Search in sources :

Example 26 with PermissionKey

use of com.synopsys.integration.alert.common.persistence.model.PermissionKey in project hub-alert by blackducksoftware.

the class ProxyConfigurationModelSaveActionsTest method createAuthorizationManager.

private AuthorizationManager createAuthorizationManager() {
    AuthenticationTestUtils authenticationTestUtils = new AuthenticationTestUtils();
    PermissionKey permissionKey = new PermissionKey(ConfigContextEnum.GLOBAL.name(), settingsDescriptorKey.getUniversalKey());
    Map<PermissionKey, Integer> permissions = Map.of(permissionKey, AuthenticationTestUtils.FULL_PERMISSIONS);
    return authenticationTestUtils.createAuthorizationManagerWithCurrentUserSet("admin", "admin", () -> new PermissionMatrixModel(permissions));
}
Also used : PermissionMatrixModel(com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel) PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) AuthenticationTestUtils(com.synopsys.integration.alert.test.common.AuthenticationTestUtils)

Example 27 with PermissionKey

use of com.synopsys.integration.alert.common.persistence.model.PermissionKey in project hub-alert by blackducksoftware.

the class PermissionModelUtil method convertToPermissionMatrixModel.

public static PermissionMatrixModel convertToPermissionMatrixModel(Set<PermissionModel> permissionModels) {
    Map<PermissionKey, Integer> permissionMatrix = new HashMap<>();
    for (PermissionModel permissionModel : permissionModels) {
        String descriptorKey = permissionModel.getDescriptorName();
        String context = permissionModel.getContext();
        PermissionKey permissionKey = new PermissionKey(context, descriptorKey);
        int accessOperationsBits = 0;
        if (permissionModel.isCreate()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.CREATE.getBit());
        }
        if (permissionModel.isRead()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.READ.getBit());
        }
        if (permissionModel.isDelete()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.DELETE.getBit());
        }
        if (permissionModel.isExecute()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.EXECUTE.getBit());
        }
        if (permissionModel.isWrite()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.WRITE.getBit());
        }
        if (permissionModel.isUploadDelete()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.UPLOAD_FILE_DELETE.getBit());
        }
        if (permissionModel.isUploadRead()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.UPLOAD_FILE_READ.getBit());
        }
        if (permissionModel.isUploadWrite()) {
            accessOperationsBits = BitwiseUtil.combineBits(accessOperationsBits, AccessOperation.UPLOAD_FILE_WRITE.getBit());
        }
        permissionMatrix.put(permissionKey, accessOperationsBits);
    }
    return new PermissionMatrixModel(permissionMatrix);
}
Also used : PermissionMatrixModel(com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel) HashMap(java.util.HashMap) PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) PermissionModel(com.synopsys.integration.alert.component.users.web.role.PermissionModel)

Example 28 with PermissionKey

use of com.synopsys.integration.alert.common.persistence.model.PermissionKey in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method updateRoleOperations.

private List<PermissionMatrixRelation> updateRoleOperations(RoleEntity roleEntity, PermissionMatrixModel permissionMatrix) {
    List<PermissionMatrixRelation> oldPermissionsForRole = permissionMatrixRepository.findAllByRoleId(roleEntity.getId());
    if (!oldPermissionsForRole.isEmpty()) {
        permissionMatrixRepository.deleteAll(oldPermissionsForRole);
    }
    List<PermissionMatrixRelation> matrixEntries = new ArrayList<>();
    Map<PermissionKey, Integer> permissions = permissionMatrix.getPermissions();
    for (Map.Entry<PermissionKey, Integer> permission : permissions.entrySet()) {
        PermissionKey permissionKey = permission.getKey();
        ConfigContextEntity dbContext = configContextRepository.findFirstByContext(permissionKey.getContext()).orElseThrow(() -> new AlertRuntimeException("Invalid context specified for permission"));
        RegisteredDescriptorEntity registeredDescriptor = registeredDescriptorRepository.findFirstByName(permissionKey.getDescriptorName()).orElseThrow(() -> new AlertRuntimeException("Invalid descriptor name specified for permission"));
        int accessOperations = permission.getValue();
        PermissionMatrixRelation permissionMatrixRelation = new PermissionMatrixRelation(roleEntity.getId(), dbContext.getId(), registeredDescriptor.getId(), accessOperations);
        matrixEntries.add(permissionMatrixRelation);
    }
    if (!matrixEntries.isEmpty()) {
        return permissionMatrixRepository.saveAll(matrixEntries);
    }
    return List.of();
}
Also used : PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) ArrayList(java.util.ArrayList) RegisteredDescriptorEntity(com.synopsys.integration.alert.database.configuration.RegisteredDescriptorEntity) PermissionMatrixRelation(com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation) AlertRuntimeException(com.synopsys.integration.alert.api.common.model.exception.AlertRuntimeException) HashMap(java.util.HashMap) Map(java.util.Map) ConfigContextEntity(com.synopsys.integration.alert.database.configuration.ConfigContextEntity)

Example 29 with PermissionKey

use of com.synopsys.integration.alert.common.persistence.model.PermissionKey in project hub-alert by blackducksoftware.

the class DefaultRoleAccessorTest method testSuperSetRoles.

@Test
public void testSuperSetRoles() {
    RoleRepository roleRepository = Mockito.mock(RoleRepository.class);
    UserRoleRepository userRoleRepository = Mockito.mock(UserRoleRepository.class);
    PermissionMatrixRepository permissionMatrixRepository = Mockito.mock(PermissionMatrixRepository.class);
    RegisteredDescriptorRepository registeredDescriptorRepository = Mockito.mock(RegisteredDescriptorRepository.class);
    ConfigContextRepository configContextRepository = Mockito.mock(ConfigContextRepository.class);
    RoleEntity adminRole = new RoleEntity(DefaultUserRole.ALERT_ADMIN.name(), true);
    adminRole.setId(1L);
    RoleEntity userRole = new RoleEntity(DefaultUserRole.ALERT_USER.name(), true);
    userRole.setId(2L);
    Mockito.when(roleRepository.findRoleEntitiesByRoleNames(Mockito.anyCollection())).thenReturn(List.of(adminRole, userRole));
    Long contextId = 1L;
    String contextString = "PERMISSION";
    ConfigContextEntity contextEntity = new ConfigContextEntity(contextString);
    contextEntity.setId(contextId);
    Mockito.when(configContextRepository.findById(Mockito.eq(contextEntity.getId()))).thenReturn(Optional.of(contextEntity));
    Long descriptorId_1 = 1L;
    String descriptorName_1 = "key.1";
    Long descriptorId_2 = 2L;
    String descriptorName_2 = "key.2";
    Long descriptorId_3 = 3L;
    String descriptorName_3 = "key.3";
    RegisteredDescriptorEntity registeredDescriptorEntity_1 = new RegisteredDescriptorEntity(descriptorName_1, 1L);
    registeredDescriptorEntity_1.setId(descriptorId_1);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_1.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_1));
    RegisteredDescriptorEntity registeredDescriptorEntity_2 = new RegisteredDescriptorEntity(descriptorName_2, 1L);
    registeredDescriptorEntity_2.setId(descriptorId_2);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_2.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_2));
    RegisteredDescriptorEntity registeredDescriptorEntity_3 = new RegisteredDescriptorEntity(descriptorName_3, 1L);
    registeredDescriptorEntity_3.setId(descriptorId_3);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_3.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_3));
    PermissionKey permission_1 = new PermissionKey(contextString, descriptorName_1);
    PermissionKey permission_2 = new PermissionKey(contextString, descriptorName_2);
    PermissionKey permission_3 = new PermissionKey(contextString, descriptorName_3);
    PermissionMatrixRelation adminRelation_1 = new PermissionMatrixRelation(adminRole.getId(), contextEntity.getId(), registeredDescriptorEntity_1.getId(), AccessOperation.READ.getBit() + AccessOperation.WRITE.getBit());
    PermissionMatrixRelation adminRelation_3 = new PermissionMatrixRelation(adminRole.getId(), contextEntity.getId(), registeredDescriptorEntity_3.getId(), AccessOperation.READ.getBit() + AccessOperation.WRITE.getBit());
    PermissionMatrixRelation userRelation_1 = new PermissionMatrixRelation(userRole.getId(), contextEntity.getId(), registeredDescriptorEntity_1.getId(), AccessOperation.READ.getBit());
    PermissionMatrixRelation userRelation_2 = new PermissionMatrixRelation(userRole.getId(), contextEntity.getId(), registeredDescriptorEntity_2.getId(), AccessOperation.READ.getBit() + AccessOperation.EXECUTE.getBit());
    List<Long> roleIds = List.of(adminRole.getId(), userRole.getId());
    Mockito.when(permissionMatrixRepository.findAllByRoleId(Mockito.eq(adminRole.getId()))).thenReturn(List.of(adminRelation_1, adminRelation_3));
    Mockito.when(permissionMatrixRepository.findAllByRoleId(Mockito.eq(userRole.getId()))).thenReturn(List.of(userRelation_1, userRelation_2));
    Mockito.when(permissionMatrixRepository.findAllByRoleIdIn(Mockito.eq(roleIds))).thenReturn(List.of(adminRelation_1, adminRelation_3, userRelation_1, userRelation_2));
    DefaultRoleAccessor authorizationUtility = new DefaultRoleAccessor(roleRepository, userRoleRepository, permissionMatrixRepository, registeredDescriptorRepository, configContextRepository);
    // order matters here.  The userRole has less privileges so we want to test that the more restrictive privileges don't overwrite the admin privileges.  We want a union of the permissions
    List<String> roles = List.of(adminRole.getRoleName(), userRole.getRoleName());
    PermissionMatrixModel matrixModel = authorizationUtility.mergePermissionsForRoles(roles);
    // admin read/write
    assertTrue(matrixModel.hasPermission(permission_1, AccessOperation.READ));
    assertTrue(matrixModel.hasPermission(permission_1, AccessOperation.WRITE));
    assertFalse(matrixModel.hasPermission(permission_1, AccessOperation.EXECUTE));
    // user read/execute
    assertTrue(matrixModel.hasPermission(permission_2, AccessOperation.READ));
    assertFalse(matrixModel.hasPermission(permission_2, AccessOperation.WRITE));
    assertTrue(matrixModel.hasPermission(permission_2, AccessOperation.EXECUTE));
    // admin read/write
    assertTrue(matrixModel.hasPermission(permission_3, AccessOperation.READ));
    assertTrue(matrixModel.hasPermission(permission_3, AccessOperation.WRITE));
    assertFalse(matrixModel.hasPermission(permission_3, AccessOperation.EXECUTE));
}
Also used : RegisteredDescriptorEntity(com.synopsys.integration.alert.database.configuration.RegisteredDescriptorEntity) PermissionMatrixRepository(com.synopsys.integration.alert.database.authorization.PermissionMatrixRepository) UserRoleRepository(com.synopsys.integration.alert.database.user.UserRoleRepository) RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) PermissionMatrixModel(com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel) PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) PermissionMatrixRelation(com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation) ConfigContextRepository(com.synopsys.integration.alert.database.configuration.repository.ConfigContextRepository) RegisteredDescriptorRepository(com.synopsys.integration.alert.database.configuration.repository.RegisteredDescriptorRepository) RoleRepository(com.synopsys.integration.alert.database.user.RoleRepository) UserRoleRepository(com.synopsys.integration.alert.database.user.UserRoleRepository) ConfigContextEntity(com.synopsys.integration.alert.database.configuration.ConfigContextEntity) Test(org.junit.jupiter.api.Test)

Example 30 with PermissionKey

use of com.synopsys.integration.alert.common.persistence.model.PermissionKey in project hub-alert by blackducksoftware.

the class JiraServerGlobalConfigurationModelSaveActionsTest method createAuthorizationManager.

private AuthorizationManager createAuthorizationManager() {
    AuthenticationTestUtils authenticationTestUtils = new AuthenticationTestUtils();
    DescriptorKey descriptorKey = ChannelKeys.JIRA_SERVER;
    PermissionKey permissionKey = new PermissionKey(ConfigContextEnum.GLOBAL.name(), descriptorKey.getUniversalKey());
    Map<PermissionKey, Integer> permissions = Map.of(permissionKey, AuthenticationTestUtils.FULL_PERMISSIONS);
    return authenticationTestUtils.createAuthorizationManagerWithCurrentUserSet("admin", "admin", () -> new PermissionMatrixModel(permissions));
}
Also used : PermissionMatrixModel(com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel) PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) AuthenticationTestUtils(com.synopsys.integration.alert.test.common.AuthenticationTestUtils) DescriptorKey(com.synopsys.integration.alert.descriptor.api.model.DescriptorKey)

Aggregations

PermissionKey (com.synopsys.integration.alert.common.persistence.model.PermissionKey)56 PermissionMatrixModel (com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel)49 AuthenticationTestUtils (com.synopsys.integration.alert.test.common.AuthenticationTestUtils)43 DescriptorKey (com.synopsys.integration.alert.descriptor.api.model.DescriptorKey)42 Test (org.junit.jupiter.api.Test)38 AuthorizationManager (com.synopsys.integration.alert.common.security.authorization.AuthorizationManager)35 ChannelKey (com.synopsys.integration.alert.descriptor.api.model.ChannelKey)23 ActionResponse (com.synopsys.integration.alert.common.action.ActionResponse)16 EmailGlobalConfigurationValidator (com.synopsys.integration.alert.channel.email.validator.EmailGlobalConfigurationValidator)12 EmailGlobalConfigModel (com.synopsys.integration.alert.service.email.model.EmailGlobalConfigModel)12 EmailGlobalConfigAccessor (com.synopsys.integration.alert.channel.email.database.accessor.EmailGlobalConfigAccessor)10 ValidationActionResponse (com.synopsys.integration.alert.common.action.ValidationActionResponse)9 ValidationResponseModel (com.synopsys.integration.alert.common.rest.model.ValidationResponseModel)6 PermissionMatrixRelation (com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation)5 ConfigContextEntity (com.synopsys.integration.alert.database.configuration.ConfigContextEntity)5 RegisteredDescriptorEntity (com.synopsys.integration.alert.database.configuration.RegisteredDescriptorEntity)5 HashMap (java.util.HashMap)4 UUID (java.util.UUID)4 RoleEntity (com.synopsys.integration.alert.database.user.RoleEntity)3 Map (java.util.Map)3