use of com.infiniteautomation.mango.spring.service.PermissionService in project ma-core-public by infiniteautomation.
the class UserEventMulticasterTest method testMulticastEventsForUsersWithPermissions.
@Test
public void testMulticastEventsForUsersWithPermissions() {
PermissionService service = Common.getBean(PermissionService.class);
int dataPointId = 1;
int eventCount = 100;
int userCount = 5 * 6;
// Add them out of order so the tree is jumbled with permissions hither and yon
List<User> users = new ArrayList<>();
int added = 0;
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com", PermissionHolder.SUPERADMIN_ROLE));
added++;
}
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com", mockRole.getRole()));
added++;
}
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com"));
added++;
}
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com", PermissionHolder.SUPERADMIN_ROLE));
added++;
}
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com", mockRole.getRole()));
added++;
}
for (int i = 0; i < (userCount / 6); i++) {
users.add(createUser("User" + added, "user" + added, "password", "user" + added + "@yourMangoDomain.com"));
added++;
}
List<Integer> idsToNotify = new ArrayList<>();
List<MockUserEventListener> listeners = new ArrayList<>();
UserEventListener multicaster = null;
MockEventType mockEventType = new MockEventType(DuplicateHandling.ALLOW, null, 0, dataPointId, this.mockRole.getRole());
for (User u : users) {
MockUserEventListener l = new MockUserEventListener(u);
if (// This work is normally done by the event manager handling the raiseEvent calls
mockEventType.hasPermission(u, service))
// through an EventNotifyWorkItem
idsToNotify.add(u.getId());
listeners.add(l);
multicaster = UserEventMulticaster.add(multicaster, l);
}
List<EventInstance> events = new ArrayList<>();
long time = 0;
for (int i = 0; i < eventCount; i++) {
EventInstance event = createMockEventInstance(i, dataPointId, time);
events.add(event);
event.setIdsToNotify(idsToNotify);
multicaster.raised(event);
time += 1;
}
// Ack
for (EventInstance e : events) multicaster.acknowledged(e);
// Rtn
for (EventInstance e : events) multicaster.returnToNormal(e);
// Confirm those with correct permissions permissions saw all raised
for (MockUserEventListener l : listeners) {
if (!(service.hasPermission(l.getUser(), MangoPermission.requireAnyRole(mockRole.getRole())) || service.hasAdminRole(l.getUser()))) {
assertEquals(0, l.getRaised().size());
} else {
assertEquals(eventCount, l.getRaised().size());
}
}
// Confirm those with permissions saw all acked
for (MockUserEventListener l : listeners) {
if (!(service.hasPermission(l.getUser(), MangoPermission.requireAnyRole(mockRole.getRole())) || service.hasAdminRole(l.getUser()))) {
assertEquals(0, l.getAcknowledged().size());
} else {
assertEquals(eventCount, l.getAcknowledged().size());
}
}
// Confirm those with permissions saw all rtned
for (MockUserEventListener l : listeners) {
if (!(service.hasPermission(l.getUser(), MangoPermission.requireAnyRole(mockRole.getRole())) || service.hasAdminRole(l.getUser()))) {
assertEquals(0, l.getReturned().size());
} else {
assertEquals(eventCount, l.getReturned().size());
}
}
}
use of com.infiniteautomation.mango.spring.service.PermissionService in project ma-core-public by infiniteautomation.
the class RoleDao method joinPermissions.
@Override
public <R extends Record> SelectJoinStep<R> joinPermissions(SelectJoinStep<R> select, PermissionHolder user) {
PermissionService permissionService = permissionServiceSupplier.get();
Set<Role> heldRoles = permissionService.getAllInheritedRoles(user);
if (heldRoles.contains(PermissionHolder.SUPERADMIN_ROLE)) {
return select;
}
List<String> xids = heldRoles.stream().map(Role::getXid).collect(Collectors.toList());
return select.innerJoin(DSL.selectOne()).on(table.xid.in(xids));
}
use of com.infiniteautomation.mango.spring.service.PermissionService in project ma-core-public by infiniteautomation.
the class RoleDao method createSubSelectMap.
