Example 21 with PrincipalKey
use of com.enonic.xp.security.PrincipalKey in project xp by enonic.
the class ApplyNodePermissionsCommandTest method applyPermissionsWithOverwrite.
private void applyPermissionsWithOverwrite() {
final PrincipalKey user1 = PrincipalKey.ofUser(USK, "user1");
final PrincipalKey user2 = PrincipalKey.ofUser(USK, "user2");
final PrincipalKey group1 = PrincipalKey.ofGroup(USK, "group1");
final AccessControlList permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(group1).allow(READ, CREATE, DELETE, MODIFY).build());
CreateRootNodeCommand.create().params(CreateRootNodeParams.create().permissions(AccessControlList.create().add(AccessControlEntry.create().principal(TEST_DEFAULT_USER.getKey()).allowAll().build()).build()).build()).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
final Node topNode = createNode(CreateNodeParams.create().name("my-node").parent(NodePath.ROOT).permissions(permissions).inheritPermissions(false).build());
final Node child1_1 = createNode(CreateNodeParams.create().name("child1_1").parent(topNode.path()).build());
final Node child1_2 = createNode(CreateNodeParams.create().name("child1_2").parent(topNode.path()).build());
final AccessControlList child1_1_1Permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(user2).allow(READ, CREATE, DELETE, MODIFY, PUBLISH).build());
final Node child1_1_1 = createNode(CreateNodeParams.create().name("child1_1_1").parent(child1_1.path()).permissions(child1_1_1Permissions).inheritPermissions(false).build());
final Node child1_2_1 = createNode(CreateNodeParams.create().name("child1_2_1").parent(child1_2.path()).build());
final Node child1_2_2 = createNode(CreateNodeParams.create().name("child1_2_2").parent(child1_2.path()).build());
refresh();
final ApplyNodePermissionsParams params = ApplyNodePermissionsParams.create().nodeId(topNode.id()).permissions(topNode.getPermissions()).overwriteChildPermissions(true).applyPermissionsListener(Mockito.mock(ApplyPermissionsListener.class)).build();
final ApplyNodePermissionsResult updateNodes = ApplyNodePermissionsCommand.create().params(params).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
refresh();
assertEquals(6, updateNodes.getSucceedNodes().getSize());
final Node topNodeUpdated = getNodeById(topNode.id());
assertEquals(permissions, topNodeUpdated.getPermissions());
final Node child1_1Updated = getNodeById(child1_1.id());
assertEquals(permissions, child1_1Updated.getPermissions());
assertVersions(child1_1Updated);
assertTrue(child1_1.getTimestamp().isBefore(child1_1_1.getTimestamp()));
final Node child1_2Updated = getNodeById(child1_2.id());
assertEquals(permissions, child1_2Updated.getPermissions());
final Node child1_1_1Updated = getNodeById(child1_1_1.id());
assertEquals(permissions, child1_1_1Updated.getPermissions());
final Node child1_2_1Updated = getNodeById(child1_2_1.id());
assertEquals(permissions, child1_2_1Updated.getPermissions());
final Node child1_2_2Updated = getNodeById(child1_2_2.id());
assertEquals(permissions, child1_2_2Updated.getPermissions());
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams)
Node(com.enonic.xp.node.Node)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
ApplyNodePermissionsResult(com.enonic.xp.node.ApplyNodePermissionsResult)
Example 22 with PrincipalKey
use of com.enonic.xp.security.PrincipalKey in project xp by enonic.
the class IdProviderNodeTranslator method idProviderPermissionsFromNode.
static IdProviderAccessControlList idProviderPermissionsFromNode(final Node idProviderNode, final Node usersNode, final Node groupsNode) {
final IdProviderAccessControlList.Builder acl = IdProviderAccessControlList.create();
final AccessControlList idProviderPermissions = idProviderNode.getPermissions();
final AccessControlList usersPermissions = usersNode.getPermissions();
final AccessControlList groupsPermissions = groupsNode.getPermissions();
final PrincipalKeys principals = PrincipalKeys.from(idProviderPermissions.getAllPrincipals(), usersPermissions.getAllPrincipals(), groupsPermissions.getAllPrincipals());
for (PrincipalKey principal : principals) {
if (idProviderPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ADMINISTRATOR).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ID_PROVIDER_MANAGER).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(WRITE_USERS).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, CREATE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(CREATE_USERS).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(IdProviderAccess.READ).build();
acl.add(access);
}
}
return acl.build();
}
Also used :
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
IdProviderAccessControlEntry(com.enonic.xp.security.acl.IdProviderAccessControlEntry)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Example 23 with PrincipalKey
use of com.enonic.xp.security.PrincipalKey in project xp by enonic.
the class IssueServiceImplTest_comment method comment_noIssue.
