Example 6 with User
use of com.b2international.snowowl.core.identity.User in project snow-owl by b2ihealthcare.
the class CommitInfoRequestTest method searchCommitOnSubBranch.
@Test
public void searchCommitOnSubBranch() {
// Search with no branch filter, to test security filter for user with limited resources
final String oid = UUID.randomUUID().toString();
final String shortName = "Resource7";
final String comment = "Code system for commit info 7";
final String branchName = "Test7";
final String commitComment = "Create Description 7";
final String term = "Test Description 7";
// Commit on resource branch
createCodeSystem(shortName, oid, comment);
createDescription(ResourceURI.of(CodeSystem.RESOURCE_TYPE, shortName), term, commitComment);
// Commit on version branch
final String branchPath = createBranch(String.format("%s/%s", BRANCH, shortName), branchName);
createDescription(ResourceURI.branch(CodeSystem.RESOURCE_TYPE, shortName, branchName), term, commitComment);
// Commit on deeper branch
final String newBranchName = String.format("%s/%s", branchName, branchName);
createBranch(branchPath, branchName);
createDescription(ResourceURI.branch(CodeSystem.RESOURCE_TYPE, shortName, newBranchName), term, commitComment);
final Permission userPermission = Permission.requireAll(Permission.OPERATION_BROWSE, String.format("%s*", shortName));
final List<Role> roles = List.of(new Role("Editor", List.of(userPermission)));
final String userName = "User7";
final User user = new User(userName, roles);
final IEventBus authorizedBus = new AuthorizedEventBus(bus, ImmutableMap.of(AuthorizedRequest.AUTHORIZATION_HEADER, Services.service(JWTGenerator.class).generate(user)));
// Search as user with permission only to access the resource and one sub branch
assertEquals(2, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByComment(commitComment).build(REPOSITORY_ID).execute(authorizedBus).getSync().getTotal());
// Search as admin user with permission to access all
assertEquals(3, RepositoryRequests.commitInfos().prepareSearchCommitInfo().filterByComment(commitComment).build(REPOSITORY_ID).execute(bus).getSync().getTotal());
}
Also used :
Role(com.b2international.snowowl.core.identity.Role)
User(com.b2international.snowowl.core.identity.User)
JWTGenerator(com.b2international.snowowl.core.identity.JWTGenerator)
Permission(com.b2international.snowowl.core.identity.Permission)
AuthorizedEventBus(com.b2international.snowowl.core.authorization.AuthorizedEventBus)
IEventBus(com.b2international.snowowl.eventbus.IEventBus)
Test(org.junit.Test)
Example 7 with User
use of com.b2international.snowowl.core.identity.User in project snow-owl by b2ihealthcare.
the class RateLimitingRequest method execute.
@Override
public R execute(ServiceProvider context) {
final User user = context.service(User.class);
if (user != User.SYSTEM) {
// rate limit only non-system user requests
final String username = user.getUsername();
final RateLimitConsumption consumption = context.service(RateLimiter.class).consume(username);
if (consumption.isConsumed()) {
context.service(ResponseHeaders.class).set("X-Rate-Limit-Remaining", Long.toString(consumption.getRemainingTokens()));
} else {
throw new TooManyRequestsException(consumption.getSecondsToWait());
}
}
return next(context);
}
Also used :
TooManyRequestsException(com.b2international.commons.exceptions.TooManyRequestsException)
User(com.b2international.snowowl.core.identity.User)
ResponseHeaders(com.b2international.snowowl.core.events.util.ResponseHeaders)
Example 8 with User
use of com.b2international.snowowl.core.identity.User in project snow-owl by b2ihealthcare.
the class BaseResourceSearchRequest method addSecurityFilter.
/**
* Configures security filters to allow access to certain resources only. This method is no-op if the given {@link ServiceProvider context}'s {@link User} is an administrator or has read access to everything.
