org.pentaho.platform.plugin.services.metadata.SessionAwareRowLevelSecurityHelper.java Source code

Java tutorial

Introduction

Here is the source code for org.pentaho.platform.plugin.services.metadata.SessionAwareRowLevelSecurityHelper.java

Source

/*!
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU Lesser General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * Copyright (c) 2002-2013 Pentaho Corporation..  All rights reserved.
 */

package org.pentaho.platform.plugin.services.metadata;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.metadata.util.RowLevelSecurityHelper;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.plugin.services.messages.Messages;

import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * This row level security helper resolves SESSION("VALUE") in addition to it's parent USER() and ROLE() resolvers.
 * 
 * Note that it's the responsibility of the script to quote the SESSION objects, for instance:
 * 
 * Session ------- UID=1234 TENANT=PENTAHO
 * 
 * EQUALS([NUMBIZCOL];SESSION("UID")) will return NCOL=1234
 * 
 * EQUALS([STRBIZCOL];"SESSION("TENANT")") will return SCOL=`PENTAHO`
 * 
 * @author Will Gorman (wgorman@pentaho.com)
 */
public class SessionAwareRowLevelSecurityHelper extends RowLevelSecurityHelper {

    protected final Log logger = LogFactory.getLog(SessionAwareRowLevelSecurityHelper.class);

    @Override
    protected String expandFunctions(String formula, String user, List<String> roles) {
        formula = super.expandFunctions(formula, user, roles);

        // "expand" any SESSION('var')

        IPentahoSession session = PentahoSessionHolder.getSession();

        Pattern p = Pattern.compile("SESSION\\(\"(.*?)\"\\)"); //$NON-NLS-1$
        Matcher m = p.matcher(formula);
        StringBuffer sb = new StringBuffer(formula.length());
        while (m.find()) {
            String text = m.group(1);
            String value = null;
            if (session.getAttribute(text) != null) {
                value = session.getAttribute(text).toString();
            } else {
                logger.warn(Messages.getInstance()
                        .getString("SessionAwareRowLevelSecurityHelper.WARN_0001_NULL_ATTRIBUTE", text, user)); //$NON-NLS-1$
                return "FALSE()"; //$NON-NLS-1$
            }
            // escape string if necessary (double quote quotes)
            m.appendReplacement(sb, Matcher.quoteReplacement(value.replaceAll("\"", "\"\""))); //$NON-NLS-1$ //$NON-NLS-2$
        }
        m.appendTail(sb);
        return sb.toString();
    }
}