Example 6 with AuthorizationRule
use of com.sequenceiq.authorization.service.model.AuthorizationRule in project cloudbreak by hortonworks.
the class ResourceCrnAthorizationProviderTest method testAuthorizationWhenEnvCrnIsPresent.
@Test
public void testAuthorizationWhenEnvCrnIsPresent() {
Optional<AuthorizationRule> expected = Optional.of(new HasRightOnAny(ACTION, List.of(ENV_CRN, RESOURCE_CRN)));
when(environmentBasedAuthorizationProvider.getAuthorizations(RESOURCE_CRN, ACTION)).thenReturn(expected);
Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(), USER_CRN, null, null);
assertEquals(expected, authorization);
}
Also used :
HasRightOnAny(com.sequenceiq.authorization.service.model.HasRightOnAny)
AuthorizationRule(com.sequenceiq.authorization.service.model.AuthorizationRule)
Test(org.junit.Test)
Example 7 with AuthorizationRule
use of com.sequenceiq.authorization.service.model.AuthorizationRule in project cloudbreak by hortonworks.
the class ResourceNameListAuthorizationFactoryTest method testAuthorization.
@Test
public void testAuthorization() {
when(commonPermissionCheckingUtils.getParameter(any(), any(), any(), any())).thenReturn(RESOURCES);
when(resourceBasedCrnProvider.getResourceCrnListByResourceNameList(anyList())).thenReturn(RESOURCE_CRNS);
Optional<AuthorizationRule> expected = Optional.of(new HasRightOnAll(ACTION, RESOURCE_CRNS));
when(resourceCrnListAuthorizationFactory.calcAuthorization(anyCollection(), any())).thenReturn(expected);
Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(), USER_CRN, null, null);
verify(commonPermissionCheckingUtils).getParameter(any(), any(), eq(ResourceNameList.class), eq(Collection.class));
verify(resourceCrnListAuthorizationFactory).calcAuthorization(RESOURCE_CRNS, ACTION);
assertEquals(expected, authorization);
}
Also used :
CheckPermissionByResourceNameList(com.sequenceiq.authorization.annotation.CheckPermissionByResourceNameList)
ResourceNameList(com.sequenceiq.authorization.annotation.ResourceNameList)
Collection(java.util.Collection)
ArgumentMatchers.anyCollection(org.mockito.ArgumentMatchers.anyCollection)
AuthorizationRule(com.sequenceiq.authorization.service.model.AuthorizationRule)
HasRightOnAll(com.sequenceiq.authorization.service.model.HasRightOnAll)
Test(org.junit.Test)
Example 8 with AuthorizationRule
use of com.sequenceiq.authorization.service.model.AuthorizationRule in project cloudbreak by hortonworks.
the class UtilAuthorizationService method addRightCheck.
private void addRightCheck(String resourceCrn, RightV4 rightV4, Multimap<ImmutablePair<String, RightV4>, AuthorizationProto.RightCheck> resourceRightsChecks) {
Optional<AuthorizationRule> authorizationRuleOptional = resourceCrnAthorizationFactory.calcAuthorization(resourceCrn, rightV4.getAction());
if (authorizationRuleOptional.isPresent()) {
AuthorizationRule authorizationRule = authorizationRuleOptional.get();
authorizationRule.convert((action, resource) -> {
AuthorizationProto.RightCheck rightCheckObject = createRightCheckObject(action.getRight(), resource);
resourceRightsChecks.put(new ImmutablePair<>(resourceCrn, rightV4), rightCheckObject);
});
} else {
AuthorizationProto.RightCheck rightCheckObject = createRightCheckObject(rightV4.getAction().getRight(), resourceCrn);
resourceRightsChecks.put(new ImmutablePair<>(resourceCrn, rightV4), rightCheckObject);
LOGGER.info("Can't find authorization rules for the following resource:{} ({}). " + "Please make sure you are calling the right service for the resource?", resourceCrn, rightV4.getAction());
}
}
Also used :
AuthorizationProto(com.cloudera.thunderhead.service.authorization.AuthorizationProto)
AuthorizationRule(com.sequenceiq.authorization.service.model.AuthorizationRule)
Example 9 with AuthorizationRule
use of com.sequenceiq.authorization.service.model.AuthorizationRule in project cloudbreak by hortonworks.
the class RequestPropertyAuthorizationFactoryTest method testOnName.
@Test
public void testOnName() {
when(commonPermissionCheckingUtils.getParameter(any(), any(), any(), any())).thenReturn(new SampleRequestObject(RESOURCE_NAME));
Optional<AuthorizationRule> expected = Optional.of(new HasRight(DELETE_DATAHUB, RESOURCE_CRN));
when(resourceNameAuthorizationFactory.calcAuthorization(anyString(), any())).thenReturn(expected);
Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(NAME, DELETE_DATAHUB, false, "field"), USER_CRN, null, null);
verify(resourceNameAuthorizationFactory).calcAuthorization(RESOURCE_NAME, DELETE_DATAHUB);
assertEquals(expected, authorization);
}
Also used :
HasRight(com.sequenceiq.authorization.service.model.HasRight)
AuthorizationRule(com.sequenceiq.authorization.service.model.AuthorizationRule)
Test(org.junit.Test)
Aggregations
AuthorizationRule (com.sequenceiq.authorization.service.model.AuthorizationRule)9
Test (org.junit.Test)8
HasRightOnAll (com.sequenceiq.authorization.service.model.HasRightOnAll)4
HasRight (com.sequenceiq.authorization.service.model.HasRight)3
Collection (java.util.Collection)2
ArgumentMatchers.anyCollection (org.mockito.ArgumentMatchers.anyCollection)2
AuthorizationProto (com.cloudera.thunderhead.service.authorization.AuthorizationProto)1
CheckPermissionByResourceCrnList (com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrnList)1
CheckPermissionByResourceNameList (com.sequenceiq.authorization.annotation.CheckPermissionByResourceNameList)1
ResourceCrnList (com.sequenceiq.authorization.annotation.ResourceCrnList)1
ResourceNameList (com.sequenceiq.authorization.annotation.ResourceNameList)1
HasRightOnAny (com.sequenceiq.authorization.service.model.HasRightOnAny)1