@Test
public void comment_noIssue() throws Exception {
final Instant created = Instant.now().minus(1, ChronoUnit.MINUTES);
final PrincipalKey creator = PrincipalKey.from("user:store:me");
final String creatorDisplayName = "Me Myself";
final CreateIssueCommentParams params = CreateIssueCommentParams.create().text("text").issue(IssueId.create()).creator(creator).creatorDisplayName(creatorDisplayName).created(created).build();
assertThrows(NodeNotFoundException.class, () -> this.issueService.createComment(params));
}
Also used :
Instant(java.time.Instant)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
CreateIssueCommentParams(com.enonic.xp.issue.CreateIssueCommentParams)
Test(org.junit.jupiter.api.Test)
Example 24 with PrincipalKey
use of com.enonic.xp.security.PrincipalKey in project xp by enonic.
the class SchedulerServiceImplTest method createOneTimeJob.
@Test
void createOneTimeJob() throws Exception {
final ScheduledJobName name = ScheduledJobName.from("test");
final DescriptorKey descriptor = DescriptorKey.from(ApplicationKey.from("com.enonic.app.features"), "landing");
final ScheduleCalendar calendar = calendarService.oneTime(Instant.parse("2021-02-25T10:44:33.170079900Z"));
final PropertyTree config = new PropertyTree();
config.addString("string", "value");
final PrincipalKey user = PrincipalKey.from("user:system:user");
final CreateScheduledJobParams params = CreateScheduledJobParams.create().name(name).descriptor(descriptor).calendar(calendar).config(config).description("description").enabled(true).user(user).build();
final Instant now = Instant.now();
Thread.sleep(100);
final ScheduledJob scheduledJob = adminContext().callWith(() -> schedulerService.create(params));
assertEquals("2021-02-25T10:44:33.170079900Z", ((OneTimeCalendar) scheduledJob.getCalendar()).getValue().toString());
assertEquals(ScheduleCalendarType.ONE_TIME, scheduledJob.getCalendar().getType());
assertEquals("user:system:repo-test-user", scheduledJob.getCreator().toString());
assertEquals("user:system:repo-test-user", scheduledJob.getModifier().toString());
assertTrue(now.isBefore(scheduledJob.getModifiedTime()));
assertTrue(now.isBefore(scheduledJob.getCreatedTime()));
}
Also used :
CreateScheduledJobParams(com.enonic.xp.scheduler.CreateScheduledJobParams)
ScheduledJobName(com.enonic.xp.scheduler.ScheduledJobName)
PropertyTree(com.enonic.xp.data.PropertyTree)
Instant(java.time.Instant)
ScheduledJob(com.enonic.xp.scheduler.ScheduledJob)
OneTimeCalendar(com.enonic.xp.scheduler.OneTimeCalendar)
DescriptorKey(com.enonic.xp.page.DescriptorKey)
ScheduleCalendar(com.enonic.xp.scheduler.ScheduleCalendar)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Test(org.junit.jupiter.api.Test)
AbstractNodeTest(com.enonic.xp.repo.impl.node.AbstractNodeTest)
Example 25 with PrincipalKey
use of com.enonic.xp.security.PrincipalKey in project xp by enonic.
the class IssueServiceImplTest_update method update.
