Search in sources :

Example 1 with AclPermissionEntry

use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.

the class GrantPermissionManager method loadAllEntitiesPermissions.

public EntityWithPermissionVO loadAllEntitiesPermissions(AclClass aclClass, Integer page, Integer pageSize, boolean expandGroups, Integer filterMask) {
    EntityWithPermissionVO result = new EntityWithPermissionVO();
    Collection<? extends AbstractSecuredEntity> entities = entityManager.loadAllWithParents(aclClass, page, pageSize);
    Map<AbstractSecuredEntity, List<AclPermissionEntry>> allPermissions = getEntitiesPermissions(entities);
    result.setTotalCount(entityManager.loadTotalCount(aclClass));
    List<EntityPermission> permissions = entities.stream().distinct().sorted(Comparator.comparingLong(BaseEntity::getId)).map(entity -> getEntityPermission(allPermissions, entity)).collect(toList());
    if (expandGroups) {
        expandGroups(permissions);
        if (filterMask != null) {
            permissions.forEach(entry -> {
                Set<AclPermissionEntry> filtered = SetUtils.emptyIfNull(entry.getPermissions()).stream().filter(permission -> permissionsService.isMaskBitSet(permission.getMask(), filterMask)).collect(toSet());
                entry.setPermissions(filtered);
            });
        }
    }
    result.setEntityPermissions(permissions);
    return result;
}
Also used : Autowired(org.springframework.beans.factory.annotation.Autowired) EntityEventServiceManager(com.epam.pipeline.manager.event.EntityEventServiceManager) StringUtils(org.apache.commons.lang3.StringUtils) PermissionGrantVO(com.epam.pipeline.controller.vo.PermissionGrantVO) PipelineApiService(com.epam.pipeline.manager.pipeline.PipelineApiService) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) PipelineRun(com.epam.pipeline.entity.pipeline.PipelineRun) ConfigurationProviderManager(com.epam.pipeline.manager.pipeline.runner.ConfigurationProviderManager) AbstractRunConfigurationEntry(com.epam.pipeline.entity.configuration.AbstractRunConfigurationEntry) AclPermission(com.epam.pipeline.security.acl.AclPermission) Map(java.util.Map) MutableAcl(org.springframework.security.acls.model.MutableAcl) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) PermissionFactory(org.springframework.security.acls.domain.PermissionFactory) DefaultRoles(com.epam.pipeline.entity.user.DefaultRoles) Set(java.util.Set) Acl(org.springframework.security.acls.model.Acl) EntityWithPermissionVO(com.epam.pipeline.controller.vo.security.EntityWithPermissionVO) Tool(com.epam.pipeline.entity.pipeline.Tool) Stream(java.util.stream.Stream) CollectionUtils(org.springframework.util.CollectionUtils) EntityVO(com.epam.pipeline.controller.vo.EntityVO) AclDataAccessException(org.springframework.security.acls.model.AclDataAccessException) MetadataEntry(com.epam.pipeline.entity.metadata.MetadataEntry) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) AbstractEntityPermissionMapper(com.epam.pipeline.mapper.AbstractEntityPermissionMapper) DataStorageAction(com.epam.pipeline.entity.datastorage.DataStorageAction) Collectors.groupingBy(java.util.stream.Collectors.groupingBy) RunConfigurationVO(com.epam.pipeline.controller.vo.configuration.RunConfigurationVO) ArrayList(java.util.ArrayList) DockerRegistryManager(com.epam.pipeline.manager.docker.DockerRegistryManager) Service(org.springframework.stereotype.Service) SetUtils(org.apache.commons.collections4.SetUtils) EntityManager(com.epam.pipeline.manager.EntityManager) Sid(org.springframework.security.acls.model.Sid) BaseEntity(com.epam.pipeline.entity.BaseEntity) Pair(org.apache.commons.math3.util.Pair) FolderManager(com.epam.pipeline.manager.pipeline.FolderManager) TaskStatus(com.epam.pipeline.entity.pipeline.TaskStatus) AbstractDataStorage(com.epam.pipeline.entity