Example 11 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class DefaultStreamlineAuthorizer method mayBeAssignAdminRole.
private void mayBeAssignAdminRole() {
LOG.info("Checking if admin users have admin role");
Role adminRole = catalogService.getRole(Roles.ROLE_ADMIN).orElseGet(() -> {
Role admin = new Role();
admin.setName("ROLE_ADMIN");
admin.setDisplayName("Admin");
admin.setDescription("Super user role that has all the system roles and privileges");
admin.setMetadata("{\"colorCode\":\"#8261be\",\"colorLabel\":\"purple\",\"icon\":\"gears\", \"menu\": [\"schemaRegistry\", \"modelRegistry\", \"udf\", \"dashboard\", \"topology\", \"authorizer\", \"notifier\", \"customprocessor\", \"servicepool\", \"environments\"], \"capabilities\": [{\"Applications\": \"Edit\"}, {\"Service Pool\": \"Edit\"}, {\"Environments\": \"Edit\"}, {\"Users\": \"Edit\"}, {\"Dashboard\": \"Edit\"}]}");
admin.setSystem(false);
return catalogService.addRole(admin);
});
adminUsers.stream().map(userName -> catalogService.getUser(userName)).filter(user -> {
if (userHasRole(user, Roles.ROLE_ADMIN)) {
LOG.info("user '{}' already has '{}'", user, Roles.ROLE_ADMIN);
return false;
} else {
return true;
}
}).forEach(user -> catalogService.addUserRole(user.getId(), adminRole.getId()));
}
Also used :
Role(com.hortonworks.streamline.streams.security.catalog.Role)
DuplicateEntityException(com.hortonworks.streamline.common.exception.DuplicateEntityException)
SecurityUtil(com.hortonworks.streamline.streams.security.SecurityUtil)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Roles(com.hortonworks.streamline.streams.security.Roles)
User(com.hortonworks.streamline.streams.security.catalog.User)
Logger(org.slf4j.Logger)
Permission(com.hortonworks.streamline.streams.security.Permission)
SecurityCatalogService(com.hortonworks.streamline.streams.security.service.SecurityCatalogService)
LoggerFactory(org.slf4j.LoggerFactory)
AuthorizationException(com.hortonworks.streamline.streams.security.AuthorizationException)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Map(java.util.Map)
Optional(java.util.Optional)
AuthenticationContext(com.hortonworks.streamline.streams.security.AuthenticationContext)
StreamlineAuthorizer(com.hortonworks.streamline.streams.security.StreamlineAuthorizer)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
EnumSet(java.util.EnumSet)
ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils)
Example 12 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogResource method deleteRole.
@DELETE
@Path("/roles/{id}")
@Timed
public Response deleteRole(@PathParam("id") Long roleId, @Context SecurityContext securityContext) {
SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
Role role = catalogService.removeRole(roleId);
if (role != null) {
return WSUtils.respondEntity(role, OK);
}
throw EntityNotFoundException.byId(roleId.toString());
}Example 13 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogResource method mayBeFillSidId.
// translate sid name to sid id if only name is provided
private void mayBeFillSidId(AclEntry aclEntry) {
if (aclEntry.getSidId() == null) {
if (!StringUtils.isEmpty(aclEntry.getSidName())) {
String name = aclEntry.getSidName();
if (aclEntry.getSidType() == AclEntry.SidType.USER) {
User user = catalogService.getUser(name);
if (user == null) {
throw EntityNotFoundException.byName("User name : " + name);
}
aclEntry.setSidId(user.getId());
} else {
Role role = catalogService.getRole(name).orElseThrow(() -> EntityNotFoundException.byName("Role name : " + name));
aclEntry.setSidId(role.getId());
}
} else {
throw new IllegalArgumentException("Sid id or Sid name must be provided");
}
}
}Example 14 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogResource method addRole.
@POST
@Path("/roles")
@Timed
public Response addRole(Role role, @Context SecurityContext securityContext) {
SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
Role createdRole = catalogService.addRole(role);
return WSUtils.respondEntity(createdRole, CREATED);
}Example 15 with Role
use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.
the class SecurityCatalogResource method shouldAllowAclGet.
private boolean shouldAllowAclGet(AclEntry aclEntry, SecurityContext securityContext) {
if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
return true;
}
User currentUser = getCurrentUser(securityContext);
Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
return matches(aclEntry, currentUser, currentUserRoles);
}Aggregations
Role (com.hortonworks.streamline.streams.security.catalog.Role)17
UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)14
User (com.hortonworks.streamline.streams.security.catalog.User)9
Timed (com.codahale.metrics.annotation.Timed)6
QueryParam (com.hortonworks.registries.common.QueryParam)6
AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)6
Path (javax.ws.rs.Path)6
Permission (com.hortonworks.streamline.streams.security.Permission)5
RoleHierarchy (com.hortonworks.streamline.streams.security.catalog.RoleHierarchy)4
POST (javax.ws.rs.POST)4
StorableKey (com.hortonworks.registries.storage.StorableKey)3
AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)3
Roles (com.hortonworks.streamline.streams.security.Roles)3
SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)3
StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)3
ArrayList (java.util.ArrayList)3
EnumSet (java.util.EnumSet)3
Set (java.util.Set)3
Collectors (java.util.stream.Collectors)3
DELETE (javax.ws.rs.DELETE)3
