java source code of RoleCiTypeRuleAuthority

we-cmdb-master
- .github
  - ISSUE_TEMPLATE
    - ---bug.md
    - ----.md
  - workflows
    - maven.yml
- Makefile
- build
  - docker-compose.tpl
  - db
    - build-image.sh
    - docker-entrypoint.sh
    - Dockerfile
  - cmdb.cfg
  - uninstall.sh
  - version.sh
  - docker-compose-all.tpl
  - install.sh
  - start.sh
  - deploy_generate_compose.sh
  - maven_settings.xml
- pom.xml
- LICENSE
- README_EN.md
- CHANGELOG.md
- cmdb-plugin
  - src
    - main
      - resources
        application.yml
        banner.txt
      - java
        com
        webank
        plugins
        wecmdb
        mvc
        WecubeResponseResultProcess.java
        InhouseCmdbResponseResultProcess.java
        dto
        wecube
        DataType.java
        OperateCiDto.java
        Filter.java
        OperateCiJsonResponse.java
        EntityDto.java
        RequestParamDto.java
        QueryRequest.java
        WecubeResponse.java
        AttributeDto.java
        OperateCiDtoOutputs.java
        OperateCiDtoInputs.java
        inhouse
        InhouseCmdbResponse.java
        InhouseCmdbRequest.java
        Action.java
        helper
        HttpUtils.java
        ConfirmHelper.java
        service
        WecubeAdapterService.java
        InhouseCmdbAdapterService.java
        exception
        PluginException.java
        Application.java
        controller
        InhouseCmdbAdapterController.java
        WecubeAdapterController.java
  - Makefile
  - register.xml
  - pom.xml
  - scripts
    - version.sh
    - start.sh
    - maven_settings.xml
  - Dockerfile
- cmdb-ui
  - .eslintignore
  - src
    - const
      - graph-status-list.js
      - tableActionFun.js
      - plugin-i18n.js
      - init-params.js
      - menus.js
      - graph-configuration.js
      - data-types.js
      - operator-list.js
      - actions.js
    - pages
      - home-page.vue
      - admin
        log-enquiry.vue
        plugin-permission-management.vue
        enums.vue
        resetPassword.vue
        cmdb-model-management.vue
        permission-management.vue
      - change-password.vue
      - designing
        application-architecture.vue
        resource-planning-component.vue
        application-deployment.vue
        muti-ref.vue
        resource-planning.vue
        application-deployment-operation.vue
        physical-graph.vue
        application-architecture-query.vue
        ref.vue
        application-deployment-component.vue
        application-architecture-component.vue
        application-operation.vue
        planning-component.vue
        planning.vue
        ci-integrated-query-management.vue
        ci-data.vue
        ref-add.vue
        ci-integrated-query-execution.vue
        operation.vue
        application-architecture-operation.vue
      - components
        auto-fill.js
        orchestration.vue
        ci-password.vue
        attr-select.vue
        ref-select.js
        ci-graph.scss
        simple-table.vue
        auto-fill.scss
        cmdb-attr-input.vue
        permission-filters
        attr-express.scss
        filters-modal.scss
        filters-modal.js
        attr-express.js
        filters.scss
        index.js
        attr-input.vue
        ci-graph.js
        select.vue
        cmdb-table
        edit-modal.js
        edit-modal.scss
        index.js
        table.scss
        filter-rule
        filter-rule.scss
        index.js
        tree-select.vue
        sequence-diagram.vue
        header.vue
        radio-group.vue
      - util
        format.js
        common-func.js
        cookie.js
        state-operations.js
        event.js
      - coming-soon.vue
      - index.vue
      - 404.vue
    - api
      - base-plugin.js
      - server.js
      - base.js
    - main.js
    - locale
      - i18n
        zh-CN.json
        en-US.json
        index.js
    - router.js
    - main-plugin.js
    - App.vue
    - router-plugin.js
    - assets
  - .env.plugin
  - pom.xml
  - public
    - favicon.ico
    - index.html
  - postcss.config.js
  - .editorconfig
  - babel.config.js
  - vue.config.js
  - README.md
  - prettier.config.js
  - package.json
  - .eslintrc.js
  - .gitignore
- .travis.yml
- README.md
- cmdb-wiki
  - images
  - docs
    - api
      - wecmdb_api_guide_en.md
      - wecmdb_api_guide.md
    - manual
      - wecmdb_model_list.xlsx
      - wecmdb_user_guide.md
      - images
      - wecmdb_model_guide.md
      - wecmdb_glossary_en.md
      - wecmdb_glossary.md
      - wecmdb_model_guide_en.md
      - wecmdb_user_guide_en.md
    - install
      - wecmdb_compile_guide.md
      - docker_install_guide_en.md
      - images
      - docker_install_guide.md
      - docker-compose_install_guide_en.md
