 --- a/agrest-engine/src/main/java/io/agrest/constraints/Constraint.java +++ b/agrest-engine/src/main/java/io/agrest/constraints/Constraint.java @@ -1,6 +1,6 @@ package io.agrest.constraints; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.PropertyFilter; import io.agrest.meta.AgEntity; import java.util.function.Function; diff --git a/agrest-engine/src/main/java/io/agrest/constraints/ConstraintsBuilder.java b/agrest-engine/src/main/java/io/agrest/constraints/ConstraintsBuilder.java index 08050a36d..07e13fea0 100644 --- a/agrest-engine/src/main/java/io/agrest/constraints/ConstraintsBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/constraints/ConstraintsBuilder.java @@ -1,7 +1,7 @@ package io.agrest.constraints; import io.agrest.PathConstants; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.PropertyFilter; import io.agrest.base.protocol.Exp; import io.agrest.meta.AgEntity; import io.agrest.meta.AgRelationship; diff --git a/agrest-engine/src/main/java/io/agrest/encoder/CompositeEntityEncoderFilter.java b/agrest-engine/src/main/java/io/agrest/encoder/CompositeEntityEncoderFilter.java index 8b9deface..38ca48802 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/CompositeEntityEncoderFilter.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/CompositeEntityEncoderFilter.java @@ -2,7 +2,7 @@ import com.fasterxml.jackson.core.JsonGenerator; import io.agrest.ResourceEntity; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import java.io.IOException; diff --git a/agrest-engine/src/main/java/io/agrest/encoder/EncoderEntityCondition.java b/agrest-engine/src/main/java/io/agrest/encoder/EncoderEntityCondition.java index 9fda9417f..6bb205e55 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/EncoderEntityCondition.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/EncoderEntityCondition.java @@ -1,7 +1,7 @@ package io.agrest.encoder; import io.agrest.ResourceEntity; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; /** * @since 3.4 diff --git a/agrest-engine/src/main/java/io/agrest/encoder/EncoderMethod.java b/agrest-engine/src/main/java/io/agrest/encoder/EncoderMethod.java index 9332f8035..8c82d7bd3 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/EncoderMethod.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/EncoderMethod.java @@ -1,7 +1,7 @@ package io.agrest.encoder; import com.fasterxml.jackson.core.JsonGenerator; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import java.io.IOException; diff --git a/agrest-engine/src/main/java/io/agrest/encoder/EncoderObjectCondition.java b/agrest-engine/src/main/java/io/agrest/encoder/EncoderObjectCondition.java index d624a1a86..d9cfddee6 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/EncoderObjectCondition.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/EncoderObjectCondition.java @@ -1,6 +1,6 @@ package io.agrest.encoder; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; /** * @param diff --git a/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilter.java b/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilter.java index 805e5ca08..4c61a1680 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilter.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilter.java @@ -2,7 +2,7 @@ import com.fasterxml.jackson.core.JsonGenerator; import io.agrest.ResourceEntity; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import java.io.IOException; diff --git a/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilterBuilder.java b/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilterBuilder.java index 999b174c5..e93f9d805 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilterBuilder.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/EntityEncoderFilterBuilder.java @@ -1,6 +1,6 @@ package io.agrest.encoder; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import java.util.Objects; diff --git a/agrest-engine/src/main/java/io/agrest/encoder/FilterChainEncoder.java b/agrest-engine/src/main/java/io/agrest/encoder/FilterChainEncoder.java index ba4ed4984..f45f8eccd 100644 --- a/agrest-engine/src/main/java/io/agrest/encoder/FilterChainEncoder.java +++ b/agrest-engine/src/main/java/io/agrest/encoder/FilterChainEncoder.java @@ -1,7 +1,7 @@ package io.agrest.encoder; import com.fasterxml.jackson.core.JsonGenerator; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import java.io.IOException; import java.util.List; diff --git a/agrest-engine/src/main/java/io/agrest/filter/AllowAllCreateFilter.java b/agrest-engine/src/main/java/io/agrest/filter/AllowAllCreateFilter.java deleted file mode 100644 index ed5554460..000000000 --- a/agrest-engine/src/main/java/io/agrest/filter/AllowAllCreateFilter.java +++ /dev/null @@ -1,29 +0,0 @@ -package io.agrest.filter; - -import io.agrest.EntityUpdate; - -/** - * @since 4.8 - */ -final class AllowAllCreateFilter implements CreateFilter { - - static final AllowAllCreateFilter instance = new AllowAllCreateFilter(); - - private AllowAllCreateFilter() { - } - - @Override - public boolean isAllowed(EntityUpdate update) { - return true; - } - - @Override - public boolean allowsAll() { - return true; - } - - @Override - public CreateFilter andThen(CreateFilter another) { - return another; - } -} diff --git a/agrest-engine/src/main/java/io/agrest/filter/AllowAllDeleteFilter.java b/agrest-engine/src/main/java/io/agrest/filter/AllowAllDeleteFilter.java deleted file mode 100644 index d88e2b073..000000000 --- a/agrest-engine/src/main/java/io/agrest/filter/AllowAllDeleteFilter.java +++ /dev/null @@ -1,27 +0,0 @@ -package io.agrest.filter; - -/** - * @since 4.8 - */ -final class AllowAllDeleteFilter implements DeleteFilter { - - static final AllowAllDeleteFilter instance = new AllowAllDeleteFilter(); - - private AllowAllDeleteFilter() { - } - - @Override - public boolean isAllowed(T object) { - return true; - } - - @Override - public boolean allowsAll() { - return true; - } - - @Override - public DeleteFilter andThen(DeleteFilter another) { - return another; - } -} diff --git a/agrest-engine/src/main/java/io/agrest/filter/AllowAllUpdateFilter.java b/agrest-engine/src/main/java/io/agrest/filter/AllowAllUpdateFilter.java deleted file mode 100644 index 56573585f..000000000 --- a/agrest-engine/src/main/java/io/agrest/filter/AllowAllUpdateFilter.java +++ /dev/null @@ -1,29 +0,0 @@ -package io.agrest.filter; - -import io.agrest.EntityUpdate; - -/** - * @since 4.8 - */ -final class AllowAllUpdateFilter implements UpdateFilter { - - static final AllowAllUpdateFilter instance = new AllowAllUpdateFilter(); - - private AllowAllUpdateFilter() { - } - - @Override - public boolean isAllowed(T object, EntityUpdate update) { - return true; - } - - @Override - public boolean allowsAll() { - return true; - } - - @Override - public UpdateFilter andThen(UpdateFilter another) { - return another; - } -} diff --git a/agrest-engine/src/main/java/io/agrest/meta/AgEntity.java b/agrest-engine/src/main/java/io/agrest/meta/AgEntity.java index 779642182..f16fa17a2 100644 --- a/agrest-engine/src/main/java/io/agrest/meta/AgEntity.java +++ b/agrest-engine/src/main/java/io/agrest/meta/AgEntity.java @@ -1,9 +1,9 @@ package io.agrest.meta; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; import io.agrest.property.PropertyReader; import io.agrest.resolver.RootDataResolver; @@ -86,23 +86,23 @@ default PropertyReader getIdReader() { ReadFilter getReadFilter(); /** - * Returns an in-memory filter that will be applied to each individual object CREATE operation. + * Returns a predicate-like object applied to individual object CREATE operations. * * @since 4.8 */ - CreateFilter getCreateFilter(); + CreateAuthorizer getCreateAuthorizer(); /** - * Returns an in-memory filter that will be applied to each individual object UPDATE operation. + * Returns