Examples with Permission com.b2international.snowowl.core.identity.Permission used on opensource projects

Search in sources :

Example 6 with Permission

use of com.b2international.snowowl.core.identity.Permission in project snow-owl by b2ihealthcare.

the class BaseResourceSearchRequest method addSecurityFilter.

/**
 * Configures security filters to allow access to certain resources only. This method is no-op if the given {@link ServiceProvider context}'s {@link User} is an administrator or has read access to everything.
 *
 * @param context - the context where user information will be extracted
 * @param queryBuilder - the query builder to append the clauses to
 */
protected final void addSecurityFilter(ServiceProvider context, ExpressionBuilder queryBuilder) {
    final User user = context.service(User.class);
    if (user.isAdministrator() || user.hasPermission(Permission.requireAll(Permission.OPERATION_BROWSE, Permission.ALL))) {
        return;
    }
    // extract read permissions
    final List<Permission> readPermissions = user.getPermissions().stream().filter(p -> Permission.ALL.equals(p.getOperation()) || Permission.OPERATION_BROWSE.equals(p.getOperation())).collect(Collectors.toList());
    final Set<String> exactResourceIds = readPermissions.stream().flatMap(p -> p.getResources().stream()).filter(resource -> !resource.endsWith("*")).collect(Collectors.toSet());
    final Set<String> resourceIdPrefixes = readPermissions.stream().flatMap(p -> p.getResources().stream()).filter(resource -> resource.endsWith("*")).map(resource -> resource.substring(0, resource.length() - 1)).collect(Collectors.toSet());
    if (!exactResourceIds.isEmpty() || !resourceIdPrefixes.isEmpty()) {
        context.log().info("Restricting user '{}' to resources exact: '{}', prefix: '{}'.", user.getUsername(), ImmutableSortedSet.copyOf(exactResourceIds), ImmutableSortedSet.copyOf(resourceIdPrefixes));
        ExpressionBuilder bool = Expressions.builder();
        // the permissions give access to either
        if (!exactResourceIds.isEmpty()) {
            // explicit IDs
            bool.should(ResourceDocument.Expressions.ids(exactResourceIds));
            // or the permitted resources are bundles which give access to all resources within it (recursively)
            bool.should(ResourceDocument.Expressions.bundleIds(exactResourceIds));
            bool.should(ResourceDocument.Expressions.bundleAncestorIds(exactResourceIds));
        }
        if (!resourceIdPrefixes.isEmpty()) {
            // partial IDs, prefixes
            bool.should(ResourceDocument.Expressions.idPrefixes(resourceIdPrefixes));
            // or the permitted resources are bundle ID prefixes which give access to all resources within it (recursively)
            bool.should(ResourceDocument.Expressions.bundleIdPrefixes(resourceIdPrefixes));
            bool.should(ResourceDocument.Expressions.bundleAncestorIdPrefixes(resourceIdPrefixes));
        }
        queryBuilder.filter(bool.build());
    } else {
        throw new NoResultException();
    }
}
Also used : ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) RepositoryContext(com.b2international.snowowl.core.domain.RepositoryContext) Collection(java.util.Collection) Set(java.util.Set) Collectors(java.util.stream.Collectors) ResourceDocument(com.b2international.snowowl.core.internal.ResourceDocument) List(java.util.List) Expressions(com.b2international.index.query.Expressions) ExpressionBuilder(com.b2international.index.query.Expressions.ExpressionBuilder) ServiceProvider(com.b2international.snowowl.core.ServiceProvider) Expression(com.b2international.index.query.Expression) Permission(com.b2international.snowowl.core.identity.Permission) User(com.b2international.snowowl.core.identity.User) User(com.b2international.snowowl.core.identity.User) Permission(com.b2international.snowowl.core.identity.Permission) ExpressionBuilder(com.b2international.index.query.Expressions.ExpressionBuilder)

Aggregations

Permission (com.b2international.snowowl.core.identity.Permission)6 User (com.b2international.snowowl.core.identity.User)5 IEventBus (com.b2international.snowowl.eventbus.IEventBus)3 Collection (java.util.Collection)3 List (java.util.List)3 Expression (com.b2international.index.query.Expression)2 Expressions (com.b2international.index.query.Expressions)2 ExpressionBuilder (com.b2international.index.query.Expressions.ExpressionBuilder)2 ServiceProvider (com.b2international.snowowl.core.ServiceProvider)2 AuthorizedEventBus (com.b2international.snowowl.core.authorization.AuthorizedEventBus)2 RepositoryContext (com.b2international.snowowl.core.domain.RepositoryContext)2 JWTGenerator (com.b2international.snowowl.core.identity.JWTGenerator)2 Role (com.b2international.snowowl.core.identity.Role)2 ResourceDocument (com.b2international.snowowl.core.internal.ResourceDocument)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 Test (org.junit.Test)2 ForbiddenException (com.b2international.commons.exceptions.ForbiddenException)1 UnauthorizedException (com.b2international.commons.exceptions.UnauthorizedException)1 Hits (com.b2international.index.Hits)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial