Example 1 with ApplyNodePermissionsParams
use of com.enonic.xp.node.ApplyNodePermissionsParams in project xp by enonic.
the class ApplyNodePermissionsCommandTest method applyPermissionsWithOverwrite.
private void applyPermissionsWithOverwrite() {
final PrincipalKey user1 = PrincipalKey.ofUser(USK, "user1");
final PrincipalKey user2 = PrincipalKey.ofUser(USK, "user2");
final PrincipalKey group1 = PrincipalKey.ofGroup(USK, "group1");
final AccessControlList permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(group1).allow(READ, CREATE, DELETE, MODIFY).build());
CreateRootNodeCommand.create().params(CreateRootNodeParams.create().permissions(AccessControlList.create().add(AccessControlEntry.create().principal(TEST_DEFAULT_USER.getKey()).allowAll().build()).build()).build()).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
final Node topNode = createNode(CreateNodeParams.create().name("my-node").parent(NodePath.ROOT).permissions(permissions).inheritPermissions(false).build());
final Node child1_1 = createNode(CreateNodeParams.create().name("child1_1").parent(topNode.path()).build());
final Node child1_2 = createNode(CreateNodeParams.create().name("child1_2").parent(topNode.path()).build());
final AccessControlList child1_1_1Permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(user2).allow(READ, CREATE, DELETE, MODIFY, PUBLISH).build());
final Node child1_1_1 = createNode(CreateNodeParams.create().name("child1_1_1").parent(child1_1.path()).permissions(child1_1_1Permissions).inheritPermissions(false).build());
final Node child1_2_1 = createNode(CreateNodeParams.create().name("child1_2_1").parent(child1_2.path()).build());
final Node child1_2_2 = createNode(CreateNodeParams.create().name("child1_2_2").parent(child1_2.path()).build());
refresh();
final ApplyNodePermissionsParams params = ApplyNodePermissionsParams.create().nodeId(topNode.id()).permissions(topNode.getPermissions()).overwriteChildPermissions(true).applyPermissionsListener(Mockito.mock(ApplyPermissionsListener.class)).build();
final ApplyNodePermissionsResult updateNodes = ApplyNodePermissionsCommand.create().params(params).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
refresh();
assertEquals(6, updateNodes.getSucceedNodes().getSize());
final Node topNodeUpdated = getNodeById(topNode.id());
assertEquals(permissions, topNodeUpdated.getPermissions());
final Node child1_1Updated = getNodeById(child1_1.id());
assertEquals(permissions, child1_1Updated.getPermissions());
assertVersions(child1_1Updated);
assertTrue(child1_1.getTimestamp().isBefore(child1_1_1.getTimestamp()));
final Node child1_2Updated = getNodeById(child1_2.id());
assertEquals(permissions, child1_2Updated.getPermissions());
final Node child1_1_1Updated = getNodeById(child1_1_1.id());
assertEquals(permissions, child1_1_1Updated.getPermissions());
final Node child1_2_1Updated = getNodeById(child1_2_1.id());
assertEquals(permissions, child1_2_1Updated.getPermissions());
final Node child1_2_2Updated = getNodeById(child1_2_2.id());
assertEquals(permissions, child1_2_2Updated.getPermissions());
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
Node(com.enonic.xp.node.Node)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
ApplyNodePermissionsResult(com.enonic.xp.node.ApplyNodePermissionsResult)
Example 2 with ApplyNodePermissionsParams
use of com.enonic.xp.node.ApplyNodePermissionsParams in project xp by enonic.
the class ApplyNodePermissionsCommandTest method applyPermissionsWithMerge.
private void applyPermissionsWithMerge() {
final PrincipalKey user1 = PrincipalKey.ofUser(USK, "user1");
final PrincipalKey user2 = PrincipalKey.ofUser(USK, "user2");
final PrincipalKey group1 = PrincipalKey.ofGroup(USK, "group1");
final AccessControlList permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(group1).allow(READ, CREATE, DELETE, MODIFY).build());
final AccessControlList initialChildPermissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ).build());
final Node topNode = createNode(CreateNodeParams.create().name("my-node").parent(NodePath.ROOT).permissions(permissions).inheritPermissions(false).build());
final Node child1_1 = createNode(CreateNodeParams.create().name("child1_1").parent(topNode.path()).permissions(initialChildPermissions).inheritPermissions(true).build());
final Node child1_2 = createNode(CreateNodeParams.create().name("child1_2").parent(topNode.path()).permissions(initialChildPermissions).inheritPermissions(true).build());
final AccessControlList child1_1_1Permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY, DELETE).build(), AccessControlEntry.create().principal(user2).allow(READ, CREATE, DELETE, MODIFY, PUBLISH).build());
final Node child1_1_1 = createNode(CreateNodeParams.create().name("child1_1_1").parent(child1_1.path()).permissions(child1_1_1Permissions).inheritPermissions(false).build());
