Examples with OSecurityUser com.orientechnologies.orient.core.metadata.security.OSecurityUser used on opensource projects

Example 1 with OSecurityUser

use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project guice-persist-orient by xvik.

the class UserManager method executeWithTxUser.

/**
 * Changes current connection user. Affects only current transaction and can't be used outside of transaction
 * ({@link ODatabaseDocumentTx#setUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)}).
 * <p>
 * Recursive user changes are not allowed, so attempt to change user under already changed user will
 * lead to error. The only exception is change to the same user (in this case change is ignored).
 * <p>
 * Action approach is important to explicitly define scope of specific user and
 * properly cleanup state (which may be not done in case of direct override).
 * <p>
 * Propagates runtime exceptions (orient exceptions).
 *
 * @param user       specific user
 * @param userAction logic to execute with specific user
 * @param <T>        type of returned result (may be Void)
 * @return action result (may be null)
 */
public <T> T executeWithTxUser(final OSecurityUser user, final SpecificUserAction<T> userAction) {
    final boolean userChanged = checkSpecificUserConditions(user.getName());
    final ODatabaseDocumentTx db = connectionProvider.get();
    final OSecurityUser original = db.getUser();
    if (userChanged) {
        // no need to track user change if user not changed
        specificTxUser.set(user);
        db.setUser(user);
    }
    T result = null;
    try {
        result = userAction.execute();
    } catch (Throwable th) {
        Throwables.throwIfUnchecked(th);
        throw new UserActionException(String.format("Failed to perform tx action with user '%s'", user.getName()), th);
    } finally {
        if (userChanged) {
            db.setUser(original);
            specificTxUser.remove();
        }
    }
    return result;
}

Example 2 with OSecurityUser

use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project wicket-orientdb by OrienteerBAP.

the class TestRestApi method testQueryCoding.

@Test
public void testQueryCoding() throws Exception {
    OSecurityUser currentUser = wicket.getTester().getDatabase().getUser();
    ODocument userDoc = currentUser.getDocument();
    String rid = userDoc.getIdentity().toString();
    String sql = "select * from OUser where @rid = " + rid;
    String url = "orientdb/query/db/sql/" + URLEncoder.encode(sql, "UTF8");
    String ret = wicket.getTester().executeUrl(url, "GET", null);
    assertTrue(ret.contains(userDoc.getIdentity().toString()));
    assertTrue(ret.contains((String) userDoc.field("name")));
    assertTrue(ret.contains((String) userDoc.field("password")));
}

Example 3 with OSecurityUser

use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project wicket-orientdb by OrienteerBAP.

the class OrientResourceAuthorizationStrategy method checkResource.

/**
 * Check that current user has access to mentioned resource
 * @param resource {@link RequiredOrientResource} to check
 * @param action {@link Action} to check for
 * @return true if access is allowed
 */
public boolean checkResource(RequiredOrientResource resource, Action action) {
    if (!resource.action().equals(action.getName()))
        return true;
    OSecurityUser user = OrientDbWebSession.get().getUser();
    if (user == null)
        return false;
    int iOperation = OrientPermission.combinedPermission(resource.permissions());
    ORule.ResourceGeneric value = OSecurityHelper.getResourceGeneric(resource.value());
    String specific = resource.specific();
    if (Strings.isEmpty(specific))
        specific = null;
    if (user.checkIfAllowed(value, specific, iOperation) != null)
        return true;
    while (!Strings.isEmpty(specific = Strings.beforeLastPathComponent(specific, '.'))) {
        if (user.checkIfAllowed(value, specific + "." + ODatabaseSecurityResources.ALL, iOperation) != null)
            return true;
    }
    return false;
}

Example 4 with OSecurityUser

use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.

the class OCommandExecutorSQLSelect method isUsingRestrictedClasses.

private boolean isUsingRestrictedClasses() {
    boolean restrictedClasses = false;
    final OSecurityUser user = getDatabase().getUser();
    if (parsedTarget.getTargetClasses() != null && user != null && user.checkIfAllowed(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_READ) == null) {
        for (String className : parsedTarget.getTargetClasses().keySet()) {
            final OClass cls = getDatabase().getMetadata().getSchema().getClass(className);
            if (cls.isSubClassOf(OSecurityShared.RESTRICTED_CLASSNAME)) {
                restrictedClasses = true;
                break;
            }
        }
    }
    return restrictedClasses;
}

Example 5 with OSecurityUser

use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.

the class OAbstractPaginatedStorage method executeCommand.

public Object executeCommand(final OCommandRequestText iCommand, final OCommandExecutor executor) {
    try {
        if (iCommand.isIdempotent() && !executor.isIdempotent())
            throw new OCommandExecutionException("Cannot execute non idempotent command");
        long beginTime = Orient.instance().getProfiler().startChrono();
        try {
            ODatabaseDocumentInternal db = ODatabaseRecordThreadLocal.INSTANCE.get();
            // CALL BEFORE COMMAND
            Iterable<ODatabaseListener> listeners = db.getListeners();
            for (ODatabaseListener oDatabaseListener : listeners) {
                oDatabaseListener.onBeforeCommand(iCommand, executor);
            }
            boolean foundInCache = false;
            Object result = null;
            if (iCommand.isCacheableResult() && executor.isCacheable() && iCommand.getParameters() == null) {
                // TRY WITH COMMAND CACHE
                result = db.getMetadata().getCommandCache().get(db.getUser(), iCommand.getText(), iCommand.getLimit());
                if (result != null) {
                    foundInCache = true;
                    if (iCommand.getResultListener() != null) {
                        // INVOKE THE LISTENER IF ANY
                        if (result instanceof Collection) {
                            for (Object o : (Collection) result) iCommand.getResultListener().result(o);
                        } else
                            iCommand.getResultListener().result(result);
                        // RESET THE RESULT TO AVOID TO SEND IT TWICE
                        result = null;
                    }
                }
            }
            if (!foundInCache) {
                // EXECUTE THE COMMAND
                result = executor.execute(iCommand.getParameters());
                if (result != null && iCommand.isCacheableResult() && executor.isCacheable() && (iCommand.getParameters() == null || iCommand.getParameters().isEmpty()))
                    // CACHE THE COMMAND RESULT
                    db.getMetadata().getCommandCache().put(db.getUser(), iCommand.getText(), result, iCommand.getLimit(), executor.getInvolvedClusters(), System.currentTimeMillis() - beginTime);
            }
            // CALL AFTER COMMAND
            for (ODatabaseListener oDatabaseListener : listeners) {
                oDatabaseListener.onAfterCommand(iCommand, executor, result);
            }
            return result;
        } catch (OException e) {
            // PASS THROUGH
            throw e;
        } catch (Exception e) {
            throw OException.wrapException(new OCommandExecutionException("Error on execution of command: " + iCommand), e);
        } finally {
            if (Orient.instance().getProfiler().isRecording()) {
                final ODatabaseDocumentInternal db = ODatabaseRecordThreadLocal.INSTANCE.getIfDefined();
                if (db != null) {
                    final OSecurityUser user = db.getUser();
                    final String userString = user != null ? user.toString() : null;
                    Orient.instance().getProfiler().stopChrono("db." + ODatabaseRecordThreadLocal.INSTANCE.get().getName() + ".command." + iCommand.toString(), "Command executed against the database", beginTime, "db.*.command.*", null, userString);
                }
            }
        }
    } catch (RuntimeException e) {
        throw logAndPrepareForRethrow(e);
    } catch (Error e) {
        throw logAndPrepareForRethrow(e);
    } catch (Throwable t) {
        throw logAndPrepareForRethrow(t);
    }
}