Examples with WildcardPermission com.bakdata.conquery.models.auth.permissions.WildcardPermission used on opensource projects

Example 1 with WildcardPermission

use of com.bakdata.conquery.models.auth.permissions.WildcardPermission in project conquery by bakdata.

the class FormConfigProcessor method deleteConfig.

/**
 * Deletes a configuration from the storage and all permissions, that have this configuration as target.
 */
public void deleteConfig(Subject subject, FormConfig config) {
    User user = storage.getUser(subject.getId());
    user.authorize(config, Ability.DELETE);
    storage.removeFormConfig(config.getId());
    // Delete corresponding permissions (Maybe better to put it into a slow job)
    for (ConqueryPermission permission : user.getPermissions()) {
        WildcardPermission wpermission = (WildcardPermission) permission;
        if (!wpermission.getDomains().contains(FormConfigPermission.DOMAIN.toLowerCase())) {
            continue;
        }
        if (!wpermission.getInstances().contains(config.getId().toString().toLowerCase())) {
            continue;
        }
        if (!wpermission.getInstances().isEmpty()) {
            // Create new permission if it was a composite permission
            Set<String> instancesCleared = new HashSet<>(wpermission.getInstances());
            instancesCleared.remove(config.getId().toString());
            WildcardPermission clearedPermission = new WildcardPermission(List.of(wpermission.getDomains(), wpermission.getAbilities(), instancesCleared), Instant.now());
            user.addPermission(clearedPermission);
        }
        user.removePermission(wpermission);
    }
}

Example 2 with WildcardPermission

use of com.bakdata.conquery.models.auth.permissions.WildcardPermission in project conquery by bakdata.

the class PermissionCleanupTask method deleteQueryPermissionsWithMissingRef.

/**
 * Deletes permission that reference non-existing executions.
 *
 * @return The number of deleted permissions.
 */
public static int deleteQueryPermissionsWithMissingRef(MetaStorage storage, Iterable<? extends PermissionOwner<?>> owners) {
    int countDeleted = 0;
    // Do the loop-di-loop
    for (PermissionOwner<?> owner : owners) {
        Set<ConqueryPermission> permissions = owner.getPermissions();
        for (Permission permission : permissions) {
            WildcardPermission wpermission = getAsWildcardPermission(permission);
            if (wpermission == null) {
                continue;
            }
            if (!wpermission.getDomains().contains(ExecutionPermission.DOMAIN.toLowerCase())) {
                // Skip Permissions that do not reference an Execution/Query
                continue;
            }
            // Handle multiple references to instances
            Set<String> validRef = new HashSet<>();
            for (String sId : wpermission.getInstances()) {
                ManagedExecutionId mId = ManagedExecutionId.Parser.INSTANCE.parse(sId);
                if (storage.getExecution(mId) != null) {
                    // Execution exists -- it is a valid reference
                    validRef.add(mId.toString());
                }
            }
            if (!validRef.isEmpty()) {
                if (wpermission.getInstances().size() == validRef.size()) {
                    // All are valid, nothing changed proceed with the next permission
                    continue;
                }
                // Create a new Permission that only contains valid references
                WildcardPermission reducedPermission = new WildcardPermission(List.of(wpermission.getDomains(), wpermission.getAbilities(), validRef), wpermission.getCreationTime());
                owner.addPermission(reducedPermission);
            }
            // Delete the old permission that containes both valid and invalid references
            owner.removePermission(wpermission);
            countDeleted++;
        }
    }
    return countDeleted;
}

Example 3 with WildcardPermission

use of com.bakdata.conquery.models.auth.permissions.WildcardPermission in project conquery by bakdata.

the class PermissionCleanupTask method deletePermissionsOfOwnedInstances.

/**
 * Deletes permission that are unnecessary because the user is the owner of the referenced instance
 *
 * @return The number of deleted permissions.
 */
public static <E extends IdentifiableImpl<ID> & Owned, ID extends IId<E>> int deletePermissionsOfOwnedInstances(MetaStorage storage, String permissionDomain, IId.Parser<ID> idParser, Function<ID, E> instanceStorageExtractor) {
    int countDeleted = 0;
    for (User user : storage.getAllUsers()) {
        Set<ConqueryPermission> permissions = user.getPermissions();
        for (Permission permission : permissions) {
            WildcardPermission wpermission = getAsWildcardPermission(permission);
            if (wpermission == null) {
                continue;
            }
            if (!wpermission.getDomains().contains(permissionDomain)) {
                // Skip Permissions that do not reference an Execution/Query
                continue;
            }
            if (wpermission.getInstances().size() != 1) {
                log.trace("Skipping permission {} because it refers to multiple instances.", wpermission);
            }
            ID executionId = null;
            try {
                executionId = idParser.parse(wpermission.getInstances().iterator().next());
            } catch (Exception e) {
                log.warn("Unable to parse an id from permission instance. Permission was: {}", wpermission);
                continue;
            }
            E execution = instanceStorageExtractor.apply(executionId);
            if (execution == null) {
                log.trace("The execution referenced in permission {} does not exist. Skipping permission");
                continue;
            }
            if (!user.isOwner(execution)) {
                log.trace("The user is not owner of the instance. Keeping the permission. User: {}, Owner: {}, Instance: {}, Permission: {}", user.getId(), execution.getOwner(), execution.getId(), wpermission);
                continue;
            }
            log.trace("User owns the instance. Deleting the permission");
            user.removePermission(wpermission);
            countDeleted++;
        }
    }
    return countDeleted;
}

Example 4 with WildcardPermission

use of com.bakdata.conquery.models.auth.permissions.WildcardPermission in project conquery by bakdata.

the class PermissionCleanupTaskTest method doDeletePartialPermissionWithInvalidReference.

@Test
void doDeletePartialPermissionWithInvalidReference() {
    assertThat(STORAGE.getAllExecutions()).isEmpty();
    final ManagedQuery managedQuery1 = createManagedQuery();
    final ManagedQuery managedQuery2 = createManagedQuery();
    // Removing the second execution
    STORAGE.removeExecution(managedQuery2.getId());
    User user = new User("test", "test", STORAGE);
    STORAGE.updateUser(user);
    user.addPermission(// Build a permission with multiple instances
    new WildcardPermission(List.of(Set.of(ExecutionPermission.DOMAIN), Set.of(Ability.READ.toString().toLowerCase()), Set.of(managedQuery1.getId().toString(), managedQuery2.getId().toString())), Instant.now()));
    deleteQueryPermissionsWithMissingRef(STORAGE, STORAGE.getAllUsers());
    assertThat(user.getPermissions()).containsOnly(ExecutionPermission.onInstance(Ability.READ, managedQuery1.getId()));
}

Example 5 with WildcardPermission

use of com.bakdata.conquery.models.auth.permissions.WildcardPermission in project conquery by bakdata.

the class ProtoUser method createOrOverwriteUser.

public User createOrOverwriteUser(@NonNull MetaStorage storage) {
    if (label == null) {
        label = name;
    }
    User user = new User(name, label, storage);
    storage.updateUser(user);
    for (String sPermission : permissions) {
        user.addPermission(new WildcardPermission(sPermission));
    }
    return user;
}