*
* @param context - the context where user information will be extracted
* @param queryBuilder - the query builder to append the clauses to
*/
protected final void addSecurityFilter(ServiceProvider context, ExpressionBuilder queryBuilder) {
final User user = context.service(User.class);
if (user.isAdministrator() || user.hasPermission(Permission.requireAll(Permission.OPERATION_BROWSE, Permission.ALL))) {
return;
}
// extract read permissions
final List<Permission> readPermissions = user.getPermissions().stream().filter(p -> Permission.ALL.equals(p.getOperation()) || Permission.OPERATION_BROWSE.equals(p.getOperation())).collect(Collectors.toList());
final Set<String> exactResourceIds = readPermissions.stream().flatMap(p -> p.getResources().stream()).filter(resource -> !resource.endsWith("*")).collect(Collectors.toSet());
final Set<String> resourceIdPrefixes = readPermissions.stream().flatMap(p -> p.getResources().stream()).filter(resource -> resource.endsWith("*")).map(resource -> resource.substring(0, resource.length() - 1)).collect(Collectors.toSet());
if (!exactResourceIds.isEmpty() || !resourceIdPrefixes.isEmpty()) {
context.log().info("Restricting user '{}' to resources exact: '{}', prefix: '{}'.", user.getUsername(), ImmutableSortedSet.copyOf(exactResourceIds), ImmutableSortedSet.copyOf(resourceIdPrefixes));
ExpressionBuilder bool = Expressions.builder();
// the permissions give access to either
if (!exactResourceIds.isEmpty()) {
// explicit IDs
bool.should(ResourceDocument.Expressions.ids(exactResourceIds));
// or the permitted resources are bundles which give access to all resources within it (recursively)
bool.should(ResourceDocument.Expressions.bundleIds(exactResourceIds));
bool.should(ResourceDocument.Expressions.bundleAncestorIds(exactResourceIds));
}
if (!resourceIdPrefixes.isEmpty()) {
// partial IDs, prefixes
bool.should(ResourceDocument.Expressions.idPrefixes(resourceIdPrefixes));
// or the permitted resources are bundle ID prefixes which give access to all resources within it (recursively)
bool.should(ResourceDocument.Expressions.bundleIdPrefixes(resourceIdPrefixes));
bool.should(ResourceDocument.Expressions.bundleAncestorIdPrefixes(resourceIdPrefixes));
}
queryBuilder.filter(bool.build());
} else {
throw new NoResultException();
}
}
Also used :
ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet)
RepositoryContext(com.b2international.snowowl.core.domain.RepositoryContext)
Collection(java.util.Collection)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
ResourceDocument(com.b2international.snowowl.core.internal.ResourceDocument)
List(java.util.List)
Expressions(com.b2international.index.query.Expressions)
ExpressionBuilder(com.b2international.index.query.Expressions.ExpressionBuilder)
ServiceProvider(com.b2international.snowowl.core.ServiceProvider)
Expression(com.b2international.index.query.Expression)
Permission(com.b2international.snowowl.core.identity.Permission)
User(com.b2international.snowowl.core.identity.User)
User(com.b2international.snowowl.core.identity.User)
Permission(com.b2international.snowowl.core.identity.Permission)
ExpressionBuilder(com.b2international.index.query.Expressions.ExpressionBuilder)
Example 9 with User
use of com.b2international.snowowl.core.identity.User in project snow-owl by b2ihealthcare.
the class VersionCreateRequest method execute.
