Example 6 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogServiceTest method checkUserPermissions.
@Test
public void checkUserPermissions() throws Exception {
SecurityCatalogService catalogService = new SecurityCatalogService(null);
AclEntry userAclEntry = new AclEntry();
userAclEntry.setSidType(AclEntry.SidType.USER);
userAclEntry.setSidId(1L);
userAclEntry.setObjectId(1L);
userAclEntry.setObjectNamespace("topology");
userAclEntry.setPermissions(EnumSet.of(Permission.WRITE));
AclEntry roleAclEntry = new AclEntry();
roleAclEntry.setSidType(AclEntry.SidType.ROLE);
roleAclEntry.setSidId(1L);
roleAclEntry.setObjectId(1L);
roleAclEntry.setObjectNamespace("topology");
roleAclEntry.setPermissions(EnumSet.of(Permission.READ));
Role role = new Role();
role.setId(1L);
role.setName("ROLE_FOO");
List<QueryParam> qps1 = QueryParam.params(AclEntry.OBJECT_NAMESPACE, "topology", AclEntry.OBJECT_ID, "1", AclEntry.SID_TYPE, USER.toString(), AclEntry.SID_ID, "1");
List<QueryParam> qps2 = QueryParam.params(AclEntry.OBJECT_NAMESPACE, "topology", AclEntry.OBJECT_ID, "1", AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
User user = new User();
user.setRoles(Sets.newHashSet("ROLE_FOO"));
new Expectations(catalogService) {
{
catalogService.getUser(anyLong);
result = user;
catalogService.listAcls(qps1);
result = Arrays.asList(userAclEntry);
catalogService.getAllUserRoles(user);
result = Sets.newHashSet(role);
catalogService.listAcls(qps2);
result = Arrays.asList(roleAclEntry);
catalogService.getRole(1L);
result = role;
}
};
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.READ)));
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE)));
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE, Permission.READ)));
assertFalse(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE, Permission.DELETE)));
}
Also used :
Role(com.hortonworks.streamline.streams.security.catalog.Role)
Expectations(mockit.Expectations)
User(com.hortonworks.streamline.streams.security.catalog.User)
QueryParam(com.hortonworks.registries.common.QueryParam)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Test(org.junit.Test)
Example 7 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogService method getRole.
public Role getRole(Long roleId) {
Role role = new Role();
role.setId(roleId);
return this.dao.get(new StorableKey(Role.NAMESPACE, role.getPrimaryKey()));
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
StorableKey(com.hortonworks.registries.storage.StorableKey)
Example 8 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogService method removeUser.
public User removeUser(Long userId) {
User userToRemove = getUser(userId);
if (userToRemove != null) {
if (userToRemove.getRoles() != null) {
userToRemove.getRoles().forEach(roleName -> {
Optional<Role> r = getRole(roleName);
if (r.isPresent()) {
removeUserRole(userId, r.get().getId());
}
});
}
// remove permissions assigned to user
LOG.debug("Removing ACL entries for user {}", userToRemove);
List<QueryParam> qps = QueryParam.params(AclEntry.SID_ID, String.valueOf(userId), AclEntry.SID_TYPE, AclEntry.SidType.USER.toString());
listAcls(qps).forEach(aclEntry -> removeAcl(aclEntry.getId()));
return dao.remove(new StorableKey(User.NAMESPACE, userToRemove.getPrimaryKey()));
}
throw new IllegalArgumentException("No user with id: " + userId);
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
User(com.hortonworks.streamline.streams.security.catalog.User)
QueryParam(com.hortonworks.registries.common.QueryParam)
StorableKey(com.hortonworks.registries.storage.StorableKey)
Example 9 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogService method removeRole.
public Role removeRole(Long roleId) {
// check if role is part of any parent roles, if so parent role should be deleted first.
Set<Role> parentRoles = getParentRoles(roleId);
if (!parentRoles.isEmpty()) {
throw new IllegalStateException("Role is a child role of the following parent role(s): " + parentRoles + ". Parent roles must be deleted first.");
}
// check if role has any users
List<QueryParam> qps = QueryParam.params(UserRole.ROLE_ID, String.valueOf(roleId));
Collection<UserRole> userRoles = listUserRoles(qps);
if (!userRoles.isEmpty()) {
throw new IllegalStateException("Role has users");
}
// remove child role associations
qps = QueryParam.params(RoleHierarchy.PARENT_ID, String.valueOf(roleId));
Collection<RoleHierarchy> roleHierarchies = dao.find(RoleHierarchy.NAMESPACE, qps);
LOG.info("Removing child role association for role id {}", roleId);
roleHierarchies.forEach(rh -> removeChildRole(roleId, rh.getChildId()));
// remove permissions assigned to role
qps = QueryParam.params(AclEntry.SID_ID, String.valueOf(roleId), AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
LOG.info("Removing ACL entries for role id {}", roleId);
listAcls(qps).forEach(aclEntry -> removeAcl(aclEntry.getId()));
Role role = new Role();
role.setId(roleId);
return dao.remove(new StorableKey(Role.NAMESPACE, role.getPrimaryKey()));
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
QueryParam(com.hortonworks.registries.common.QueryParam)
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
StorableKey(com.hortonworks.registries.storage.StorableKey)
RoleHierarchy(com.hortonworks.streamline.streams.security.catalog.RoleHierarchy)
Example 10 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class DefaultStreamlineAuthorizer method userHasRole.
private boolean userHasRole(User user, String roleName) {
Set<String> userRoles = user.getRoles();
boolean res = false;
// top level roles
if (userRoles.contains(roleName)) {
res = true;
} else {
Role roleToCheck = new Role();
roleToCheck.setName(roleName);
// child roles
for (String userRole : userRoles) {
Optional<Role> role = catalogService.getRole(userRole);
if (role.isPresent()) {
if (catalogService.getChildRoles(role.get().getId()).contains(roleToCheck)) {
res = true;
break;
}
}
}
}
LOG.debug("User: {}, Role: {}, Result: {}", user.getName(), roleName, res);
return res;
}
Also used :
Role(com.hortonworks.streamline.streams.security.catalog.Role)
Aggregations
Role (com.hortonworks.streamline.streams.security.catalog.Role)17
UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)14
User (com.hortonworks.streamline.streams.security.catalog.User)9
Timed (com.codahale.metrics.annotation.Timed)6
QueryParam (com.hortonworks.registries.common.QueryParam)6
AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)6
Path (javax.ws.rs.Path)6
Permission (com.hortonworks.streamline.streams.security.Permission)5
RoleHierarchy (com.hortonworks.streamline.streams.security.catalog.RoleHierarchy)4
POST (javax.ws.rs.POST)4
StorableKey (com.hortonworks.registries.storage.StorableKey)3
AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)3
Roles (com.hortonworks.streamline.streams.security.Roles)3
SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)3
StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)3
ArrayList (java.util.ArrayList)3
EnumSet (java.util.EnumSet)3
Set (java.util.Set)3
Collectors (java.util.stream.Collectors)3
DELETE (javax.ws.rs.DELETE)3
