SudoService
Allows a block of code to be executed within an arbitrary InteractionContext , allowing the who, when and where to be temporarily switched.
Most typically this service is used to temporarily change the "who", that is the user reported by the UserService 's UserService#currentUser() getUser() - hence the name SudoService. But the user’s locale and timezome can also be changed, as well as the time reported by org.apache.causeway.applib.services.clock.ClockService .
The primary use case for this service is for fixture scripts and integration tests.
API
class SudoService {
public static RoleMemento ACCESS_ALL_ROLE; (1)
T call(UnaryOperator<InteractionContext> sudoMapper, Callable<T> callable) (2)
void run(UnaryOperator<InteractionContext> sudoMapper, ThrowingRunnable runnable) (3)
}
1 | ACCESS_ALL_ROLE
If included in the list of roles, then will disable security checks (can view and use all object members). |
2 | call(UnaryOperator, Callable)
Executes the supplied Callable block, within the provided InteractionContext . |
3 | run(UnaryOperator, ThrowingRunnable)
Executes the supplied Callable block, within the provided InteractionContext . |
Members
ACCESS_ALL_ROLE
If included in the list of roles, then will disable security checks (can view and use all object members).
call(UnaryOperator, Callable)
Executes the supplied Callable block, within the provided InteractionContext .
run(UnaryOperator, ThrowingRunnable)
Executes the supplied Callable block, within the provided InteractionContext .
Implementation
The core framework provides a default implementation of this service (o.a.c.core.runtimeservices.sudo.SudoServiceDefault
).
Usage
This domain service is useful both for integration testing and while running fixture scripts.
For example, to integration test a workflow system, whereby objects are moved from one user to another, it is helpful to switch the effective user to verify that the task was assigned correctly.
Or, this fixture script uses the SudoService
to set up ToDoItem
objects:
protected void execute(final ExecutionContext ec) {
...
sudoService.call(
InteractionContext.switchUser(UserMemento.ofName("joe")),
() -> wrap(toDoItem).completed()
);
...
}
Disabling permission checks
Sometimes it’s useful to be able to "switch off" security checks, for example when running in initial seed scripts or fixtures that use the WrapperFactory. This can be done using any user that has the special ACCESS_ALL_ROLE role.
For example:
protected void execute(final ExecutionContext ec) {
...
sudoService.call(InteractionContext.switchUser(
UserMemento.ofNameAndRoles("seed-user", SudoService.ACCESS_ALL_ROLE),
() -> { /* ... */ }
);
...
}