Relationship-Level Validation Code Examples
The following relationship validation code executes custom logic when a Role or Group is linked or unlinked to or from specified users. The logic then prevents users from performing actions for which their assigned Roles lack permissions.
 |
For the code in the following example to execute successfully, the operation for which you implement the logic must be configured as the Relationship Validator for the relationship between Roles and Groups.
|
package com.servicemax.operations.validators
import com.servicemax.core.utils.UserInfo
import com.servicemax.core.validator.RelationValidator
/**
* Validator that checks that a user with a role without permission cannot link or unlink a role and/or group
* to a given user
*
* Note: this validator should be configured as the Relationship Validator for the relationships Roles and Groups
*/
class UserRolesAndGroupsLinkUnlinkValidator extends RelationValidator {
private static final UUID ROLE_OBJECT = UUID.fromString("cb590533-0dbe-3a79-b818-6da3989dc465")
private static final UUID GROUP_OBJECT = UUID.fromString("6ce70a6c-b21e-11e0-90ab-001ec93afa2c")
private static final UUID ROLE_WITHOUT_PERMISSION_TO_LINK_OR_UNLINK_USER_ROLES_AND_GROUPS = <the uuid of the role without permissions>
@Override
public Object realValidator(Map<String, Object> parameters) {
//if the logged user has the role with no permission to link/unlink roles nor groups
if(loggedUserHasRoleWithoutPermissionToLinkOrUnlinkUserRolesAndGroups() && isRelationSourceRoleOrGroup()) {
//if trying to unlink a role/group from user, add a validation error
if(isRelationUnlinking()) {
addValidationErrorWithTranslation('io_cannot_unlink_role_no_group')
}
//if trying to link a role/group from user, add a validation error
if(isRelationLinking()) {
addValidationErrorWithTranslation('io_cannot_link_role_no_group')
}
}
return true
}
private boolean loggedUserHasRoleWithoutPermissionToLinkOrUnlinkUserRolesAndGroups() {
return (UserInfo.getUser().io_role_io_users.find{ role ->
ROLE_WITHOUT_PERMISSION_TO_LINK_OR_UNLINK_USER_ROLES_AND_GROUPS.equals(role.io_uuid)
} != null)
}
private boolean isRelationSourceRoleOrGroup(Object relation) {
def sourceOfRelation = getRelationSourceObjectUUID()
return (ROLE_OBJECT.equals(sourceOfRelation) || GROUP_OBJECT.equals(sourceOfRelation))
}
}
import com.servicemax.core.utils.UserInfo
import com.servicemax.core.validator.RelationValidator
/**
* Validator that checks that a user with a role without permission cannot link or unlink a role and/or group
* to a given user
*
* Note: this validator should be configured as the Relationship Validator for the relationships Roles and Groups
*/
class UserRolesAndGroupsLinkUnlinkValidator extends RelationValidator {
private static final UUID ROLE_OBJECT = UUID.fromString("cb590533-0dbe-3a79-b818-6da3989dc465")
private static final UUID GROUP_OBJECT = UUID.fromString("6ce70a6c-b21e-11e0-90ab-001ec93afa2c")
private static final UUID ROLE_WITHOUT_PERMISSION_TO_LINK_OR_UNLINK_USER_ROLES_AND_GROUPS = <the uuid of the role without permissions>
@Override
public Object realValidator(Map<String, Object> parameters) {
//if the logged user has the role with no permission to link/unlink roles nor groups
if(loggedUserHasRoleWithoutPermissionToLinkOrUnlinkUserRolesAndGroups() && isRelationSourceRoleOrGroup()) {
//if trying to unlink a role/group from user, add a validation error
if(isRelationUnlinking()) {
addValidationErrorWithTranslation('io_cannot_unlink_role_no_group')
}
//if trying to link a role/group from user, add a validation error
if(isRelationLinking()) {
addValidationErrorWithTranslation('io_cannot_link_role_no_group')
}
}
return true
}
private boolean loggedUserHasRoleWithoutPermissionToLinkOrUnlinkUserRolesAndGroups() {
return (UserInfo.getUser().io_role_io_users.find{ role ->
ROLE_WITHOUT_PERMISSION_TO_LINK_OR_UNLINK_USER_ROLES_AND_GROUPS.equals(role.io_uuid)
} != null)
}
private boolean isRelationSourceRoleOrGroup(Object relation) {
def sourceOfRelation = getRelationSourceObjectUUID()
return (ROLE_OBJECT.equals(sourceOfRelation) || GROUP_OBJECT.equals(sourceOfRelation))
}
}
|
|
For details on how to configure relationship-level custom validation, see Configuring Relationship-Level Custom Validation in Service Board for Implementers.
|
For more information: