use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method loadAllEntitiesPermissions.
public EntityWithPermissionVO loadAllEntitiesPermissions(AclClass aclClass, Integer page, Integer pageSize, boolean expandGroups, Integer filterMask) {
EntityWithPermissionVO result = new EntityWithPermissionVO();
Collection<? extends AbstractSecuredEntity> entities = entityManager.loadAllWithParents(aclClass, page, pageSize);
Map<AbstractSecuredEntity, List<AclPermissionEntry>> allPermissions = getEntitiesPermissions(entities);
result.setTotalCount(entityManager.loadTotalCount(aclClass));
List<EntityPermission> permissions = entities.stream().distinct().sorted(Comparator.comparingLong(BaseEntity::getId)).map(entity -> getEntityPermission(allPermissions, entity)).collect(toList());
if (expandGroups) {
expandGroups(permissions);
if (filterMask != null) {
permissions.forEach(entry -> {
Set<AclPermissionEntry> filtered = SetUtils.emptyIfNull(entry.getPermissions()).stream().filter(permission -> permissionsService.isMaskBitSet(permission.getMask(), filterMask)).collect(toSet());
entry.setPermissions(filtered);
});
}
}
result.setEntityPermissions(permissions);
return result;
}
use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.
the class FolderTemplateManagerTest method createFolderFromTemplateTest.
@Test
@Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = Exception.class)
@WithMockUser(username = TEST_USER)
public void createFolderFromTemplateTest() throws IOException {
Map<String, PipeConfValue> metadata = new HashMap<>();
metadata.put(DATA_KEY_1, new PipeConfValue(DATA_TYPE_1, DATA_VALUE_1));
DataStorageWithMetadataVO dataStorageVO = new DataStorageWithMetadataVO();
dataStorageVO.setName(DATASTORAGE_NAME_1);
dataStorageVO.setType(DataStorageType.S3);
dataStorageVO.setPath(TEST_PATH);
dataStorageVO.setMetadata(metadata);
PermissionVO permissionVO = new PermissionVO();
permissionVO.setMask(AclPermission.READ.getMask());
permissionVO.setUserName(TEST_ROLE);
permissionVO.setPrincipal(false);
FolderTemplate childFolderTemplate1 = FolderTemplate.builder().name(CHILD_TEMPLATE_FOLDER_NAME_1).build();
FolderTemplate folderTemplate = FolderTemplate.builder().name(TEMPLATE_FOLDER_NAME).datastorages(Stream.of(dataStorageVO).collect(Collectors.toList())).children(Stream.of(childFolderTemplate1).collect(Collectors.toList())).metadata(metadata).permissions(Stream.of(permissionVO).collect(Collectors.toList())).build();
Folder folder = new Folder();
folder.setName(TEMPLATE_FOLDER_NAME);
folderTemplateManager.createFolderFromTemplate(folder, folderTemplate);
Folder savedRootFolder = folderManager.loadByNameOrId(TEMPLATE_FOLDER_NAME);
savedRootFolder = folderManager.load(savedRootFolder.getId());
Assert.assertNotNull(savedRootFolder);
Long rootFolderId = savedRootFolder.getId();
List<EntityVO> metadataEntries = Collections.singletonList(new EntityVO(rootFolderId, AclClass.FOLDER));
Assert.assertEquals(metadata, metadataManager.listMetadataItems(metadataEntries).get(0).getData());
AbstractDataStorage clonedDataStorage = savedRootFolder.getStorages().get(0);
clonedDataStorage = dataStorageManager.load(clonedDataStorage.getId());
Assert.assertTrue(clonedDataStorage.getName().startsWith(DATASTORAGE_NAME_1));
Assert.assertTrue(clonedDataStorage.getPath().startsWith(TEST_PATH));
metadataEntries = Collections.singletonList(new EntityVO(clonedDataStorage.getId(), AclClass.DATA_STORAGE));
Assert.assertEquals(metadata, metadataManager.listMetadataItems(metadataEntries).get(0).getData());
List<AclPermissionEntry> rootFolderPermissions = permissionManager.getPermissions(rootFolderId, AclClass.FOLDER).getPermissions();
Assert.assertEquals(1, rootFolderPermissions.size());
AclPermissionEntry actualPermission = rootFolderPermissions.get(0);
Assert.assertEquals(permissionVO.getMask(), actualPermission.getMask());
Assert.assertEquals(permissionVO.getPrincipal(), actualPermission.getSid().isPrincipal());
Assert.assertEquals(permissionVO.getUserName(), actualPermission.getSid().getName());
Folder savedChildFolder = folderManager.loadByNameOrId(TEMPLATE_FOLDER_NAME + "/" + CHILD_TEMPLATE_FOLDER_NAME_1);
Assert.assertNotNull(savedChildFolder);
Assert.assertEquals(rootFolderId, savedChildFolder.getParentId());
}
use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method getEntityPermission.
private EntityPermission getEntityPermission(Map<AbstractSecuredEntity, List<AclPermissionEntry>> allPermissions, AbstractSecuredEntity entity) {
AbstractSecuredEntity aclEntity = getAclEntity(entity);
Map<AclSid, Integer> mergedPermissions = getEntityPermissions(aclEntity, allPermissions);
mergeWithParentPermissions(mergedPermissions, entity.getParent(), allPermissions);
Set<AclPermissionEntry> merged = buildAclPermissionEntries(mergedPermissions);
// clear parent, not to return full hierarchy
entity.clearParent();
EntityPermission entityPermission = new EntityPermission();
entityPermission.setEntity(entity);
entityPermission.setPermissions(merged);
return entityPermission;
}
use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method convertAclToEntry.
private AclSecuredEntry convertAclToEntry(AbstractSecuredEntity entity, MutableAcl acl) {
AclSecuredEntry entry = new AclSecuredEntry(entity);
acl.getEntries().forEach(aclEntry -> entry.addPermission(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
return entry;
}
use of com.epam.pipeline.entity.security.acl.AclPermissionEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method getPermissions.
public Map<AbstractSecuredEntity, List<AclPermissionEntry>> getPermissions(Set<AbstractSecuredEntity> securedEntities) {
Map<ObjectIdentity, Acl> acls = aclService.getObjectIdentities(securedEntities);
Map<AbstractSecuredEntity, List<AclPermissionEntry>> result = new HashMap<>();
securedEntities.forEach(securedEntity -> {
Acl acl = acls.get(new ObjectIdentityImpl(securedEntity));
Assert.isInstanceOf(MutableAcl.class, acl, messageHelper.getMessage(MessageConstants.ERROR_MUTABLE_ACL_RETURN));
List<AclPermissionEntry> permissions = new ArrayList<>();
acl.getEntries().forEach(aclEntry -> permissions.add(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
result.put(securedEntity, permissions);
});
return result;
}
Aggregations