@Test
public void update() throws Exception {
final Instant createdTime = Instant.now();
final Issue issue = this.createIssue(createdTime);
final PrincipalKey commentatorKey = PrincipalKey.from("user:myStore:commentator-1");
final UpdateIssueParams updateIssueParams = UpdateIssueParams.create().id(issue.getId()).editor(editMe -> {
editMe.title = "updated title";
editMe.description = "updated description";
editMe.approverIds = PrincipalKeys.from(PrincipalKey.from("user:myStore:approver-1"), PrincipalKey.from("user:myStore:approver-2"));
editMe.publishRequest = PublishRequest.create().addExcludeId(ContentId.from("new-exclude-id")).addItem(PublishRequestItem.create().id(ContentId.from("new-content-id")).includeChildren(true).build()).build();
editMe.issueStatus = IssueStatus.CLOSED;
}).build();
final Issue updatedIssue = this.issueService.update(updateIssueParams);
assertNotNull(updatedIssue);
assertEquals("updated title", updatedIssue.getTitle());
assertEquals("updated description", updatedIssue.getDescription());
assertEquals(IssueStatus.CLOSED, updatedIssue.getStatus());
assertEquals(PrincipalKey.from("user:system:test-user"), updatedIssue.getCreator());
assertEquals(PrincipalKey.from("user:system:test-user"), updatedIssue.getModifier());
assertEquals(PrincipalKey.from("user:myStore:approver-1"), updatedIssue.getApproverIds().first());
assertEquals(ContentId.from("new-exclude-id"), updatedIssue.getPublishRequest().getExcludeIds().first());
assertEquals(ContentId.from("new-content-id"), updatedIssue.getPublishRequest().getItems().first().getId());
assertEquals(true, updatedIssue.getPublishRequest().getItems().first().getIncludeChildren());
assertEquals(IssueNameFactory.create(updatedIssue.getIndex()), updatedIssue.getName());
assertNotEquals(updatedIssue.getCreatedTime(), updatedIssue.getModifiedTime());
}
Also used :
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
IssueStatus(com.enonic.xp.issue.IssueStatus)
CreatePublishRequestIssueParams(com.enonic.xp.issue.CreatePublishRequestIssueParams)
Issue(com.enonic.xp.issue.Issue)
PublishRequestItem(com.enonic.xp.issue.PublishRequestItem)
Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals)
Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull)
CreateIssueParams(com.enonic.xp.issue.CreateIssueParams)
Instant(java.time.Instant)
PublishRequestIssueSchedule(com.enonic.xp.issue.PublishRequestIssueSchedule)
Test(org.junit.jupiter.api.Test)
PublishRequestIssue(com.enonic.xp.issue.PublishRequestIssue)
ContentId(com.enonic.xp.content.ContentId)
ChronoUnit(java.time.temporal.ChronoUnit)
EditablePublishRequestIssue(com.enonic.xp.issue.EditablePublishRequestIssue)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
UpdateIssueParams(com.enonic.xp.issue.UpdateIssueParams)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
PublishRequest(com.enonic.xp.issue.PublishRequest)
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
IssueNameFactory(com.enonic.xp.core.impl.issue.IssueNameFactory)
Issue(com.enonic.xp.issue.Issue)
PublishRequestIssue(com.enonic.xp.issue.PublishRequestIssue)
EditablePublishRequestIssue(com.enonic.xp.issue.EditablePublishRequestIssue)
Instant(java.time.Instant)
UpdateIssueParams(com.enonic.xp.issue.UpdateIssueParams)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Test(org.junit.jupiter.api.Test)
Aggregations
PrincipalKey (com.enonic.xp.security.PrincipalKey)84
Test (org.junit.jupiter.api.Test)47
PropertyTree (com.enonic.xp.data.PropertyTree)22
User (com.enonic.xp.security.User)18
AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)15
CreateUserParams (com.enonic.xp.security.CreateUserParams)14
PrincipalKeys (com.enonic.xp.security.PrincipalKeys)14
Instant (java.time.Instant)12
Node (com.enonic.xp.node.Node)10
DescriptorKey (com.enonic.xp.page.DescriptorKey)10
Context (com.enonic.xp.context.Context)9
IdProviderKey (com.enonic.xp.security.IdProviderKey)9
PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)9
CreateGroupParams (com.enonic.xp.security.CreateGroupParams)8
AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)8
NodeId (com.enonic.xp.node.NodeId)7
NodeQuery (com.enonic.xp.node.NodeQuery)7
ScheduledJob (com.enonic.xp.scheduler.ScheduledJob)7
Group (com.enonic.xp.security.Group)6
AccessControlList (com.enonic.xp.security.acl.AccessControlList)6
