Search in sources :

Example 21 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class ApplyNodePermissionsCommandTest method applyPermissionsWithOverwrite.

private void applyPermissionsWithOverwrite() {
    final PrincipalKey user1 = PrincipalKey.ofUser(USK, "user1");
    final PrincipalKey user2 = PrincipalKey.ofUser(USK, "user2");
    final PrincipalKey group1 = PrincipalKey.ofGroup(USK, "group1");
    final AccessControlList permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(group1).allow(READ, CREATE, DELETE, MODIFY).build());
    CreateRootNodeCommand.create().params(CreateRootNodeParams.create().permissions(AccessControlList.create().add(AccessControlEntry.create().principal(TEST_DEFAULT_USER.getKey()).allowAll().build()).build()).build()).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
    final Node topNode = createNode(CreateNodeParams.create().name("my-node").parent(NodePath.ROOT).permissions(permissions).inheritPermissions(false).build());
    final Node child1_1 = createNode(CreateNodeParams.create().name("child1_1").parent(topNode.path()).build());
    final Node child1_2 = createNode(CreateNodeParams.create().name("child1_2").parent(topNode.path()).build());
    final AccessControlList child1_1_1Permissions = AccessControlList.of(AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(READ, WRITE_PERMISSIONS).build(), AccessControlEntry.create().principal(user1).allow(READ, MODIFY).build(), AccessControlEntry.create().principal(user2).allow(READ, CREATE, DELETE, MODIFY, PUBLISH).build());
    final Node child1_1_1 = createNode(CreateNodeParams.create().name("child1_1_1").parent(child1_1.path()).permissions(child1_1_1Permissions).inheritPermissions(false).build());
    final Node child1_2_1 = createNode(CreateNodeParams.create().name("child1_2_1").parent(child1_2.path()).build());
    final Node child1_2_2 = createNode(CreateNodeParams.create().name("child1_2_2").parent(child1_2.path()).build());
    refresh();
    final ApplyNodePermissionsParams params = ApplyNodePermissionsParams.create().nodeId(topNode.id()).permissions(topNode.getPermissions()).overwriteChildPermissions(true).applyPermissionsListener(Mockito.mock(ApplyPermissionsListener.class)).build();
    final ApplyNodePermissionsResult updateNodes = ApplyNodePermissionsCommand.create().params(params).indexServiceInternal(this.indexServiceInternal).storageService(this.storageService).searchService(this.searchService).build().execute();
    refresh();
    assertEquals(6, updateNodes.getSucceedNodes().getSize());
    final Node topNodeUpdated = getNodeById(topNode.id());
    assertEquals(permissions, topNodeUpdated.getPermissions());
    final Node child1_1Updated = getNodeById(child1_1.id());
    assertEquals(permissions, child1_1Updated.getPermissions());
    assertVersions(child1_1Updated);
    assertTrue(child1_1.getTimestamp().isBefore(child1_1_1.getTimestamp()));
    final Node child1_2Updated = getNodeById(child1_2.id());
    assertEquals(permissions, child1_2Updated.getPermissions());
    final Node child1_1_1Updated = getNodeById(child1_1_1.id());
    assertEquals(permissions, child1_1_1Updated.getPermissions());
    final Node child1_2_1Updated = getNodeById(child1_2_1.id());
    assertEquals(permissions, child1_2_1Updated.getPermissions());
    final Node child1_2_2Updated = getNodeById(child1_2_2.id());
    assertEquals(permissions, child1_2_2Updated.getPermissions());
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) Node(com.enonic.xp.node.Node) PrincipalKey(com.enonic.xp.security.PrincipalKey) ApplyNodePermissionsResult(com.enonic.xp.node.ApplyNodePermissionsResult)

Example 22 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class IdProviderNodeTranslator method idProviderPermissionsFromNode.

