Examples with AccessControlList com.enonic.xp.security.acl.AccessControlList used on opensource projects

Search in sources :

Example 46 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class NodeVersionJsonDumpSerializerTest method serialize_deserialize.

@Test
public void serialize_deserialize() throws Exception {
    PropertyTree nodeData = new PropertyTree();
    nodeData.setDouble("a.b.c", 2.0);
    nodeData.setLocalDate("b", LocalDate.of(2013, 1, 2));
    nodeData.setString("c", "runar");
    nodeData.setLocalDateTime("d", LocalDateTime.of(2013, 1, 2, 3, 4, 5, 0));
    nodeData.setBinaryReference("e", BinaryReference.from("myImage1"));
    nodeData.setBinaryReference("f", BinaryReference.from("myImage2"));
    final AccessControlEntry entry1 = AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(Permission.READ).deny(Permission.DELETE).build();
    final AccessControlEntry entry2 = AccessControlEntry.create().principal(PrincipalKey.ofUser(IdProviderKey.system(), "user1")).allow(Permission.MODIFY).deny(Permission.PUBLISH).build();
    AccessControlList acl = AccessControlList.create().add(entry1).add(entry2).build();
    IndexValueProcessor indexValueProcessor = new IndexValueProcessor() {

        @Override
        public Value process(final Value value) {
            return value;
        }

        @Override
        public String getName() {
            return "indexValueProcessor";
        }
    };
    IndexConfig indexConfig = IndexConfig.create().enabled(true).fulltext(true).nGram(true).decideByType(false).includeInAllText(true).path(true).addIndexValueProcessor(indexValueProcessor).addIndexValueProcessor(indexValueProcessor).build();
    NodeVersion nodeVersion = NodeVersion.create().id(NodeId.from("myId")).indexConfigDocument(PatternIndexConfigDocument.create().analyzer("myAnalyzer").defaultConfig(IndexConfig.MINIMAL).add("myPath", indexConfig).build()).data(nodeData).childOrder(ChildOrder.create().add(FieldOrderExpr.create(IndexPath.from("modifiedTime"), OrderExpr.Direction.ASC)).add(FieldOrderExpr.create(IndexPath.from("displayName"), OrderExpr.Direction.DESC)).build()).permissions(acl).nodeType(NodeType.from("myNodeType")).attachedBinaries(AttachedBinaries.create().add(new AttachedBinary(BinaryReference.from("myImage1"), "a")).add(new AttachedBinary(BinaryReference.from("myImage2"), "b")).build()).build();
    final String expectedNodeStr = readJson("serialized-node.json");
    final String expectedIndexConfigStr = readJson("serialized-index.json");
    final String expectedAccessControlStr = readJson("serialized-access.json");
    final String serializedNode = new String(this.serializer.toNodeString(nodeVersion), StandardCharsets.UTF_8);
    final String serializedIndexConfig = new String(this.serializer.toIndexConfigDocumentString(nodeVersion), StandardCharsets.UTF_8);
    final String serializedAccessControl = new String(this.serializer.toAccessControlString(nodeVersion), StandardCharsets.UTF_8);
    assertEquals(expectedNodeStr, serializedNode);
    assertEquals(expectedIndexConfigStr, serializedIndexConfig);
    assertEquals(expectedAccessControlStr, serializedAccessControl);
    final NodeVersion deSerializedNode = this.serializer.toNodeVersion(expectedNodeStr.getBytes(StandardCharsets.UTF_8), expectedIndexConfigStr.getBytes(StandardCharsets.UTF_8), expectedAccessControlStr.getBytes(StandardCharsets.UTF_8));
    assertEquals(nodeVersion, deSerializedNode);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) NodeVersion(com.enonic.xp.node.NodeVersion) IndexConfig(com.enonic.xp.index.IndexConfig) PropertyTree(com.enonic.xp.data.PropertyTree) Value(com.enonic.xp.data.Value) AccessControlEntry(com.enonic.xp.security.acl.AccessControlEntry) IndexValueProcessor(com.enonic.xp.index.IndexValueProcessor) AttachedBinary(com.enonic.xp.node.AttachedBinary) Test(org.junit.jupiter.api.Test)

Example 47 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class SecurityServiceImpl method setNodePermissions.

