-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

All times are UTC - 5 hours [ DST ]



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: Using Filters in set for user restriction
PostPosted: Fri Jul 08, 2011 5:55 am 
Newbie

Joined: Tue Jan 06, 2009 5:08 am
Posts: 10
Hi,

I am trying to use a a filter to restrict the users access to only objects that he has last edited himself (updateUserId) or that he has access to (userAccess).
A query doing this would look like this (and works):
Quote:
from SomeObject so left outer join so.userAccess ua_so where (so.updateUserId = :userId or ua_so.userId in (:groupIds) )

Unfortunately this is a real pain to handle when you want to join the object with other tables that might also have user restrictions. So I was thinking a filter might do a better job here. I was trying to build the filter like this:

Code:
<hibernate-mapping>
<class entity-name="SomeObject">
  <!-- Primary ID for every object -->
  <id name="id" column="ID" length="32" type="string" unsaved-value="null">
    <generator class="uuid" />
  </id>
  <!-- The Id of the last update user, the name can be changed by the journal name -->
  <property name="updateUserId" column="UPDATE_USERID" type="string" length="32" />
  <set name="userAccess" table="ACCESS_RIGHTS" lazy="false">
    <key column="OBJECT_ID" />          
    <composite-element class="AccessRight" >
    <property name="userId" column="USER_ID" length="32" />
    <property name="right" column="USER_RIGHT"/>
    </composite-element>
  </set>
  ...
  <filter name="userRestrictionFilter"
    condition="(UPDATE_USERID = :userId or userAccess.USER_ID in (:groupIds))" />
</class>
<filter-def name="userRestrictionFilter">
  <filter-param name="userId" type="string" />
  <filter-param name="groupIds" type="string" />
</filter-def>
</hibernate-mapping>


To select objects I want to set the :userId and a list as :groupIds:

Code:
s.enableFilter("userRestrictionFilter")
.setParameter("userId", getCurrentUser().getId())
.setParameterList("groupIds", getCurentUser().getAssignedGroups());
Query q = s.createQuery("from SomeObject").list();


This obviously fails since I have not joined userAccess and the filter uses SQL directly, but rewriting the query to "from SomeObject left outer join userAcess does not seem practical, since the filter still does not know the name for the userAccess table.
Is it actually possible to handle this problem using filters or do I have to build the query the old fashioned way?

If you have any insight, let me know.

Cheers
Torti


Last edited by torti on Fri Jul 08, 2011 7:36 am, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Using Filters in set for user restriction
PostPosted: Fri Jul 08, 2011 6:03 am 
Newbie

Joined: Tue Jan 06, 2009 5:08 am
Posts: 10
Oh, and one more thing:

Idealy, I do not want to use HQL at all, but Criteria, since the queries are really dynamic and can be extended as needed (and I need Projections there, too).

Code:
s.createCriteria("SomeObject").add(Restrictions(SOME_RESTRICTION));


Cheers,
Torti


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC - 5 hours [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.