package ......;
import java.lang.*;
import java.util.*;
import org.jspresso.framework.model.component.IQueryComponent;
import org.jspresso.framework.model.persistence.hibernate.criterion.EnhancedDetachedCriteria;
import org.jspresso.framework.application.backend.action.persistence.hibernate.*;
import org.jspresso.framework.application.backend.AbstractBackendController;
import org.jspresso.framework.application.backend.session.IApplicationSession;
import org.jspresso.framework.application.action.AbstractActionContextAware;
import org.jspresso.framework.security.*;
import org.hibernate.criterion.Restrictions;


public class MyEntityFilter extends AbstractActionContextAware implements ICriteriaRefiner {
	
	public void refineCriteria(EnhancedDetachedCriteria criteria, IQueryComponent queryComponent, Map<String, Object> context){

		IApplicationSession session = getBackendController(context).getApplicationSession();
		// get the application session

		Boolean isEmployee = SecurityHelper.isSubjectGranted(
								session.getSubject(),
								new roleHolder("employee")
							);
		// isEmplyee holds if the current user has the role "employee"

		if (isEmployee && (queryComponent.getQueryContract().getName().contains("holidayRequest")))
		// we only add criteria if the current user is an emplyee and if the entity being queried is a holidayRequest
		{
			criteria.add(Restrictions.eq("creator", session.getPrincipal().getName()));
			// an holidayRequest contains a property "creator" holding the username of the user who created the holiday request
			
		}
	}
}


class roleHolder implements ISecurable {
// in order to benefit from teh helper method isSubjectGranted, we need to put the rome to verify against in a collection

	private Set<String> roles; 
	public roleHolder(String role) {
		roles = Collections.singleton(role);
		}
	public Collection<String> getGrantedRoles() {return roles;}
}