.datastorage.AbstractDataStorage) PermissionEvaluator(org.springframework.security.access.PermissionEvaluator) EntityPermissionVO(com.epam.pipeline.controller.vo.EntityPermissionVO) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) RunConfiguration(com.epam.pipeline.entity.configuration.RunConfiguration) DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry) AclSecuredEntry(com.epam.pipeline.entity.security.acl.AclSecuredEntry) PipelineWithPermissions(com.epam.pipeline.entity.pipeline.PipelineWithPermissions) MetadataEntityManager(com.epam.pipeline.manager.metadata.MetadataEntityManager) AclClass(com.epam.pipeline.entity.security.acl.AclClass) ToolGroup(com.epam.pipeline.entity.pipeline.ToolGroup) AbstractHierarchicalEntity(com.epam.pipeline.entity.AbstractHierarchicalEntity) RequiredArgsConstructor(lombok.RequiredArgsConstructor) LoggerFactory(org.slf4j.LoggerFactory) EntityPermission(com.epam.pipeline.entity.security.acl.EntityPermission) Folder(com.epam.pipeline.entity.pipeline.Folder) UserContext(com.epam.pipeline.security.UserContext) MessageHelper(com.epam.pipeline.common.MessageHelper) Collectors.toMap(java.util.stream.Collectors.toMap) ListUtils(org.apache.commons.collections4.ListUtils) PipelineWithPermissionsMapper(com.epam.pipeline.mapper.PipelineWithPermissionsMapper) IssueComment(com.epam.pipeline.entity.issue.IssueComment) NodesManager(com.epam.pipeline.manager.cluster.NodesManager) IssueManager(com.epam.pipeline.manager.issue.IssueManager) Collectors.toSet(java.util.stream.Collectors.toSet) Pipeline(com.epam.pipeline.entity.pipeline.Pipeline) RepositoryTool(com.epam.pipeline.entity.pipeline.RepositoryTool) AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity) Collection(java.util.Collection) AccessControlEntry(org.springframework.security.acls.model.AccessControlEntry) AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry) NodeInstance(com.epam.pipeline.entity.cluster.NodeInstance) List(java.util.List) UserManager(com.epam.pipeline.manager.user.UserManager) SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy) Optional(java.util.Optional) Authentication(org.springframework.security.core.Authentication) AclSecuredFilter(com.epam.pipeline.entity.filter.AclSecuredFilter) JdbcMutableAclServiceImpl(com.epam.pipeline.security.acl.JdbcMutableAclServiceImpl) MessageConstants(com.epam.pipeline.common.MessageConstants) PipelineRunManager(com.epam.pipeline.manager.pipeline.PipelineRunManager) ToolManager(com.epam.pipeline.manager.pipeline.ToolManager) Permission(org.springframework.security.acls.model.Permission) HashMap(java.util.HashMap) HashSet(java.util.HashSet) Propagation(org.springframework.transaction.annotation.Propagation) Collectors.mapping(java.util.stream.Collectors.mapping) ToolGroupManager(com.epam.pipeline.manager.pipeline.ToolGroupManager) Logger(org.slf4j.Logger) AclSid(com.epam.pipeline.entity.security.acl.AclSid) Collectors.toList(java.util.stream.Collectors.toList) MetadataEntity(com.epam.pipeline.entity.metadata.MetadataEntity) PipelinesWithPermissionsVO(com.epam.pipeline.controller.vo.PipelinesWithPermissionsVO) AccessControlEntryImpl(org.springframework.security.acls.domain.AccessControlEntryImpl) Data(lombok.Data) Issue(com.epam.pipeline.entity.issue.Issue) Comparator(java.util.Comparator) Collections(java.util.Collections) Transactional(org.springframework.transaction.annotation.Transactional) Assert(org.springframework.util.Assert) EntityWithPermissionVO(com.epam.pipeline.controller.vo.security.EntityWithPermissionVO) EntityPermission(com.epam.pipeline.entity.security.acl.EntityPermission) AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity) AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry) ArrayList(java.util.ArrayList) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList)