static IdProviderAccessControlList idProviderPermissionsFromNode(final Node idProviderNode, final Node usersNode, final Node groupsNode) {
    final IdProviderAccessControlList.Builder acl = IdProviderAccessControlList.create();
    final AccessControlList idProviderPermissions = idProviderNode.getPermissions();
    final AccessControlList usersPermissions = usersNode.getPermissions();
    final AccessControlList groupsPermissions = groupsNode.getPermissions();
    final PrincipalKeys principals = PrincipalKeys.from(idProviderPermissions.getAllPrincipals(), usersPermissions.getAllPrincipals(), groupsPermissions.getAllPrincipals());
    for (PrincipalKey principal : principals) {
        if (idProviderPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ADMINISTRATOR).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ID_PROVIDER_MANAGER).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(WRITE_USERS).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, CREATE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(CREATE_USERS).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(IdProviderAccess.READ).build();
            acl.add(access);
        }
    }
    return acl.build();
}
Also used : IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AccessControlList(com.enonic.xp.security.acl.AccessControlList) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProviderAccessControlEntry(com.enonic.xp.security.acl.IdProviderAccessControlEntry) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 23 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class IssueServiceImplTest_comment method comment_noIssue.

@Test
public void comment_noIssue() throws Exception {
    final Instant created = Instant.now().minus(1, ChronoUnit.MINUTES);
    final PrincipalKey creator = PrincipalKey.from("user:store:me");
    final String creatorDisplayName = "Me Myself";
    final CreateIssueCommentParams params = CreateIssueCommentParams.create().text("text").issue(IssueId.create()).creator(creator).creatorDisplayName(creatorDisplayName).created(created).build();
    assertThrows(NodeNotFoundException.class, () -> this.issueService.createComment(params));
}
Also used : Instant(java.time.Instant) PrincipalKey(com.enonic.xp.security.PrincipalKey) CreateIssueCommentParams(com.enonic.xp.issue.CreateIssueCommentParams) Test(org.junit.jupiter.api.Test)

Example 24 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SchedulerServiceImplTest method createOneTimeJob.

@Test
void createOneTimeJob() throws Exception {
    final ScheduledJobName name = ScheduledJobName.from("test");
    final DescriptorKey descriptor = DescriptorKey.from(ApplicationKey.from("com.enonic.app.features"), "landing");
    final ScheduleCalendar calendar = calendarService.oneTime(Instant.parse("2021-02-25T10:44:33.170079900Z"));
    final PropertyTree config = new PropertyTree();
    config.addString("string", "value");
    final PrincipalKey user = PrincipalKey.from("user:system:user");
    final CreateScheduledJobParams params = CreateScheduledJobParams.create().name(name).descriptor(descriptor).calendar(calendar).config(config).description("description").enabled(true).user(user).build();
    final Instant now = Instant.now();
    Thread.sleep(100);
    final ScheduledJob scheduledJob = adminContext().callWith(() -> schedulerService.create(params));
    assertEquals("2021-02-25T10:44:33.170079900Z", ((OneTimeCalendar) scheduledJob.getCalendar()).getValue().toString());
    assertEquals(ScheduleCalendarType.ONE_TIME, scheduledJob.getCalendar().getType());
    assertEquals("user:system:repo-test-user", scheduledJob.getCreator().toString());
    assertEquals("user:system:repo-test-user", scheduledJob.getModifier().toString());
    assertTrue(now.isBefore(scheduledJob.getModifiedTime()));
    assertTrue(now.isBefore(scheduledJob.getCreatedTime()));
}
Also used : CreateScheduledJobParams(com.enonic.xp.scheduler.CreateScheduledJobParams) ScheduledJobName(com.enonic.xp.scheduler.ScheduledJobName) PropertyTree(com.enonic.xp.data.PropertyTree) Instant(java.time.Instant) ScheduledJob(com.enonic.xp.scheduler.ScheduledJob) OneTimeCalendar(com.enonic.xp.scheduler.OneTimeCalendar) DescriptorKey(com.enonic.xp.page.DescriptorKey) ScheduleCalendar(com.enonic.xp.scheduler.ScheduleCalendar) PrincipalKey(com.enonic.xp.security.PrincipalKey) Test(org.junit.jupiter.api.Test) AbstractNodeTest(com.enonic.xp.repo.impl.node.AbstractNodeTest)

Example 25 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class IssueServiceImplTest_update method update.

