Examples with HasRight com.sequenceiq.authorization.service.model.HasRight used on opensource projects

Example 1 with HasRight

use of com.sequenceiq.authorization.service.model.HasRight in project cloudbreak by hortonworks.

the class ResourceAuthorizationServiceTest method testAccessDeniedCombined.

@Test
public void testAccessDeniedCombined() throws NoSuchMethodException {
    Method method = ExampleClass.class.getMethod("methodCombined", String.class, String.class);
    when(methodSignature.getMethod()).thenReturn(method);
    when(authorizationFactory1.getAuthorization(any(), any(), any(), any())).thenReturn(Optional.of(new HasRight(AuthorizationResourceAction.EDIT_ENVIRONMENT, "crn1")));
    when(authorizationFactory2.getAuthorization(any(), any(), any(), any())).thenReturn(Optional.of(new HasRight(AuthorizationResourceAction.DESCRIBE_CREDENTIAL, "crn2")));
    when(grpcUmsClient.hasRights(anyString(), anyList(), any(), any())).thenReturn(List.of(false, false));
    AccessDeniedException accessDeniedException = assertThrows(AccessDeniedException.class, () -> {
        ThreadBasedUserCrnProvider.doAs(USER_CRN, () -> underTest.authorize(USER_CRN, proceedingJoinPoint, methodSignature, Optional.of("requestId")));
    });
    assertEquals("Not authorized for the following reasons. Doesn't have 'environments/editEnvironment' right on unknown resource type [crn: crn1]. " + "Doesn't have 'environments/describeCredential' right on unknown resource type [crn: crn2].", accessDeniedException.getMessage());
    verify(grpcUmsClient).hasRights(anyString(), captor.capture(), any(), any());
    List<RightCheck> rightChecks = captor.getValue();
    assertEquals(2, rightChecks.size());
    assertEquals("environments/editEnvironment", rightChecks.get(0).getRight());
    assertEquals("crn1", rightChecks.get(0).getResource());
    assertEquals("environments/describeCredential", rightChecks.get(1).getRight());
    assertEquals("crn2", rightChecks.get(1).getResource());
}

Example 2 with HasRight

use of com.sequenceiq.authorization.service.model.HasRight in project cloudbreak by hortonworks.

the class ResourceCrnAthorizationProviderTest method testAuthorizationWhenEnvCrnNotPresent.

@Test
public void testAuthorizationWhenEnvCrnNotPresent() {
    Optional<AuthorizationRule> expected = Optional.of(new HasRight(ACTION, RESOURCE_CRN));
    when(environmentBasedAuthorizationProvider.getAuthorizations(RESOURCE_CRN, ACTION)).thenReturn(expected);
    Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(), USER_CRN, null, null);
    assertEquals(expected, authorization);
}

Example 3 with HasRight

use of com.sequenceiq.authorization.service.model.HasRight in project cloudbreak by hortonworks.

the class RequestPropertyAuthorizationFactoryTest method testOnCrn.

@Test
public void testOnCrn() {
    when(commonPermissionCheckingUtils.getParameter(any(), any(), any(), any())).thenReturn(new SampleRequestObject(RESOURCE_CRN));
    Optional<AuthorizationRule> expected = Optional.of(new HasRight(EDIT_CREDENTIAL, RESOURCE_CRN));
    when(resourceCrnAthorizationFactory.calcAuthorization(anyString(), any())).thenReturn(expected);
    Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(CRN, EDIT_CREDENTIAL, false, "field"), USER_CRN, null, null);
    verify(resourceCrnAthorizationFactory).calcAuthorization(RESOURCE_CRN, EDIT_CREDENTIAL);
    assertEquals(expected, authorization);
}

Example 4 with HasRight

use of com.sequenceiq.authorization.service.model.HasRight in project cloudbreak by hortonworks.

the class EnvironmentBasedAuthorizationProvider method getAuthorizations.

public Optional<AuthorizationRule> getAuthorizations(String resourceCrn, AuthorizationResourceAction action) {
    if (action.getAuthorizationResourceType().isHierarchicalAuthorizationNeeded()) {
        AuthorizationEnvironmentCrnProvider environmentCrnProvider = environmentCrnProviderMap.get(action.getAuthorizationResourceType());
        if (environmentCrnProvider == null) {
            LOGGER.error("There is no resource based crn provider implemented for action {} against resource type {}, " + "thus authorization is failing automatically.", action, Crn.safeFromString(resourceCrn).getResourceType().name());
            throw new AccessDeniedException(String.format("Action %s is not supported over resource %s, thus access is denied", action.getRight(), resourceCrn));
        }
        Optional<String> environmentCrnByResourceCrn = environmentCrnProvider.getEnvironmentCrnByResourceCrn(resourceCrn);
        if (environmentCrnByResourceCrn.isPresent()) {
            return Optional.of(new HasRightOnAny(action, List.of(environmentCrnByResourceCrn.get(), resourceCrn)));
        } else {
            return Optional.of(new HasRight(action, resourceCrn));
        }
    } else {
        return Optional.of(new HasRight(action, resourceCrn));
    }
}

Example 5 with HasRight

use of com.sequenceiq.authorization.service.model.HasRight in project cloudbreak by hortonworks.

the class ResourceAuthorizationServiceTest method testSuccess.

@Test
public void testSuccess() throws NoSuchMethodException {
    Method method = ExampleClass.class.getMethod("method", String.class);
    when(methodSignature.getMethod()).thenReturn(method);
    when(authorizationFactory1.getAuthorization(any(), any(), any(), any())).thenReturn(Optional.of(new HasRight(AuthorizationResourceAction.EDIT_ENVIRONMENT, "crn")));
    when(grpcUmsClient.hasRights(anyString(), anyList(), any(), any())).thenReturn(List.of(true));
    ThreadBasedUserCrnProvider.doAs(USER_CRN, () -> underTest.authorize(USER_CRN, proceedingJoinPoint, methodSignature, Optional.of("requestId")));
}