Example 1 with Role
use of com.b2international.snowowl.core.identity.Role in project snow-owl by b2ihealthcare.
the class CommitInfoRequestTest method searchCommitInfoByBranch.
@Test
public void searchCommitInfoByBranch() {
final String oid = UUID.randomUUID().toString();
final String shortName = "Resource6";
final String comment = "Code system for commit info 6";
final String branchName = "Test6";
final String term = "Test Description 6";
createCodeSystem(shortName, oid, comment);
final String branchPath = createBranch(String.format("%s/%s", BRANCH, shortName), branchName);
createDescription(ResourceURI.branch(CodeSystem.RESOURCE_TYPE, shortName, branchName), term, comment);
// Search as admin
assertEquals(1, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByBranch(branchPath).build(REPOSITORY_ID).execute(bus).getSync().getTotal());
final Permission userPermission = Permission.requireAll(Permission.OPERATION_BROWSE, String.format("%s*", shortName));
final List<Role> roles = List.of(new Role("Editor", List.of(userPermission)));
final String userName = "User6";
final User user = new User(userName, roles);
final IEventBus authorizedBus = new AuthorizedEventBus(bus, ImmutableMap.of(AuthorizedRequest.AUTHORIZATION_HEADER, Services.service(JWTGenerator.class).generate(user)));
// Search as user with limited permissions
assertEquals(1, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByBranch(branchPath).build(REPOSITORY_ID).execute(authorizedBus).getSync().getTotal());
}
Also used :
Role(com.b2international.snowowl.core.identity.Role)
User(com.b2international.snowowl.core.identity.User)
JWTGenerator(com.b2international.snowowl.core.identity.JWTGenerator)
Permission(com.b2international.snowowl.core.identity.Permission)
AuthorizedEventBus(com.b2international.snowowl.core.authorization.AuthorizedEventBus)
IEventBus(com.b2international.snowowl.eventbus.IEventBus)
Test(org.junit.Test)
Example 2 with Role
use of com.b2international.snowowl.core.identity.Role in project snow-owl by b2ihealthcare.
the class LdapIdentityProvider method searchUsers.
@Override
public Promise<Users> searchUsers(Collection<String> usernames, int limit) {
final ImmutableList.Builder<User> resultBuilder = ImmutableList.builder();
final String uidProp = conf.getUserIdProperty();
InitialLdapContext context = null;
NamingEnumeration<SearchResult> searchResultEnumeration = null;
try {
context = createLdapContext();
Collection<LdapRole> ldapRoles = getAllLdapRoles(context);
searchResultEnumeration = context.search(conf.getBaseDn(), conf.getUserFilter(), createSearchControls(ATTRIBUTE_DN, uidProp));
for (final SearchResult searchResult : ImmutableList.copyOf(Iterators.forEnumeration(searchResultEnumeration))) {
final Attributes attributes = searchResult.getAttributes();
if (hasAttribute(attributes, uidProp)) {
final String userName = (String) attributes.get(uidProp).get();
final List<Role> userRoles = ldapRoles.stream().filter(role -> role.getUniqueMembers().contains(searchResult.getNameInNamespace())).map(role -> new Role(role.getName(), role.getPermissions())).collect(Collectors.toList());
resultBuilder.add(new User(userName, userRoles));
}
}
final List<User> users = resultBuilder.build().stream().sorted((u1, u2) -> u1.getUsername().compareTo(u2.getUsername())).filter(user -> usernames.isEmpty() || usernames.contains(user.getUsername())).limit(limit).collect(Collectors.toList());
return Promise.immediate(new Users(users, limit, users.size()));
} catch (final NamingException e) {
LOG.error("Couldn't search users/roles due to LDAP communication error: {}", e.getMessage(), e);
throw new SnowowlRuntimeException(e);
} finally {
closeNamingEnumeration(searchResultEnumeration);
closeLdapContext(context);
}
}
Also used :
Iterables(com.google.common.collect.Iterables)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
Promise(com.b2international.snowowl.core.events.util.Promise)
LoggerFactory(org.slf4j.LoggerFactory)
NamingException(javax.naming.NamingException)
SearchControls(javax.naming.directory.SearchControls)
Iterators(com.google.common.collect.Iterators)
Attribute(javax.naming.directory.Attribute)
Strings(com.google.common.base.Strings)
ImmutableList(com.google.common.collect.ImmutableList)
Map(java.util.Map)
Permission(com.b2international.snowowl.core.identity.Permission)
Context(javax.naming.Context)
NoSuchElementException(java.util.NoSuchElementException)
Hashtable(java.util.Hashtable)
IdentityProvider(com.b2international.snowowl.core.identity.IdentityProvider)
Logger(org.slf4j.Logger)
SnowowlRuntimeException(com.b2international.snowowl.core.api.SnowowlRuntimeException)
Collection(java.util.Collection)
Preconditions.checkNotNull(com.google.common.base.Preconditions.checkNotNull)
DirContext(javax.naming.directory.DirContext)
Role(com.b2international.snowowl.core.identity.Role)
Collectors(java.util.stream.Collectors)
TimeUnit(java.util.concurrent.TimeUnit)
List(java.util.List)
TreeMap(java.util.TreeMap)
Attributes(javax.naming.directory.Attributes)
Users(com.b2international.snowowl.core.identity.Users)
NamingEnumeration(javax.naming.NamingEnumeration)
User(com.b2international.snowowl.core.identity.User)
Preconditions(com.google.common.base.Preconditions)
Collections(java.util.Collections)
SearchResult(javax.naming.directory.SearchResult)
User(com.b2international.snowowl.core.identity.User)
ImmutableList(com.google.common.collect.ImmutableList)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
Users(com.b2international.snowowl.core.identity.Users)
SnowowlRuntimeException(com.b2international.snowowl.core.api.SnowowlRuntimeException)
Role(com.b2international.snowowl.core.identity.Role)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
NamingException(javax.naming.NamingException)
Example 3 with Role
use of com.b2international.snowowl.core.identity.Role in project snow-owl by b2ihealthcare.
