Example 6 with PrincipalKeys
use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.
the class NodePermissionsResolver method doUserHasPermission.
private static boolean doUserHasPermission(final AuthenticationInfo authInfo, final Permission permission, final AccessControlList nodePermissions) {
if (authInfo.hasRole(RoleKeys.ADMIN)) {
return true;
}
final PrincipalKeys authInfoPrincipals = authInfo.getPrincipals();
final PrincipalKeys principalsAllowed = nodePermissions.getPrincipalsWithPermission(permission);
return principalsAllowed.stream().anyMatch(authInfoPrincipals::contains);
}
Also used :
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
Example 7 with PrincipalKeys
use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.
the class BranchAclEntryTest method equals.
@Test
public void equals() throws Exception {
final Branch branch = Branch.from("fisk");
final PrincipalKeys keys = PrincipalKeys.from(PrincipalKey.ofRole("fisk"));
final BranchAclEntry entry1 = new BranchAclEntry(branch, keys);
final BranchAclEntry entry2 = new BranchAclEntry(branch, keys);
assertEquals(entry1, entry2);
}
Also used :
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
Branch(com.enonic.xp.branch.Branch)
Test(org.junit.jupiter.api.Test)
Example 8 with PrincipalKeys
use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.
the class IdProviderNodeTranslator method idProviderPermissionsFromNode.
static IdProviderAccessControlList idProviderPermissionsFromNode(final Node idProviderNode, final Node usersNode, final Node groupsNode) {
final IdProviderAccessControlList.Builder acl = IdProviderAccessControlList.create();
final AccessControlList idProviderPermissions = idProviderNode.getPermissions();
final AccessControlList usersPermissions = usersNode.getPermissions();
final AccessControlList groupsPermissions = groupsNode.getPermissions();
final PrincipalKeys principals = PrincipalKeys.from(idProviderPermissions.getAllPrincipals(), usersPermissions.getAllPrincipals(), groupsPermissions.getAllPrincipals());
for (PrincipalKey principal : principals) {
if (idProviderPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ADMINISTRATOR).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ID_PROVIDER_MANAGER).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(WRITE_USERS).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, CREATE)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(CREATE_USERS).build();
acl.add(access);
} else if (usersPermissions.isAllowedFor(principal, READ)) {
final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(IdProviderAccess.READ).build();
acl.add(access);
}
}
return acl.build();
}
Also used :
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList)
IdProviderAccessControlEntry(com.enonic.xp.security.acl.IdProviderAccessControlEntry)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Example 9 with PrincipalKeys
use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.
the class SecurityServiceImplTest method testGetUserMemberships.
@Test
public void testGetUserMemberships() throws Exception {
runAsAdmin(() -> {
final PrincipalKey userKey = PrincipalKey.ofUser(SYSTEM, "User1");
final CreateUserParams createUser = CreateUserParams.create().userKey(userKey).displayName("User 1").email("user1@enonic.com").login("User1").password("123456").build();
final PrincipalKey groupKey1 = PrincipalKey.ofGroup(SYSTEM, "Group-a");
final CreateGroupParams createGroup1 = CreateGroupParams.create().groupKey(groupKey1).displayName("Group A").build();
final PrincipalKey groupKey2 = PrincipalKey.ofGroup(SYSTEM, "group-b");
final CreateGroupParams createGroup2 = CreateGroupParams.create().groupKey(groupKey2).displayName("Group B").build();
securityService.createUser(createUser);
securityService.createGroup(createGroup1);
securityService.createGroup(createGroup2);
securityService.addRelationship(PrincipalRelationship.from(groupKey1).to(userKey));
securityService.addRelationship(PrincipalRelationship.from(groupKey2).to(userKey));
refresh();
final PrincipalKeys memberships = securityService.getMemberships(userKey);
assertTrue(memberships.contains(groupKey1));
assertTrue(memberships.contains(groupKey2));
assertEquals(2, memberships.getSize());
});
}
Also used :
CreateUserParams(com.enonic.xp.security.CreateUserParams)
CreateGroupParams(com.enonic.xp.security.CreateGroupParams)
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)
Test(org.junit.jupiter.api.Test)
Example 10 with PrincipalKeys
use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.
the class SecurityServiceImpl method doRemoveMemberships.
private void doRemoveMemberships(final PrincipalKey member) {
final PrincipalKeys memberships = queryDirectMemberships(member);
if (memberships.isEmpty()) {
return;
}
for (PrincipalKey from : memberships) {
final PrincipalRelationship relationship = PrincipalRelationship.from(from).to(member);
final UpdateNodeParams updateNodeParams = PrincipalNodeTranslator.removeRelationshipToUpdateNodeParams(relationship);
nodeService.update(updateNodeParams);
}
}
Also used :
PrincipalKeys(com.enonic.xp.security.PrincipalKeys)
PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship)
UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Aggregations
PrincipalKeys (com.enonic.xp.security.PrincipalKeys)23
PrincipalKey (com.enonic.xp.security.PrincipalKey)10
Test (org.junit.jupiter.api.Test)10
Group (com.enonic.xp.security.Group)7
PrincipalRelationships (com.enonic.xp.security.PrincipalRelationships)4
ControllerScript (com.enonic.xp.portal.controller.ControllerScript)3
CreateGroupParams (com.enonic.xp.security.CreateGroupParams)3
CreateUserParams (com.enonic.xp.security.CreateUserParams)3
PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)3
AdminToolDescriptor (com.enonic.xp.admin.tool.AdminToolDescriptor)2
PropertyTree (com.enonic.xp.data.PropertyTree)2
NodeQuery (com.enonic.xp.node.NodeQuery)2
UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)2
ResourceKey (com.enonic.xp.resource.ResourceKey)2
Principals (com.enonic.xp.security.Principals)2
Role (com.enonic.xp.security.Role)2
User (com.enonic.xp.security.User)2
AccessControlList (com.enonic.xp.security.acl.AccessControlList)2
IdProviderAccessControlList (com.enonic.xp.security.acl.IdProviderAccessControlList)2
AdminToolDescriptors (com.enonic.xp.admin.tool.AdminToolDescriptors)1