@Override
public Boolean execute(RepositoryContext context) {
final String user = context.service(User.class).getUsername();
if (!resource.isHead()) {
throw new BadRequestException("Version '%s' cannot be created on unassigned branch '%s'.", version, resource).withDeveloperMessage("Did you mean to version '%s'?", resource.withoutPath());
}
if (resourcesById == null) {
resourcesById = fetchResources(context);
}
if (!resourcesById.containsKey(resource)) {
context.log().warn("Resource cannot be found during versioning: " + resourcesById + ", uri: " + resource);
throw new NotFoundException("Resource", resource.getResourceId());
}
// validate new path
RevisionBranch.BranchNameValidator.DEFAULT.checkName(version);
TerminologyResource resourceToVersion = resourcesById.get(resource);
// TODO resurrect or eliminate tooling dependencies
final List<TerminologyResource> resourcesToVersion = List.of(resourcesById.get(resource));
// final List<CodeSystem> resourcesToVersion = codeSystem.getDependenciesAndSelf()
// .stream()
// .map(resourcesById::get)
// .collect(Collectors.toList());
resourcesToVersion.stream().filter(cs -> cs.getUpgradeOf() != null).findAny().ifPresent(cs -> {
throw new BadRequestException("Upgrade resource '%s' can not be versioned.", cs.getResourceURI());
});
for (TerminologyResource terminologyResource : resourcesToVersion) {
// check that the new versionId does not conflict with any other currently available branch
final String newVersionPath = String.join(Branch.SEPARATOR, terminologyResource.getBranchPath(), version);
final String repositoryId = terminologyResource.getToolingId();
if (!force) {
// branch needs checking in the non-force cases only
try {
Branch branch = RepositoryRequests.branching().prepareGet(newVersionPath).build(repositoryId).execute(context);
if (!branch.isDeleted()) {
throw new ConflictException("An existing version or branch with path '%s' conflicts with the specified version identifier.", newVersionPath);
}
} catch (NotFoundException e) {
// branch does not exist, ignore
}
} else {
// if there is no conflict, delete the branch (the request also ignores non-existent branches)
deleteBranch(context, newVersionPath, repositoryId);
}
}
acquireLocks(context, user, resourcesToVersion);
final IProgressMonitor monitor = SubMonitor.convert(context.service(IProgressMonitor.class), TASK_WORK_STEP);
try {
// resourcesToVersion.forEach(resourceToVersion -> {
// check that the specified effective time is valid in this code system
validateVersion(context, resourceToVersion);
// version components in the given repository
new RepositoryRequest<>(resourceToVersion.getToolingId(), new BranchRequest<>(resourceToVersion.getBranchPath(), new RevisionIndexReadRequest<CommitResult>(context.service(RepositoryManager.class).get(resourceToVersion.getToolingId()).service(VersioningRequestBuilder.class).build(new VersioningConfiguration(user, resourceToVersion.getResourceURI(), version, description, effectiveTime, force))))).execute(context);
// tag the repository
doTag(context, resourceToVersion, monitor);
// create a version for the resource
return new BranchRequest<>(Branch.MAIN_PATH, new ResourceRepositoryCommitRequestBuilder().setBody(tx -> {
tx.add(VersionDocument.builder().id(resource.withPath(version).withoutResourceType()).version(version).description(description).effectiveTime(EffectiveTimes.getEffectiveTime(effectiveTime)).resource(resource).branchPath(resourceToVersion.getRelativeBranchPath(version)).author(user).createdAt(Instant.now().toEpochMilli()).updatedAt(Instant.now().toEpochMilli()).toolingId(resourceToVersion.getToolingId()).url(buildVersionUrl(context, resourceToVersion)).build());
return Boolean.TRUE;
}).setCommitComment(CompareUtils.isEmpty(commitComment) ? String.format("Version '%s' as of '%s'", resource, version) : commitComment).build()).execute(context).getResultAs(Boolean.class);
} finally {
releaseLocks(context);
if (null != monitor) {
monitor.done();
}
}
}
Also used :
EffectiveTimes(com.b2international.snowowl.core.date.EffectiveTimes)
JsonProperty(com.fasterxml.jackson.annotation.JsonProperty)
