Daobab provides a very useful mechanism to protect the data.
You may protect not only a particular data, but also an operation on it.
Every target, even internal collections like Entities and Plates, may be protected.
Daobab uses AccessProtector interface with BasicAccessProtector as a default implementation, to protect the content.
How to configure AccessProtector?
At first you have to choose the default strategy.
This is a default strategy, but it may be overridden by some specific access, applied on particular entity or column.
- ALLOW - all access is permitted by default. This strategy is the default one.
- READ - only read access is permitted. Any insert,update or delete is blocked by default
- DENIED - any access is blocked by default
Example:
Target denies all types of operation on every kind of data:
Having default strategy, you may apply some exceptions on it.
All available scenarios are gathered into Access enum:
- FULL - anything is allowed
- WRITE - insert, update, delete is allowed
- NO_READ - read is disallowed
- NO_INSERT - insert is disallowed
- NO_UPDATE - update is disallowed
- NO_DELETE - delete is disallowed
- READ - read is allowed
- DENIED - anything is disallowed
AccessProtector provides a methods to apply the access parameters:
setEntityAccess - this method has a few variants. All of them are related to Entity access. You may either set one particular access to one or many entities or you may set at a single entity s few types of access.
Also, you may use a real entity instances or the string identifiers.
setColumnAccess - similarly as above, this method has two variants. You may set single access to one or many columns, or you may set to one column one or many types of access.
In the above example, whole target is allowed by default, but tables Payment, Address cannot be read, inserted, updated or deleted.
Column Email into Customer table cannot be accessed as well.
Column StoreId into Customer table, may be read but cannot be updated.