      - git_install_guide_en.md
      - wecmdb_install_guide.md
      - docker-compose_install_guide.md
      - wecmdb_compile_guide_en.md
      - git_install_guide.md
      - wecmdb_install_guide_en.md
    - developer
      - eclipse_install_guide.md
      - mysql_install_guide_en.md
      - code_contributors_submit_guide.md
      - performance.md
      - code_contributors_submit_guide_en.md
      - images
      - jdk_install_guide.md
      - wecmdb_developer_guide.md
      - state_guide.md
      - eclipse_install_guide_en.md
      - wecmdb_developer_guide_en.md
      - maven_install_guide_en.md
      - maven_install_guide.md
      - mysql_install_guide.md
      - wecmdb_local_standalone_guide.md
      - wecmdb_local_standalone_guide_en.md
      - jdk_install_guide_en.md
- Dockerfile
- .gitignore
- cmdb-core
  - src
    - main
      - resources
        RouteQuery.g4
        cmdb.txt
        database
        en
        04.cmdb.experience.data_en.sql
        02.cmdb.system.data_en.sql
        01.cmdb.schema_en.sql
        ch
        02.cmdb.system.data_ch.sql
        01.cmdb.schema_ch.sql
        application.yml
        application-prod.yml
        application-uat.yml
        templates
        login-with-password.html
        home.html
        login-privacy-free.html
        application-ch-local.yml
        local
        en
        ch
        application-en-local.yml
      - java
        com
        webank
        cmdb
        dto
        RouteQueryDto.java
        CiData.java
        UserAndPasswordDto.java
        QueryResponse.java
        UserDto.java
        RoleCiTypeDto.java
        CiTypeDto.java
        BasicResourceDto.java
        IntegrationQueryDto.java
        ResponseDto.java
        EnumInfo.java
        Filter.java
        IntQueryOperateAggRequetDto.java
        LogDto.java
        RoleCiTypeCtrlAttrConditionDto.java
        EnumPair.java
        CiTypeAttrGroupDto.java
        RoleMenuDto.java
        CiTypeAttrDto.java
        IntQueryRequest.java
        RoleCiTypeCtrlAttrDto.java
        IntQueryOperateAggResponseDto.java
        QueryRequest.java
        RoleUserDto.java
        CustomResponseDto.java
        CategoryDto.java
        CiTypeHeaderDto.java
        CiLayerDto.java
        Relationship.java
        AutoFillIntegrationQueryDto.java
        CiIndentity.java
        CreationRtnDto.java
        IdNamePairDto.java
        EnumCat.java
        CatTypeDto.java
        AdhocIntegrationQueryDto.java
        ImageInfoDto.java
        EnumInfoRequest.java
        AutoFillRule.java
        FilterRuleDto.java
        AutoFillItem.java
        CiTypeReferenceDto.java
        CiTypeCategoryDto.java
        CiBean.java
        CiDataTreeDto.java
        CreateRequest.java
        IntQueryResponseHeader.java
        PageInfo.java
        MenuDto.java
        EnumInfoResponse.java
        FilterRuleExpression.java
        RoleDto.java
        QueryHeader.java
        CiTypePermissions.java
        CatCodeDto.java
        constant
        EntityRelationship.java
        BooleanType.java
        CiStatus.java
        PriorityUpdateOper.java
        LogOperation.java
        LogCategory.java
        AttrConditionType.java
        ReferRelationship.java
        FilterRelationship.java
        IntQueryAggOperation.java
        DynamicEntityType.java
        InputType.java
        EnumCodeAttr.java
        AggregationFuction.java
        AuthenticationType.java
        FilterOperator.java
        IntegrateTemplateType.java
        ReferenceType.java
        EffectiveStatus.java
        FieldType.java
        AutoFillType.java
        StateOperation.java
        DisplayType.java
        StateAction.java
        CmdbConstants.java
        ImplementOperation.java
        MultiValueFieldType.java
        support
        security
        SecurityMetadataManager.java
        RoleCiTypeRuleConditionMatcher.java
        RoleCiTypeAuthority.java
        RoleCiTypeRuleAuthority.java
        Authority.java
        UserCiTypeAuthority.java
        mvc
        CiTypeAttrValidator.java
        ResponseResultProcess.java
        CustomRolesPrefixPostProcessor.java
        exception
        BatchChangeException.java
        InvalidArgumentException.java
        AttributeNotFoundException.java
        DynamicEntityException.java
        CmdbAccessDeniedException.java
        ServiceException.java
        CmdbException.java
        DependencyException.java
        cache
        RequestScopedCacheManager.java
        CacheHandlerInterceptor.java
        util
        ServiceRegisteProcess.java
        Pageable.java
        PriorityEntityManager.java
        SpecialSymbolUtils.java
        CmdbThreadLocal.java
        DtoField.java
        BeanMapUtils.java
        ClassUtils.java
        FilterInfo.java
        JpaQueryUtils.java
        DtoId.java
        DateUtils.java
        JsonUtil.java
        DataTypeConverter.java
        ResourceDto.java
        QueryConverter.java
        DatabaseUtils.java
        CollectionUtils.java
        ServiceRegistry.java
        Sorting.java
        config
        DatabaseConfig.java
        ApplicationProperties.java
        SpringWebConfig.java
        log
        OperationLogPointcut.java
        CiDataType.java
        OperationLogAspect.java
        CiTypeId.java
        Guid.java
        SpringAppConfig.java
        service
        impl
        RoleCiTypeAccessCtrlServiceImpl.java
        CiServiceImpl.java
        AuthorizationServiceImpl.java
        ConstantService.java
        BaseKeyInfoServiceImpl.java
        CmdbUserDetailService.java
        RouteQueryExpressionServiceImpl.java
        StateTransitionServiceImpl.java
        SequenceServiceImpl.java
        CiTypeServiceImpl.java
        IntegrationTemplateCloneHelper.java
        ImageServiceImpl.java
        DatabaseServiceImpl.java
        FilterRuleServiceImpl.java
        LogServiceImpl.java
        StaticDtoServiceImpl.java
        EnumServiceImpl.java
        IntegrationQueryServiceImpl.java
        StaticDtoService.java
        ImageService.java
        StaticInterceptorService.java
        FilterRuleService.java
        SequenceService.java
        StateTransitionService.java
        EnumService.java
        CiService.java
        RoleCiTypeAccessCtrlService.java
        IntegrationQueryService.java
        CmdbService.java
        AuthorizationService.java
        BaseKeyInfoService.java
        LogService.java
        interceptor
        CiDataInterceptorService.java
        EnumCatTypesInterceptorService.java
        EnumCatInterceptorService.java
        CiTypeInterceptorService.java
        RoleUserInterceptorService.java
        RoleInterceptorService.java
        CiTypeAttrsInterceptorService.java
        BasicInterceptorService.java
        EnumCodeInterceptorService.java
        DatabaseService.java
        RouteQueryExpressionService.java
        CiTypeService.java
        domain
        AdmRoleCiTypeActionPermissions.java
        AdmPartner.java
        VersionTable.java
        AdmIntegrateQuery.java
        AdmIntegrateTemplateAlias.java
        AdmTemplateCiTypeAliasUniq.java
        AdmTemplateCiTypeAttr.java
        AdmRoleCiTypeCtrlAttrSelect.java
        AdmRoleCiType.java
        AdmRoleCiTypeCtrlAttrExpression.java
        AdmBasekeyCatType.java
        AdmRoleUser.java
        AdmTenement.java
        AdmUserIntegrateTemplate.java
        AdmUser.java
        AdmTemplateCiTypeAlia.java
        VersionDataPK.java
        AdmUserFavorite.java
        AdmSequence.java
        AdmRoleCiTypeCtrlAttrCondition.java
        AdmIntegrateCiTypeAttr.java
        AdmIntegrateCiType.java
        AdmUserPartner.java
        AdmMenu.java
        AdmRoleCiTypeCtrlAttr.java
        AdmIntegrateCiTypeAttrPK.java
        VersionField.java
        AdmUserAccess.java
        AdmFile.java
        AdmCiType.java
        AdmTemplateCiType.java
        AdmCiTypeAttrGroup.java
        AdmBasekeyCat.java
        AdmLog.java
        AdmAttrGroup.java
        AdmIntegrateTemplate.java
        AdmLogEr.java
        AdmCiTypeAttr.java
        AdmRole.java
        AdmIntegrateTemplateRelation.java
        AdmRoleMenu.java
        AdmRoleGroup.java
        AdmIntegrateCiTypePK.java
        AdmBasekeyCode.java
        AdmOperateRecord.java
        AdmStateTransition.java
        VersionAttr.java
        AdmTemplate.java
        AdmIntegrateTemplateAliasAttr.java
        repository
        impl
        EnumInfoRepositoryImpl.java
        StaticEntityRepositoryImpl.java
        AdmAttrGroupRepository.java
        AdmRoleRepository.java
        AdmSequenceRepository.java
        AdmRoleCiTypeAttrSelectRepository.java
        AdmStateTransitionRepository.java
        AdmBasekeyCatTypeRepository.java
        AdmIntegrateTemplateRelationRepository.java
        AdmRoleCiTypeAttrRepository.java
        AdmBasekeyCatRepository.java
        AdmMenusRepository.java
        AdmRoleUserRepository.java
        AdmIntegrateTemplateRepository.java
        AdmRoleCiTypeCtrlAttrExpressionRepository.java
        AdmRoleCiTypeCtrlAttrConditionRepository.java
        AdmBasekeyCodeRepository.java
        AdmFileRepository.java
        AdmUserRepository.java
        AdmCiTypeAttrRepository.java
        RoleCiTypeRepository.java
        AdmCiTypeAttrGroupRepository.java
        AdmIntegrateTemplateAliasAttrRepository.java
        UserRepository.java
