Examples with ConqueryPermission com.bakdata.conquery.models.auth.permissions.ConqueryPermission used on opensource projects

Search in sources :

Example 6 with ConqueryPermission

use of com.bakdata.conquery.models.auth.permissions.ConqueryPermission in project conquery by bakdata.

the class TokenScopedUser method authorize.

@Override
public void authorize(@NonNull Authorized object, @NonNull Ability ability) {
    final ConqueryPermission permission = object.createPermission(EnumSet.of(ability));
    if (!tokenContext.isCoveredByScopes(permission)) {
        throw new UnauthorizedException("The scopes of the token do not support handling the permission: " + permission);
    }
    delegate.authorize(object, ability);
}
Also used : ConqueryPermission(com.bakdata.conquery.models.auth.permissions.ConqueryPermission) UnauthorizedException(org.apache.shiro.authz.UnauthorizedException)

Example 7 with ConqueryPermission

use of com.bakdata.conquery.models.auth.permissions.ConqueryPermission in project conquery by bakdata.

the class User method getEffectivePermissions.

@Override
public Set<ConqueryPermission> getEffectivePermissions() {
    Set<ConqueryPermission> permissions = getPermissions();
    for (RoleId roleId : roles) {
        Role role = storage.getRole(roleId);
        if (role == null) {
            log.warn("Could not find role {} to gather permissions", roleId);
            continue;
        }
        permissions = Sets.union(permissions, role.getEffectivePermissions());
    }
    for (Group group : storage.getAllGroups()) {
        if (!group.containsMember(this)) {
            continue;
        }
        permissions = Sets.union(permissions, group.getEffectivePermissions());
    }
    return permissions;
}
Also used : ConqueryPermission(com.bakdata.conquery.models.auth.permissions.ConqueryPermission) RoleId(com.bakdata.conquery.models.identifiable.ids.specific.RoleId)

Example 8 with ConqueryPermission

use of com.bakdata.conquery.models.auth.permissions.ConqueryPermission in project conquery by bakdata.

the class AuthorizationController method flatCopyUser.

/**
 * Creates a copy of an existing user. The copied user has the same effective permissions as the original user
 * at the time of copying, but these are flatted. This means that the original user might hold certain permissions
 * through inheritance from roles or groups, the copy will hold the permissions directly.
 * @param originUser The user to make a flat copy of
 * @param namePrefix The prefix for the id of the new copied user
 * @return A flat copy of the referenced user
 */
public static User flatCopyUser(@NonNull User originUser, String namePrefix, @NonNull MetaStorage storage) {
    final UserId originUserId = originUser.getId();
    if (Strings.isNullOrEmpty(namePrefix)) {
        throw new IllegalArgumentException("There must be a prefix");
    }
    // Find a new user id that is not used yet
    String name = null;
    do {
        name = namePrefix + UUID.randomUUID() + originUserId.getName();
    } while (storage.getUser(new UserId(name)) != null);
    // Retrieve original user and its effective permissions
    // Copy inherited permissions
    Set<ConqueryPermission> copiedPermission = new HashSet<>();
    copiedPermission.addAll(originUser.getEffectivePermissions());
    // Give read permission to all executions the original user owned
    copiedPermission.addAll(storage.getAllExecutions().stream().filter(originUser::isOwner).map(exc -> exc.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Give read permission to all form configs the original user owned
    copiedPermission.addAll(storage.getAllFormConfigs().stream().filter(originUser::isOwner).map(conf -> conf.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Create copied user
    User copy = new User(name, originUser.getLabel(), storage);
    storage.addUser(copy);
    copy.updatePermissions(copiedPermission);
    return copy;
}
Also used : ConqueryPermission(com.bakdata.conquery.models.auth.permissions.ConqueryPermission) ProtoUser(com.bakdata.conquery.apiv1.auth.ProtoUser) User(com.bakdata.conquery.models.auth.entities.User) UserId(com.bakdata.conquery.models.identifiable.ids.specific.UserId) HashSet(java.util.HashSet)

Example 9 with ConqueryPermission

use of com.bakdata.conquery.models.auth.permissions.ConqueryPermission in project conquery by bakdata.

the class AuthorizationHelper method getEffectiveUserPermissions.

/**
 * Returns a list of the effective permissions. These are the permissions of the owner and
 * the permission of the roles it inherits. The query can be filtered by the Permission domain.
 * @return Owned and inherited permissions.
 */
public static Multimap<String, ConqueryPermission> getEffectiveUserPermissions(User user, List<String> domainSpecifier, MetaStorage storage) {
    Set<ConqueryPermission> permissions = user.getEffectivePermissions();
    Multimap<String, ConqueryPermission> mappedPerms = ArrayListMultimap.create();
    for (ConqueryPermission perm : permissions) {
        Set<String> domains = perm.getDomains();
        if (!Collections.disjoint(domainSpecifier, perm.getDomains())) {
            for (String domain : domains) {
                mappedPerms.put(domain, perm);
            }
        }
    }
    return mappedPerms;
}
Also used : ConqueryPermission(com.bakdata.conquery.models.auth.permissions.ConqueryPermission)

Aggregations

ConqueryPermission (com.bakdata.conquery.models.auth.permissions.ConqueryPermission)9 User (com.bakdata.conquery.models.auth.entities.User)5 WildcardPermission (com.bakdata.conquery.models.auth.permissions.WildcardPermission)3 HashSet (java.util.HashSet)3 MetaStorage (com.bakdata.conquery.io.storage.MetaStorage)2 ExecutionPermission (com.bakdata.conquery.models.auth.permissions.ExecutionPermission)2 FormConfigPermission (com.bakdata.conquery.models.auth.permissions.FormConfigPermission)2 RoleId (com.bakdata.conquery.models.identifiable.ids.specific.RoleId)2 UserId (com.bakdata.conquery.models.identifiable.ids.specific.UserId)2 Permission (org.apache.shiro.authz.Permission)2 QueryProcessor (com.bakdata.conquery.apiv1.QueryProcessor)1 ProtoUser (com.bakdata.conquery.apiv1.auth.ProtoUser)1 Query (com.bakdata.conquery.apiv1.query.Query)1 QueryTest (com.bakdata.conquery.integration.json.QueryTest)1 Role (com.bakdata.conquery.models.auth.entities.Role)1 Dataset (com.bakdata.conquery.models.datasets.Dataset)1 DatasetId (com.bakdata.conquery.models.identifiable.ids.specific.DatasetId)1 ManagedExecutionId (com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId)1 RoleUIResource (com.bakdata.conquery.resources.admin.ui.RoleUIResource)1 URI (java.net.URI)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial