Search in sources :

Example 11 with JcrAllowedActions

use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.

the class CheckEntityAccessControlAction method ensureCategoryAccessControl.

private void ensureCategoryAccessControl() {
    List<Category> categories = categoryProvider.findAll();
    if (categories != null) {
        List<SecurityRole> catRoles = this.roleProvider.getEntityRoles(SecurityRole.CATEGORY);
        List<SecurityRole> feedRoles = this.roleProvider.getEntityRoles(SecurityRole.FEED);
        Optional<AllowedActions> allowedActions = this.actionsProvider.getAvailableActions(AllowedActions.CATEGORY);
        categories.stream().forEach(category -> {
            Principal owner = category.getOwner() != null ? category.getOwner() : JcrMetadataAccess.getActiveUser();
            allowedActions.ifPresent(actions -> ((JcrCategory) category).enableAccessControl((JcrAllowedActions) actions, owner, catRoles, feedRoles));
        });
    }
}
Also used : SecurityRole(com.thinkbiganalytics.security.role.SecurityRole) JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions) Category(com.thinkbiganalytics.metadata.api.category.Category) JcrCategory(com.thinkbiganalytics.metadata.modeshape.category.JcrCategory) AllowedActions(com.thinkbiganalytics.security.action.AllowedActions) JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions) Principal(java.security.Principal)

Example 12 with JcrAllowedActions

use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.

the class AccessControlledMixin method enableAccessControl.

default void enableAccessControl(JcrAllowedActions prototype, Principal owner, List<SecurityRole> roles) {
    JcrAllowedActions allowed = getJcrAllowedActions();
    prototype.copy(allowed.getNode(), owner, Privilege.JCR_ALL);
    allowed.setupAccessControl(owner);
    roles.forEach(role -> JcrAbstractRoleMembership.create(getNode(), ((JcrSecurityRole) role).getNode(), JcrEntityRoleMembership.class, allowed));
}
Also used : JcrEntityRoleMembership(com.thinkbiganalytics.metadata.modeshape.security.role.JcrEntityRoleMembership) JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions) JcrSecurityRole(com.thinkbiganalytics.metadata.modeshape.security.role.JcrSecurityRole)

Example 13 with JcrAllowedActions

use of com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions in project kylo by Teradata.

the class StartFeedPermUpgradeAction method upgradeTo.

@Override
public void upgradeTo(final KyloVersion targetVersion) {
    log.info("Add start feed permission to roles: {}", targetVersion);
    if (this.accessController.isEntityAccessControlled()) {
        // Define the new "start" action for feeds.
        actionsBuilder.module(AllowedActions.FEED).action(FeedAccessControl.START).add();
        // Grant the start action permission to the editor and admin roles
        this.roleProvider.getRole(SecurityRole.FEED, "editor").ifPresent(role -> role.setPermissions(FeedAccessControl.START));
        this.roleProvider.getRole(SecurityRole.FEED, "admin").ifPresent(role -> role.setPermissions(FeedAccessControl.START));
        // Re-apply entity access to all existing feeds to permit the start action to users/groups in the editor and admin roles.
        List<SecurityRole> roles = this.roleProvider.getEntityRoles(SecurityRole.FEED);
        Optional<AllowedActions> allowedActions = this.actionsProvider.getAvailableActions(AllowedActions.FEED);
        this.feedProvider.getFeeds().forEach(feed -> {
            Principal owner = feed.getOwner();
            allowedActions.ifPresent(actions -> ((JcrFeed) feed).enableAccessControl((JcrAllowedActions) actions, owner, roles));
        });
    }
}
Also used : SecurityRole(com.thinkbiganalytics.security.role.SecurityRole) JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions) AllowedActions(com.thinkbiganalytics.security.action.AllowedActions) JcrAllowedActions(com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions) Principal(java.security.Principal)

Aggregations

JcrAllowedActions (com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)13 SecurityRole (com.thinkbiganalytics.security.role.SecurityRole)8 AllowedActions (com.thinkbiganalytics.security.action.AllowedActions)5 Principal (java.security.Principal)5 Node (javax.jcr.Node)5 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)3 JcrFeed (com.thinkbiganalytics.metadata.modeshape.feed.JcrFeed)3 RepositoryException (javax.jcr.RepositoryException)3 MetadataException (com.thinkbiganalytics.metadata.api.MetadataException)2 JcrCategory (com.thinkbiganalytics.metadata.modeshape.category.JcrCategory)2 JcrEntityRoleMembership (com.thinkbiganalytics.metadata.modeshape.security.role.JcrEntityRoleMembership)2 JcrSecurityRole (com.thinkbiganalytics.metadata.modeshape.security.role.JcrSecurityRole)2 Test (org.junit.Test)2 Category (com.thinkbiganalytics.metadata.api.category.Category)1 CategoryNotFoundException (com.thinkbiganalytics.metadata.api.category.CategoryNotFoundException)1 Feed (com.thinkbiganalytics.metadata.api.feed.Feed)1 FeedManagerTemplate (com.thinkbiganalytics.metadata.api.template.FeedManagerTemplate)1 JcrProject (com.thinkbiganalytics.metadata.modeshape.project.JcrProject)1 JcrTool (com.thinkbiganalytics.metadata.modeshape.support.JcrTool)1 UsernamePrincipal (com.thinkbiganalytics.security.UsernamePrincipal)1