a predicate-like object applied to individual object UPDATE operations. * * @since 4.8 */ - UpdateFilter getUpdateFilter(); + UpdateAuthorizer getUpdateAuthorizer(); /** - * Returns an in-memory filter that will be applied to each individual object DELETE operation. + * Returns a predicate-like object applied to individual object DELETE operations. * * @since 4.8 */ - DeleteFilter getDeleteFilter(); + DeleteAuthorizer getDeleteAuthorizer(); } diff --git a/agrest-engine/src/main/java/io/agrest/meta/AgEntityOverlay.java b/agrest-engine/src/main/java/io/agrest/meta/AgEntityOverlay.java index 84c9b374c..9bc69f58e 100644 --- a/agrest-engine/src/main/java/io/agrest/meta/AgEntityOverlay.java +++ b/agrest-engine/src/main/java/io/agrest/meta/AgEntityOverlay.java @@ -1,11 +1,11 @@ package io.agrest.meta; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; -import io.agrest.filter.PropertyFilteringRulesBuilder; -import io.agrest.filter.PropertyFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; +import io.agrest.access.PropertyFilteringRulesBuilder; +import io.agrest.access.PropertyFilter; import io.agrest.property.PropertyReader; import io.agrest.resolver.NestedDataResolver; import io.agrest.resolver.NestedDataResolverFactory; @@ -38,18 +38,18 @@ public class AgEntityOverlay { private PropertyFilter writablePropFilter; private ReadFilter readFilter; - private CreateFilter createFilter; - private UpdateFilter updateFilter; - private DeleteFilter deleteFilter; + private CreateAuthorizer createAuthorizer; + private UpdateAuthorizer updateAuthorizer; + private DeleteAuthorizer deleteAuthorizer; public AgEntityOverlay(Class type) { this.type = type; this.attributes = new HashMap<>(); this.relationships = new HashMap<>(); this.readFilter = ReadFilter.allowsAllFilter(); - this.createFilter = CreateFilter.allowsAllFilter(); - this.updateFilter = UpdateFilter.allowsAllFilter(); - this.deleteFilter = DeleteFilter.allowsAllFilter(); + this.createAuthorizer = CreateAuthorizer.allowsAllFilter(); + this.updateAuthorizer = UpdateAuthorizer.allowsAllFilter(); + this.deleteAuthorizer = DeleteAuthorizer.allowsAllFilter(); } private static PropertyReader fromFunction(Function f) { @@ -105,9 +105,9 @@ public AgEntity resolve(AgDataMap agDataMap, AgEntity maybeOverlaid) { resolver.relationships, rootDataResolver != null ? rootDataResolver : maybeOverlaid.getDataResolver(), maybeOverlaid.getReadFilter().andThen(readFilter), - maybeOverlaid.getCreateFilter().andThen(createFilter), - maybeOverlaid.getUpdateFilter().andThen(updateFilter), - maybeOverlaid.getDeleteFilter().andThen(deleteFilter) + maybeOverlaid.getCreateAuthorizer().andThen(createAuthorizer), + maybeOverlaid.getUpdateAuthorizer().andThen(updateAuthorizer), + maybeOverlaid.getDeleteAuthorizer().andThen(deleteAuthorizer) ); } @@ -117,9 +117,9 @@ private boolean isEmpty() { && readablePropFilter == null && writablePropFilter == null && readFilter.allowsAll() - && createFilter.allowsAll() - && updateFilter.allowsAll() - && deleteFilter.allowsAll(); + && createAuthorizer.allowsAll() + && updateAuthorizer.allowsAll() + && deleteAuthorizer.allowsAll(); } /** @@ -146,9 +146,9 @@ public AgEntityOverlay merge(AgEntityOverlay anotherOverlay) { } this.readFilter = this.readFilter.andThen(anotherOverlay.readFilter); - this.createFilter = this.createFilter.andThen(anotherOverlay.createFilter); - this.updateFilter = this.updateFilter.andThen(anotherOverlay.updateFilter); - this.deleteFilter = this.deleteFilter.andThen(anotherOverlay.deleteFilter); + this.createAuthorizer = this.createAuthorizer.andThen(anotherOverlay.createAuthorizer); + this.updateAuthorizer = this.updateAuthorizer.andThen(anotherOverlay.updateAuthorizer); + this.deleteAuthorizer = this.deleteAuthorizer.andThen(anotherOverlay.deleteAuthorizer); return this; } @@ -225,24 +225,24 @@ public AgEntityOverlay readFilter(ReadFilter