1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.internal.objects.classes

File ExplicitlyAllowedValuesDBListQueryBuilder.java

 

Coverage histogram

../../../../../../img/srcFileCovDistChart10.png
0% of files have more coverage

Code metrics

2
16
2
1
110
71
4
0.25
8
2
2

Classes

Class Line # Actions
ExplicitlyAllowedValuesDBListQueryBuilder 56 16 0% 4 1
0.9595%
 

Contributing tests

This file is covered by 2 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.internal.objects.classes;
21   
22    import java.io.StringWriter;
23   
24    import javax.inject.Inject;
25    import javax.inject.Named;
26    import javax.inject.Provider;
27    import javax.inject.Singleton;
28   
29    import org.apache.commons.lang3.exception.ExceptionUtils;
30    import org.apache.velocity.VelocityContext;
31    import org.slf4j.Logger;
32    import org.xwiki.component.annotation.Component;
33    import org.xwiki.model.reference.DocumentReference;
34    import org.xwiki.model.reference.EntityReferenceSerializer;
35    import org.xwiki.query.Query;
36    import org.xwiki.query.QueryBuilder;
37    import org.xwiki.query.QueryException;
38    import org.xwiki.query.QueryManager;
39    import org.xwiki.security.authorization.AuthorExecutor;
40    import org.xwiki.security.authorization.AuthorizationManager;
41    import org.xwiki.security.authorization.Right;
42    import org.xwiki.velocity.VelocityEngine;
43    import org.xwiki.velocity.VelocityManager;
44   
45    import com.xpn.xwiki.objects.classes.DBListClass;
46   
47    /**
48    * Builds a secure query from the HQL statement specified by a Database List property.
49    *
50    * @version $Id: edfa4722a4f1a4e909021c3615a89333a81edfca $
51    * @since 9.8RC1
52    */
53    @Component
54    @Named("explicitlyAllowedValues")
55    @Singleton
 
56    public class ExplicitlyAllowedValuesDBListQueryBuilder implements QueryBuilder<DBListClass>
57    {
58    @Inject
59    private Logger logger;
60   
61    @Inject
62    private AuthorizationManager authorizationManager;
63   
64    @Inject
65    private AuthorExecutor authorExecutor;
66   
67    @Inject
68    private Provider<VelocityManager> velocityManagerProvider;
69   
70    @Inject
71    private EntityReferenceSerializer<String> entityReferenceSerializer;
72   
73    @Inject
74    @Named("secure")
75    private QueryManager secureQueryManager;
76   
 
77  86 toggle @Override
78    public Query build(DBListClass dbListClass) throws QueryException
79    {
80  86 String statement = dbListClass.getSql();
81  86 DocumentReference authorReference = dbListClass.getOwnerDocument().getAuthorReference();
82  86 if (this.authorizationManager.hasAccess(Right.SCRIPT, authorReference, dbListClass.getReference())) {
83  85 String namespace = this.entityReferenceSerializer.serialize(dbListClass.getDocumentReference());
84  85 try {
85  85 statement = this.authorExecutor.call(() -> evaluateVelocityCode(dbListClass.getSql(), namespace),
86    authorReference, dbListClass.getDocumentReference());
87    } catch (Exception e) {
88  0 this.logger.warn(
89    "Failed to evaluate the Velocity code from the query [{}]."
90    + " Root cause is [{}]. Continuing with the raw query.",
91    statement, ExceptionUtils.getRootCauseMessage(e));
92    }
93    }
94   
95  86 Query query = this.secureQueryManager.createQuery(statement, Query.HQL);
96  86 query.setWiki(dbListClass.getOwnerDocument().getDocumentReference().getWikiReference().getName());
97  86 return query;
98    }
99   
 
100  84 toggle private String evaluateVelocityCode(String code, String namespace) throws Exception
101    {
102  84 VelocityManager velocityManager = this.velocityManagerProvider.get();
103  84 VelocityContext velocityContext = velocityManager.getVelocityContext();
104  84 VelocityEngine velocityEngine = velocityManager.getVelocityEngine();
105   
106  84 StringWriter writer = new StringWriter();
107  84 velocityEngine.evaluate(velocityContext, writer, namespace, code);
108  84 return writer.toString();
109    }
110    }