Optimise predicate security checks on property validation

orientechnologies · May 18, 2021 · f0029b1 · f0029b1
1 parent e2f352d
commit f0029b1
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/core/src/main/java/com/orientechnologies/orient/core/metadata/security/OSecurityShared.java b/core/src/main/java/com/orientechnologies/orient/core/metadata/security/OSecurityShared.java
@@ -1481,6 +1481,20 @@ public boolean isAllowedWrite(ODatabaseSession session, ODocument document, Stri
     if (clazz == null) {
       return true;
     }
+    String className = clazz.getName();
+
+    if (roleHasPredicateSecurityForClass != null) {
+      for (OSecurityRole role : session.getUser().getRoles()) {
+        Map<String, Boolean> roleMap = roleHasPredicateSecurityForClass.get(role.getName());
+        if (roleMap == null) {
+          return true; // TODO hierarchy...?
+        }
+        Boolean val = roleMap.get(className);
+        if (!(Boolean.TRUE.equals(val))) {
+          return true; // TODO hierarchy...?
+        }
+      }
+    }
 
     if (document.getIdentity().isNew()) {
       OBooleanExpression predicate =