Examples with IdProviderAccessControlList com.enonic.xp.security.acl.IdProviderAccessControlList used on opensource projects

Search in sources :

Example 1 with IdProviderAccessControlList

use of com.enonic.xp.security.acl.IdProviderAccessControlList in project xp by enonic.

the class IdProviderNodeTranslator method idProviderPermissionsFromNode.

static IdProviderAccessControlList idProviderPermissionsFromNode(final Node idProviderNode, final Node usersNode, final Node groupsNode) {
    final IdProviderAccessControlList.Builder acl = IdProviderAccessControlList.create();
    final AccessControlList idProviderPermissions = idProviderNode.getPermissions();
    final AccessControlList usersPermissions = usersNode.getPermissions();
    final AccessControlList groupsPermissions = groupsNode.getPermissions();
    final PrincipalKeys principals = PrincipalKeys.from(idProviderPermissions.getAllPrincipals(), usersPermissions.getAllPrincipals(), groupsPermissions.getAllPrincipals());
    for (PrincipalKey principal : principals) {
        if (idProviderPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE, PUBLISH, READ_PERMISSIONS, WRITE_PERMISSIONS)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ADMINISTRATOR).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE) && groupsPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(ID_PROVIDER_MANAGER).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ, CREATE, MODIFY, DELETE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(WRITE_USERS).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, CREATE)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(CREATE_USERS).build();
            acl.add(access);
        } else if (usersPermissions.isAllowedFor(principal, READ)) {
            final IdProviderAccessControlEntry access = IdProviderAccessControlEntry.create().principal(principal).access(IdProviderAccess.READ).build();
            acl.add(access);
        }
    }
    return acl.build();
}
Also used : IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AccessControlList(com.enonic.xp.security.acl.AccessControlList) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProviderAccessControlEntry(com.enonic.xp.security.acl.IdProviderAccessControlEntry) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 2 with IdProviderAccessControlList

use of com.enonic.xp.security.acl.IdProviderAccessControlList in project xp by enonic.

the class SecurityServiceImplTest method testUpdateIdProvider.

@Test
public void testUpdateIdProvider() throws Exception {
    runAsAdmin(() -> {
        // setup
        final PrincipalKey userKey = PrincipalKey.ofUser(SYSTEM, "User1");
        final PrincipalKey groupKey1 = PrincipalKey.ofGroup(SYSTEM, "Group-a");
        final PrincipalKey groupKey2 = PrincipalKey.ofGroup(SYSTEM, "group-b");
        final IdProviderAccessControlList permissions = IdProviderAccessControlList.of(IdProviderAccessControlEntry.create().principal(userKey).access(CREATE_USERS).build(), IdProviderAccessControlEntry.create().principal(groupKey1).access(ADMINISTRATOR).build(), IdProviderAccessControlEntry.create().principal(groupKey2).access(WRITE_USERS).build());
        final CreateIdProviderParams createIdProvider = CreateIdProviderParams.create().key(IdProviderKey.from("enonic")).displayName("Enonic Id Provider").permissions(permissions).description("old id provider description").build();
        final IdProvider idProviderCreated = securityService.createIdProvider(createIdProvider);
        // exercise
        final IdProviderAccessControlList updatePermissions = IdProviderAccessControlList.of(IdProviderAccessControlEntry.create().principal(userKey).access(CREATE_USERS).build(), IdProviderAccessControlEntry.create().principal(groupKey1).access(ADMINISTRATOR).build());
        final UpdateIdProviderParams updateIdProvider = UpdateIdProviderParams.create().key(IdProviderKey.from("enonic")).displayName("Enonic Id Provider updated").permissions(updatePermissions).description("new id provider description").build();
        final IdProvider idProviderUpdated = securityService.updateIdProvider(updateIdProvider);
        // verify
        assertNotNull(idProviderUpdated);
        assertEquals("enonic", idProviderUpdated.getKey().toString());
        assertEquals("Enonic Id Provider updated", idProviderUpdated.getDisplayName());
        assertEquals("new id provider description", idProviderUpdated.getDescription());
        final IdProviderAccessControlList updatedPermissions = securityService.getIdProviderPermissions(IdProviderKey.from("enonic"));
        assertNotNull(idProviderCreated);
        assertEquals(CREATE_USERS, updatedPermissions.getEntry(userKey).getAccess());
        assertEquals(ADMINISTRATOR, updatedPermissions.getEntry(groupKey1).getAccess());
        assertNull(updatedPermissions.getEntry(groupKey2));
    });
}
Also used : IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProvider(com.enonic.xp.security.IdProvider) PrincipalKey(com.enonic.xp.security.PrincipalKey) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 3 with IdProviderAccessControlList

use of com.enonic.xp.security.acl.IdProviderAccessControlList in project xp by enonic.

the class SecurityServiceImpl method updateIdProvider.