filter) { /** * @since 4.8 */ - public AgEntityOverlay createFilter(CreateFilter filter) { - this.createFilter = this.createFilter.andThen(filter); + public AgEntityOverlay createAuthorizer(CreateAuthorizer authorizer) { + this.createAuthorizer = this.createAuthorizer.andThen(authorizer); return this; } /** * @since 4.8 */ - public AgEntityOverlay updateFilter(UpdateFilter filter) { - this.updateFilter = this.updateFilter.andThen(filter); + public AgEntityOverlay updateAuthorizer(UpdateAuthorizer authorizer) { + this.updateAuthorizer = this.updateAuthorizer.andThen(authorizer); return this; } /** * @since 4.8 */ - public AgEntityOverlay deleteFilter(DeleteFilter filter) { - this.deleteFilter = this.deleteFilter.andThen(filter); + public AgEntityOverlay deleteAuthorizer(DeleteAuthorizer authorizer) { + this.deleteAuthorizer = this.deleteAuthorizer.andThen(authorizer); return this; } diff --git a/agrest-engine/src/main/java/io/agrest/meta/DefaultAgEntity.java b/agrest-engine/src/main/java/io/agrest/meta/DefaultAgEntity.java index 28c8dadd9..864cf101e 100644 --- a/agrest-engine/src/main/java/io/agrest/meta/DefaultAgEntity.java +++ b/agrest-engine/src/main/java/io/agrest/meta/DefaultAgEntity.java @@ -1,9 +1,9 @@ package io.agrest.meta; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; import io.agrest.resolver.RootDataResolver; import java.util.Collection; @@ -18,9 +18,9 @@ public class DefaultAgEntity implements AgEntity { private final Class type; private final RootDataResolver dataResolver; private final ReadFilter readFilter; - private final CreateFilter createFilter; - private final UpdateFilter updateFilter; - private final DeleteFilter deleteFilter; + private final CreateAuthorizer createAuthorizer; + private final UpdateAuthorizer updateAuthorizer; + private final DeleteAuthorizer deleteAuthorizer; // TODO: ensure name uniqueness between all types of properties private final Map ids; @@ -35,9 +35,9 @@ public DefaultAgEntity( Map relationships, RootDataResolver dataResolver, ReadFilter readFilter, - CreateFilter createFilter, - UpdateFilter updateFilter, - DeleteFilter deleteFilter) { + CreateAuthorizer createAuthorizer, + UpdateAuthorizer updateAuthorizer, + DeleteAuthorizer deleteAuthorizer) { this.name = name; this.type = type; @@ -46,9 +46,9 @@ public DefaultAgEntity( this.relationships = relationships; this.dataResolver = dataResolver; this.readFilter = readFilter; - this.createFilter = createFilter; - this.updateFilter = updateFilter; - this.deleteFilter = deleteFilter; + this.createAuthorizer = createAuthorizer; + this.updateAuthorizer = updateAuthorizer; + this.deleteAuthorizer = deleteAuthorizer; } @@ -103,18 +103,18 @@ public ReadFilter getReadFilter() { } @Override - public CreateFilter getCreateFilter() { - return createFilter; + public CreateAuthorizer getCreateAuthorizer() { + return createAuthorizer; } @Override - public UpdateFilter getUpdateFilter() { - return updateFilter; + public UpdateAuthorizer getUpdateAuthorizer() { + return updateAuthorizer; } @Override - public DeleteFilter getDeleteFilter() { - return deleteFilter; + public DeleteAuthorizer getDeleteAuthorizer() { + return deleteAuthorizer; } @Override diff --git a/agrest-engine/src/main/java/io/agrest/meta/LazyAgEntity.java b/agrest-engine/src/main/java/io/agrest/meta/LazyAgEntity.java index 36bf92de0..733b5e9dc 100644 --- a/agrest-engine/src/main/java/io/agrest/meta/LazyAgEntity.java +++ b/agrest-engine/src/main/java/io/agrest/meta/LazyAgEntity.java @@ -1,10 +1,10 @@ package io.agrest.meta; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.ReadFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.ReadFilter; +import io.agrest.access.UpdateAuthorizer; import io.agrest.resolver.RootDataResolver; import java.util.Collection; @@ -73,17 +73,17 @@ public ReadFilter getReadFilter() { } @Override - public CreateFilter