Package org.pentaho.platform.plugin.services.metadata

Source Code of org.pentaho.platform.plugin.services.metadata.SessionAwareRowLevelSecurityHelper

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/*!
* This program is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software
* Foundation.
*
* You should have received a copy of the GNU Lesser General Public License along with this
* program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
* or from the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU Lesser General Public License for more details.
*
* Copyright (c) 2002-2013 Pentaho Corporation..  All rights reserved.
*/

package org.pentaho.platform.plugin.services.metadata;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.metadata.util.RowLevelSecurityHelper;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.plugin.services.messages.Messages;

import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
* This row level security helper resolves SESSION("VALUE") in addition to it's parent USER() and ROLE() resolvers.
*
* Note that it's the responsibility of the script to quote the SESSION objects, for instance:
*
* Session ------- UID=1234 TENANT=PENTAHO
*
* EQUALS([NUMBIZCOL];SESSION("UID")) will return NCOL=1234
*
* EQUALS([STRBIZCOL];"SESSION("TENANT")") will return SCOL=`PENTAHO`
*
* @author Will Gorman (wgorman@pentaho.com)
*/
public class SessionAwareRowLevelSecurityHelper extends RowLevelSecurityHelper {

  protected final Log logger = LogFactory.getLog( SessionAwareRowLevelSecurityHelper.class );

  @Override
  protected String expandFunctions( String formula, String user, List<String> roles ) {
    formula = super.expandFunctions( formula, user, roles );

    // "expand" any SESSION('var')

    IPentahoSession session = PentahoSessionHolder.getSession();

    Pattern p = Pattern.compile( "SESSION\\(\"(.*?)\"\\)" ); //$NON-NLS-1$
    Matcher m = p.matcher( formula );
    StringBuffer sb = new StringBuffer( formula.length() );
    while ( m.find() ) {
      String text = m.group( 1 );
      String value = null;
      if ( session.getAttribute( text ) != null ) {
        value = session.getAttribute( text ).toString();
      } else {
        logger.warn( Messages.getInstance().getString(
          "SessionAwareRowLevelSecurityHelper.WARN_0001_NULL_ATTRIBUTE", text, user ) ); //$NON-NLS-1$
        return "FALSE()"; //$NON-NLS-1$
      }
      // escape string if necessary (double quote quotes)
      m.appendReplacement( sb, Matcher.quoteReplacement( value.replaceAll( "\"", "\"\"" ) ) ); //$NON-NLS-1$ //$NON-NLS-2$
    }
    m.appendTail( sb );
    return sb.toString();
  }
}
TOP

Related Classes of org.pentaho.platform.plugin.services.metadata.SessionAwareRowLevelSecurityHelper

  • org.pentaho.platform.api.engine.IPentahoSession
  • java.util.regex.Pattern
  • java.util.regex.Matcher
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.