        AdmIntegrateTemplateAliasRepository.java
        AdmTenementRepository.java
        StaticEntityRepository.java
        RolerRepository.java
        AdmCiTypeRepository.java
        EnumInfoRepository.java
        dynamicEntity
        DynamicEntityUtils.java
        CiClassLoaderService.java
        DynamicEntityUnitInfo.java
        DynamicEntityGenerator.java
        FieldNode.java
        HibernateJpaEntityManagerFactory.java
        DynamicEntityMeta.java
        DynamicEntityManagerFactory.java
        DynamicEntityHolderManager.java
        MultiValueFeildOperationUtils.java
        DynamicEntityHolder.java
        DynamicEntityClassLoader.java
        stateTransition
        Engine.java
        UpdateDeleteAction.java
        UpdateAction.java
        ActionRegistry.java
        ConfirmAction.java
        DeleteAction.java
        InsertAction.java
        Action.java
        InsertUpdateAction.java
        Application.java
        controller
        ui
        UIIntegrationQueryController.java
        UICiDataManagementController.java
        UIUserManagementController.java
        UILogController.java
        helper
        CiDataDto.java
        CiParentRs.java
        CiTypePermissionUtil.java
        ResourceTreeDto.java
        BooleanUtils.java
        UIWrapperService.java
        ZoneLinkDto.java
        CollectionUtils.java
        UIUserManagerService.java
        CiRoutineItem.java
        DataNotFoundException.java
        UIStaticDataController.java
        UIHomeController.java
        UIEnumManagementController.java
        UIFileManagementController.java
        MaintainController.java
        ApiV2Controller.java
        interceptor
        HttpAccessUsernameInterceptor.java
        expression
        RouteQueryExpressionFormatter.java
        CmdbExpressException.java
        antlr4
        RouteQueryBaseListener.java
        RouteQuery.tokens
        RouteQueryLexer.tokens
        RouteQueryParser.java
        RouteQueryLexer.java
        RouteQueryLexer.interp
        RouteQuery.interp
        RouteQueryListener.java
        RouteQueryExpressionParser.java
        RouteQueryExpressionListener.java
    - database
      - delta
        917_log_enhance.sql
        854_data_access_control.sql
        964_ref_delete_validate.sql
    - test
      - resources
        db
        test-data-for-access-control-scenarios.sql
        legacy
        1.init.schema.sql
        2.init.static.data.sys.sql
        4.init.data.ci.sql
        3.init.static.data.ci.sql
        drop.all.sql
        application-test.yml
        json
        autofillrule
        rule_with_filter_same_as_target_value.json
        rule_without_filter.json
        rule_with_filter_at_2nd_node.json
        filterrule
        simple_rule.json
      - java
        com
        webank
        cmdb
        util
        QueryConverterTest.java
        config
        TestDatabase.java
        TestConfig.java
        service
        impl
        AuthorizationServiceImplTest.java
        CiServiceImplLegacyModelTest.java
        FilterRuleServiceImplTest.java
        StaticDtoServiceImplTest.java
        RouteQueryExpressionServiceImplTest.java
        CiServiceImplTest.java
        IntegrationQueryServiceImplTest.java
        SequenceServiceImplTest.java
        domain
        QueryStatistics.java
        repository
        StaticEntityRepositoryImplTest.java
        EnumInfoRepositoryTest.java
        AdmMenusRepositoryTest.java
        RoleCiTypeRepositoryTest.java
        EntityTest.java
        domainTest.java
        UserRepositoryTest.java
        dynamicEntity
        DynamicEntityGeneratorTest.java
        controller
        QueryRequestUtils.java
        AbstractBaseControllerTest.java
        ui
        UICiDataManagementControllerTest.java
        LegacyAbstractBaseControllerTest.java
        apiv2
        ApiV2ControllerEnumCatTest.java
        ApiV2ControllerIntQueryTest.java
        ApiV2ControllerCiTypeTest.java
        ApiV2ControllerStateTransitionTest.java
        ApiV2ControllerEnumCodeTest.java
        ApiV2ControllerRoleCiTypeCtrlAttrConditionTest.java
        ApiV2ControllerRoleTest.java
        StateMachineTest.java
        ApiV2ControllerCiTypeAttrTest.java
        ApiV2ControllerCiDataTest.java
        ApiV2ControllerEnumCatTypeTest.java
        ApiV2ControllerTest.java
        ApiV2ControllerRoleCiTypeCtrlAttrTest.java
        ApiV2ControllerMultReferenceTest.java
        ApiV2ControllerAutoFillTest.java
        ApiV2ControllerRoleCiTypeTest.java
        ApiV2ControllerRoleUserTest.java
        expression
        RouteQueryExpressionFormatterTest.java
        RouteQueryExpressListenerTest.java
    - .gitignore
  - pom.xml
  - README.md

package com.webank.cmdb.support.security;

import static com.webank.cmdb.support.security.Authority.Decision.ACCESS_DENIED;
import static com.webank.cmdb.support.security.Authority.Decision.ACCESS_GRANTED;
import static org.apache.commons.collections.CollectionUtils.isNotEmpty;

import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

import com.google.common.collect.Maps;
import com.webank.cmdb.domain.AdmRoleCiTypeCtrlAttr;
import com.webank.cmdb.support.exception.CmdbException;

import io.jsonwebtoken.lang.Collections;
import lombok.extern.slf4j.Slf4j;

@Slf4j
class RoleCiTypeRuleAuthority implements Authority {

    private AdmRoleCiTypeCtrlAttr roleCiTypeRule;

    private List<RoleCiTypeRuleConditionMatcher> conditionMatchers;

    RoleCiTypeRuleAuthority(AdmRoleCiTypeCtrlAttr roleCiTypeRule) {
        this.roleCiTypeRule = roleCiTypeRule;
        if (roleCiTypeRule == null)
            throw new CmdbException("roleCiTypeRule could not be null.");
        if (isNotEmpty(roleCiTypeRule.getAdmRoleCiTypeCtrlAttrConditions())) {
            conditionMatchers = roleCiTypeRule.getAdmRoleCiTypeCtrlAttrConditions().stream().map(RoleCiTypeRuleConditionMatcher::new).collect(Collectors.toList());
        }
    }

    @Override
    public Decision authorize(String action, Object data) {
        log.debug("[{}] permission validation on RoleCiTypeRule {} ", action, this.roleCiTypeRule.getIdAdmRoleCiTypeCtrlAttr());
        if (matchConditions(data) && roleCiTypeRule.isActionPermissionEnabled(action)) {
            return ACCESS_GRANTED;
        }

        return ACCESS_DENIED;
    }

    private boolean matchConditions(Object data) {
        if (isNotEmpty(conditionMatchers)) {
            for (RoleCiTypeRuleConditionMatcher conditionMatcher : conditionMatchers) {
                if (!conditionMatcher.match(data))
                    return false;
            }
        }
        return true;
    }

    @Override
    public String getName() {
        return "Rule-" + roleCiTypeRule.getIdAdmRoleCiTypeCtrlAttr();
    }

    @Override
    public boolean isCiTypePermitted(String action) {
        return false;
    }

    Map<String, Set<?>> getPermittedData(String action) {
        Map<String, Set<?>> permittedData = Maps.newHashMap();
        if (roleCiTypeRule.isActionPermissionEnabled(action)) {
            if (isNotEmpty(conditionMatchers)) {
                for (RoleCiTypeRuleConditionMatcher conditionMatcher : conditionMatchers) {
                    Set matchedData = conditionMatcher.getMatchedData();
                    if(!Collections.isEmpty(matchedData)) {
                        permittedData.put(conditionMatcher.getPropertyName(), matchedData);
                    }
                }
            }
        }
        return permittedData;
    }
}