From 61bb89c41ad178e8406018a11e6f49fe3d69b318 Mon Sep 17 00:00:00 2001 From: starfishfive <161029169+starfishfive@users.noreply.github.com> Date: Fri, 17 May 2024 15:49:00 +0000 Subject: [PATCH] Add ACL and filter Signed-off-by: starfishfive <161029169+starfishfive@users.noreply.github.com> --- .../persistence/ComponentQueryFilterBuilder.java | 6 ++++++ .../persistence/ComponentQueryManager.java | 16 +++++++++++----- .../resources/v1/ComponentResource.java | 4 +++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/dependencytrack/persistence/ComponentQueryFilterBuilder.java b/src/main/java/org/dependencytrack/persistence/ComponentQueryFilterBuilder.java index 349c10b624..0850e381b5 100644 --- a/src/main/java/org/dependencytrack/persistence/ComponentQueryFilterBuilder.java +++ b/src/main/java/org/dependencytrack/persistence/ComponentQueryFilterBuilder.java @@ -41,6 +41,12 @@ class ComponentQueryFilterBuilder { this.filterCriteria = new ArrayList<>(); } + ComponentQueryFilterBuilder withFuzzyName(String name) { + params.put("name", name); + filterCriteria.add("(name.toLowerCase().matches(:name))"); + return this; + } + ComponentQueryFilterBuilder withAuthor(string author) { params.put("author", author); filterCriteria.add("(author == :author)"); diff --git a/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java b/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java index 358595e1b6..22b6aced9f 100644 --- a/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java @@ -89,13 +89,19 @@ public PaginatedResult getComponents(final boolean includeMetrics) { if (orderBy == null) { query.setOrdering("name asc, version desc"); } + + final var filterBuilder = new ProjectQueryFilterBuilder(); + if (filter != null) { - query.setFilter("name.toLowerCase().matches(:name)"); final String filterString = ".*" + filter.toLowerCase() + ".*"; - result = execute(query, filterString); - } else { - result = execute(query); - } + filterBuilder = filterBuilder.withFuzzyName(filterString); + } + + final String queryFilter = filterBuilder.buildFilter(); + final Map params = filterBuilder.getParams(); + + preprocessACLs(query, queryFilter, params, false); + result = execute(query, params); if (includeMetrics) { // Populate each Component object in the paginated result with transitive related // data to minimize the number of round trips a client needs to make, process, and render. diff --git a/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java b/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java index f6c617500e..1c71985cdf 100644 --- a/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java +++ b/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java @@ -88,7 +88,9 @@ public class ComponentResource extends AlpineResource { @ApiResponse(code = 401, message = "Unauthorized"), }) @PermissionRequired(Permissions.Constants.VIEW_PORTFOLIO) - public Response getComponents() { + public Response getComponents( + @ApiParam(value = "The optional author of the component to query on", required = false) + @QueryParam("author") String author) { try (QueryManager qm = new QueryManager(getAlpineRequest())) { final PaginatedResult result = qm.getComponents(); return Response.ok(result.getObjects()).header(TOTAL_COUNT_HEADER, result.getTotal()).build()