Example 1 with ActionGroup
use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.
the class SecurityModelTransform method applyAccessControl.
public void applyAccessControl(AccessControlled domain, EntityAccessControl restModel) {
if (domain.getAllowedActions() != null && domain.getAllowedActions().getAvailableActions() != null) {
ActionGroup allowed = toActionGroup(null).apply(domain.getAllowedActions());
restModel.setAllowedActions(allowed);
}
if (domain.getRoleMemberships() != null) {
Map<String, RoleMembership> roleAssignmentMap = new HashMap<>();
domain.getRoleMemberships().stream().forEach(membership -> {
String systemRoleName = membership.getRole().getSystemName();
String name = membership.getRole().getTitle();
String desc = membership.getRole().getDescription();
membership.getMembers().stream().forEach(member -> {
roleAssignmentMap.putIfAbsent(systemRoleName, new RoleMembership(systemRoleName, name, desc));
RoleMembership accessRoleAssignment = roleAssignmentMap.get(systemRoleName);
if (member instanceof UsernamePrincipal) {
accessRoleAssignment.addUser(member.getName());
} else {
accessRoleAssignment.addGroup(member.getName());
}
});
});
restModel.setRoleMemberships(Lists.newArrayList(roleAssignmentMap.values()));
}
Principal owner = domain.getOwner();
Optional<User> userPrincipal = userService.getUser(owner.getName());
if (userPrincipal.isPresent()) {
restModel.setOwner(userPrincipal.get());
}
}
Also used :
UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal)
User(com.thinkbiganalytics.security.rest.model.User)
ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup)
HashMap(java.util.HashMap)
RoleMembership(com.thinkbiganalytics.security.rest.model.RoleMembership)
GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal)
UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal)
Principal(java.security.Principal)
Example 2 with ActionGroup
use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.
the class SecurityModelTransform method addHierarchy.
//
// public void addAction(PermissionsChange change, com.thinkbiganalytics.security.action.Action domainAction) {
// ActionGroup actionSet = new ActionGroup("");
// addHierarchy(actionSet, domainAction.getHierarchy().iterator());
// }
private void addHierarchy(ActionGroup actionSet, Iterator<com.thinkbiganalytics.security.action.Action> itr) {
if (itr.hasNext()) {
com.thinkbiganalytics.security.action.Action domainAction = itr.next();
Action subAction = actionSet.getAction(domainAction.getSystemName()).map(sa -> sa).orElseGet(() -> {
Action newAction = new Action(domainAction.getSystemName());
actionSet.addAction(newAction);
return newAction;
});
addHierarchy(subAction, itr);
}
}
Also used :
EntityAccessControl(com.thinkbiganalytics.security.rest.model.EntityAccessControl)
Role(com.thinkbiganalytics.security.rest.model.Role)
HashMap(java.util.HashMap)
GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal)
Function(java.util.function.Function)
AllowedActions(com.thinkbiganalytics.security.action.AllowedActions)
HashSet(java.util.HashSet)
Inject(javax.inject.Inject)
Lists(com.google.common.collect.Lists)
UserGroup(com.thinkbiganalytics.security.rest.model.UserGroup)
SecurityRole(com.thinkbiganalytics.security.role.SecurityRole)
Map(java.util.Map)
UserService(com.thinkbiganalytics.security.service.user.UserService)
User(com.thinkbiganalytics.security.rest.model.User)
AllowableAction(com.thinkbiganalytics.security.action.AllowableAction)
ChangeType(com.thinkbiganalytics.security.rest.model.PermissionsChange.ChangeType)
PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange)
Iterator(java.util.Iterator)
UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal)
AccessControlled(com.thinkbiganalytics.metadata.api.security.AccessControlled)
ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Action(com.thinkbiganalytics.security.rest.model.Action)
List(java.util.List)
RoleMembership(com.thinkbiganalytics.security.rest.model.RoleMembership)
Principal(java.security.Principal)
Group(java.security.acl.Group)
Optional(java.util.Optional)
Collections(java.util.Collections)
AllowableAction(com.thinkbiganalytics.security.action.AllowableAction)
Action(com.thinkbiganalytics.security.rest.model.Action)
Example 3 with ActionGroup
use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.
the class EntityLevelAccessIT method grantServiceActionToAnalysts.
private void grantServiceActionToAnalysts(Action action) {
LOG.debug("EntityLevelAccessIT.grantServiceActionToAnalysts");
runAs(ADMIN);
ActionGroup actions = new ActionGroup(SERVICES);
actions.addAction(action);
PermissionsChange permissionsChange = new PermissionsChange(PermissionsChange.ChangeType.REPLACE, actions);
permissionsChange.addGroup(GROUP_ANALYSTS);
permissionsChange.union(getServicePermissions(GROUP_ANALYSTS));
setServicePermissions(permissionsChange);
}
Also used :
ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup)
PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange)
Example 4 with ActionGroup
use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.
the class EntityLevelAccessIT method resetServicePermissionsForAnalysts.
private void resetServicePermissionsForAnalysts() {
LOG.debug("EntityLevelAccessIT.resetServicePermissionsForAnalysts");
runAs(ADMIN);
ActionGroup actions = new ActionGroup(SERVICES);
PermissionsChange permissionsChange = new PermissionsChange(PermissionsChange.ChangeType.REPLACE, actions);
permissionsChange.addGroup(GROUP_ANALYSTS);
setServicePermissions(permissionsChange);
}
Also used :
ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup)
PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange)
Aggregations
ActionGroup (com.thinkbiganalytics.security.rest.model.ActionGroup)4
PermissionsChange (com.thinkbiganalytics.security.rest.model.PermissionsChange)3
GroupPrincipal (com.thinkbiganalytics.security.GroupPrincipal)2
UsernamePrincipal (com.thinkbiganalytics.security.UsernamePrincipal)2
RoleMembership (com.thinkbiganalytics.security.rest.model.RoleMembership)2
User (com.thinkbiganalytics.security.rest.model.User)2
Principal (java.security.Principal)2
HashMap (java.util.HashMap)2
Lists (com.google.common.collect.Lists)1
AccessControlled (com.thinkbiganalytics.metadata.api.security.AccessControlled)1
AllowableAction (com.thinkbiganalytics.security.action.AllowableAction)1
AllowedActions (com.thinkbiganalytics.security.action.AllowedActions)1
Action (com.thinkbiganalytics.security.rest.model.Action)1
EntityAccessControl (com.thinkbiganalytics.security.rest.model.EntityAccessControl)1
ChangeType (com.thinkbiganalytics.security.rest.model.PermissionsChange.ChangeType)1
Role (com.thinkbiganalytics.security.rest.model.Role)1
UserGroup (com.thinkbiganalytics.security.rest.model.UserGroup)1
SecurityRole (com.thinkbiganalytics.security.role.SecurityRole)1
UserService (com.thinkbiganalytics.security.service.user.UserService)1
Group (java.security.acl.Group)1