final Node child1_2_1 = createNode(CreateNodeParams.create().name("child1_2_1").parent(child1_2.path()).permissions(initialChildPermissions).inheritPermissions(true).build());
final Node child1_2_2 = createNode(CreateNodeParams.create().name("child1_2_2").parent(child1_2.path()).permissions(initialChildPermissions).inheritPermissions(true).build());
refresh();
final ApplyNodePermissionsParams params = ApplyNodePermissionsParams.create().nodeId(topNode.id()).overwriteChildPermissions(false).permissions(topNode.getPermissions()).applyPermissionsListener(Mockito.mock(ApplyPermissionsListener.class)).build();
final ApplyNodePermissionsResult updatedNodes = ApplyNodePermissionsCommand.create().params(params).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
refresh();
assertEquals(6, updatedNodes.getSucceedNodes().getSize());
final Node topNodeUpdated = getNodeById(topNode.id());
assertEquals(permissions, topNodeUpdated.getPermissions());
final Node child1_1Updated = getNodeById(child1_1.id());
assertEquals(permissions, child1_1Updated.getPermissions());
final Node child1_2Updated = getNodeById(child1_2.id());
assertEquals(permissions, child1_2Updated.getPermissions());
final Node child1_1_1Updated = getNodeById(child1_1_1.id());
assertEquals("[user:system:anonymous[+read, +write_permissions], " + "group:system:group1[+read, +create, +modify, +delete], " + "user:system:user1[+read, +modify, +delete], " + "user:system:user2[+read, +create, +modify, +delete, +publish]]", child1_1_1Updated.getPermissions().toString());
final Node child1_2_1Updated = getNodeById(child1_2_1.id());
assertEquals(permissions, child1_2_1Updated.getPermissions());
final Node child1_2_2Updated = getNodeById(child1_2_2.id());
assertEquals(permissions, child1_2_2Updated.getPermissions());
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
Node(com.enonic.xp.node.Node)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
ApplyNodePermissionsResult(com.enonic.xp.node.ApplyNodePermissionsResult)
Example 3 with ApplyNodePermissionsParams
use of com.enonic.xp.node.ApplyNodePermissionsParams in project xp by enonic.
the class SecurityServiceImpl method updateIdProvider.
@Override
public IdProvider updateIdProvider(final UpdateIdProviderParams updateIdProviderParams) {
return callWithContext(() -> {
final NodePath idProviderNodePath = IdProviderNodeTranslator.toIdProviderNodePath(updateIdProviderParams.getKey());
final Node node = this.nodeService.getByPath(idProviderNodePath);
if (node == null) {
return null;
}
final IdProvider existingIdProvider = IdProviderNodeTranslator.fromNode(node);
final IdProvider idProviderToUpdate = updateIdProviderParams.update(existingIdProvider);
final UpdateNodeParams updateNodeParams = IdProviderNodeTranslator.toUpdateNodeParams(idProviderToUpdate, node.id());
final Node idProviderNode = nodeService.update(updateNodeParams);
if (updateIdProviderParams.getIdProviderPermissions() != null) {
final Node usersNode = nodeService.getByPath(IdProviderNodeTranslator.toIdProviderUsersNodePath(updateIdProviderParams.getKey()));
final Node groupsNode = nodeService.getByPath(IdProviderNodeTranslator.toIdProviderGroupsNodePath(updateIdProviderParams.getKey()));
final IdProviderAccessControlList permissions = updateIdProviderParams.getIdProviderPermissions();
AccessControlList idProviderNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToIdProviderNodePermissions(permissions);
AccessControlList usersNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToUsersNodePermissions(permissions);
AccessControlList groupsNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToGroupsNodePermissions(permissions);
final Node rootNode = nodeService.getRoot();
idProviderNodePermissions = mergeWithRootPermissions(idProviderNodePermissions, rootNode.getPermissions());
usersNodePermissions = mergeWithRootPermissions(usersNodePermissions, rootNode.getPermissions());
groupsNodePermissions = mergeWithRootPermissions(groupsNodePermissions, rootNode.getPermissions());
setNodePermissions(idProviderNode.id(), idProviderNodePermissions);
setNodePermissions(usersNode.id(), usersNodePermissions);
setNodePermissions(groupsNode.id(), groupsNodePermissions);
final ApplyNodePermissionsParams applyPermissions = ApplyNodePermissionsParams.create().nodeId(idProviderNode.id()).overwriteChildPermissions(false).build();
nodeService.applyPermissions(applyPermissions);
}
this.nodeService.refresh(RefreshMode.SEARCH);
return IdProviderNodeTranslator.fromNode(idProviderNode);
});
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
Node(com.enonic.xp.node.Node)
IdProvider(com.enonic.xp.security.IdProvider)
UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
NodePath(com.enonic.xp.node.NodePath)
Example 4 with ApplyNodePermissionsParams
use of com.enonic.xp.node.ApplyNodePermissionsParams in project xp by enonic.
the class SecurityServiceImpl method createIdProvider.
@Override
public IdProvider createIdProvider(final CreateIdProviderParams createIdProviderParams) {
final PropertyTree data = new PropertyTree();
data.setString(IdProviderPropertyNames.DISPLAY_NAME_KEY, createIdProviderParams.getDisplayName());
data.setString(IdProviderPropertyNames.DESCRIPTION_KEY, createIdProviderParams.getDescription());
final IdProviderConfig idProviderConfig = createIdProviderParams.getIdProviderConfig();
if (idProviderConfig != null) {
data.setString(IdProviderPropertyNames.ID_PROVIDER_APPLICATION_KEY, idProviderConfig.getApplicationKey().toString());
data.setSet(IdProviderPropertyNames.ID_PROVIDER_CONFIG_FORM_KEY, idProviderConfig.getConfig().getRoot());
}
try {
final Node node = callWithContext(() -> {
final IdProviderAccessControlList permissions = createIdProviderParams.getIdProviderPermissions();
AccessControlList idProviderNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToIdProviderNodePermissions(permissions);
AccessControlList usersNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToUsersNodePermissions(permissions);
AccessControlList groupsNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToGroupsNodePermissions(permissions);
final Node rootNode = nodeService.getRoot();
idProviderNodePermissions = mergeWithRootPermissions(idProviderNodePermissions, rootNode.getPermissions());
usersNodePermissions = mergeWithRootPermissions(usersNodePermissions, rootNode.getPermissions());
groupsNodePermissions = mergeWithRootPermissions(groupsNodePermissions, rootNode.getPermissions());
final Node idProviderNode = nodeService.create(CreateNodeParams.create().parent(IdProviderNodeTranslator.getIdProvidersParentPath()).name(createIdProviderParams.getKey().toString()).data(data).permissions(idProviderNodePermissions).build());
nodeService.create(CreateNodeParams.create().parent(idProviderNode.path()).name(IdProviderNodeTranslator.USER_FOLDER_NODE_NAME).permissions(usersNodePermissions).build());
nodeService.create(CreateNodeParams.create().parent(idProviderNode.path()).name(IdProviderNodeTranslator.GROUP_FOLDER_NODE_NAME).permissions(groupsNodePermissions).build());
final ApplyNodePermissionsParams applyPermissions = ApplyNodePermissionsParams.create().nodeId(rootNode.id()).overwriteChildPermissions(false).build();
nodeService.applyPermissions(applyPermissions);
this.nodeService.refresh(RefreshMode.SEARCH);
return idProviderNode;
});
return IdProviderNodeTranslator.fromNode(node);
} catch (NodeIdExistsException | NodeAlreadyExistAtPathException e) {
throw new IdProviderAlreadyExistsException(createIdProviderParams.getKey());
}
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
NodeIdExistsException(com.enonic.xp.node.NodeIdExistsException)
PropertyTree(com.enonic.xp.data.PropertyTree)
Node(com.enonic.xp.node.Node)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException)
NodeAlreadyExistAtPathException(com.enonic.xp.node.NodeAlreadyExistAtPathException)
IdProviderConfig(com.enonic.xp.security.IdProviderConfig)
Example 5 with ApplyNodePermissionsParams
use of com.enonic.xp.node.ApplyNodePermissionsParams in project xp by enonic.
the class ApplyContentPermissionsCommand method execute.
ApplyContentPermissionsResult execute() {
final NodeId nodeId = NodeId.from(params.getContentId().toString());
final ApplyNodePermissionsParams applyNodePermissionsParams = ApplyNodePermissionsParams.create().nodeId(nodeId).permissions(params.getPermissions()).inheritPermissions(params.isInheritPermissions()).overwriteChildPermissions(params.isOverwriteChildPermissions()).applyPermissionsListener(params.getListener()).build();
final ApplyNodePermissionsResult result = nodeService.applyPermissions(applyNodePermissionsParams);
return ApplyContentPermissionsResult.create().setSucceedContents(ContentNodeHelper.translateNodePathsToContentPaths(result.getSucceedNodes().getPaths())).setSkippedContents(ContentNodeHelper.translateNodePathsToContentPaths(result.getSkippedNodes().getPaths())).build();
}
Also used :
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
NodeId(com.enonic.xp.node.NodeId)
ApplyNodePermissionsResult(com.enonic.xp.node.ApplyNodePermissionsResult)
Aggregations
ApplyNodePermissionsParams (com.enonic.xp.node.ApplyNodePermissionsParams)5
Node (com.enonic.xp.node.Node)4
AccessControlList (com.enonic.xp.security.acl.AccessControlList)4
ApplyNodePermissionsResult (com.enonic.xp.node.ApplyNodePermissionsResult)3
PrincipalKey (com.enonic.xp.security.PrincipalKey)2
IdProviderAccessControlList (com.enonic.xp.security.acl.IdProviderAccessControlList)2
PropertyTree (com.enonic.xp.data.PropertyTree)1
NodeAlreadyExistAtPathException (com.enonic.xp.node.NodeAlreadyExistAtPathException)1
NodeId (com.enonic.xp.node.NodeId)1
NodeIdExistsException (com.enonic.xp.node.NodeIdExistsException)1
NodePath (com.enonic.xp.node.NodePath)1
UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)1
IdProvider (com.enonic.xp.security.IdProvider)1
IdProviderAlreadyExistsException (com.enonic.xp.security.IdProviderAlreadyExistsException)1
IdProviderConfig (com.enonic.xp.security.IdProviderConfig)1
