Search in sources :

Example 1 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class GetMembershipsHandlerTest method testGetTransitiveUserMemberships.

@Test
public void testGetTransitiveUserMemberships() {
    final Group group = TestDataFixtures.getTestGroup();
    final PrincipalKeys principalKeys = PrincipalKeys.from(group.getKey());
    final PrincipalKey pKey = PrincipalKey.from("user:myIdProvider:userId");
    Mockito.when(securityService.getAllMemberships(pKey)).thenReturn(principalKeys);
    Mockito.verify(securityService, Mockito.never()).getMemberships(pKey);
    Mockito.when(securityService.getPrincipals(principalKeys)).thenReturn(Principals.from(group));
    runFunction("/test/getMemberships-test.js", "getTransitiveUserMemberships");
}
Also used : Group(com.enonic.xp.security.Group) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKey(com.enonic.xp.security.PrincipalKey) Test(org.junit.jupiter.api.Test)

Example 2 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class ServiceHandlerWorker method execute.

@Override
public PortalResponse execute() throws Exception {
    // Retrieves the ServiceDescriptor
    final DescriptorKey descriptorKey = DescriptorKey.from(applicationKey, name);
    final ServiceDescriptor serviceDescriptor = serviceDescriptorService.getByKey(descriptorKey);
    if (serviceDescriptor == null) {
        throw WebException.notFound(String.format("Service [%s] not found", descriptorKey));
    }
    // Checks if the access to ServiceDescriptor is allowed
    final PrincipalKeys principals = ContextAccessor.current().getAuthInfo().getPrincipals();
    if (!serviceDescriptor.isAccessAllowed(principals)) {
        throw WebException.forbidden(String.format("You don't have permission to access [%s]", descriptorKey));
    }
    final ContentResolverResult resolvedContent = contentResolver.resolve(request);
    final Site site = resolvedContent.getNearestSite();
    // Checks if the application is set on the current site
    if (site != null) {
        final PropertyTree siteConfig = site.getSiteConfig(applicationKey);
        if (siteConfig == null) {
            throw WebException.forbidden(String.format("Service [%s] forbidden for this site", descriptorKey));
        }
    }
    // Checks if the application is set on the current application
    final ApplicationKey baseApplicationKey = getBaseApplicationKey();
    if (baseApplicationKey != null && !baseApplicationKey.equals(applicationKey)) {
        throw WebException.forbidden(String.format("Service [%s] forbidden for this application", descriptorKey));
    }
    // Prepares the request
    this.request.setApplicationKey(applicationKey);
    this.request.setContent(resolvedContent.getContent());
    this.request.setSite(site);
    // Executes the service
    final ControllerScript controllerScript = getScript();
    final PortalResponse portalResponse = controllerScript.execute(this.request);
    final WebSocketConfig webSocketConfig = portalResponse.getWebSocket();
    final WebSocketContext webSocketContext = this.request.getWebSocketContext();
    if ((webSocketContext != null) && (webSocketConfig != null)) {
        final WebSocketEndpoint webSocketEndpoint = newWebSocketEndpoint(webSocketConfig);
        webSocketContext.apply(webSocketEndpoint);
    }
    return portalResponse;
}
Also used : ContentResolverResult(com.enonic.xp.portal.impl.ContentResolverResult) Site(com.enonic.xp.site.Site) ApplicationKey(com.enonic.xp.app.ApplicationKey) PortalResponse(com.enonic.xp.portal.PortalResponse) WebSocketConfig(com.enonic.xp.web.websocket.WebSocketConfig) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) ControllerScript(com.enonic.xp.portal.controller.ControllerScript) ServiceDescriptor(com.enonic.xp.service.ServiceDescriptor) PropertyTree(com.enonic.xp.data.PropertyTree) WebSocketEndpoint(com.enonic.xp.web.websocket.WebSocketEndpoint) DescriptorKey(com.enonic.xp.page.DescriptorKey) WebSocketContext(com.enonic.xp.web.websocket.WebSocketContext)

Example 3 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class AdminToolHandlerWorker method execute.

