Optimise security checks

canUpdate()

core/src/main/java/com/orientechnologies/orient/core/metadata/security/OSecurityShared.java

@@ -1477,11 +1477,17 @@ public boolean isAllowedWrite(ODatabaseSession session, ODocument document, Stri
       return true;
     }
 
-    OClass clazz = ((OElement) document).getSchemaType().orElse(null);
-    if (clazz == null) {
+    String className;
+    OClass clazz = null;
+    if (document instanceof ODocument) {
+      className = document.getClassName();
+    } else {
+      clazz = ((OElement) document).getSchemaType().orElse(null);
+      className = clazz == null ? null : clazz.getName();
+    }
+    if (className == null) {
       return true;
     }
-    String className = clazz.getName();
 
     if (roleHasPredicateSecurityForClass != null) {
       for (OSecurityRole role : session.getUser().getRoles()) {
@@ -1496,6 +1502,10 @@ public boolean isAllowedWrite(ODatabaseSession session, ODocument document, Stri
       }
     }
 
+    if (clazz == null) {
+      clazz = ((OElement) document).getSchemaType().orElse(null);
+    }
+
     if (document.getIdentity().isNew()) {
       OBooleanExpression predicate =
           OSecurityEngine.getPredicateForSecurityResource(
@@ -1633,7 +1643,12 @@ public boolean canUpdate(ODatabaseSession session, ORecord record) {
     }
     if (record instanceof OElement) {
 
-      String className = ((OElement) record).getSchemaType().map(x -> x.getName()).orElse(null);
+      String className;
+      if (record instanceof ODocument) {
+        className = ((ODocument) record).getClassName();
+      } else {
+        className = ((OElement) record).getSchemaType().map(x -> x.getName()).orElse(null);
+      }
 
       if (className != null && roleHasPredicateSecurityForClass != null) {
         for (OSecurityRole role : session.getUser().getRoles()) {