Examples with Permission com.hortonworks.streamline.streams.security.Permission used on opensource projects

Example 1 with Permission

use of com.hortonworks.streamline.streams.security.Permission in project streamline by hortonworks.

the class AclEntry method toMap.

@Override
public Map<String, Object> toMap() {
    ObjectMapper mapper = new ObjectMapper();
    Map<String, Object> map = super.toMap();
    map.put(SID_TYPE, sidType != null ? sidType.toString() : "");
    try {
        map.put(PERMISSIONS, permissions != null ? mapper.writerFor(new TypeReference<EnumSet<Permission>>() {
        }).writeValueAsString(permissions) : "");
    } catch (JsonProcessingException ex) {
        throw new RuntimeException(ex);
    }
    return map;
}

Example 2 with Permission

use of com.hortonworks.streamline.streams.security.Permission in project streamline by hortonworks.

the class SecurityCatalogService method checkUserPermissions.

public boolean checkUserPermissions(String objectNamespace, Long objectId, Long userId, EnumSet<Permission> required) {
    User user = getUser(userId);
    if (user == null) {
        return false;
    }
    EnumSet<Permission> remaining = EnumSet.copyOf(required);
    // try direct user acl entry first
    List<QueryParam> qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, USER.toString(), AclEntry.SID_ID, String.valueOf(userId));
    Collection<AclEntry> acls = listAcls(qps);
    if (acls.size() > 1) {
        throw new IllegalStateException("More than one ACL entry for " + qps);
    } else if (acls.size() == 1) {
        AclEntry aclEntry = acls.iterator().next();
        remaining.removeAll(aclEntry.getPermissions());
    }
    // try role based permissions next
    if (!remaining.isEmpty() && user.getRoles() != null) {
        qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
        acls = listAcls(qps);
        Set<Role> userRoles = getAllUserRoles(user);
        Iterator<AclEntry> it = acls.iterator();
        while (!remaining.isEmpty() && it.hasNext()) {
            AclEntry roleEntry = it.next();
            if (userRoles.contains(getRole(roleEntry.getSidId()))) {
                remaining.removeAll(roleEntry.getPermissions());
            }
        }
    }
    return remaining.isEmpty();
}

Example 3 with Permission

use of com.hortonworks.streamline.streams.security.Permission in project streamline by hortonworks.

the class AclEntry method fromMap.

@Override
public Storable fromMap(Map<String, Object> map) {
    ObjectMapper mapper = new ObjectMapper();
    setId((Long) map.get(ID));
    setObjectId((Long) map.get(OBJECT_ID));
    setObjectNamespace((String) map.get(OBJECT_NAMESPACE));
    setSidId((Long) map.get(SID_ID));
    setSidType(Enum.valueOf(SidType.class, (String) map.get(SID_TYPE)));
    String permissionsStr = (String) map.get(PERMISSIONS);
    if (!StringUtils.isEmpty(permissionsStr)) {
        EnumSet<Permission> permissions;
        try {
            permissions = mapper.readValue(permissionsStr, new TypeReference<EnumSet<Permission>>() {
            });
        } catch (IOException ex) {
            throw new RuntimeException(ex);
        }
        setPermissions(permissions);
    }
    setOwner((Boolean) map.get(OWNER));
    setGrant((Boolean) map.get(GRANT));
    setTimestamp((Long) map.get(TIMESTAMP));
    return this;
}

Example 4 with Permission

use of com.hortonworks.streamline.streams.security.Permission in project streamline by hortonworks.

the class SecurityCatalogResource method shouldAllowAclAddOrUpdate.

private boolean shouldAllowAclAddOrUpdate(AclEntry aclEntry, SecurityContext securityContext) {
    if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
        return true;
    }
    User currentUser = getCurrentUser(securityContext);
    // check if the current user is the owner or can grant permission on the specific object
    EnumSet<Permission> remaining = aclEntry.getPermissions();
    Collection<AclEntry> userAcls = catalogService.listUserAcls(currentUser.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
    for (AclEntry userAcl : userAcls) {
        if (userAcl.isOwner()) {
            return true;
        } else if (userAcl.isGrant()) {
            remaining.removeAll(userAcl.getPermissions());
            if (remaining.isEmpty()) {
                return true;
            }
        }
    }
    // check if any roles that the current user belongs to is the owner or can grant
    Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
    for (Role role : currentUserRoles) {
        Collection<AclEntry> roleAcls = catalogService.listRoleAcls(role.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
        for (AclEntry roleAcl : roleAcls) {
            if (roleAcl.isOwner()) {
                return true;
            } else if (roleAcl.isGrant()) {
                remaining.removeAll(roleAcl.getPermissions());
                if (remaining.isEmpty()) {
                    return true;
                }
            }
        }
    }
    return false;
}