Example 2 with AclPermissionEntry

use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.

the class FolderTemplateManagerTest method createFolderFromTemplateTest.

@Test
@Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = Exception.class)
@WithMockUser(username = TEST_USER)
public void createFolderFromTemplateTest() throws IOException {
    Map<String, PipeConfValue> metadata = new HashMap<>();
    metadata.put(DATA_KEY_1, new PipeConfValue(DATA_TYPE_1, DATA_VALUE_1));
    DataStorageWithMetadataVO dataStorageVO = new DataStorageWithMetadataVO();
    dataStorageVO.setName(DATASTORAGE_NAME_1);
    dataStorageVO.setType(DataStorageType.S3);
    dataStorageVO.setPath(TEST_PATH);
    dataStorageVO.setMetadata(metadata);
    PermissionVO permissionVO = new PermissionVO();
    permissionVO.setMask(AclPermission.READ.getMask());
    permissionVO.setUserName(TEST_ROLE);
    permissionVO.setPrincipal(false);
    FolderTemplate childFolderTemplate1 = FolderTemplate.builder().name(CHILD_TEMPLATE_FOLDER_NAME_1).build();
    FolderTemplate folderTemplate = FolderTemplate.builder().name(TEMPLATE_FOLDER_NAME).datastorages(Stream.of(dataStorageVO).collect(Collectors.toList())).children(Stream.of(childFolderTemplate1).collect(Collectors.toList())).metadata(metadata).permissions(Stream.of(permissionVO).collect(Collectors.toList())).build();
    Folder folder = new Folder();
    folder.setName(TEMPLATE_FOLDER_NAME);
    folderTemplateManager.createFolderFromTemplate(folder, folderTemplate);
    Folder savedRootFolder = folderManager.loadByNameOrId(TEMPLATE_FOLDER_NAME);
    savedRootFolder = folderManager.load(savedRootFolder.getId());
    Assert.assertNotNull(savedRootFolder);
    Long rootFolderId = savedRootFolder.getId();
    List<EntityVO> metadataEntries = Collections.singletonList(new EntityVO(rootFolderId, AclClass.FOLDER));
    Assert.assertEquals(metadata, metadataManager.listMetadataItems(metadataEntries).get(0).getData());
    AbstractDataStorage clonedDataStorage = savedRootFolder.getStorages().get(0);
    clonedDataStorage = dataStorageManager.load(clonedDataStorage.getId());
    Assert.assertTrue(clonedDataStorage.getName().startsWith(DATASTORAGE_NAME_1));
    Assert.assertTrue(clonedDataStorage.getPath().startsWith(TEST_PATH));
    metadataEntries = Collections.singletonList(new EntityVO(clonedDataStorage.getId(), AclClass.DATA_STORAGE));
    Assert.assertEquals(metadata, metadataManager.listMetadataItems(metadataEntries).get(0).getData());
    List<AclPermissionEntry> rootFolderPermissions = permissionManager.getPermissions(rootFolderId, AclClass.FOLDER).getPermissions();
    Assert.assertEquals(1, rootFolderPermissions.size());
    AclPermissionEntry actualPermission = rootFolderPermissions.get(0);
    Assert.assertEquals(permissionVO.getMask(), actualPermission.getMask());
    Assert.assertEquals(permissionVO.getPrincipal(), actualPermission.getSid().isPrincipal());
    Assert.assertEquals(permissionVO.getUserName(), actualPermission.getSid().getName());
    Folder savedChildFolder = folderManager.loadByNameOrId(TEMPLATE_FOLDER_NAME + "/" + CHILD_TEMPLATE_FOLDER_NAME_1);
    Assert.assertNotNull(savedChildFolder);
    Assert.assertEquals(rootFolderId, savedChildFolder.getParentId());
}
Also used : HashMap(java.util.HashMap) FolderTemplate(com.epam.pipeline.entity.templates.FolderTemplate) Folder(com.epam.pipeline.entity.pipeline.Folder) EntityVO(com.epam.pipeline.controller.vo.EntityVO) AbstractDataStorage(com.epam.pipeline.entity.datastorage.AbstractDataStorage) PipeConfValue(com.epam.pipeline.entity.metadata.PipeConfValue) AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry) DataStorageWithMetadataVO(com.epam.pipeline.controller.vo.data.storage.DataStorageWithMetadataVO) PermissionVO(com.epam.pipeline.controller.vo.PermissionVO) WithMockUser(org.springframework.security.test.context.support.WithMockUser) AbstractSpringTest(com.epam.pipeline.AbstractSpringTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with AclPermissionEntry

use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.

the class GrantPermissionManager method getEntityPermission.

