Example 1 with JcrAllowedActions
use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.
the class JcrFeedEnableAccessControlTest method testDisableFeedAccessControl.
@Test
public void testDisableFeedAccessControl() {
when(this.accessController.isEntityAccessControlled()).thenReturn(true);
createFeeds();
metadata.commit(() -> {
JcrFeed feedB = (JcrFeed) this.feedProvider.getFeed(idB);
this.actionsProvider.getAvailableActions(AllowedActions.FEED).ifPresent(actions -> feedB.disableAccessControl((JcrAllowedActions) actions, JcrMetadataAccess.getActiveUser()));
JcrFeed feedC = (JcrFeed) this.feedProvider.getFeed(idC);
this.actionsProvider.getAvailableActions(AllowedActions.FEED).ifPresent(actions -> feedC.disableAccessControl((JcrAllowedActions) actions, JcrMetadataAccess.getActiveUser()));
}, TEST_USER2);
int feedCnt1 = metadata.read(() -> this.feedProvider.getFeeds().size(), TEST_USER1);
assertThat(feedCnt1).isEqualTo(3);
int feedCnt2 = metadata.read(() -> this.feedProvider.getFeeds().size(), TEST_USER2);
assertThat(feedCnt2).isEqualTo(2);
}
Also used :
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
JcrFeed(com.thinkbiganalytics.metadata.modeshape.feed.JcrFeed)
Test(org.junit.Test)
Example 2 with JcrAllowedActions
use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.
the class JcrFeedEnableAccessControlTest method testEnableFeedAccessControl.
@Test
public void testEnableFeedAccessControl() {
when(this.accessController.isEntityAccessControlled()).thenReturn(false);
createFeeds();
metadata.commit(() -> {
JcrFeed feedA = (JcrFeed) this.feedProvider.getFeed(idA);
this.actionsProvider.getAvailableActions(AllowedActions.FEED).ifPresent(actions -> feedA.enableAccessControl((JcrAllowedActions) actions, JcrMetadataAccess.getActiveUser(), Collections.emptyList()));
}, TEST_USER1);
int feedCnt1 = metadata.read(() -> this.feedProvider.getFeeds().size(), TEST_USER1);
assertThat(feedCnt1).isEqualTo(3);
int feedCnt2 = metadata.read(() -> this.feedProvider.getFeeds().size(), TEST_USER2);
assertThat(feedCnt2).isEqualTo(2);
}
Also used :
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
JcrFeed(com.thinkbiganalytics.metadata.modeshape.feed.JcrFeed)
Test(org.junit.Test)
Example 3 with JcrAllowedActions
use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.
the class JcrProjectProvider method createProject.
/**
* Creates a new user with the specified name.
*
* @param name the name of the Project
* @param ensure {@code true} to return the Project if it already exists, or {@code false} to throw an exception
* @return the Project
* @throws MetadataRepositoryException if the user could not be created
*/
@Nonnull
private Project createProject(@Nonnull final String name, final boolean ensure) {
final Session session = getSession();
final String projPath = ProjectPaths.projectPath(name).toString();
logger.debug("workspace= {}", session.getWorkspace().getName());
try {
Node projNode = session.getRootNode().getNode(ProjectPaths.PROJECTS.toString());
if (session.getRootNode().hasNode(projPath)) {
if (ensure) {
return JcrUtil.getJcrObject(projNode, name, JcrProject.class);
} else {
// TODO specialize me..
throw new RuntimeException(projPath);
}
} else {
// project does not yet exist
JcrProject newProject = JcrUtil.getOrCreateNode(projNode, name, JcrProject.NODE_TYPE, JcrProject.class);
// grant (or deny) current user access to the project he is creating
if (this.accessController.isEntityAccessControlled()) {
List<SecurityRole> roles = this.roleProvider.getEntityRoles(SecurityRole.PROJECT);
this.actionsProvider.getAvailableActions(AllowedActions.PROJECTS).ifPresent(actions -> newProject.enableAccessControl((JcrAllowedActions) actions, JcrMetadataAccess.getActiveUser(), roles));
} else {
this.actionsProvider.getAvailableActions(AllowedActions.PROJECTS).ifPresent(actions -> newProject.disableAccessControl((JcrAllowedActions) actions, JcrMetadataAccess.getActiveUser()));
}
return newProject;
}
} catch (RepositoryException e) {
throw new MetadataRepositoryException("Failed attempting to create a new Project with name: " + name, e);
}
}
Also used :
JcrProject(com.thinkbiganalytics.metadata.modeshape.project.JcrProject)
MetadataRepositoryException(com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)
SecurityRole(com.thinkbiganalytics.security.role.SecurityRole)
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
Node(javax.jcr.Node)
MetadataRepositoryException(com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)
RepositoryException(javax.jcr.RepositoryException)
Session(javax.jcr.Session)
Nonnull(javax.annotation.Nonnull)
Example 4 with JcrAllowedActions
use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.
the class CheckEntityAccessControlAction method ensureTemplateAccessControl.
private void ensureTemplateAccessControl() {
List<FeedManagerTemplate> templates = feedManagerTemplateProvider.findAll();
if (templates != null) {
List<SecurityRole> roles = this.roleProvider.getEntityRoles(SecurityRole.TEMPLATE);
Optional<AllowedActions> allowedActions = this.actionsProvider.getAvailableActions(AllowedActions.TEMPLATE);
templates.stream().forEach(template -> {
Principal owner = template.getOwner() != null ? template.getOwner() : JcrMetadataAccess.getActiveUser();
allowedActions.ifPresent(actions -> ((JcrFeedTemplate) template).enableAccessControl((JcrAllowedActions) actions, owner, roles));
});
}
}
Also used :
SecurityRole(com.thinkbiganalytics.security.role.SecurityRole)
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
AllowedActions(com.thinkbiganalytics.security.action.AllowedActions)
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
FeedManagerTemplate(com.thinkbiganalytics.metadata.api.template.FeedManagerTemplate)
Principal(java.security.Principal)
Example 5 with JcrAllowedActions
use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.
the class EnsureServicesAccessControlAction method run.
@Override
public void run() {
log.info("Ensuring the Services prototype access control permissions are members of the actual Services access control node");
metadata.commit(() -> {
// find services entity node
Optional<AllowedActions> option = this.allowedEntityActionsProvider.getAllowedActions(AllowedActions.SERVICES);
Node servicesNode = ((JcrAllowedActions) option.get()).getNode();
JcrAllowedActions allowedAction = ((JcrAllowedActions) allowedEntityActionsProvider.getAvailableActions(AllowedActions.SERVICES).get());
allowedAction.copy(servicesNode, MetadataAccess.ADMIN, Privilege.JCR_ALL);
}, MetadataAccess.SERVICE);
}
Also used :
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)
AllowedActions(com.thinkbiganalytics.security.action.AllowedActions)
Node(javax.jcr.Node)
Aggregations
JcrAllowedActions (com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)13
SecurityRole (com.thinkbiganalytics.security.role.SecurityRole)8
AllowedActions (com.thinkbiganalytics.security.action.AllowedActions)5
Principal (java.security.Principal)5
Node (javax.jcr.Node)5
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)3
JcrFeed (com.thinkbiganalytics.metadata.modeshape.feed.JcrFeed)3
RepositoryException (javax.jcr.RepositoryException)3
MetadataException (com.thinkbiganalytics.metadata.api.MetadataException)2
JcrCategory (com.thinkbiganalytics.metadata.modeshape.category.JcrCategory)2
JcrEntityRoleMembership (com.thinkbiganalytics.metadata.modeshape.security.role.JcrEntityRoleMembership)2
JcrSecurityRole (com.thinkbiganalytics.metadata.modeshape.security.role.JcrSecurityRole)2
Test (org.junit.Test)2
Category (com.thinkbiganalytics.metadata.api.category.Category)1
CategoryNotFoundException (com.thinkbiganalytics.metadata.api.category.CategoryNotFoundException)1
Feed (com.thinkbiganalytics.metadata.api.feed.Feed)1
FeedManagerTemplate (com.thinkbiganalytics.metadata.api.template.FeedManagerTemplate)1
JcrProject (com.thinkbiganalytics.metadata.modeshape.project.JcrProject)1
JcrTool (com.thinkbiganalytics.metadata.modeshape.support.JcrTool)1
UsernamePrincipal (com.thinkbiganalytics.security.UsernamePrincipal)1
