Dynamic role for Mondrian connection
Hi,
i'm tying to implement dynamic role rof mondrian, extending DelegatingRole and setting correponding instance to connection. My code is as follows:
and in MDXConnection i haveCode:package mondrian.olap; import java.util.Arrays; import mondrian.olap.RoleImpl.DelegatingHierarchyAccess; import org.pentaho.platform.engine.core.system.PentahoSessionHolder; import org.pentaho.platform.engine.core.system.PentahoSystem; import org.pentaho.platform.engine.security.SecurityHelper; import org.pentaho.platform.util.logging.Logger; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; public class ConnectionRole extends DelegatingRole { public ConnectionRole(Role role) { super(role); Logger.error(PentahoSystem.class, "Created Dynamic Mondrian Role : "+Arrays.toString(getPlatformRolesFromSession())); } public static class HierarchyAccessExample extends DelegatingHierarchyAccess{ public HierarchyAccessExample(HierarchyAccess hierarchyAccess) { super(hierarchyAccess); Logger.error(PentahoSystem.class, "HierarchyAccessExample constructor"); } } public Access getAccess(Schema schema) { Logger.error(PentahoSystem.class, "schemas override"); return role.getAccess(schema); } public Access getAccess(Cube cube) { Logger.error(PentahoSystem.class, "cubes override"); return role.getAccess(cube); } public Access getAccess(Dimension dimension) { Logger.error(PentahoSystem.class, "dimensions override"); return role.getAccess(dimension); } public Access getAccess(Hierarchy hierarchy) { Logger.error(PentahoSystem.class, "hierarchies override"); return role.getAccess(hierarchy); } public HierarchyAccess getAccessDetails(Hierarchy hierarchy) { Logger.error(PentahoSystem.class, "hierarchy access override"); return new HierarchyAccessExample(role.getAccessDetails(hierarchy)); } public Access getAccess(Member member) { Logger.error(PentahoSystem.class, "members override: "+member.getLevel().getUniqueName()); Access access = role.getAccess(member); return getAccess(member, access); } // no one see's information that is in a department they do not have access too protected Access getAccess(Member member, Access access) { //final String storeNamelevel = "[Store].[Store Country].[Store State].[Store City].[Store Name]"; final String departmentLevel = "[Department]"; Logger.error(PentahoSystem.class, "members override: "+member.getLevel().getUniqueName()); if (member.getLevel().getUniqueName().equals(departmentLevel)) { Object o = member.getPropertyValue("ldap_role"); Boolean isAdmin = Arrays.binarySearch(getPlatformRolesFromSession(), "Admin") > 0 ? true : false; Boolean hasRole = Arrays.binarySearch(getPlatformRolesFromSession(), o) > 0; return (o != null && (hasRole || isAdmin)) ? access : Access.NONE; } else { return access; } } protected String[] getPlatformRolesFromSession() { // Get the Spring Security authentication object Authentication auth = SecurityHelper.getAuthentication(PentahoSessionHolder.getSession(), false); String[] rtn = null; // Get the authorities GrantedAuthority[] gAuths = auth.getAuthorities(); if ((gAuths != null) && (gAuths.length > 0) ) { // Copy role names out of the Authentication rtn = new String[gAuths.length]; for (int i=0; i<gAuths.length; i++) { rtn[i] = gAuths[i].getAuthority(); } // Sort the returned list of roles Arrays.sort(rtn); } return rtn; } }
I tried to create new Analysis View and in debugger i found, that role method, controlling member access (getAccess(Member member, Access access)), is never called (but method controlling hierarchy access was called, so, role was set correctly).Code:... if (nativeConnection == null) { logger.error(Messages.getErrorString( "MDXConnection.ERROR_0002_INVALID_CONNECTION", properties != null ? properties.toString() : "null")); //$NON-NLS-1$ //$NON-NLS-2$ } } catch (Throwable t) { if (logger != null) { logger.error(Messages.getErrorString( "MDXConnection.ERROR_0002_INVALID_CONNECTION", properties != null ? properties.toString() : "null"), t); //$NON-NLS-1$ //$NON-NLS-2$ } else { Logger.error(this.getClass().getName(), Messages.getErrorString( "MDXConnection.ERROR_0002_INVALID_CONNECTION", properties != null ? properties.toString() : "null"), t); //$NON-NLS-1$ //$NON-NLS-2$ } } ConnectionRole crxRole = new ConnectionRole(nativeConnection.getRole()); nativeConnection.setRole(crxRole);
Why does this happen? As i understood, in such case member access controller has to be called for every member, in other case such construction is useless... could anybody please advice? I use 3.6.0 pentaho and 3.2.0 mondrian.
