Search in sources :

Example 36 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class ContentAuditLogSupportImpl method doUpdate.

private void doUpdate(final UpdateContentParams params, final Content content, final Context rootContext) {
    final PropertyTree data = new PropertyTree();
    final PropertySet paramsSet = data.addSet("params");
    final PropertySet resultSet = data.addSet("result");
    final PrincipalKey modifier = rootContext.getAuthInfo().getUser() != null ? rootContext.getAuthInfo().getUser().getKey() : PrincipalKey.ofAnonymous();
    paramsSet.addString("contentId", nullToNull(params.getContentId()));
    paramsSet.addString("modifier", nullToNull(modifier));
    paramsSet.addBoolean("clearAttachments", params.isClearAttachments());
    paramsSet.addBoolean("requireValid", params.isRequireValid());
    addContent(resultSet, content);
    log("system.content.update", data, content.getId(), rootContext);
}
Also used : PropertyTree(com.enonic.xp.data.PropertyTree) PropertySet(com.enonic.xp.data.PropertySet) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 37 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class NodesHasPermissionResolver method execute.

public boolean execute() {
    final Context context = ContextAccessor.current();
    if (context.getAuthInfo().hasRole(RoleKeys.ADMIN)) {
        return true;
    }
    if (nodeIds.isEmpty()) {
        return false;
    }
    final NodeQuery query = NodeQuery.create().addQueryFilter(IdFilter.create().fieldName(NodeIndexPath.ID.getPath()).values(nodeIds).build()).addQueryFilter(ValueFilter.create().fieldName(getPermissionFieldName().getPath()).addValues(context.getAuthInfo().getPrincipals().stream().map(PrincipalKey::toString).collect(Collectors.toList())).build()).searchMode(SearchMode.COUNT).build();
    final FindNodesByQueryResult result = FindNodesByQueryCommand.create(this).query(query).build().execute();
    return result.getTotalHits() == nodeIds.getSize();
}
Also used : Context(com.enonic.xp.context.Context) FindNodesByQueryResult(com.enonic.xp.node.FindNodesByQueryResult) NodeQuery(com.enonic.xp.node.NodeQuery) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 38 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class ApplicationAuditLogSupportImpl method log.

private void log(final String type, final PropertyTree data, final AuditLogUris uris) {
    final Context rootContext = ContextBuilder.copyOf(ContextAccessor.current()).build();
    final PrincipalKey userPrincipalKey = rootContext.getAuthInfo().getUser() != null ? rootContext.getAuthInfo().getUser().getKey() : PrincipalKey.ofAnonymous();
    ContextBuilder.from(rootContext).authInfo(AuthenticationInfo.copyOf(rootContext.getAuthInfo()).principals(RoleKeys.AUDIT_LOG).build()).build().callWith(() -> auditLogService.log(LogAuditLogParams.create().type(type).source(SOURCE).data(data).objectUris(uris).user(userPrincipalKey).build()));
}
Also used : Context(com.enonic.xp.context.Context) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 39 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImplTest method testUpdateIdProvider.

@Test
public void testUpdateIdProvider() throws Exception {
    runAsAdmin(() -> {
        // setup
        final PrincipalKey userKey = PrincipalKey.ofUser(SYSTEM, "User1");
        final PrincipalKey groupKey1 = PrincipalKey.ofGroup(SYSTEM, "Group-a");
        final PrincipalKey groupKey2 = PrincipalKey.ofGroup(SYSTEM, "group-b");
        final IdProviderAccessControlList permissions = IdProviderAccessControlList.of(IdProviderAccessControlEntry.create().principal(userKey).access(CREATE_USERS).build(), IdProviderAccessControlEntry.create().principal(groupKey1).access(ADMINISTRATOR).build(), IdProviderAccessControlEntry.create().principal(groupKey2).access(WRITE_USERS).build());
        final CreateIdProviderParams createIdProvider = CreateIdProviderParams.create().key(IdProviderKey.from("enonic")).displayName("Enonic Id Provider").permissions(permissions).description("old id provider description").build();
        final IdProvider idProviderCreated = securityService.createIdProvider(createIdProvider);
        // exercise
        final IdProviderAccessControlList updatePermissions = IdProviderAccessControlList.of(IdProviderAccessControlEntry.create().principal(userKey).access(CREATE_USERS).build(), IdProviderAccessControlEntry.create().principal(groupKey1).access(ADMINISTRATOR).build());
        final UpdateIdProviderParams updateIdProvider = UpdateIdProviderParams.create().key(IdProviderKey.from("enonic")).displayName("Enonic Id Provider updated").permissions(updatePermissions).description("new id provider description").build();
        final IdProvider idProviderUpdated = securityService.updateIdProvider(updateIdProvider);
        // verify
        assertNotNull(idProviderUpdated);
        assertEquals("enonic", idProviderUpdated.getKey().toString());
        assertEquals("Enonic Id Provider updated", idProviderUpdated.getDisplayName());
        assertEquals("new id provider description", idProviderUpdated.getDescription());
        final IdProviderAccessControlList updatedPermissions = securityService.getIdProviderPermissions(IdProviderKey.from("enonic"));
        assertNotNull(idProviderCreated);
        assertEquals(CREATE_USERS, updatedPermissions.getEntry(userKey).getAccess());
        assertEquals(ADMINISTRATOR, updatedPermissions.getEntry(groupKey1).getAccess());
        assertNull(updatedPermissions.getEntry(groupKey2));
    });
}
Also used : IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProvider(com.enonic.xp.security.IdProvider) PrincipalKey(com.enonic.xp.security.PrincipalKey) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 40 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImplTest method testUpdateUserDuplicatedEmailWithEditor.

@Test
public void testUpdateUserDuplicatedEmailWithEditor() {
    try {
        runAsAdmin(() -> {
            final PrincipalKey userKey1 = PrincipalKey.ofUser(SYSTEM, "User1");
            final CreateUserParams createUser1 = CreateUserParams.create().userKey(userKey1).displayName("User 1").email("same_email@enonic.com").login("User1").password("123456").build();
            final PrincipalKey userKey2 = PrincipalKey.ofUser(SYSTEM, "user2");
            final CreateUserParams createUser2 = CreateUserParams.create().userKey(userKey2).displayName("User 2").email("same_email@enonic.com").login("user2").build();
            final User user1 = securityService.createUser(createUser1);
            securityService.createUser(createUser2);
            final UpdateUserParams updateUserParams = UpdateUserParams.create(user1).editor(editableUser -> editableUser.email = "same_email@enonic.com").build();
            securityService.updateUser(updateUserParams);
            refresh();
        });
        fail("Expected exception");
    } catch (IllegalArgumentException e) {
        assertEquals("A user with email 'same_email@enonic.com' already exists in id provider 'system'", e.getMessage());
    }
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) IdProviderKey(com.enonic.xp.security.IdProviderKey) PrincipalRelationships(com.enonic.xp.security.PrincipalRelationships) IndexServiceInternalImpl(com.enonic.xp.repo.impl.elasticsearch.IndexServiceInternalImpl) CreateGroupParams(com.enonic.xp.security.CreateGroupParams) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) NodeRepositoryServiceImpl(com.enonic.xp.repo.impl.repository.NodeRepositoryServiceImpl) Role(com.enonic.xp.security.Role) IndexDataServiceImpl(com.enonic.xp.repo.impl.storage.IndexDataServiceImpl) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) IndexServiceImpl(com.enonic.xp.repo.impl.index.IndexServiceImpl) AuthenticationException(com.enonic.xp.security.auth.AuthenticationException) ContextBuilder(com.enonic.xp.context.ContextBuilder) VerifiedEmailAuthToken(com.enonic.xp.security.auth.VerifiedEmailAuthToken) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) StorageDaoImpl(com.enonic.xp.repo.impl.elasticsearch.storage.StorageDaoImpl) SystemConstants(com.enonic.xp.security.SystemConstants) UpdateRoleParams(com.enonic.xp.security.UpdateRoleParams) CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) CREATE_USERS(com.enonic.xp.security.acl.IdProviderAccess.CREATE_USERS) Test(org.junit.jupiter.api.Test) SearchDaoImpl(com.enonic.xp.repo.impl.elasticsearch.search.SearchDaoImpl) SecurityConstants(com.enonic.xp.security.SecurityConstants) VersionServiceImpl(com.enonic.xp.repo.impl.version.VersionServiceImpl) NodeStorageServiceImpl(com.enonic.xp.repo.impl.storage.NodeStorageServiceImpl) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) BinaryServiceImpl(com.enonic.xp.repo.impl.binary.BinaryServiceImpl) NodeSearchServiceImpl(com.enonic.xp.repo.impl.search.NodeSearchServiceImpl) RoleKeys(com.enonic.xp.security.RoleKeys) Context(com.enonic.xp.context.Context) IdProvider(com.enonic.xp.security.IdProvider) IdProviderAccessControlEntry(com.enonic.xp.security.acl.IdProviderAccessControlEntry) ADMINISTRATOR(com.enonic.xp.security.acl.IdProviderAccess.ADMINISTRATOR) CreateRoleParams(com.enonic.xp.security.CreateRoleParams) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) EventPublisher(com.enonic.xp.event.EventPublisher) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) Callable(java.util.concurrent.Callable) UsernamePasswordAuthToken(com.enonic.xp.security.auth.UsernamePasswordAuthToken) NodeServiceImpl(com.enonic.xp.repo.impl.node.NodeServiceImpl) RepositoryServiceImpl(com.enonic.xp.repo.impl.repository.RepositoryServiceImpl) AuditLogConfig(com.enonic.xp.core.impl.audit.config.AuditLogConfig) AuditLogServiceImpl(com.enonic.xp.core.impl.audit.AuditLogServiceImpl) AuditLogService(com.enonic.xp.audit.AuditLogService) VerifiedUsernameAuthToken(com.enonic.xp.security.auth.VerifiedUsernameAuthToken) PrincipalQuery(com.enonic.xp.security.PrincipalQuery) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) PrincipalNotFoundException(com.enonic.xp.security.PrincipalNotFoundException) EmailPasswordAuthToken(com.enonic.xp.security.auth.EmailPasswordAuthToken) RepositoryEntryServiceImpl(com.enonic.xp.repo.impl.repository.RepositoryEntryServiceImpl) Group(com.enonic.xp.security.Group) AuthenticationToken(com.enonic.xp.security.auth.AuthenticationToken) UpdateGroupParams(com.enonic.xp.security.UpdateGroupParams) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) WRITE_USERS(com.enonic.xp.security.acl.IdProviderAccess.WRITE_USERS) Mockito(org.mockito.Mockito) PrincipalQueryResult(com.enonic.xp.security.PrincipalQueryResult) NodeVersionServiceImpl(com.enonic.xp.repo.impl.node.dao.NodeVersionServiceImpl) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException) PrincipalKey(com.enonic.xp.security.PrincipalKey) PrincipalAlreadyExistsException(com.enonic.xp.security.PrincipalAlreadyExistsException) MemoryBlobStore(com.enonic.xp.internal.blobstore.MemoryBlobStore) BranchServiceImpl(com.enonic.xp.repo.impl.branch.storage.BranchServiceImpl) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) PrincipalKey(com.enonic.xp.security.PrincipalKey) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Aggregations

PrincipalKey (com.enonic.xp.security.PrincipalKey)84 Test (org.junit.jupiter.api.Test)47 PropertyTree (com.enonic.xp.data.PropertyTree)22 User (com.enonic.xp.security.User)18 AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)15 CreateUserParams (com.enonic.xp.security.CreateUserParams)14 PrincipalKeys (com.enonic.xp.security.PrincipalKeys)14 Instant (java.time.Instant)12 Node (com.enonic.xp.node.Node)10 DescriptorKey (com.enonic.xp.page.DescriptorKey)10 Context (com.enonic.xp.context.Context)9 IdProviderKey (com.enonic.xp.security.IdProviderKey)9 PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)9 CreateGroupParams (com.enonic.xp.security.CreateGroupParams)8 AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)8 NodeId (com.enonic.xp.node.NodeId)7 NodeQuery (com.enonic.xp.node.NodeQuery)7 ScheduledJob (com.enonic.xp.scheduler.ScheduledJob)7 Group (com.enonic.xp.security.Group)6 AccessControlList (com.enonic.xp.security.acl.AccessControlList)6