@Test
public void update() throws Exception {
    final Instant createdTime = Instant.now();
    final Issue issue = this.createIssue(createdTime);
    final PrincipalKey commentatorKey = PrincipalKey.from("user:myStore:commentator-1");
    final UpdateIssueParams updateIssueParams = UpdateIssueParams.create().id(issue.getId()).editor(editMe -> {
        editMe.title = "updated title";
        editMe.description = "updated description";
        editMe.approverIds = PrincipalKeys.from(PrincipalKey.from("user:myStore:approver-1"), PrincipalKey.from("user:myStore:approver-2"));
        editMe.publishRequest = PublishRequest.create().addExcludeId(ContentId.from("new-exclude-id")).addItem(PublishRequestItem.create().id(ContentId.from("new-content-id")).includeChildren(true).build()).build();
        editMe.issueStatus = IssueStatus.CLOSED;
    }).build();
    final Issue updatedIssue = this.issueService.update(updateIssueParams);
    assertNotNull(updatedIssue);
    assertEquals("updated title", updatedIssue.getTitle());
    assertEquals("updated description", updatedIssue.getDescription());
    assertEquals(IssueStatus.CLOSED, updatedIssue.getStatus());
    assertEquals(PrincipalKey.from("user:system:test-user"), updatedIssue.getCreator());
    assertEquals(PrincipalKey.from("user:system:test-user"), updatedIssue.getModifier());
    assertEquals(PrincipalKey.from("user:myStore:approver-1"), updatedIssue.getApproverIds().first());
    assertEquals(ContentId.from("new-exclude-id"), updatedIssue.getPublishRequest().getExcludeIds().first());
    assertEquals(ContentId.from("new-content-id"), updatedIssue.getPublishRequest().getItems().first().getId());
    assertEquals(true, updatedIssue.getPublishRequest().getItems().first().getIncludeChildren());
    assertEquals(IssueNameFactory.create(updatedIssue.getIndex()), updatedIssue.getName());
    assertNotEquals(updatedIssue.getCreatedTime(), updatedIssue.getModifiedTime());
}
Also used : Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) IssueStatus(com.enonic.xp.issue.IssueStatus) CreatePublishRequestIssueParams(com.enonic.xp.issue.CreatePublishRequestIssueParams) Issue(com.enonic.xp.issue.Issue) PublishRequestItem(com.enonic.xp.issue.PublishRequestItem) Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) CreateIssueParams(com.enonic.xp.issue.CreateIssueParams) Instant(java.time.Instant) PublishRequestIssueSchedule(com.enonic.xp.issue.PublishRequestIssueSchedule) Test(org.junit.jupiter.api.Test) PublishRequestIssue(com.enonic.xp.issue.PublishRequestIssue) ContentId(com.enonic.xp.content.ContentId) ChronoUnit(java.time.temporal.ChronoUnit) EditablePublishRequestIssue(com.enonic.xp.issue.EditablePublishRequestIssue) PrincipalKey(com.enonic.xp.security.PrincipalKey) UpdateIssueParams(com.enonic.xp.issue.UpdateIssueParams) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) PublishRequest(com.enonic.xp.issue.PublishRequest) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) IssueNameFactory(com.enonic.xp.core.impl.issue.IssueNameFactory) Issue(com.enonic.xp.issue.Issue) PublishRequestIssue(com.enonic.xp.issue.PublishRequestIssue) EditablePublishRequestIssue(com.enonic.xp.issue.EditablePublishRequestIssue) Instant(java.time.Instant) UpdateIssueParams(com.enonic.xp.issue.UpdateIssueParams) PrincipalKey(com.enonic.xp.security.PrincipalKey) Test(org.junit.jupiter.api.Test)

Aggregations

PrincipalKey (com.enonic.xp.security.PrincipalKey)84 Test (org.junit.jupiter.api.Test)47 PropertyTree (com.enonic.xp.data.PropertyTree)22 User (com.enonic.xp.security.User)18 AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)15 CreateUserParams (com.enonic.xp.security.CreateUserParams)14 PrincipalKeys (com.enonic.xp.security.PrincipalKeys)14 Instant (java.time.Instant)12 Node (com.enonic.xp.node.Node)10 DescriptorKey (com.enonic.xp.page.DescriptorKey)10 Context (com.enonic.xp.context.Context)9 IdProviderKey (com.enonic.xp.security.IdProviderKey)9 PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)9 CreateGroupParams (com.enonic.xp.security.CreateGroupParams)8 AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)8 NodeId (com.enonic.xp.node.NodeId)7 NodeQuery (com.enonic.xp.node.NodeQuery)7 ScheduledJob (com.enonic.xp.scheduler.ScheduledJob)7 Group (com.enonic.xp.security.Group)6 AccessControlList (com.enonic.xp.security.acl.AccessControlList)6