Search in sources :

Example 1 with ActionGroup

use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.

the class SecurityModelTransform method applyAccessControl.

public void applyAccessControl(AccessControlled domain, EntityAccessControl restModel) {
    if (domain.getAllowedActions() != null && domain.getAllowedActions().getAvailableActions() != null) {
        ActionGroup allowed = toActionGroup(null).apply(domain.getAllowedActions());
        restModel.setAllowedActions(allowed);
    }
    if (domain.getRoleMemberships() != null) {
        Map<String, RoleMembership> roleAssignmentMap = new HashMap<>();
        domain.getRoleMemberships().stream().forEach(membership -> {
            String systemRoleName = membership.getRole().getSystemName();
            String name = membership.getRole().getTitle();
            String desc = membership.getRole().getDescription();
            membership.getMembers().stream().forEach(member -> {
                roleAssignmentMap.putIfAbsent(systemRoleName, new RoleMembership(systemRoleName, name, desc));
                RoleMembership accessRoleAssignment = roleAssignmentMap.get(systemRoleName);
                if (member instanceof UsernamePrincipal) {
                    accessRoleAssignment.addUser(member.getName());
                } else {
                    accessRoleAssignment.addGroup(member.getName());
                }
            });
        });
        restModel.setRoleMemberships(Lists.newArrayList(roleAssignmentMap.values()));
    }
    Principal owner = domain.getOwner();
    Optional<User> userPrincipal = userService.getUser(owner.getName());
    if (userPrincipal.isPresent()) {
        restModel.setOwner(userPrincipal.get());
    }
}
Also used : UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) User(com.thinkbiganalytics.security.rest.model.User) ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup) HashMap(java.util.HashMap) RoleMembership(com.thinkbiganalytics.security.rest.model.RoleMembership) GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) Principal(java.security.Principal)

Example 2 with ActionGroup

use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.

the class SecurityModelTransform method addHierarchy.

// 
// public void addAction(PermissionsChange change, com.thinkbiganalytics.security.action.Action domainAction) {
// ActionGroup actionSet = new ActionGroup("");
// addHierarchy(actionSet, domainAction.getHierarchy().iterator());
// }
private void addHierarchy(ActionGroup actionSet, Iterator<com.thinkbiganalytics.security.action.Action> itr) {
    if (itr.hasNext()) {
        com.thinkbiganalytics.security.action.Action domainAction = itr.next();
        Action subAction = actionSet.getAction(domainAction.getSystemName()).map(sa -> sa).orElseGet(() -> {
            Action newAction = new Action(domainAction.getSystemName());
            actionSet.addAction(newAction);
            return newAction;
        });
        addHierarchy(subAction, itr);
    }
}
Also used : EntityAccessControl(com.thinkbiganalytics.security.rest.model.EntityAccessControl) Role(com.thinkbiganalytics.security.rest.model.Role) HashMap(java.util.HashMap) GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal) Function(java.util.function.Function) AllowedActions(com.thinkbiganalytics.security.action.AllowedActions) HashSet(java.util.HashSet) Inject(javax.inject.Inject) Lists(com.google.common.collect.Lists) UserGroup(com.thinkbiganalytics.security.rest.model.UserGroup) SecurityRole(com.thinkbiganalytics.security.role.SecurityRole) Map(java.util.Map) UserService(com.thinkbiganalytics.security.service.user.UserService) User(com.thinkbiganalytics.security.rest.model.User) AllowableAction(com.thinkbiganalytics.security.action.AllowableAction) ChangeType(com.thinkbiganalytics.security.rest.model.PermissionsChange.ChangeType) PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange) Iterator(java.util.Iterator) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) AccessControlled(com.thinkbiganalytics.metadata.api.security.AccessControlled) ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup) Set(java.util.Set) Collectors(java.util.stream.Collectors) Action(com.thinkbiganalytics.security.rest.model.Action) List(java.util.List) RoleMembership(com.thinkbiganalytics.security.rest.model.RoleMembership) Principal(java.security.Principal) Group(java.security.acl.Group) Optional(java.util.Optional) Collections(java.util.Collections) AllowableAction(com.thinkbiganalytics.security.action.AllowableAction) Action(com.thinkbiganalytics.security.rest.model.Action)

Example 3 with ActionGroup

use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.

the class EntityLevelAccessIT method grantServiceActionToAnalysts.

private void grantServiceActionToAnalysts(Action action) {
    LOG.debug("EntityLevelAccessIT.grantServiceActionToAnalysts");
    runAs(ADMIN);
    ActionGroup actions = new ActionGroup(SERVICES);
    actions.addAction(action);
    PermissionsChange permissionsChange = new PermissionsChange(PermissionsChange.ChangeType.REPLACE, actions);
    permissionsChange.addGroup(GROUP_ANALYSTS);
    permissionsChange.union(getServicePermissions(GROUP_ANALYSTS));
    setServicePermissions(permissionsChange);
}
Also used : ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup) PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange)

Example 4 with ActionGroup

use of com.thinkbiganalytics.security.rest.model.ActionGroup in project kylo by Teradata.

the class EntityLevelAccessIT method resetServicePermissionsForAnalysts.

private void resetServicePermissionsForAnalysts() {
    LOG.debug("EntityLevelAccessIT.resetServicePermissionsForAnalysts");
    runAs(ADMIN);
    ActionGroup actions = new ActionGroup(SERVICES);
    PermissionsChange permissionsChange = new PermissionsChange(PermissionsChange.ChangeType.REPLACE, actions);
    permissionsChange.addGroup(GROUP_ANALYSTS);
    setServicePermissions(permissionsChange);
}
Also used : ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup) PermissionsChange(com.thinkbiganalytics.security.rest.model.PermissionsChange)

Aggregations

ActionGroup (com.thinkbiganalytics.security.rest.model.ActionGroup)4 PermissionsChange (com.thinkbiganalytics.security.rest.model.PermissionsChange)3 GroupPrincipal (com.thinkbiganalytics.security.GroupPrincipal)2 UsernamePrincipal (com.thinkbiganalytics.security.UsernamePrincipal)2 RoleMembership (com.thinkbiganalytics.security.rest.model.RoleMembership)2 User (com.thinkbiganalytics.security.rest.model.User)2 Principal (java.security.Principal)2 HashMap (java.util.HashMap)2 Lists (com.google.common.collect.Lists)1 AccessControlled (com.thinkbiganalytics.metadata.api.security.AccessControlled)1 AllowableAction (com.thinkbiganalytics.security.action.AllowableAction)1 AllowedActions (com.thinkbiganalytics.security.action.AllowedActions)1 Action (com.thinkbiganalytics.security.rest.model.Action)1 EntityAccessControl (com.thinkbiganalytics.security.rest.model.EntityAccessControl)1 ChangeType (com.thinkbiganalytics.security.rest.model.PermissionsChange.ChangeType)1 Role (com.thinkbiganalytics.security.rest.model.Role)1 UserGroup (com.thinkbiganalytics.security.rest.model.UserGroup)1 SecurityRole (com.thinkbiganalytics.security.role.SecurityRole)1 UserService (com.thinkbiganalytics.security.service.user.UserService)1 Group (java.security.acl.Group)1