Page 1 of 2

how row-level security works?

Posted: Sat Jul 26, 2014 6:53 am
by prabhat.kataria
I followed http://www.broadleafcommerce.com/docs/core/current/broadleaf-concepts/admin/admin-row-level-security link and created custom ProductStoreRowSecurityProvider. But in debug mode, I cannot see breakpoints set in this class get hit. When will these type of providers come into picture. Do I need to do some more settings?

Re: how row-level security works?

Posted: Tue Jul 29, 2014 3:07 pm
by phillipuniverse
That doc does not include how to actually hook up the row level security provider, which is a mistake. The configuration on how to actually hook those up is on the RowLevelSecurityProvider interface: http://www.broadleafcommerce.com/javado ... rvice.html (sorry for the poor formatting):

Code: Select all

<bean id="blCustomRowSecurityProviders" class="org.springframework.beans.factory.config.ListFactoryBean" >
    <property name="sourceList">
        <list>
            <ref bean="customProvider" />
        </list>
    </property>
</bean>
<bean class="org.broadleafcommerce.common.extensibility.context.merge.LateStageMergeBeanPostProcessor">
    <property name="collectionRef" value="blCustomRowSecurityProviders" />
    <property name="targetRef" value="blRowLevelSecurityProviders" />
</bean>

Re: how row-level security works?

Posted: Wed Jul 30, 2014 1:35 pm
by prabhat.kataria
Hey phillip, I implemented your suggestion and now I am able to hit the breakpoint inside custom row level security provider. But now I am getting error at Predicate storeRestriction line

Code: Select all

java.lang.IllegalArgumentException: Unable to resolve attribute [store] against path


Can you please guide me on this error. Also can the tutorial be reformatted and corrected so that we can learn and implement this security feature quickly.

Re: how row-level security works?

Posted: Wed Jul 30, 2014 3:07 pm
by phillipuniverse
You will probably have to also override the getFetchRestrictionRoot() method if you have a new root that the predicate should be hooked up to (like a custom subclass): http://www.broadleafcommerce.com/javado ... .util.List)

Re: how row-level security works?

Posted: Fri Aug 01, 2014 1:09 pm
by prabhat.kataria
Phillip, I'm not familiar with this concept. Can you please provide me pointer to implement getFetchRestrictionRoot().

Re: how row-level security works?

Posted: Fri Aug 01, 2014 2:28 pm
by phillipuniverse
Not sure how else to explain it other than the docs that are provided:

Contributes to Root determination for addFetchRestrictions(AdminUser, String, List, List, Root, CriteriaQuery, CriteriaBuilder). Normally, the query Root is determined in the admin via the given filterMappings. Since row security deals with a CriteriaBuilder directly, if you want to be able to target subclasses then a new Root must be established for that specific subclass.

Note that depending on how you have your filters in the admin frontend (the list grids) set up, you might have to take into account the given filterMappings. The admin will not be able to find a correct root if there is an active filter set on a sibling class that you are attempting to also add more criteria to. For instance, if a class hierarchy exists for A -> B and also A -> C, if there is an active FilterMapping for a property from B and you attempt to add a fetch restriction on a property from C that will not work.


In your case, you will want to return your subclass of AdminUserImpl (which I assume is what you are doing here).

Re: how row-level security works?

Posted: Fri Jun 05, 2015 12:13 am
by amit28
Hi I am facing same problem, if you got that how to implement getFetchRestrictionRoot(). Then please update on this post, Thanks.

Re: how row-level security works?

Posted: Wed Jun 17, 2015 1:51 pm
by phillipuniverse
@amit28 just return your subclass:

Code: Select all

public Class<Serializable> getFetchRestrictionRoot(AdminUser currentUser, Class<Serializable> ceilingEntity, List<FilterMapping> filterMappings) {
    return MyProduct.class;
}

Re: how row-level security works?

Posted: Mon Sep 14, 2015 1:41 pm
by Shree
phillipuniverse wrote:@amit28 just return your subclass:

Code: Select all

public Class<Serializable> getFetchRestrictionRoot(AdminUser currentUser, Class<Serializable> ceilingEntity, List<FilterMapping> filterMappings) {
    return MyProduct.class;
}




hi phillip,
i did the changes as per above suggestions, but getting

inconvertible types
required: java.lang.Class<java.io.Serializable>
[ERROR] found: java.lang.Class<com.mycompany.core.adminproduct.domain.MyProduct>
[ERROR] -> [Help 1]

Re: how row-level security works?

Posted: Tue Sep 15, 2015 9:42 pm
by phillipuniverse
Does MyProduct extend from ProductImpl (it should)?