private void setNodePermissions(final NodeId nodeId, final AccessControlList permissions) {
    final UpdateNodeParams updateParams = UpdateNodeParams.create().id(nodeId).editor(editableNode -> editableNode.permissions = permissions).build();
    nodeService.update(updateParams);
    this.nodeService.refresh(RefreshMode.SEARCH);
}
Also used : Nodes(com.enonic.xp.node.Nodes) ValueExpr(com.enonic.xp.query.expr.ValueExpr) IdProviderKey(com.enonic.xp.security.IdProviderKey) PrincipalRelationships(com.enonic.xp.security.PrincipalRelationships) FieldExpr(com.enonic.xp.query.expr.FieldExpr) CreateGroupParams(com.enonic.xp.security.CreateGroupParams) IndexService(com.enonic.xp.index.IndexService) ValueFilter(com.enonic.xp.query.filter.ValueFilter) Role(com.enonic.xp.security.Role) SecureRandom(java.security.SecureRandom) Matcher(java.util.regex.Matcher) LogicalExpr(com.enonic.xp.query.expr.LogicalExpr) ContextAccessor(com.enonic.xp.context.ContextAccessor) NodeService(com.enonic.xp.node.NodeService) AuthenticationException(com.enonic.xp.security.auth.AuthenticationException) ContextBuilder(com.enonic.xp.context.ContextBuilder) VerifiedEmailAuthToken(com.enonic.xp.security.auth.VerifiedEmailAuthToken) QueryExpr(com.enonic.xp.query.expr.QueryExpr) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) SystemConstants(com.enonic.xp.security.SystemConstants) SecurityService(com.enonic.xp.security.SecurityService) UserQueryResult(com.enonic.xp.security.UserQueryResult) IdProviderNotFoundException(com.enonic.xp.security.IdProviderNotFoundException) UpdateRoleParams(com.enonic.xp.security.UpdateRoleParams) CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) DEFAULT_ID_PROVIDER_ACL(com.enonic.xp.core.impl.security.SecurityInitializer.DEFAULT_ID_PROVIDER_ACL) PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) PrincipalType(com.enonic.xp.security.PrincipalType) Set(java.util.Set) ValueFactory(com.enonic.xp.data.ValueFactory) Instant(java.time.Instant) AccessControlList(com.enonic.xp.security.acl.AccessControlList) NodeId(com.enonic.xp.node.NodeId) Objects(java.util.Objects) List(java.util.List) SecurityConstants(com.enonic.xp.security.SecurityConstants) Optional(java.util.Optional) RoleKeys(com.enonic.xp.security.RoleKeys) Context(com.enonic.xp.context.Context) Pattern(java.util.regex.Pattern) IdProvider(com.enonic.xp.security.IdProvider) HashFunction(com.google.common.hash.HashFunction) FindNodesByParentParams(com.enonic.xp.node.FindNodesByParentParams) FindNodesByQueryResult(com.enonic.xp.node.FindNodesByQueryResult) RefreshMode(com.enonic.xp.node.RefreshMode) CreateRoleParams(com.enonic.xp.security.CreateRoleParams) CompareExpr(com.enonic.xp.query.expr.CompareExpr) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) CreateNodeParams(com.enonic.xp.node.CreateNodeParams) Node(com.enonic.xp.node.Node) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Callable(java.util.concurrent.Callable) Hashing(com.google.common.hash.Hashing) UsernamePasswordAuthToken(com.enonic.xp.security.auth.UsernamePasswordAuthToken) NodeIdExistsException(com.enonic.xp.node.NodeIdExistsException) NodeNotFoundException(com.enonic.xp.node.NodeNotFoundException) UserQuery(com.enonic.xp.security.UserQuery) Strings(com.google.common.base.Strings) Charset(java.nio.charset.Charset) ImmutableList(com.google.common.collect.ImmutableList) VerifiedUsernameAuthToken(com.enonic.xp.security.auth.VerifiedUsernameAuthToken) PrincipalQuery(com.enonic.xp.security.PrincipalQuery) NodeQuery(com.enonic.xp.node.NodeQuery) IdProviderConfig(com.enonic.xp.security.IdProviderConfig) PrincipalNotFoundException(com.enonic.xp.security.PrincipalNotFoundException) EmailPasswordAuthToken(com.enonic.xp.security.auth.EmailPasswordAuthToken) LinkedHashSet(java.util.LinkedHashSet) PropertyTree(com.enonic.xp.data.PropertyTree) Group(com.enonic.xp.security.Group) IdProviders(com.enonic.xp.security.IdProviders) AuthenticationToken(com.enonic.xp.security.auth.AuthenticationToken) Striped(com.google.common.util.concurrent.Striped) NodeAlreadyExistAtPathException(com.enonic.xp.node.NodeAlreadyExistAtPathException) Principal(com.enonic.xp.security.Principal) NodePath(com.enonic.xp.node.NodePath) UpdateGroupParams(com.enonic.xp.security.UpdateGroupParams) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Ints(com.google.common.primitives.Ints) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams) PrincipalQueryResult(com.enonic.xp.security.PrincipalQueryResult) Lock(java.util.concurrent.locks.Lock) Principals(com.enonic.xp.security.Principals) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException) PrincipalKey(com.enonic.xp.security.PrincipalKey) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) FindNodesByParentResult(com.enonic.xp.node.FindNodesByParentResult) PrincipalAlreadyExistsException(com.enonic.xp.security.PrincipalAlreadyExistsException) Clock(java.time.Clock) Preconditions(com.google.common.base.Preconditions) NodeIds(com.enonic.xp.node.NodeIds) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams)

Example 48 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class PermissionsFactoryTest method empty.

@Test
public void empty() throws Exception {
    final AccessControlList acl = create("{}");
    assertNotNull(acl);
    checkAllowed(acl, RoleKeys.ADMIN.toString(), Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.DELETE, Permission.PUBLISH);
    checkAllowed(acl, RoleKeys.EVERYONE.toString(), Permission.READ);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Test(org.junit.jupiter.api.Test)

Example 49 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class PermissionsFactoryTest method full.

@Test
public void full() throws Exception {
    final AccessControlList acl = create(" { \"_permissions\": [\n" + "        {\n" + "            \"principal\": \"user:system:anonymous\",\n" + "            \"allow\": [\n" + "                \"READ\"\n" + "            ],\n" + "            \"deny\": []\n" + "        },\n" + "        {\n" + "            \"principal\": \"role:admin\",\n" + "            \"allow\": [\n" + "                \"READ\",\n" + "                \"CREATE\",\n" + "                \"MODIFY\",\n" + "                \"DELETE\",\n" + "                \"PUBLISH\",\n" + "                \"READ_PERMISSIONS\",\n" + "                \"WRITE_PERMISSIONS\"\n" + "            ],\n" + "            \"deny\": []\n" + "        },\n" + "        {\n" + "            \"principal\": \"role:everyone\",\n" + "            \"allow\": [\n" + "                \"READ\"\n" + "            ],\n" + "            \"deny\": [" + "               \"DELETE\"\n " + "            ]" + "        },\n" + "        {\n" + "            \"principal\": \"role:authenticated\",\n" + "            \"deny\": [" + "               \"DELETE\"\n " + "            ]" + "        }\n" + "    ]" + "}");
    assertNotNull(acl);
    checkAllowed(acl, "role:everyone", Permission.READ);
    checkDenied(acl, "role:everyone", Permission.CREATE, Permission.DELETE, Permission.MODIFY, Permission.MODIFY);
    checkAllowed(acl, "user:system:anonymous", Permission.READ);
    checkDenied(acl, "user:system:anonymous", Permission.CREATE, Permission.DELETE, Permission.MODIFY, Permission.MODIFY);
    checkAllowed(acl, "role:admin", Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.DELETE, Permission.PUBLISH);
    checkAllowed(acl, "role:authenticated", Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.PUBLISH);
    checkDenied(acl, "role:authenticated", Permission.DELETE);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Test(org.junit.jupiter.api.Test)

Example 50 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class ModifyNodeExecutorTest method update_permissions.

@Test
public void update_permissions() throws Exception {
    final Node originalNode = Node.create().name("myNode").parentPath(NodePath.ROOT).permissions(AccessControlList.empty()).build();
    final EditableNode editableNode = new EditableNode(originalNode);
    final PropertyTree updateScript = new PropertyTree();
    final PropertySet propertySet = new PropertySet();
    propertySet.setString("principal", "role:newRole");
    propertySet.addString("allow", "READ");
    propertySet.addString("allow", "MODIFY");
    updateScript.addSet("_permissions", propertySet);
    ModifyNodeExecutor.create().editableNode(editableNode).propertyTree(updateScript).build().execute();
    final AccessControlList newPermissions = AccessControlList.create().add(AccessControlEntry.create().principal(PrincipalKey.from("role:newRole")).allow(Permission.READ, Permission.MODIFY).build()).build();
    assertEquals(newPermissions, editableNode.permissions);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Node(com.enonic.xp.node.Node) EditableNode(com.enonic.xp.node.EditableNode) PropertyTree(com.enonic.xp.data.PropertyTree) PropertySet(com.enonic.xp.data.PropertySet) EditableNode(com.enonic.xp.node.EditableNode) Test(org.junit.jupiter.api.Test)

Aggregations

AccessControlList (com.enonic.xp.security.acl.AccessControlList)53 Test (org.junit.jupiter.api.Test)35 Node (com.enonic.xp.node.Node)26 PropertyTree (com.enonic.xp.data.PropertyTree)15 PrincipalKey (com.enonic.xp.security.PrincipalKey)8 CreateNodeParams (com.enonic.xp.node.CreateNodeParams)6 AbstractNodeTest (com.enonic.xp.repo.impl.node.AbstractNodeTest)6 AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)6 AccessControlEntry (com.enonic.xp.security.acl.AccessControlEntry)5 Content (com.enonic.xp.content.Content)4 Context (com.enonic.xp.context.Context)4 PropertySet (com.enonic.xp.data.PropertySet)4 ApplyNodePermissionsParams (com.enonic.xp.node.ApplyNodePermissionsParams)4 NodeId (com.enonic.xp.node.NodeId)4 NodePath (com.enonic.xp.node.NodePath)4 FindNodesByParentParams (com.enonic.xp.node.FindNodesByParentParams)3 FindNodesByParentResult (com.enonic.xp.node.FindNodesByParentResult)3 ImportNodeResult (com.enonic.xp.node.ImportNodeResult)3 Nodes (com.enonic.xp.node.Nodes)3 UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial