Search in sources :

Example 11 with RoleEntity

use of com.synopsys.integration.alert.database.user.RoleEntity in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method updatePermissionsForRole.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public PermissionMatrixModel updatePermissionsForRole(String roleName, PermissionMatrixModel permissionMatrix) throws AlertConfigurationException {
    RoleEntity roleEntity = roleRepository.findByRoleName(roleName).orElseThrow(() -> new AlertConfigurationException("No role exists with name: " + roleName));
    List<PermissionMatrixRelation> permissions = updateRoleOperations(roleEntity, permissionMatrix);
    return createModelFromPermission(permissions);
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) PermissionMatrixRelation(com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation) AlertConfigurationException(com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException) Transactional(org.springframework.transaction.annotation.Transactional)

Example 12 with RoleEntity

use of com.synopsys.integration.alert.database.user.RoleEntity in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method deleteRole.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public void deleteRole(Long roleId) throws AlertForbiddenOperationException {
    Optional<RoleEntity> foundRole = roleRepository.findById(roleId);
    if (foundRole.isPresent()) {
        RoleEntity roleEntity = foundRole.get();
        if (BooleanUtils.isFalse(roleEntity.getCustom())) {
            throw new AlertForbiddenOperationException("Cannot delete the role '" + roleId + "' because it is not a custom role.");
        }
        // Deletion cascades to permissions
        roleRepository.deleteById(roleEntity.getId());
    }
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) Transactional(org.springframework.transaction.annotation.Transactional)

Example 13 with RoleEntity

use of com.synopsys.integration.alert.database.user.RoleEntity in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method updateRoleName.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public void updateRoleName(Long roleId, String roleName) throws AlertForbiddenOperationException {
    Optional<RoleEntity> foundRole = roleRepository.findById(roleId);
    if (foundRole.isPresent()) {
        RoleEntity roleEntity = foundRole.get();
        if (BooleanUtils.isFalse(roleEntity.getCustom())) {
            throw new AlertForbiddenOperationException("Cannot update the existing role '" + foundRole.get().getRoleName() + "' to '" + roleName + "' because it is not a custom role");
        }
        RoleEntity updatedEntity = new RoleEntity(roleName, true);
        updatedEntity.setId(roleEntity.getId());
        roleRepository.save(updatedEntity);
    }
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) Transactional(org.springframework.transaction.annotation.Transactional)

Example 14 with RoleEntity

use of com.synopsys.integration.alert.database.user.RoleEntity in project hub-alert by blackducksoftware.

the class DefaultRoleAccessorTest method testSuperSetRoles.

@Test
public void testSuperSetRoles() {
    RoleRepository roleRepository = Mockito.mock(RoleRepository.class);
    UserRoleRepository userRoleRepository = Mockito.mock(UserRoleRepository.class);
    PermissionMatrixRepository permissionMatrixRepository = Mockito.mock(PermissionMatrixRepository.class);
    RegisteredDescriptorRepository registeredDescriptorRepository = Mockito.mock(RegisteredDescriptorRepository.class);
    ConfigContextRepository configContextRepository = Mockito.mock(ConfigContextRepository.class);
    RoleEntity adminRole = new RoleEntity(DefaultUserRole.ALERT_ADMIN.name(), true);
    adminRole.setId(1L);
    RoleEntity userRole = new RoleEntity(DefaultUserRole.ALERT_USER.name(), true);
    userRole.setId(2L);
    Mockito.when(roleRepository.findRoleEntitiesByRoleNames(Mockito.anyCollection())).thenReturn(List.of(adminRole, userRole));
    Long contextId = 1L;
    String contextString = "PERMISSION";
    ConfigContextEntity contextEntity = new ConfigContextEntity(contextString);
    contextEntity.setId(contextId);
    Mockito.when(configContextRepository.findById(Mockito.eq(contextEntity.getId()))).thenReturn(Optional.of(contextEntity));
    Long descriptorId_1 = 1L;
    String descriptorName_1 = "key.1";
    Long descriptorId_2 = 2L;
    String descriptorName_2 = "key.2";
    Long descriptorId_3 = 3L;
    String descriptorName_3 = "key.3";
    RegisteredDescriptorEntity registeredDescriptorEntity_1 = new RegisteredDescriptorEntity(descriptorName_1, 1L);
    registeredDescriptorEntity_1.setId(descriptorId_1);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_1.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_1));
    RegisteredDescriptorEntity registeredDescriptorEntity_2 = new RegisteredDescriptorEntity(descriptorName_2, 1L);
    registeredDescriptorEntity_2.setId(descriptorId_2);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_2.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_2));
    RegisteredDescriptorEntity registeredDescriptorEntity_3 = new RegisteredDescriptorEntity(descriptorName_3, 1L);
    registeredDescriptorEntity_3.setId(descriptorId_3);
    Mockito.when(registeredDescriptorRepository.findById(Mockito.eq(registeredDescriptorEntity_3.getId()))).thenReturn(Optional.of(registeredDescriptorEntity_3));
    PermissionKey permission_1 = new PermissionKey(contextString, descriptorName_1);
    PermissionKey permission_2 = new PermissionKey(contextString, descriptorName_2);
    PermissionKey permission_3 = new PermissionKey(contextString, descriptorName_3);
    PermissionMatrixRelation adminRelation_1 = new PermissionMatrixRelation(adminRole.getId(), contextEntity.getId(), registeredDescriptorEntity_1.getId(), AccessOperation.READ.getBit() + AccessOperation.WRITE.getBit());
    PermissionMatrixRelation adminRelation_3 = new PermissionMatrixRelation(adminRole.getId(), contextEntity.getId(), registeredDescriptorEntity_3.getId(), AccessOperation.READ.getBit() + AccessOperation.WRITE.getBit());
    PermissionMatrixRelation userRelation_1 = new PermissionMatrixRelation(userRole.getId(), contextEntity.getId(), registeredDescriptorEntity_1.getId(), AccessOperation.READ.getBit());
    PermissionMatrixRelation userRelation_2 = new PermissionMatrixRelation(userRole.getId(), contextEntity.getId(), registeredDescriptorEntity_2.getId(), AccessOperation.READ.getBit() + AccessOperation.EXECUTE.getBit());
    List<Long> roleIds = List.of(adminRole.getId(), userRole.getId());
    Mockito.when(permissionMatrixRepository.findAllByRoleId(Mockito.eq(adminRole.getId()))).thenReturn(List.of(adminRelation_1, adminRelation_3));
    Mockito.when(permissionMatrixRepository.findAllByRoleId(Mockito.eq(userRole.getId()))).thenReturn(List.of(userRelation_1, userRelation_2));
    Mockito.when(permissionMatrixRepository.findAllByRoleIdIn(Mockito.eq(roleIds))).thenReturn(List.of(adminRelation_1, adminRelation_3, userRelation_1, userRelation_2));
    DefaultRoleAccessor authorizationUtility = new DefaultRoleAccessor(roleRepository, userRoleRepository, permissionMatrixRepository, registeredDescriptorRepository, configContextRepository);
    // order matters here.  The userRole has less privileges so we want to test that the more restrictive privileges don't overwrite the admin privileges.  We want a union of the permissions
    List<String> roles = List.of(adminRole.getRoleName(), userRole.getRoleName());
    PermissionMatrixModel matrixModel = authorizationUtility.mergePermissionsForRoles(roles);
    // admin read/write
    assertTrue(matrixModel.hasPermission(permission_1, AccessOperation.READ));
    assertTrue(matrixModel.hasPermission(permission_1, AccessOperation.WRITE));
    assertFalse(matrixModel.hasPermission(permission_1, AccessOperation.EXECUTE));
    // user read/execute
    assertTrue(matrixModel.hasPermission(permission_2, AccessOperation.READ));
    assertFalse(matrixModel.hasPermission(permission_2, AccessOperation.WRITE));
    assertTrue(matrixModel.hasPermission(permission_2, AccessOperation.EXECUTE));
    // admin read/write
    assertTrue(matrixModel.hasPermission(permission_3, AccessOperation.READ));
    assertTrue(matrixModel.hasPermission(permission_3, AccessOperation.WRITE));
    assertFalse(matrixModel.hasPermission(permission_3, AccessOperation.EXECUTE));
}
Also used : RegisteredDescriptorEntity(com.synopsys.integration.alert.database.configuration.RegisteredDescriptorEntity) PermissionMatrixRepository(com.synopsys.integration.alert.database.authorization.PermissionMatrixRepository) UserRoleRepository(com.synopsys.integration.alert.database.user.UserRoleRepository) RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) PermissionMatrixModel(com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel) PermissionKey(com.synopsys.integration.alert.common.persistence.model.PermissionKey) PermissionMatrixRelation(com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation) ConfigContextRepository(com.synopsys.integration.alert.database.configuration.repository.ConfigContextRepository) RegisteredDescriptorRepository(com.synopsys.integration.alert.database.configuration.repository.RegisteredDescriptorRepository) RoleRepository(com.synopsys.integration.alert.database.user.RoleRepository) UserRoleRepository(com.synopsys.integration.alert.database.user.UserRoleRepository) ConfigContextEntity(com.synopsys.integration.alert.database.configuration.ConfigContextEntity) Test(org.junit.jupiter.api.Test)

Example 15 with RoleEntity

use of com.synopsys.integration.alert.database.user.RoleEntity in project hub-alert by blackducksoftware.

the class DefaultRoleAccessorTest method updateUserRolesTest.

@Test
public void updateUserRolesTest() {
    final Long userId = 1L;
    final String roleName = "roleName";
    final Long roleId = 1L;
    RoleEntity roleEntity = new RoleEntity(roleName, true);
    roleEntity.setId(1L);
    UserRoleModel userRoleModel = createUserRoleModel(roleId, roleName, true);
    Collection<UserRoleModel> userRoleModelCollection = List.of(userRoleModel);
    Mockito.when(roleRepository.findRoleEntitiesByRoleNames(Mockito.any())).thenReturn(List.of(roleEntity));
    DefaultRoleAccessor authorizationUtility = new DefaultRoleAccessor(roleRepository, userRoleRepository, permissionMatrixRepository, registeredDescriptorRepository, configContextRepository);
    authorizationUtility.updateUserRoles(userId, userRoleModelCollection);
    Mockito.verify(userRoleRepository).bulkDeleteAllByUserId(Mockito.any());
    Mockito.verify(userRoleRepository).saveAll(Mockito.any());
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) UserRoleModel(com.synopsys.integration.alert.common.persistence.model.UserRoleModel) Test(org.junit.jupiter.api.Test)

Aggregations

RoleEntity (com.synopsys.integration.alert.database.user.RoleEntity)15 Test (org.junit.jupiter.api.Test)9 UserRoleModel (com.synopsys.integration.alert.common.persistence.model.UserRoleModel)6 Transactional (org.springframework.transaction.annotation.Transactional)6 PermissionMatrixRelation (com.synopsys.integration.alert.database.authorization.PermissionMatrixRelation)5 AlertForbiddenOperationException (com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException)3 PermissionKey (com.synopsys.integration.alert.common.persistence.model.PermissionKey)3 PermissionMatrixModel (com.synopsys.integration.alert.common.persistence.model.PermissionMatrixModel)3 ConfigContextEntity (com.synopsys.integration.alert.database.configuration.ConfigContextEntity)3 RegisteredDescriptorEntity (com.synopsys.integration.alert.database.configuration.RegisteredDescriptorEntity)3 AlertConfigurationException (com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)1 PermissionMatrixRepository (com.synopsys.integration.alert.database.authorization.PermissionMatrixRepository)1 ConfigContextRepository (com.synopsys.integration.alert.database.configuration.repository.ConfigContextRepository)1 RegisteredDescriptorRepository (com.synopsys.integration.alert.database.configuration.repository.RegisteredDescriptorRepository)1 RoleRepository (com.synopsys.integration.alert.database.user.RoleRepository)1 UserRoleRelation (com.synopsys.integration.alert.database.user.UserRoleRelation)1 UserRoleRepository (com.synopsys.integration.alert.database.user.UserRoleRepository)1 LinkedHashSet (java.util.LinkedHashSet)1 LinkedList (java.util.LinkedList)1