Search in sources :

Example 11 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class SecurityServiceImpl method resolveMemberships.

private PrincipalKeys resolveMemberships(final PrincipalKey userKey) {
    final PrincipalKeys directMemberships = queryDirectMemberships(userKey);
    final Set<PrincipalKey> resolvedMemberships = new LinkedHashSet<>(directMemberships.getSet());
    final Set<PrincipalKey> queriedMemberships = new LinkedHashSet<>();
    do {
        final Set<PrincipalKey> newMemberships = new LinkedHashSet<>();
        resolvedMemberships.stream().filter(principal -> !queriedMemberships.contains(principal)).forEach(principal -> {
            final PrincipalKeys indirectMemberships = queryDirectMemberships(principal);
            newMemberships.addAll(indirectMemberships.getSet());
            queriedMemberships.add(principal);
        });
        resolvedMemberships.addAll(newMemberships);
    } while (resolvedMemberships.size() > queriedMemberships.size());
    return PrincipalKeys.from(resolvedMemberships);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Nodes(com.enonic.xp.node.Nodes) ValueExpr(com.enonic.xp.query.expr.ValueExpr) IdProviderKey(com.enonic.xp.security.IdProviderKey) PrincipalRelationships(com.enonic.xp.security.PrincipalRelationships) FieldExpr(com.enonic.xp.query.expr.FieldExpr) CreateGroupParams(com.enonic.xp.security.CreateGroupParams) IndexService(com.enonic.xp.index.IndexService) ValueFilter(com.enonic.xp.query.filter.ValueFilter) Role(com.enonic.xp.security.Role) SecureRandom(java.security.SecureRandom) Matcher(java.util.regex.Matcher) LogicalExpr(com.enonic.xp.query.expr.LogicalExpr) ContextAccessor(com.enonic.xp.context.ContextAccessor) NodeService(com.enonic.xp.node.NodeService) AuthenticationException(com.enonic.xp.security.auth.AuthenticationException) ContextBuilder(com.enonic.xp.context.ContextBuilder) VerifiedEmailAuthToken(com.enonic.xp.security.auth.VerifiedEmailAuthToken) QueryExpr(com.enonic.xp.query.expr.QueryExpr) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) SystemConstants(com.enonic.xp.security.SystemConstants) SecurityService(com.enonic.xp.security.SecurityService) UserQueryResult(com.enonic.xp.security.UserQueryResult) IdProviderNotFoundException(com.enonic.xp.security.IdProviderNotFoundException) UpdateRoleParams(com.enonic.xp.security.UpdateRoleParams) CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) DEFAULT_ID_PROVIDER_ACL(com.enonic.xp.core.impl.security.SecurityInitializer.DEFAULT_ID_PROVIDER_ACL) PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) PrincipalType(com.enonic.xp.security.PrincipalType) Set(java.util.Set) ValueFactory(com.enonic.xp.data.ValueFactory) Instant(java.time.Instant) AccessControlList(com.enonic.xp.security.acl.AccessControlList) NodeId(com.enonic.xp.node.NodeId) Objects(java.util.Objects) List(java.util.List) SecurityConstants(com.enonic.xp.security.SecurityConstants) Optional(java.util.Optional) RoleKeys(com.enonic.xp.security.RoleKeys) Context(com.enonic.xp.context.Context) Pattern(java.util.regex.Pattern) IdProvider(com.enonic.xp.security.IdProvider) HashFunction(com.google.common.hash.HashFunction) FindNodesByParentParams(com.enonic.xp.node.FindNodesByParentParams) FindNodesByQueryResult(com.enonic.xp.node.FindNodesByQueryResult) RefreshMode(com.enonic.xp.node.RefreshMode) CreateRoleParams(com.enonic.xp.security.CreateRoleParams) CompareExpr(com.enonic.xp.query.expr.CompareExpr) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) CreateNodeParams(com.enonic.xp.node.CreateNodeParams) Node(com.enonic.xp.node.Node) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Callable(java.util.concurrent.Callable) Hashing(com.google.common.hash.Hashing) UsernamePasswordAuthToken(com.enonic.xp.security.auth.UsernamePasswordAuthToken) NodeIdExistsException(com.enonic.xp.node.NodeIdExistsException) NodeNotFoundException(com.enonic.xp.node.NodeNotFoundException) UserQuery(com.enonic.xp.security.UserQuery) Strings(com.google.common.base.Strings) Charset(java.nio.charset.Charset) ImmutableList(com.google.common.collect.ImmutableList) VerifiedUsernameAuthToken(com.enonic.xp.security.auth.VerifiedUsernameAuthToken) PrincipalQuery(com.enonic.xp.security.PrincipalQuery) NodeQuery(com.enonic.xp.node.NodeQuery) IdProviderConfig(com.enonic.xp.security.IdProviderConfig) PrincipalNotFoundException(com.enonic.xp.security.PrincipalNotFoundException) EmailPasswordAuthToken(com.enonic.xp.security.auth.EmailPasswordAuthToken) LinkedHashSet(java.util.LinkedHashSet) PropertyTree(com.enonic.xp.data.PropertyTree) Group(com.enonic.xp.security.Group) IdProviders(com.enonic.xp.security.IdProviders) AuthenticationToken(com.enonic.xp.security.auth.AuthenticationToken) Striped(com.google.common.util.concurrent.Striped) NodeAlreadyExistAtPathException(com.enonic.xp.node.NodeAlreadyExistAtPathException) Principal(com.enonic.xp.security.Principal) NodePath(com.enonic.xp.node.NodePath) UpdateGroupParams(com.enonic.xp.security.UpdateGroupParams) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Ints(com.google.common.primitives.Ints) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams) PrincipalQueryResult(com.enonic.xp.security.PrincipalQueryResult) Lock(java.util.concurrent.locks.Lock) Principals(com.enonic.xp.security.Principals) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException) PrincipalKey(com.enonic.xp.security.PrincipalKey) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) FindNodesByParentResult(com.enonic.xp.node.FindNodesByParentResult) PrincipalAlreadyExistsException(com.enonic.xp.security.PrincipalAlreadyExistsException) Clock(java.time.Clock) Preconditions(com.google.common.base.Preconditions) NodeIds(com.enonic.xp.node.NodeIds) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 12 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class UpdateProjectRolesCommand method doSetRoleMembers.