@Override
public PortalResponse execute() throws Exception {
    // Retrieves the AdminToolDescriptor
    final AdminToolDescriptor adminToolDescriptor = adminToolDescriptorService.getByKey(descriptorKey);
    if (adminToolDescriptor == null) {
        throw WebException.notFound(String.format("Admin application [%s] not found", descriptorKey));
    }
    // Checks if the access to AdminToolDescriptor is allowed
    final PrincipalKeys principals = ContextAccessor.current().getAuthInfo().getPrincipals();
    if (!adminToolDescriptor.isAccessAllowed(principals)) {
        throw WebException.forbidden(String.format("You don't have permission to access [%s]", descriptorKey));
    }
    // Renders the Admin application
    final ResourceKey scriptDir = ResourceKey.from(descriptorKey.getApplicationKey(), "admin/tools/" + descriptorKey.getName());
    final ControllerScript controllerScript = this.controllerScriptFactory.fromDir(scriptDir);
    return controllerScript.execute(this.request);
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) ControllerScript(com.enonic.xp.portal.controller.ControllerScript) AdminToolDescriptor(com.enonic.xp.admin.tool.AdminToolDescriptor) ResourceKey(com.enonic.xp.resource.ResourceKey)

Example 4 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class WidgetHandlerWorker method execute.

@Override
public PortalResponse execute() throws Exception {
    if (this.request.getMode() != RenderMode.ADMIN) {
        throw WebException.forbidden("Render mode must be ADMIN.");
    }
    // Retrieves the WidgetDescriptor
    final WidgetDescriptor widgetDescriptor = widgetDescriptorService.getByKey(descriptorKey);
    if (widgetDescriptor == null) {
        throw WebException.notFound(String.format("Widget [%s] not found", descriptorKey));
    }
    // Checks if the access to WidgetDescriptor is allowed
    final PrincipalKeys principals = ContextAccessor.current().getAuthInfo().getPrincipals();
    if (!widgetDescriptor.isAccessAllowed(principals)) {
        throw WebException.forbidden(String.format("You don't have permission to access [%s]", descriptorKey));
    }
    // Renders the widget
    this.request.setApplicationKey(this.descriptorKey.getApplicationKey());
    final ResourceKey scriptDir = ResourceKey.from(descriptorKey.getApplicationKey(), "admin/widgets/" + descriptorKey.getName());
    final ControllerScript controllerScript = this.controllerScriptFactory.fromDir(scriptDir);
    return controllerScript.execute(this.request);
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) ControllerScript(com.enonic.xp.portal.controller.ControllerScript) WidgetDescriptor(com.enonic.xp.admin.widget.WidgetDescriptor) ResourceKey(com.enonic.xp.resource.ResourceKey)

Example 5 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class XmlAdminToolDescriptorParserTest method assertResult.

private void assertResult() throws Exception {
    final AdminToolDescriptor result = this.builder.build();
    assertEquals("myapplication:myadmintool", result.getKey().toString());
    assertEquals("My admin tool", result.getDisplayName());
    assertEquals("key.display-name", result.getDisplayNameI18nKey());
    assertEquals("key.description", result.getDescriptionI18nKey());
    final PrincipalKeys allowedPrincipals = result.getAllowedPrincipals();
    assertNotNull(allowedPrincipals);
    assertEquals(1, allowedPrincipals.getSize());
    assertTrue(allowedPrincipals.first().equals(PrincipalKey.from("role:system.admin")));
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) AdminToolDescriptor(com.enonic.xp.admin.tool.AdminToolDescriptor)

Aggregations

PrincipalKeys (com.enonic.xp.security.PrincipalKeys)23 PrincipalKey (com.enonic.xp.security.PrincipalKey)10 Test (org.junit.jupiter.api.Test)10 Group (com.enonic.xp.security.Group)7 PrincipalRelationships (com.enonic.xp.security.PrincipalRelationships)4 ControllerScript (com.enonic.xp.portal.controller.ControllerScript)3 CreateGroupParams (com.enonic.xp.security.CreateGroupParams)3 CreateUserParams (com.enonic.xp.security.CreateUserParams)3 PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)3 AdminToolDescriptor (com.enonic.xp.admin.tool.AdminToolDescriptor)2 PropertyTree (com.enonic.xp.data.PropertyTree)2 NodeQuery (com.enonic.xp.node.NodeQuery)2 UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)2 ResourceKey (com.enonic.xp.resource.ResourceKey)2 Principals (com.enonic.xp.security.Principals)2 Role (com.enonic.xp.security.Role)2 User (com.enonic.xp.security.User)2 AccessControlList (com.enonic.xp.security.acl.AccessControlList)2 IdProviderAccessControlList (com.enonic.xp.security.acl.IdProviderAccessControlList)2 AdminToolDescriptors (com.enonic.xp.admin.tool.AdminToolDescriptors)1