Example 1 with ORole
use of com.orientechnologies.orient.core.metadata.security.ORole in project orientdb by orientechnologies.
the class OCommandExecutorSQLGrantRevokeTest method grantServerRemove.
@Test
public void grantServerRemove() {
ODatabaseDocumentTx db = new ODatabaseDocumentTx("memory:grant");
try {
db.create();
ORole testRole = db.getMetadata().getSecurity().createRole("testRole", OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
assertFalse(testRole.allow(ORule.ResourceGeneric.SERVER, "server", ORole.PERMISSION_EXECUTE));
db.command(new OCommandSQL("GRANT execute on server.remove to testRole")).execute();
testRole = db.getMetadata().getSecurity().getRole("testRole");
assertTrue(testRole.allow(ORule.ResourceGeneric.SERVER, "remove", ORole.PERMISSION_EXECUTE));
db.command(new OCommandSQL("REVOKE execute on server.remove from testRole")).execute();
testRole = db.getMetadata().getSecurity().getRole("testRole");
assertFalse(testRole.allow(ORule.ResourceGeneric.SERVER, "remove", ORole.PERMISSION_EXECUTE));
} finally {
db.drop();
}
}
Also used :
ORole(com.orientechnologies.orient.core.metadata.security.ORole)
ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)
Test(org.junit.Test)
Example 2 with ORole
use of com.orientechnologies.orient.core.metadata.security.ORole in project orientdb by orientechnologies.
the class SQLFunctionsTest method queryCountExtendsRestricted.
public void queryCountExtendsRestricted() {
OClass restricted = database.getMetadata().getSchema().getClass("ORestricted");
Assert.assertNotNull(restricted);
database.getMetadata().getSchema().createClass("QueryCountExtendsRestrictedClass", restricted);
OUser admin = database.getMetadata().getSecurity().getUser("admin");
OUser reader = database.getMetadata().getSecurity().getUser("reader");
ORole byPassRestrictedRole = database.getMetadata().getSecurity().createRole("byPassRestrictedRole", ORole.ALLOW_MODES.DENY_ALL_BUT);
byPassRestrictedRole.addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_READ);
byPassRestrictedRole.save();
database.getMetadata().getSecurity().createUser("superReader", "superReader", "reader", "byPassRestrictedRole");
ODocument docAdmin = new ODocument("QueryCountExtendsRestrictedClass");
docAdmin.field("_allowRead", new HashSet<OIdentifiable>(Arrays.asList(admin.getDocument().getIdentity())));
docAdmin.save();
ODocument docReader = new ODocument("QueryCountExtendsRestrictedClass");
docReader.field("_allowRead", new HashSet<OIdentifiable>(Arrays.asList(reader.getDocument().getIdentity())));
docReader.save();
List<ODocument> result = database.query(new OSQLSynchQuery<ODocument>("select count(*) from QueryCountExtendsRestrictedClass"));
ODocument count = result.get(0);
Assert.assertEquals(2L, count.field("count"));
database.close();
database.open("admin", "admin");
result = database.query(new OSQLSynchQuery<ODocument>("select count(*) from QueryCountExtendsRestrictedClass"));
count = result.get(0);
Assert.assertEquals(2L, count.field("count"));
database.close();
database.open("reader", "reader");
result = database.query(new OSQLSynchQuery<ODocument>("select count(*) from QueryCountExtendsRestrictedClass"));
count = result.get(0);
Assert.assertEquals(1L, count.field("count"));
database.close();
database.open("superReader", "superReader");
result = database.query(new OSQLSynchQuery<ODocument>("select count(*) from QueryCountExtendsRestrictedClass"));
count = result.get(0);
Assert.assertEquals(2L, count.field("count"));
}
Also used :
ORole(com.orientechnologies.orient.core.metadata.security.ORole)
OSQLSynchQuery(com.orientechnologies.orient.core.sql.query.OSQLSynchQuery)
OClass(com.orientechnologies.orient.core.metadata.schema.OClass)
OUser(com.orientechnologies.orient.core.metadata.security.OUser)
OIdentifiable(com.orientechnologies.orient.core.db.record.OIdentifiable)
ODocument(com.orientechnologies.orient.core.record.impl.ODocument)
Example 3 with ORole
use of com.orientechnologies.orient.core.metadata.security.ORole in project orientdb by orientechnologies.
the class DbCreationTest method testRoles.
@Test(dependsOnMethods = { "testChangeLocale" })
public void testRoles() throws IOException {
database = new OObjectDatabaseTx(url);
database.open("admin", "admin");
database.query(new OSQLSynchQuery<ORole>("select from ORole where name = 'admin'"));
database.close();
}
Also used :
ORole(com.orientechnologies.orient.core.metadata.security.ORole)
OObjectDatabaseTx(com.orientechnologies.orient.object.db.OObjectDatabaseTx)
Example 4 with ORole
use of com.orientechnologies.orient.core.metadata.security.ORole in project orientdb by orientechnologies.
the class OServerCommandGetDatabase method exportSecurityInfo.
private void exportSecurityInfo(ODatabaseDocument db, OJSONWriter json) throws IOException {
json.beginCollection("users");
for (ODocument doc : db.getMetadata().getSecurity().getAllUsers()) {
OUser user = new OUser(doc);
json.beginObject();
json.writeAttribute("name", user.getName());
json.writeAttribute("roles", user.getRoles() != null ? Arrays.toString(user.getRoles().toArray()) : "null");
json.endObject();
}
json.endCollection();
json.beginCollection("roles");
ORole role;
for (ODocument doc : db.getMetadata().getSecurity().getAllRoles()) {
role = new ORole(doc);
json.beginObject();
json.writeAttribute("name", role.getName());
json.writeAttribute("mode", role.getMode().toString());
json.beginCollection("rules");
if (role.getRules() != null) {
for (Map.Entry<String, Byte> rule : role.getRules().entrySet()) {
json.beginObject();
json.writeAttribute("name", rule.getKey());
json.writeAttribute("create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
json.writeAttribute("read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
json.writeAttribute("update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
json.writeAttribute("delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
json.endObject();
}
}
json.endCollection();
json.endObject();
}
json.endCollection();
}Example 5 with ORole
use of com.orientechnologies.orient.core.metadata.security.ORole in project wicket-orientdb by OrienteerBAP.
the class OrientDbWebApplication method fixOrientDBRights.
/**
* Required for explicit update of rights due to changes in OrientDB 2.2.23
* Related issue: https://github.com/orientechnologies/orientdb/issues/7549
* @param db - database to apply fix on
*/
public void fixOrientDBRights(ODatabase<?> db) {
OSecurity security = db.getMetadata().getSecurity();
ORole readerRole = security.getRole("reader");
readerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ);
readerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ);
readerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ);
readerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ);
readerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ);
readerRole.save();
ORole writerRole = security.getRole("writer");
writerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ);
writerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ);
writerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ);
writerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ);
writerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ);
writerRole.save();
}Aggregations
ORole (com.orientechnologies.orient.core.metadata.security.ORole)9
OUser (com.orientechnologies.orient.core.metadata.security.OUser)4
ODocument (com.orientechnologies.orient.core.record.impl.ODocument)3
OClass (com.orientechnologies.orient.core.metadata.schema.OClass)2
Test (org.testng.annotations.Test)2
OStorageEntryConfiguration (com.orientechnologies.orient.core.config.OStorageEntryConfiguration)1
ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)1
OIdentifiable (com.orientechnologies.orient.core.db.record.OIdentifiable)1
OCommandExecutionException (com.orientechnologies.orient.core.exception.OCommandExecutionException)1
ODatabaseException (com.orientechnologies.orient.core.exception.ODatabaseException)1
OSecurityAccessException (com.orientechnologies.orient.core.exception.OSecurityAccessException)1
ORule (com.orientechnologies.orient.core.metadata.security.ORule)1
OSecurity (com.orientechnologies.orient.core.metadata.security.OSecurity)1
OJSONWriter (com.orientechnologies.orient.core.serialization.serializer.OJSONWriter)1
OSQLSynchQuery (com.orientechnologies.orient.core.sql.query.OSQLSynchQuery)1
OCluster (com.orientechnologies.orient.core.storage.OCluster)1
OObjectDatabaseTx (com.orientechnologies.orient.object.db.OObjectDatabaseTx)1
IOException (java.io.IOException)1
StringWriter (java.io.StringWriter)1
HashSet (java.util.HashSet)1