@Override
protected Map<String, RQLSubSelectCondition> createSubSelectMap() {
Map<String, RQLSubSelectCondition> subselects = super.createSubSelectMap();
subselects.put("inherited", (operation, node) -> {
if (operation != RQLOperation.CONTAINS) {
throw new RQLVisitException(String.format("Unsupported node type '%s' for field '%s'", node.getName(), node.getArgument(0)));
}
PermissionService permissionService = permissionServiceSupplier.get();
Set<Integer> roleIds = extractArrayArguments(node, o -> o == null ? null : o.toString()).stream().filter(Objects::nonNull).map(permissionService::getRole).filter(Objects::nonNull).map(Role::getId).collect(Collectors.toSet());
SelectConditionStep<Record1<Integer>> afterWhere;
if (!roleIds.isEmpty()) {
SelectJoinStep<Record1<Integer>> select = create.select(RoleInheritance.ROLE_INHERITANCE.roleId).from(RoleInheritance.ROLE_INHERITANCE);
afterWhere = select.where(RoleInheritance.ROLE_INHERITANCE.inheritedRoleId.in(roleIds));
} else {
// Find all roles with no inherited roles
SelectJoinStep<Record1<Integer>> select = create.select(getIdField()).from(table);
SelectOnConditionStep<Record1<Integer>> afterJoin = select.leftJoin(RoleInheritance.ROLE_INHERITANCE).on(RoleInheritance.ROLE_INHERITANCE.roleId.eq(getIdField()));
afterWhere = afterJoin.where(RoleInheritance.ROLE_INHERITANCE.roleId.isNull());
}
return table.id.in(afterWhere.asField());
});
subselects.put("inheritedBy", (operation, node) -> {
if (operation != RQLOperation.CONTAINS) {
throw new RQLVisitException(String.format("Unsupported node type '%s' for field '%s'", node.getName(), node.getArgument(0)));
}
PermissionService permissionService = permissionServiceSupplier.get();
Set<Integer> roleIds = extractArrayArguments(node, o -> o == null ? null : o.toString()).stream().filter(Objects::nonNull).map(permissionService::getRole).filter(Objects::nonNull).map(Role::getId).collect(Collectors.toSet());
SelectConditionStep<Record1<Integer>> afterWhere;
if (!roleIds.isEmpty()) {
// Find all roles inherited by this role
SelectJoinStep<Record1<Integer>> select = create.select(RoleInheritance.ROLE_INHERITANCE.inheritedRoleId).from(RoleInheritance.ROLE_INHERITANCE);
afterWhere = select.where(RoleInheritance.ROLE_INHERITANCE.roleId.in(roleIds));
} else {
// Find all roles with that are not inherited by any role
SelectJoinStep<Record1<Integer>> select = create.select(getIdField()).from(table);
SelectOnConditionStep<Record1<Integer>> afterJoin = select.leftJoin(RoleInheritance.ROLE_INHERITANCE).on(RoleInheritance.ROLE_INHERITANCE.inheritedRoleId.eq(getIdField()));
afterWhere = afterJoin.where(RoleInheritance.ROLE_INHERITANCE.inheritedRoleId.isNull());
}
return table.id.in(afterWhere.asField());
});
return subselects;
}
use of com.infiniteautomation.mango.spring.service.PermissionService in project ma-core-public by infiniteautomation.
the class LazyFieldJsonTest method testLazyPermissionFromJsonObject.
@Test
public void testLazyPermissionFromJsonObject() {
RoleService roleService = Common.getBean(RoleService.class);
PermissionService permissionService = Common.getBean(PermissionService.class);
Role role1 = roleService.insert(new RoleVO(Common.NEW_ID, "XID-1", "Role 1")).getRole();
Role role2 = roleService.insert(new RoleVO(Common.NEW_ID, "XID-2", "Role 2")).getRole();
LazyField<MangoPermission> permission = new LazyField<>(() -> MangoPermission.builder().minterm(role1, role2).build());
try (StringWriter stringWriter = new StringWriter()) {
JsonWriter writer = new JsonWriter(Common.JSON_CONTEXT, stringWriter);
JsonTypeWriter typeWriter = new JsonTypeWriter(Common.JSON_CONTEXT);
JsonValue value = typeWriter.writeObject(permission);
writer.setPrettyIndent(0);
writer.setPrettyOutput(true);
writer.writeObject(value);
String json = stringWriter.toString();
JsonTypeReader typeReader = new JsonTypeReader(json);
JsonValue read = typeReader.read();
JsonArray root = read.toJsonArray();
JsonReader reader = new JsonReader(Common.JSON_CONTEXT, root);
ImportContext context = new ImportContext(reader, new ProcessResult(), Common.getTranslations());
LazyField<MangoPermission> readPermission = new LazyField<>();
TypeDefinition lazyType = new TypeDefinition(LazyField.class, MangoPermission.class);
context.getReader().readInto(lazyType, readPermission, root);
assertEquals(permission.get(), readPermission.get());
} catch (IOException | JsonException e) {
e.printStackTrace();
fail(e.getMessage());
}
}
use of com.infiniteautomation.mango.spring.service.PermissionService in project ma-core-public by infiniteautomation.
the class PermissionPersistenceTest method testModifyPermission.
/**
* Modify a permission and ensure that it is retrieved correctly from the database after
*/
@Test
public void testModifyPermission() {
PermissionService service = Common.getBean(PermissionService.class);
// insert some roles
Set<Role> roles = this.createRoles(2).stream().map(r -> r.getRole()).collect(Collectors.toSet());
// insert the permission
MangoPermission permission = service.findOrCreate(MangoPermission.requireAnyRole(roles));
MangoPermission read = service.get(permission.getId());
assertEquals(2, read.getRoles().size());
Iterator<Set<Role>> it = read.getRoles().iterator();
Role toKeep = it.next().iterator().next();
MangoPermission keep = service.findOrCreate(MangoPermission.requireAnyRole(toKeep));
read = service.get(keep.getId());
assertEquals(1, read.getRoles().size());
}
Aggregations