java.util(java.util)
SubMonitor(org.eclipse.core.runtime.SubMonitor)
RevisionBranch(com.b2international.index.revision.RevisionBranch)
Multimap(com.google.common.collect.Multimap)
Branch(com.b2international.snowowl.core.branch.Branch)
RepositoryRequests(com.b2international.snowowl.core.repository.RepositoryRequests)
CREATE_VERSION(com.b2international.snowowl.core.internal.locks.DatastoreLockContextDescriptions.CREATE_VERSION)
HashMultimap(com.google.common.collect.HashMultimap)
AccessControl(com.b2international.snowowl.core.authorization.AccessControl)
DatastoreLockTarget(com.b2international.snowowl.core.internal.locks.DatastoreLockTarget)
Permission(com.b2international.snowowl.core.identity.Permission)
DatastoreLockContext(com.b2international.snowowl.core.internal.locks.DatastoreLockContext)
CompareUtils(com.b2international.commons.CompareUtils)
com.b2international.snowowl.core(com.b2international.snowowl.core)
NotFoundException(com.b2international.commons.exceptions.NotFoundException)
com.b2international.snowowl.core.request(com.b2international.snowowl.core.request)
Version(com.b2international.snowowl.core.version.Version)
BadRequestException(com.b2international.commons.exceptions.BadRequestException)
ConflictException(com.b2international.commons.exceptions.ConflictException)
RepositoryContext(com.b2international.snowowl.core.domain.RepositoryContext)
Request(com.b2international.snowowl.core.events.Request)
JsonFormat(com.fasterxml.jackson.annotation.JsonFormat)
Instant(java.time.Instant)
NotNull(javax.validation.constraints.NotNull)
Collectors(java.util.stream.Collectors)
TerminologyRegistry(com.b2international.snowowl.core.terminology.TerminologyRegistry)
IProgressMonitor(org.eclipse.core.runtime.IProgressMonitor)
VersionDocument(com.b2international.snowowl.core.version.VersionDocument)
NotEmpty(org.hibernate.validator.constraints.NotEmpty)
LocalDate(java.time.LocalDate)
Sort(com.b2international.snowowl.core.request.SearchResourceRequest.Sort)
Entry(java.util.Map.Entry)
IOperationLockManager(com.b2international.snowowl.core.locks.IOperationLockManager)
ResourceURLSchemaSupport(com.b2international.snowowl.core.uri.ResourceURLSchemaSupport)
ResourceRepositoryCommitRequestBuilder(com.b2international.snowowl.core.context.ResourceRepositoryCommitRequestBuilder)
User(com.b2international.snowowl.core.identity.User)
User(com.b2international.snowowl.core.identity.User)
ConflictException(com.b2international.commons.exceptions.ConflictException)
NotFoundException(com.b2international.commons.exceptions.NotFoundException)
IProgressMonitor(org.eclipse.core.runtime.IProgressMonitor)
RevisionBranch(com.b2international.index.revision.RevisionBranch)
Branch(com.b2international.snowowl.core.branch.Branch)
BadRequestException(com.b2international.commons.exceptions.BadRequestException)
ResourceRepositoryCommitRequestBuilder(com.b2international.snowowl.core.context.ResourceRepositoryCommitRequestBuilder)
Aggregations
User (com.b2international.snowowl.core.identity.User)9
Permission (com.b2international.snowowl.core.identity.Permission)7
Collection (java.util.Collection)4
List (java.util.List)4
Collectors (java.util.stream.Collectors)4
ServiceProvider (com.b2international.snowowl.core.ServiceProvider)3
RepositoryContext (com.b2international.snowowl.core.domain.RepositoryContext)3
Role (com.b2international.snowowl.core.identity.Role)3
IEventBus (com.b2international.snowowl.eventbus.IEventBus)3
Expression (com.b2international.index.query.Expression)2
Expressions (com.b2international.index.query.Expressions)2
ExpressionBuilder (com.b2international.index.query.Expressions.ExpressionBuilder)2
AuthorizedEventBus (com.b2international.snowowl.core.authorization.AuthorizedEventBus)2
Request (com.b2international.snowowl.core.events.Request)2
IdentityProvider (com.b2international.snowowl.core.identity.IdentityProvider)2
JWTGenerator (com.b2international.snowowl.core.identity.JWTGenerator)2
ResourceDocument (com.b2international.snowowl.core.internal.ResourceDocument)2
Strings (com.google.common.base.Strings)2
Iterables (com.google.common.collect.Iterables)2
Map (java.util.Map)2