private EntityPermission getEntityPermission(Map<AbstractSecuredEntity, List<AclPermissionEntry>> allPermissions, AbstractSecuredEntity entity) {
    AbstractSecuredEntity aclEntity = getAclEntity(entity);
    Map<AclSid, Integer> mergedPermissions = getEntityPermissions(aclEntity, allPermissions);
    mergeWithParentPermissions(mergedPermissions, entity.getParent(), allPermissions);
    Set<AclPermissionEntry> merged = buildAclPermissionEntries(mergedPermissions);
    // clear parent, not to return full hierarchy
    entity.clearParent();
    EntityPermission entityPermission = new EntityPermission();
    entityPermission.setEntity(entity);
    entityPermission.setPermissions(merged);
    return entityPermission;
}
Also used : AclSid(com.epam.pipeline.entity.security.acl.AclSid) EntityPermission(com.epam.pipeline.entity.security.acl.EntityPermission) AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity) AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry)

Example 4 with AclPermissionEntry

use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.

the class GrantPermissionManager method convertAclToEntry.

private AclSecuredEntry convertAclToEntry(AbstractSecuredEntity entity, MutableAcl acl) {
    AclSecuredEntry entry = new AclSecuredEntry(entity);
    acl.getEntries().forEach(aclEntry -> entry.addPermission(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
    return entry;
}
Also used : AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry) AclSecuredEntry(com.epam.pipeline.entity.security.acl.AclSecuredEntry)

Example 5 with AclPermissionEntry

use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.

the class GrantPermissionManager method getPermissions.

public Map<AbstractSecuredEntity, List<AclPermissionEntry>> getPermissions(Set<AbstractSecuredEntity> securedEntities) {
    Map<ObjectIdentity, Acl> acls = aclService.getObjectIdentities(securedEntities);
    Map<AbstractSecuredEntity, List<AclPermissionEntry>> result = new HashMap<>();
    securedEntities.forEach(securedEntity -> {
        Acl acl = acls.get(new ObjectIdentityImpl(securedEntity));
        Assert.isInstanceOf(MutableAcl.class, acl, messageHelper.getMessage(MessageConstants.ERROR_MUTABLE_ACL_RETURN));
        List<AclPermissionEntry> permissions = new ArrayList<>();
        acl.getEntries().forEach(aclEntry -> permissions.add(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
        result.put(securedEntity, permissions);
    });
    return result;
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) HashMap(java.util.HashMap) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) ArrayList(java.util.ArrayList) AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity) AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry) ArrayList(java.util.ArrayList) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl)

Aggregations

AclPermissionEntry (com.epam.pipeline.entity.security.acl.AclPermissionEntry)7 AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)4 HashMap (java.util.HashMap)4 EntityVO (com.epam.pipeline.controller.vo.EntityVO)3 AbstractDataStorage (com.epam.pipeline.entity.datastorage.AbstractDataStorage)3 Folder (com.epam.pipeline.entity.pipeline.Folder)3 AclSecuredEntry (com.epam.pipeline.entity.security.acl.AclSecuredEntry)3 AclSid (com.epam.pipeline.entity.security.acl.AclSid)3 MessageConstants (com.epam.pipeline.common.MessageConstants)2 MessageHelper (com.epam.pipeline.common.MessageHelper)2 EntityPermissionVO (com.epam.pipeline.controller.vo.EntityPermissionVO)2 PermissionGrantVO (com.epam.pipeline.controller.vo.PermissionGrantVO)2 PipelinesWithPermissionsVO (com.epam.pipeline.controller.vo.PipelinesWithPermissionsVO)2 RunConfigurationVO (com.epam.pipeline.controller.vo.configuration.RunConfigurationVO)2 EntityWithPermissionVO (com.epam.pipeline.controller.vo.security.EntityWithPermissionVO)2 AbstractHierarchicalEntity (com.epam.pipeline.entity.AbstractHierarchicalEntity)2 BaseEntity (com.epam.pipeline.entity.BaseEntity)2 NodeInstance (com.epam.pipeline.entity.cluster.NodeInstance)2 AbstractRunConfigurationEntry (com.epam.pipeline.entity.configuration.AbstractRunConfigurationEntry)2 RunConfiguration (com.epam.pipeline.entity.configuration.RunConfiguration)2