how row-level security works?

Topics related to running, modifying, or working with the Broadleaf Commerce Demo application

Moderator: jocanas

prabhat.kataria
Intermediate
Intermediate
Posts: 91
Joined: Sat Mar 01, 2014 12:23 am

how row-level security works?

Postby prabhat.kataria » Sat Jul 26, 2014 6:53 am

I followed http://www.broadleafcommerce.com/docs/core/current/broadleaf-concepts/admin/admin-row-level-security link and created custom ProductStoreRowSecurityProvider. But in debug mode, I cannot see breakpoints set in this class get hit. When will these type of providers come into picture. Do I need to do some more settings?

phillipuniverse
Team Member
Team Member
Posts: 1563
Joined: Tue Dec 20, 2011 12:11 pm

Re: how row-level security works?

Postby phillipuniverse » Tue Jul 29, 2014 3:07 pm

That doc does not include how to actually hook up the row level security provider, which is a mistake. The configuration on how to actually hook those up is on the RowLevelSecurityProvider interface: http://www.broadleafcommerce.com/javado ... rvice.html (sorry for the poor formatting):

Code: Select all

<bean id="blCustomRowSecurityProviders" class="org.springframework.beans.factory.config.ListFactoryBean" >
    <property name="sourceList">
        <list>
            <ref bean="customProvider" />
        </list>
    </property>
</bean>
<bean class="org.broadleafcommerce.common.extensibility.context.merge.LateStageMergeBeanPostProcessor">
    <property name="collectionRef" value="blCustomRowSecurityProviders" />
    <property name="targetRef" value="blRowLevelSecurityProviders" />
</bean>

prabhat.kataria
Intermediate
Intermediate
Posts: 91
Joined: Sat Mar 01, 2014 12:23 am

Re: how row-level security works?

Postby prabhat.kataria » Wed Jul 30, 2014 1:35 pm

Hey phillip, I implemented your suggestion and now I am able to hit the breakpoint inside custom row level security provider. But now I am getting error at Predicate storeRestriction line

Code: Select all

java.lang.IllegalArgumentException: Unable to resolve attribute [store] against path


Can you please guide me on this error. Also can the tutorial be reformatted and corrected so that we can learn and implement this security feature quickly.

phillipuniverse
Team Member
Team Member
Posts: 1563
Joined: Tue Dec 20, 2011 12:11 pm

Re: how row-level security works?

Postby phillipuniverse » Wed Jul 30, 2014 3:07 pm

You will probably have to also override the getFetchRestrictionRoot() method if you have a new root that the predicate should be hooked up to (like a custom subclass): http://www.broadleafcommerce.com/javado ... .util.List)

prabhat.kataria
Intermediate
Intermediate
Posts: 91
Joined: Sat Mar 01, 2014 12:23 am

Re: how row-level security works?

Postby prabhat.kataria » Fri Aug 01, 2014 1:09 pm

Phillip, I'm not familiar with this concept. Can you please provide me pointer to implement getFetchRestrictionRoot().

phillipuniverse
Team Member
Team Member
Posts: 1563
Joined: Tue Dec 20, 2011 12:11 pm

Re: how row-level security works?

Postby phillipuniverse » Fri Aug 01, 2014 2:28 pm

Not sure how else to explain it other than the docs that are provided:

Contributes to Root determination for addFetchRestrictions(AdminUser, String, List, List, Root, CriteriaQuery, CriteriaBuilder). Normally, the query Root is determined in the admin via the given filterMappings. Since row security deals with a CriteriaBuilder directly, if you want to be able to target subclasses then a new Root must be established for that specific subclass.

Note that depending on how you have your filters in the admin frontend (the list grids) set up, you might have to take into account the given filterMappings. The admin will not be able to find a correct root if there is an active filter set on a sibling class that you are attempting to also add more criteria to. For instance, if a class hierarchy exists for A -> B and also A -> C, if there is an active FilterMapping for a property from B and you attempt to add a fetch restriction on a property from C that will not work.


In your case, you will want to return your subclass of AdminUserImpl (which I assume is what you are doing here).

amit28
Newbie
Newbie
Posts: 8
Joined: Sat May 23, 2015 1:33 am

Re: how row-level security works?

Postby amit28 » Fri Jun 05, 2015 12:13 am

Hi I am facing same problem, if you got that how to implement getFetchRestrictionRoot(). Then please update on this post, Thanks.

phillipuniverse
Team Member
Team Member
Posts: 1563
Joined: Tue Dec 20, 2011 12:11 pm

Re: how row-level security works?

Postby phillipuniverse » Wed Jun 17, 2015 1:51 pm

@amit28 just return your subclass:

Code: Select all

public Class<Serializable> getFetchRestrictionRoot(AdminUser currentUser, Class<Serializable> ceilingEntity, List<FilterMapping> filterMappings) {
    return MyProduct.class;
}

Shree
Newbie
Newbie
Posts: 9
Joined: Sun Sep 13, 2015 3:01 pm

Re: how row-level security works?

Postby Shree » Mon Sep 14, 2015 1:41 pm

phillipuniverse wrote:@amit28 just return your subclass:

Code: Select all

public Class<Serializable> getFetchRestrictionRoot(AdminUser currentUser, Class<Serializable> ceilingEntity, List<FilterMapping> filterMappings) {
    return MyProduct.class;
}




hi phillip,
i did the changes as per above suggestions, but getting

inconvertible types
required: java.lang.Class<java.io.Serializable>
[ERROR] found: java.lang.Class<com.mycompany.core.adminproduct.domain.MyProduct>
[ERROR] -> [Help 1]
Thanks & Regards
Shripad S. :)

phillipuniverse
Team Member
Team Member
Posts: 1563
Joined: Tue Dec 20, 2011 12:11 pm

Re: how row-level security works?

Postby phillipuniverse » Tue Sep 15, 2015 9:42 pm

Does MyProduct extend from ProductImpl (it should)?


Return to “Broadleaf Commerce Demo”

Who is online

Users browsing this forum: No registered users and 1 guest