@Override
public IdProvider updateIdProvider(final UpdateIdProviderParams updateIdProviderParams) {
    return callWithContext(() -> {
        final NodePath idProviderNodePath = IdProviderNodeTranslator.toIdProviderNodePath(updateIdProviderParams.getKey());
        final Node node = this.nodeService.getByPath(idProviderNodePath);
        if (node == null) {
            return null;
        }
        final IdProvider existingIdProvider = IdProviderNodeTranslator.fromNode(node);
        final IdProvider idProviderToUpdate = updateIdProviderParams.update(existingIdProvider);
        final UpdateNodeParams updateNodeParams = IdProviderNodeTranslator.toUpdateNodeParams(idProviderToUpdate, node.id());
        final Node idProviderNode = nodeService.update(updateNodeParams);
        if (updateIdProviderParams.getIdProviderPermissions() != null) {
            final Node usersNode = nodeService.getByPath(IdProviderNodeTranslator.toIdProviderUsersNodePath(updateIdProviderParams.getKey()));
            final Node groupsNode = nodeService.getByPath(IdProviderNodeTranslator.toIdProviderGroupsNodePath(updateIdProviderParams.getKey()));
            final IdProviderAccessControlList permissions = updateIdProviderParams.getIdProviderPermissions();
            AccessControlList idProviderNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToIdProviderNodePermissions(permissions);
            AccessControlList usersNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToUsersNodePermissions(permissions);
            AccessControlList groupsNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToGroupsNodePermissions(permissions);
            final Node rootNode = nodeService.getRoot();
            idProviderNodePermissions = mergeWithRootPermissions(idProviderNodePermissions, rootNode.getPermissions());
            usersNodePermissions = mergeWithRootPermissions(usersNodePermissions, rootNode.getPermissions());
            groupsNodePermissions = mergeWithRootPermissions(groupsNodePermissions, rootNode.getPermissions());
            setNodePermissions(idProviderNode.id(), idProviderNodePermissions);
            setNodePermissions(usersNode.id(), usersNodePermissions);
            setNodePermissions(groupsNode.id(), groupsNodePermissions);
            final ApplyNodePermissionsParams applyPermissions = ApplyNodePermissionsParams.create().nodeId(idProviderNode.id()).overwriteChildPermissions(false).build();
            nodeService.applyPermissions(applyPermissions);
        }
        this.nodeService.refresh(RefreshMode.SEARCH);
        return IdProviderNodeTranslator.fromNode(idProviderNode);
    });
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) Node(com.enonic.xp.node.Node) IdProvider(com.enonic.xp.security.IdProvider) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) NodePath(com.enonic.xp.node.NodePath)

Example 4 with IdProviderAccessControlList

use of com.enonic.xp.security.acl.IdProviderAccessControlList in project xp by enonic.

the class SecurityServiceImpl method createIdProvider.

@Override
public IdProvider createIdProvider(final CreateIdProviderParams createIdProviderParams) {
    final PropertyTree data = new PropertyTree();
    data.setString(IdProviderPropertyNames.DISPLAY_NAME_KEY, createIdProviderParams.getDisplayName());
    data.setString(IdProviderPropertyNames.DESCRIPTION_KEY, createIdProviderParams.getDescription());
    final IdProviderConfig idProviderConfig = createIdProviderParams.getIdProviderConfig();
    if (idProviderConfig != null) {
        data.setString(IdProviderPropertyNames.ID_PROVIDER_APPLICATION_KEY, idProviderConfig.getApplicationKey().toString());
        data.setSet(IdProviderPropertyNames.ID_PROVIDER_CONFIG_FORM_KEY, idProviderConfig.getConfig().getRoot());
    }
    try {
        final Node node = callWithContext(() -> {
            final IdProviderAccessControlList permissions = createIdProviderParams.getIdProviderPermissions();
            AccessControlList idProviderNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToIdProviderNodePermissions(permissions);
            AccessControlList usersNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToUsersNodePermissions(permissions);
            AccessControlList groupsNodePermissions = IdProviderNodeTranslator.idProviderPermissionsToGroupsNodePermissions(permissions);
            final Node rootNode = nodeService.getRoot();
            idProviderNodePermissions = mergeWithRootPermissions(idProviderNodePermissions, rootNode.getPermissions());
            usersNodePermissions = mergeWithRootPermissions(usersNodePermissions, rootNode.getPermissions());
            groupsNodePermissions = mergeWithRootPermissions(groupsNodePermissions, rootNode.getPermissions());
            final Node idProviderNode = nodeService.create(CreateNodeParams.create().parent(IdProviderNodeTranslator.getIdProvidersParentPath()).name(createIdProviderParams.getKey().toString()).data(data).permissions(idProviderNodePermissions).build());
            nodeService.create(CreateNodeParams.create().parent(idProviderNode.path()).name(IdProviderNodeTranslator.USER_FOLDER_NODE_NAME).permissions(usersNodePermissions).build());
            nodeService.create(CreateNodeParams.create().parent(idProviderNode.path()).name(IdProviderNodeTranslator.GROUP_FOLDER_NODE_NAME).permissions(groupsNodePermissions).build());
            final ApplyNodePermissionsParams applyPermissions = ApplyNodePermissionsParams.create().nodeId(rootNode.id()).overwriteChildPermissions(false).build();
            nodeService.applyPermissions(applyPermissions);
            this.nodeService.refresh(RefreshMode.SEARCH);
            return idProviderNode;
        });
        return IdProviderNodeTranslator.fromNode(node);
    } catch (NodeIdExistsException | NodeAlreadyExistAtPathException e) {
        throw new IdProviderAlreadyExistsException(createIdProviderParams.getKey());
    }
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) NodeIdExistsException(com.enonic.xp.node.NodeIdExistsException) PropertyTree(com.enonic.xp.data.PropertyTree) Node(com.enonic.xp.node.Node) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException) NodeAlreadyExistAtPathException(com.enonic.xp.node.NodeAlreadyExistAtPathException) IdProviderConfig(com.enonic.xp.security.IdProviderConfig)