the class CommitInfoRequestTest method searchCommitOnSubBranch.
@Test
public void searchCommitOnSubBranch() {
// Search with no branch filter, to test security filter for user with limited resources
final String oid = UUID.randomUUID().toString();
final String shortName = "Resource7";
final String comment = "Code system for commit info 7";
final String branchName = "Test7";
final String commitComment = "Create Description 7";
final String term = "Test Description 7";
// Commit on resource branch
createCodeSystem(shortName, oid, comment);
createDescription(ResourceURI.of(CodeSystem.RESOURCE_TYPE, shortName), term, commitComment);
// Commit on version branch
final String branchPath = createBranch(String.format("%s/%s", BRANCH, shortName), branchName);
createDescription(ResourceURI.branch(CodeSystem.RESOURCE_TYPE, shortName, branchName), term, commitComment);
// Commit on deeper branch
final String newBranchName = String.format("%s/%s", branchName, branchName);
createBranch(branchPath, branchName);
createDescription(ResourceURI.branch(CodeSystem.RESOURCE_TYPE, shortName, newBranchName), term, commitComment);
final Permission userPermission = Permission.requireAll(Permission.OPERATION_BROWSE, String.format("%s*", shortName));
final List<Role> roles = List.of(new Role("Editor", List.of(userPermission)));
final String userName = "User7";
final User user = new User(userName, roles);
final IEventBus authorizedBus = new AuthorizedEventBus(bus, ImmutableMap.of(AuthorizedRequest.AUTHORIZATION_HEADER, Services.service(JWTGenerator.class).generate(user)));
// Search as user with permission only to access the resource and one sub branch
assertEquals(2, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByComment(commitComment).build(REPOSITORY_ID).execute(authorizedBus).getSync().getTotal());
// Search as admin user with permission to access all
assertEquals(3, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByComment(commitComment).build(REPOSITORY_ID).execute(bus).getSync().getTotal());
}
Also used :
Role(com.b2international.snowowl.core.identity.Role)
User(com.b2international.snowowl.core.identity.User)
JWTGenerator(com.b2international.snowowl.core.identity.JWTGenerator)
Permission(com.b2international.snowowl.core.identity.Permission)
AuthorizedEventBus(com.b2international.snowowl.core.authorization.AuthorizedEventBus)
IEventBus(com.b2international.snowowl.eventbus.IEventBus)
Test(org.junit.Test)
Aggregations
Permission (com.b2international.snowowl.core.identity.Permission)3
Role (com.b2international.snowowl.core.identity.Role)3
User (com.b2international.snowowl.core.identity.User)3
AuthorizedEventBus (com.b2international.snowowl.core.authorization.AuthorizedEventBus)2
JWTGenerator (com.b2international.snowowl.core.identity.JWTGenerator)2
IEventBus (com.b2international.snowowl.eventbus.IEventBus)2
Test (org.junit.Test)2
SnowowlRuntimeException (com.b2international.snowowl.core.api.SnowowlRuntimeException)1
Promise (com.b2international.snowowl.core.events.util.Promise)1
IdentityProvider (com.b2international.snowowl.core.identity.IdentityProvider)1
Users (com.b2international.snowowl.core.identity.Users)1
Preconditions (com.google.common.base.Preconditions)1
Preconditions.checkNotNull (com.google.common.base.Preconditions.checkNotNull)1
Strings (com.google.common.base.Strings)1
ImmutableList (com.google.common.collect.ImmutableList)1
Iterables (com.google.common.collect.Iterables)1
Iterators (com.google.common.collect.Iterators)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
Hashtable (java.util.Hashtable)1
