Getter for AnyFieldExpression class or Expression interface

[eedijs]

Hi,

I have created a class that implements ErrorMapper interface. I see that the Exception class has access to Expression via ((ForbiddenAccessException) exception).getExpression().get(), but there is no way to get the pure expression for which this ForbiddenAccessException was thrown.

For example, if I have a @SecurityCheck("user must have this role") and then add it on an entity class like @ReadPermission(expression = "user must have this role"), is there any way currently to access this expression via ForbiddenAccessException, or some changes need to be made?

This would be needed to change what the error message says, depending on which expression check failed.

Code example:

@Service
public class SecurityCheckErrorMapper implements ErrorMapper {

    @Nullable
    @Override
    public CustomErrorException map(Exception exception) {
        if (!(exception instanceof ForbiddenAccessException)) {
            return null;
        }

        ErrorObjects errorObjects = ErrorObjects.builder()
                .addError()
                .withDetail("User is not allowed to access this object")
                .build();

        return new CustomErrorException(HttpStatus.SC_FORBIDDEN, "Access denied", errorObjects);
    }
}

[aklish]

Expression is the base class of the AST for permission checks. The branches are boolean operators like AND and OR. The leaves are typically CheckExpressions. You can either:

• Just call toString on the expression and that will print something you can map or live with.
• You can write your own visitor class to transform the AST into whatever text you like.

The latter is a bit more work but probably the better way to go. Important note, the original text in the permission ("User is not allowed to access this object") is not stored directly in the expression but rather in the EntityDictionary:

https://github.com/yahoo/elide/blob/master/elide-core/src/main/java/com/yahoo/elide/core/security/permissions/expressions/CheckExpression.java#L137

Hope that helps.

[eedijs]

Unfortunately, I'm not sure how to implement this with my own visitor (what to extend, where to register/add my visitor?), so I chose the first route that I initially also saw - I made a regex for checking that a specific expression is there and that it failed.

[aklish]

I'm working on a small refactor to make this a tad bit easier. Will provide a rough example with it on how to do this.