private Set<PrincipalKey> doSetRoleMembers(final ProjectRole projectRole) {
    final PrincipalKey roleKey = ProjectAccessHelper.createRoleKey(projectName, projectRole);
    final PrincipalRelationships currRoleMembers = securityService.getRelationships(roleKey);
    final PrincipalKeys newRoleMembers = this.permissions.getPermission(projectRole);
    doGetAddedMembers(currRoleMembers, newRoleMembers, roleKey).forEach(securityService::addRelationship);
    doGetRemovedMembers(currRoleMembers, newRoleMembers).forEach(securityService::removeRelationship);
    return securityService.getRelationships(roleKey).stream().map(PrincipalRelationship::getTo).collect(Collectors.toSet());
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKey(com.enonic.xp.security.PrincipalKey) PrincipalRelationships(com.enonic.xp.security.PrincipalRelationships)

Example 13 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class SecurityServiceImplTest method testGetAllMemberships.

@Test
public void testGetAllMemberships() throws Exception {
    runAsAdmin(() -> {
        final PrincipalKey userKey = PrincipalKey.ofUser(SYSTEM, "user1");
        final CreateUserParams createUser = CreateUserParams.create().userKey(userKey).displayName("User 1").email("user1@enonic.com").login("user1").password("123456").build();
        final PrincipalKey groupKey1 = PrincipalKey.ofGroup(SYSTEM, "group-a");
        final CreateGroupParams createGroup1 = CreateGroupParams.create().groupKey(groupKey1).displayName("Group A").build();
        final PrincipalKey groupKey2 = PrincipalKey.ofGroup(SYSTEM, "group-b");
        final CreateGroupParams createGroup2 = CreateGroupParams.create().groupKey(groupKey2).displayName("Group B").build();
        final PrincipalKey roleKey1 = PrincipalKey.ofRole("role-a");
        final CreateRoleParams createRole = CreateRoleParams.create().roleKey(roleKey1).displayName("Role A").description("Group A Description").build();
        securityService.createUser(createUser);
        securityService.createGroup(createGroup1);
        securityService.createGroup(createGroup2);
        securityService.createRole(createRole);
        securityService.addRelationship(PrincipalRelationship.from(groupKey1).to(userKey));
        securityService.addRelationship(PrincipalRelationship.from(groupKey2).to(groupKey1));
        securityService.addRelationship(PrincipalRelationship.from(roleKey1).to(groupKey2));
        refresh();
        final PrincipalKeys memberships = securityService.getAllMemberships(userKey);
        assertTrue(memberships.contains(groupKey1));
        assertTrue(memberships.contains(groupKey2));
        assertTrue(memberships.contains(roleKey1));
        assertEquals(3, memberships.getSize());
    });
}
Also used : CreateRoleParams(com.enonic.xp.security.CreateRoleParams) CreateUserParams(com.enonic.xp.security.CreateUserParams) CreateGroupParams(com.enonic.xp.security.CreateGroupParams) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKey(com.enonic.xp.security.PrincipalKey) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 14 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class AdminToolDescriptorServiceImplTest method getAllowedAdminToolDescriptors.

@Test
public void getAllowedAdminToolDescriptors() throws Exception {
    final PrincipalKeys principalKeys = PrincipalKeys.from(PrincipalKey.from("role:system.user.admin"));
    AdminToolDescriptors result = this.service.getAllowedAdminToolDescriptors(principalKeys);
    assertNotNull(result);
    assertEquals(1, result.getSize());
    result = this.service.getAllowedAdminToolDescriptors(PrincipalKeys.empty());
    assertNotNull(result);
    assertEquals(0, result.getSize());
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) AdminToolDescriptors(com.enonic.xp.admin.tool.AdminToolDescriptors) Test(org.junit.jupiter.api.Test)

Example 15 with PrincipalKeys

use of com.enonic.xp.security.PrincipalKeys in project xp by enonic.

the class XmlServiceDescriptorParserTest method assertResult.

private void assertResult() throws Exception {
    final ServiceDescriptor result = this.builder.build();
    assertEquals("myapplication:myservice", result.getKey().toString());
    final PrincipalKeys allowedPrincipals = result.getAllowedPrincipals();
    assertNotNull(allowedPrincipals);
    assertEquals(1, allowedPrincipals.getSize());
    assertTrue(allowedPrincipals.first().equals(PrincipalKey.from("role:system.admin")));
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) ServiceDescriptor(com.enonic.xp.service.ServiceDescriptor)

Aggregations

PrincipalKeys (com.enonic.xp.security.PrincipalKeys)23 PrincipalKey (com.enonic.xp.security.PrincipalKey)10 Test (org.junit.jupiter.api.Test)10 Group (com.enonic.xp.security.Group)7 PrincipalRelationships (com.enonic.xp.security.PrincipalRelationships)4 ControllerScript (com.enonic.xp.portal.controller.ControllerScript)3 CreateGroupParams (com.enonic.xp.security.CreateGroupParams)3 CreateUserParams (com.enonic.xp.security.CreateUserParams)3 PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)3 AdminToolDescriptor (com.enonic.xp.admin.tool.AdminToolDescriptor)2 PropertyTree (com.enonic.xp.data.PropertyTree)2 NodeQuery (com.enonic.xp.node.NodeQuery)2 UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)2 ResourceKey (com.enonic.xp.resource.ResourceKey)2 Principals (com.enonic.xp.security.Principals)2 Role (com.enonic.xp.security.Role)2 User (com.enonic.xp.security.User)2 AccessControlList (com.enonic.xp.security.acl.AccessControlList)2 IdProviderAccessControlList (com.enonic.xp.security.acl.IdProviderAccessControlList)2 AdminToolDescriptors (com.enonic.xp.admin.tool.AdminToolDescriptors)1