org.everit.osgi.authnr.qdsl.util

Interface AuthnrQdslUtil

public interface AuthnrQdslUtil

Utility API to create the permission checks easily for Querydsl based SQL queries.

Method Summary

Modifier and Type	Method and Description
com.mysema.query.types.expr.BooleanExpression	authorizationPredicate(com.mysema.query.types.Expression<Long> targetResourceId, String... actions) Creates a predicate for a Querydsl based SQL query.

Method Detail

authorizationPredicate

com.mysema.query.types.expr.BooleanExpression authorizationPredicate(com.mysema.query.types.Expression<Long> targetResourceId,
                                                                     String... actions)

Creates a predicate for a Querydsl based SQL query. If the predicate is appended to the where part of the main query, the results will be filtered based on authorization. The authorizedResourceId must be provided by the implementation, that is typically the same as the authenticated resourceId.

E.g.: Users and books are resources. Users can view and edit books. To list the books that the currently authenticated user can view or edit, the following code snippet should be used:

 QBook book = QBook.book;
 BooleanExpression authrPredicate =
         authnrQdslUtil.authorizationPredicate(book.resourceId, "read", "edit");
 
 SQLQuery query = new SQLQuery(connection, configuration);
 
 return query.from(book)...where(authrPredicate)...list(...);
 

Parameters:

targetResourceId - Expression that provides the resource that the permission is defined on. This

actions - If the authorized resource has permission to do any of the actions on the target resource record (directly or by inheritance), the result will provide true.

Returns:

An expression that can be used as a predicate in the main query.

Throws:

NullPointerException - if the targetResourceId parameter is null, the actions parameter is null or the actions array contains null value.

IllegalArgumentException - if the actions parameter is a zero length array.