Examples with Group com.bakdata.conquery.models.auth.entities.Group used on opensource projects

Example 6 with Group

use of com.bakdata.conquery.models.auth.entities.Group in project conquery by bakdata.

the class QueryProcessor method postQuery.

/**
 * Creates a query for all datasets, then submits it for execution on the
 * intended dataset.
 */
public ManagedExecution<?> postQuery(Dataset dataset, QueryDescription query, Subject subject) {
    log.info("Query posted on Dataset[{}] by User[{{}].", dataset.getId(), subject.getId());
    // This maps works as long as we have query visitors that are not configured in anyway.
    // So adding a visitor twice would replace the previous one but both would have yielded the same result.
    // For the future a better data structure might be desired that also regards similar QueryVisitors of different configuration
    ClassToInstanceMap<QueryVisitor> visitors = MutableClassToInstanceMap.create();
    query.addVisitors(visitors);
    // Initialize checks that need to traverse the query tree
    visitors.putInstance(QueryUtils.OnlyReusingChecker.class, new QueryUtils.OnlyReusingChecker());
    visitors.putInstance(NamespacedIdentifiableCollector.class, new NamespacedIdentifiableCollector());
    final String primaryGroupName = AuthorizationHelper.getPrimaryGroup(subject, storage).map(Group::getName).orElse("none");
    visitors.putInstance(ExecutionMetrics.QueryMetricsReporter.class, new ExecutionMetrics.QueryMetricsReporter(primaryGroupName));
    // Chain all Consumers
    Consumer<Visitable> consumerChain = QueryUtils.getNoOpEntryPoint();
    for (QueryVisitor visitor : visitors.values()) {
        consumerChain = consumerChain.andThen(visitor);
    }
    // Apply consumers to the query tree
    query.visit(consumerChain);
    query.authorize(subject, dataset, visitors);
    // After all authorization checks we can now use the actual subject to invoke the query and do not to bubble down the Userish in methods
    ExecutionMetrics.reportNamespacedIds(visitors.getInstance(NamespacedIdentifiableCollector.class).getIdentifiables(), primaryGroupName);
    ExecutionMetrics.reportQueryClassUsage(query.getClass(), primaryGroupName);
    final Namespace namespace = datasetRegistry.get(dataset.getId());
    final ExecutionManager executionManager = namespace.getExecutionManager();
    // If this is only a re-executing query, try to execute the underlying query instead.
    {
        final Optional<ManagedExecutionId> executionId = visitors.getInstance(QueryUtils.OnlyReusingChecker.class).getOnlyReused();
        final Optional<ManagedExecution<?>> execution = executionId.map(id -> tryReuse(query, id, datasetRegistry, config, executionManager, subject.getUser()));
        if (execution.isPresent()) {
            return execution.get();
        }
    }
    // Execute the query
    return executionManager.runQuery(datasetRegistry, query, subject.getUser(), dataset, config);
}

Example 7 with Group

use of com.bakdata.conquery.models.auth.entities.Group in project conquery by bakdata.

the class ActiveUsersFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    final Principal userPrincipal = requestContext.getSecurityContext().getUserPrincipal();
    if (!(userPrincipal instanceof User)) {
        return;
    }
    final User user = (User) userPrincipal;
    final Optional<Group> groupOptional = AuthorizationHelper.getPrimaryGroup(user, storage);
    if (groupOptional.isEmpty()) {
        log.trace("{} has no primary group", user);
        return;
    }
    final Group group = groupOptional.get();
    activeUsers.put(group, user, LocalDateTime.now());
    final String metricName = MetricRegistry.name(USERS, group.getName(), ACTIVE);
    // This does not register multiple gauges, but reuses them under the hood.
    SharedMetricRegistries.getDefault().gauge(metricName, () -> activeUsersGauge(group));
}

Example 8 with Group

use of com.bakdata.conquery.models.auth.entities.Group in project conquery by bakdata.

the class CopyUserTest method testUserCopy.

@Test
void testUserCopy() {
    final DatasetRegistry registry = new DatasetRegistry(0);
    MetaStorage storage = new NonPersistentStoreFactory().createMetaStorage();
    registry.setMetaStorage(storage);
    // Create test role
    Role role = new Role("role", "role", storage);
    storage.addRole(role);
    role.addPermission(DatasetPermission.onInstance(Ability.READ, new DatasetId("dataset0")));
    // Create test group
    Group group = new Group("group", "group", storage);
    storage.addGroup(group);
    group.addPermission(DatasetPermission.onInstance(Ability.READ, new DatasetId("dataset1")));
    // Create original user with role and group mapping
    User originUser = new User("user", "user", storage);
    storage.addUser(originUser);
    originUser.addRole(role);
    group.addMember(originUser);
    // Do copy
    User copy = AuthorizationController.flatCopyUser(originUser, "copytest", storage);
    // Check that it is not the same user
    assertThat(copy).usingRecursiveComparison().isNotEqualTo(originUser);
    // Check that the copy does not have any mappings
    assertThat(group.containsMember(copy)).isFalse();
    assertThat(copy.getRoles()).isEmpty();
    // Check that the flat map worked
    assertThat(copy.getPermissions()).containsExactlyInAnyOrderElementsOf(originUser.getEffectivePermissions());
}

Example 9 with Group

use of com.bakdata.conquery.models.auth.entities.Group in project conquery by bakdata.

the class UIProcessor method getAuthOverview.

public FEAuthOverview getAuthOverview() {
    Collection<FEAuthOverview.OverviewRow> overview = new TreeSet<>();
    for (User user : getStorage().getAllUsers()) {
        Collection<Group> userGroups = AuthorizationHelper.getGroupsOf(user, getStorage());
        List<Role> effectiveRoles = user.getRoles().stream().map(getStorage()::getRole).collect(Collectors.toList());
        userGroups.forEach(g -> effectiveRoles.addAll(g.getRoles().stream().map(getStorage()::getRole).collect(Collectors.toList())));
        overview.add(FEAuthOverview.OverviewRow.builder().user(user).groups(userGroups).effectiveRoles(effectiveRoles).build());
    }
    return FEAuthOverview.builder().overview(overview).build();
}

Example 10 with Group

use of com.bakdata.conquery.models.auth.entities.Group in project conquery by bakdata.

the class SerializationTests method group.

@Test
public void group() throws IOException, JSONException {
    Group group = new Group("group", "group", STORAGE);
    group.addPermission(DatasetPermission.onInstance(Ability.READ, new DatasetId("test")));
    group.addPermission(ExecutionPermission.onInstance(Ability.READ, new ManagedExecutionId(new DatasetId("dataset"), UUID.randomUUID())));
    group.addRole(new Role("company", "company", STORAGE));
    Role role = new Role("company", "company", STORAGE);
    group.addRole(role);
    User user = new User("userName", "userLabel", STORAGE);
    group.addMember(user);
    CentralRegistry registry = new CentralRegistry();
    registry.register(role);
    registry.register(user);
    SerializationTestUtil.forType(Group.class).injectables(STORAGE).registry(registry).test(group);
}