Example 41 with CloudbreakUser
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class TenantBasedPermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object target, Object permission) {
if (target instanceof Optional) {
target = ((Optional<?>) target).orElse(null);
}
if (target == null) {
return false;
}
if (authentication == null) {
return false;
}
CloudbreakUser user = authenticationService.getCloudbreakUser(authentication);
Collection<?> targets = target instanceof Collection ? (Collection<?>) target : Collections.singleton(target);
return targets.stream().allMatch(t -> hasPermission(user, t));
}
Also used :
Optional(java.util.Optional)
Collection(java.util.Collection)
CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)
Example 42 with CloudbreakUser
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class StackImageFilterServiceTest method setupLoggedInUser.
private CloudbreakUser setupLoggedInUser() {
CloudbreakUser user = new CloudbreakUser("", "", "", "", "");
when(authenticatedUserService.getCbUser()).thenReturn(user);
return user;
}
Also used :
CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)
Example 43 with CloudbreakUser
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class AuditFilterTest method testDoFilterInternalWhenNotAnAuditUrl.
@Test
public void testDoFilterInternalWhenNotAnAuditUrl() throws Exception {
when(authenticatedUserService.getCbUser(any(HttpServletRequest.class))).thenReturn(new CloudbreakUser("userid", "usercrn", "username", "useremail", "usertenant"));
when(request.getRequestURI()).thenReturn("/as/api/healthcheck");
underTest.doFilterInternal(request, response, filterChain);
verifyNoInteractions(auditService);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 44 with CloudbreakUser
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class TenantBasedPermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object target, Object permission) {
if (!authentication.isAuthenticated()) {
return true;
}
if (target instanceof Optional) {
target = ((Optional<?>) target).orElse(null);
}
if (target == null) {
return false;
}
CloudbreakUser cloudbreakUser = restRequestThreadLocalService.getCloudbreakUser();
Collection<?> targets = target instanceof Collection ? (Collection<?>) target : Collections.singleton(target);
return targets.stream().allMatch(t -> {
if (!(t instanceof Clustered)) {
return true;
}
Cluster cluster = ((Clustered) t).getCluster();
if (cluster == null || !cloudbreakUser.getTenant().contentEquals(cluster.getClusterPertain().getTenant())) {
return false;
}
cloudbreakAuthorizationService.hasAccess(cluster.getStackCrn(), cloudbreakUser.getUserId(), cloudbreakUser.getTenant(), permission.toString());
return true;
});
}
Also used :
Optional(java.util.Optional)
Collection(java.util.Collection)
Clustered(com.sequenceiq.periscope.domain.Clustered)
Cluster(com.sequenceiq.periscope.domain.Cluster)
CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)
Example 45 with CloudbreakUser
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class AuditFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
filterChain.doFilter(request, response);
CloudbreakUser cloudbreakUser = authenticatedUserService.getCbUser(request);
if (auditEnabled && includePathPattern(request.getRequestURI())) {
Map<String, Object> requestParameters = new HashMap<>();
requestParameters.put("uri", request.getRequestURI());
requestParameters.putAll(request.getParameterMap());
boolean mutating = Set.of("POST", "PUT", "DELETE").contains(request.getMethod());
String sourceip = Optional.ofNullable(request.getHeader("x-real-ip")).orElse(request.getRemoteAddr());
String userAgent = Optional.ofNullable(request.getHeader("user-agent")).orElse("");
auditService.auditRestApi(requestParameters, mutating, userAgent, cloudbreakUser.getUserCrn(), cloudbreakUser.getTenant(), sourceip);
}
}
Also used :
HashMap(java.util.HashMap)
CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)
Aggregations
CloudbreakUser (com.sequenceiq.cloudbreak.common.user.CloudbreakUser)47
User (com.sequenceiq.cloudbreak.workspace.model.User)24
Test (org.junit.jupiter.api.Test)10
Workspace (com.sequenceiq.cloudbreak.workspace.model.Workspace)8
Optional (java.util.Optional)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
Test (org.junit.Test)4
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4
StackV4Request (com.sequenceiq.cloudbreak.api.endpoint.v4.stacks.request.StackV4Request)3
CrnUser (com.sequenceiq.cloudbreak.auth.CrnUser)3
BadRequestException (com.sequenceiq.cloudbreak.common.exception.BadRequestException)3
Collection (java.util.Collection)3
UserManagementProto (com.cloudera.thunderhead.service.usermanagement.UserManagementProto)2
Crn (com.sequenceiq.cloudbreak.auth.crn.Crn)2
CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)2
Json (com.sequenceiq.cloudbreak.common.json.Json)2
TransactionExecutionException (com.sequenceiq.cloudbreak.common.service.TransactionService.TransactionExecutionException)2
TransactionRuntimeExecutionException (com.sequenceiq.cloudbreak.common.service.TransactionService.TransactionRuntimeExecutionException)2
Blueprint (com.sequenceiq.cloudbreak.domain.Blueprint)2
Stack (com.sequenceiq.cloudbreak.domain.stack.Stack)2