getCreateFilter() { - return getDelegate().getCreateFilter(); + public CreateAuthorizer getCreateAuthorizer() { + return getDelegate().getCreateAuthorizer(); } @Override - public UpdateFilter getUpdateFilter() { - return getDelegate().getUpdateFilter(); + public UpdateAuthorizer getUpdateAuthorizer() { + return getDelegate().getUpdateAuthorizer(); } @Override - public DeleteFilter getDeleteFilter() { - return getDelegate().getDeleteFilter(); + public DeleteAuthorizer getDeleteAuthorizer() { + return getDelegate().getDeleteAuthorizer(); } } diff --git a/agrest-engine/src/main/java/io/agrest/runtime/processor/select/FilterDataStage.java b/agrest-engine/src/main/java/io/agrest/runtime/processor/select/FilterDataStage.java index 16e9af289..e877018f2 100644 --- a/agrest-engine/src/main/java/io/agrest/runtime/processor/select/FilterDataStage.java +++ b/agrest-engine/src/main/java/io/agrest/runtime/processor/select/FilterDataStage.java @@ -6,7 +6,7 @@ import io.agrest.RootResourceEntity; import io.agrest.ToManyResourceEntity; import io.agrest.ToOneResourceEntity; -import io.agrest.filter.ReadFilter; +import io.agrest.access.ReadFilter; import io.agrest.processor.Processor; import io.agrest.processor.ProcessorOutcome; diff --git a/agrest-engine/src/main/java/io/agrest/runtime/processor/update/AuthorizeChangesStage.java b/agrest-engine/src/main/java/io/agrest/runtime/processor/update/AuthorizeChangesStage.java index 28316bb81..0cc88151c 100644 --- a/agrest-engine/src/main/java/io/agrest/runtime/processor/update/AuthorizeChangesStage.java +++ b/agrest-engine/src/main/java/io/agrest/runtime/processor/update/AuthorizeChangesStage.java @@ -1,9 +1,9 @@ package io.agrest.runtime.processor.update; import io.agrest.AgException; -import io.agrest.filter.CreateFilter; -import io.agrest.filter.DeleteFilter; -import io.agrest.filter.UpdateFilter; +import io.agrest.access.CreateAuthorizer; +import io.agrest.access.DeleteAuthorizer; +import io.agrest.access.UpdateAuthorizer; import io.agrest.meta.AgEntity; import io.agrest.processor.Processor; import io.agrest.processor.ProcessorOutcome; @@ -30,21 +30,21 @@ protected void doExecute(UpdateContext context) { AgEntity entity = context.getEntity().getAgEntity(); - CreateFilter createAuthorizer = entity.getCreateFilter(); + CreateAuthorizer createAuthorizer = entity.getCreateAuthorizer(); if (!createAuthorizer.allowsAll()) { checkRules( context.getChangeOperations().get(ChangeOperationType.CREATE), op -> createAuthorizer.isAllowed(op.getUpdate())); } - UpdateFilter updateAuthorizer = entity.getUpdateFilter(); + UpdateAuthorizer updateAuthorizer = entity.getUpdateAuthorizer(); if (!updateAuthorizer.allowsAll()) { checkRules( context.getChangeOperations().get(ChangeOperationType.UPDATE), op -> updateAuthorizer.isAllowed(op.getObject(), op.getUpdate())); } - DeleteFilter deleteAuthorizer = entity.getDeleteFilter(); + DeleteAuthorizer deleteAuthorizer = entity.getDeleteAuthorizer(); if (!deleteAuthorizer.allowsAll()) { checkRules( context.getChangeOperations().get(ChangeOperationType.DELETE), diff --git a/agrest-engine/src/test/java/io/agrest/filter/PropertyFilteringRulesBuilderTest.java b/agrest-engine/src/test/java/io/agrest/access/PropertyFilteringRulesBuilderTest.java similarity index 97% rename from agrest-engine/src/test/java/io/agrest/filter/PropertyFilteringRulesBuilderTest.java rename to agrest-engine/src/test/java/io/agrest/access/PropertyFilteringRulesBuilderTest.java index 86055d21d..49d458e67 100644 --- a/agrest-engine/src/test/java/io/agrest/filter/PropertyFilteringRulesBuilderTest.java +++ b/agrest-engine/src/test/java/io/agrest/access/PropertyFilteringRulesBuilderTest.java @@ -1,5 +1,6 @@ -package io.agrest.filter; +package io.agrest.access; +import io.agrest.access.PropertyFilteringRulesBuilder; import io.agrest.meta.AgEntity; import io.agrest.pojo.model.P11; import io.agrest.unit.AgPojoTester;