Example 5 with IdProviderAccessControlList

use of com.enonic.xp.security.acl.IdProviderAccessControlList in project xp by enonic.

the class SecurityServiceImplTest method testCreateIdProvider.

@Test
public void testCreateIdProvider() throws Exception {
    runAsAdmin(() -> {
        final PrincipalKey userKey = PrincipalKey.ofUser(SYSTEM, "User1");
        final PrincipalKey groupKey1 = PrincipalKey.ofGroup(SYSTEM, "group-a");
        final PrincipalKey groupKey2 = PrincipalKey.ofGroup(SYSTEM, "group-b");
        final IdProviderAccessControlList permissions = IdProviderAccessControlList.of(IdProviderAccessControlEntry.create().principal(userKey).access(CREATE_USERS).build(), IdProviderAccessControlEntry.create().principal(groupKey1).access(ADMINISTRATOR).build(), IdProviderAccessControlEntry.create().principal(groupKey2).access(WRITE_USERS).build());
        final CreateIdProviderParams createIdProvider = CreateIdProviderParams.create().key(IdProviderKey.from("enonic")).displayName("Enonic Id Provider").permissions(permissions).description("id provider description").build();
        final IdProvider idProviderCreated = securityService.createIdProvider(createIdProvider);
        assertNotNull(idProviderCreated);
        assertEquals("enonic", idProviderCreated.getKey().toString());
        assertEquals("Enonic Id Provider", idProviderCreated.getDisplayName());
        assertEquals("id provider description", idProviderCreated.getDescription());
        final IdProviderAccessControlList createdPermissions = securityService.getIdProviderPermissions(IdProviderKey.from("enonic"));
        assertNotNull(idProviderCreated);
        assertEquals(CREATE_USERS, createdPermissions.getEntry(userKey).getAccess());
        assertEquals(ADMINISTRATOR, createdPermissions.getEntry(groupKey1).getAccess());
        assertEquals(WRITE_USERS, createdPermissions.getEntry(groupKey2).getAccess());
    });
}
Also used : IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) IdProvider(com.enonic.xp.security.IdProvider) PrincipalKey(com.enonic.xp.security.PrincipalKey) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Aggregations

IdProviderAccessControlList (com.enonic.xp.security.acl.IdProviderAccessControlList)5 IdProvider (com.enonic.xp.security.IdProvider)3 PrincipalKey (com.enonic.xp.security.PrincipalKey)3 AccessControlList (com.enonic.xp.security.acl.AccessControlList)3 ApplyNodePermissionsParams (com.enonic.xp.node.ApplyNodePermissionsParams)2 Node (com.enonic.xp.node.Node)2 AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)2 CreateIdProviderParams (com.enonic.xp.security.CreateIdProviderParams)2 Test (org.junit.jupiter.api.Test)2 PropertyTree (com.enonic.xp.data.PropertyTree)1 NodeAlreadyExistAtPathException (com.enonic.xp.node.NodeAlreadyExistAtPathException)1 NodeIdExistsException (com.enonic.xp.node.NodeIdExistsException)1 NodePath (com.enonic.xp.node.NodePath)1 UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)1 IdProviderAlreadyExistsException (com.enonic.xp.security.IdProviderAlreadyExistsException)1 IdProviderConfig (com.enonic.xp.security.IdProviderConfig)1 PrincipalKeys (com.enonic.xp.security.PrincipalKeys)1 UpdateIdProviderParams (com.enonic.xp.security.UpdateIdProviderParams)1 IdProviderAccessControlEntry (com.enonic.xp.security.acl.IdProviderAccessControlEntry)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial