Examples with UpdatePermission com.yahoo.elide.annotation.UpdatePermission used on opensource projects

Search in sources :

Example 1 with UpdatePermission

use of com.yahoo.elide.annotation.UpdatePermission in project elide by yahoo.

the class PermissionExecutorTest method testSuccessfulRunAtCommitCheck.

@Test
public void testSuccessfulRunAtCommitCheck() throws Exception {
    @Entity
    @Include(rootLevel = false)
    @UpdatePermission(expression = "sampleCommit")
    class Model implements SampleOperationModel {
    }
    PersistentResource resource = newResource(new Model(), Model.class, false);
    RequestScope requestScope = resource.getRequestScope();
    // Because the check is runAtCommit, the check is DEFERRED.
    assertEquals(ExpressionResult.DEFERRED, requestScope.getPermissionExecutor().checkPermission(UpdatePermission.class, resource, ALL_FIELDS));
    requestScope.getPermissionExecutor().executeCommitChecks();
}
Also used : Entity(javax.persistence.Entity) PersistentResource(com.yahoo.elide.core.PersistentResource) Include(com.yahoo.elide.annotation.Include) RequestScope(com.yahoo.elide.core.RequestScope) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) Test(org.junit.jupiter.api.Test)

Example 2 with UpdatePermission

use of com.yahoo.elide.annotation.UpdatePermission in project elide by yahoo.

the class PermissionExpressionBuilderTest method testSpecificFieldExpressionText.

@Test
public void testSpecificFieldExpressionText() {
    @Entity
    @Include(rootLevel = false)
    @UpdatePermission(expression = "user has no access")
    class Model {

        @Id
        private long id;

        @UpdatePermission(expression = "user has all access OR user has no access")
        private int foo;
    }
    dictionary.bindEntity(Model.class);
    PersistentResource resource = newResource(new Model(), Model.class);
    ChangeSpec changes = new ChangeSpec(resource, "foo", 1, 2);
    Expression expression = builder.buildSpecificFieldExpressions(resource, UpdatePermission.class, "foo", changes);
    assertEquals("UPDATE PERMISSION WAS INVOKED ON PersistentResource{type=model, id=0} WITH CHANGES ChangeSpec { " + "resource=PersistentResource{type=model, id=0}, field=foo, original=1, modified=2} " + "FOR EXPRESSION [FIELD(((user has all access " + "\u001B[34mWAS UNEVALUATED\u001B[m)) OR ((user has no access " + "\u001B[34mWAS UNEVALUATED\u001B[m)))]", expression.toString());
    expression.evaluate(Expression.EvaluationMode.ALL_CHECKS);
    assertEquals("UPDATE PERMISSION WAS INVOKED ON PersistentResource{type=model, id=0} WITH CHANGES ChangeSpec { " + "resource=PersistentResource{type=model, id=0}, field=foo, original=1, modified=2} " + "FOR EXPRESSION [FIELD(((user has all access " + "\u001B[32mPASSED\u001B[m)) OR ((user has no access " + "\u001B[34mWAS UNEVALUATED\u001B[m)))]", expression.toString());
}
Also used : Entity(javax.persistence.Entity) PersistentResource(com.yahoo.elide.core.PersistentResource) ChangeSpec(com.yahoo.elide.core.security.ChangeSpec) Expression(com.yahoo.elide.core.security.permissions.expressions.Expression) Include(com.yahoo.elide.annotation.Include) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) Test(org.junit.jupiter.api.Test)

Example 3 with UpdatePermission

use of com.yahoo.elide.annotation.UpdatePermission in project elide by yahoo.

the class PermissionExecutorTest method testPassAnySpecificFieldAwareFailOperationSuccessCommit.

@Test
public void testPassAnySpecificFieldAwareFailOperationSuccessCommit() {
    @Entity
    @Include(rootLevel = false)
    @UpdatePermission(expression = "Prefab.Role.None AND passingOp")
    class Model {

        @Id
        public Long id;

        @UpdatePermission(expression = "Prefab.Role.None OR passingOp")
        public String field = "some data";
    }
    PersistentResource resource = newResource(new Model(), Model.class, true);
    RequestScope requestScope = resource.getRequestScope();
    assertEquals(ExpressionResult.DEFERRED, requestScope.getPermissionExecutor().checkSpecificFieldPermissions(resource, null, UpdatePermission.class, "field"));
    requestScope.getPermissionExecutor().executeCommitChecks();
}
Also used : Entity(javax.persistence.Entity) PersistentResource(com.yahoo.elide.core.PersistentResource) Include(com.yahoo.elide.annotation.Include) RequestScope(com.yahoo.elide.core.RequestScope) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) Test(org.junit.jupiter.api.Test)

Example 4 with UpdatePermission

use of com.yahoo.elide.annotation.UpdatePermission in project elide by yahoo.

the class PermissionExecutorTest method testSuccessfulOperationCheck.

@Test
public void testSuccessfulOperationCheck() throws Exception {
    @Entity
    @Include(rootLevel = false)
    @UpdatePermission(expression = "sampleOperation")
    class Model implements SampleOperationModel {
    }
    PersistentResource resource = newResource(new Model(), Model.class, false);
    RequestScope requestScope = resource.getRequestScope();
    assertEquals(ExpressionResult.PASS, requestScope.getPermissionExecutor().checkPermission(UpdatePermission.class, resource, ALL_FIELDS));
    requestScope.getPermissionExecutor().executeCommitChecks();
}
Also used : Entity(javax.persistence.Entity) PersistentResource(com.yahoo.elide.core.PersistentResource) Include(com.yahoo.elide.annotation.Include) RequestScope(com.yahoo.elide.core.RequestScope) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) Test(org.junit.jupiter.api.Test)

Example 5 with UpdatePermission

use of com.yahoo.elide.annotation.UpdatePermission in project elide by yahoo.

the class PermissionExecutorTest method testFailAllSpecificFieldAwareSuccessOperationFailCommit.

@Test
public void testFailAllSpecificFieldAwareSuccessOperationFailCommit() {
    @Entity
    @Include(rootLevel = false)
    @UpdatePermission(expression = "Prefab.Role.All")
    class Model {

        @Id
        public Long id;

        @UpdatePermission(expression = "Prefab.Role.All AND FailOp")
        public String field = "some data";
    }
    PersistentResource resource = newResource(new Model(), Model.class, true);
    RequestScope requestScope = resource.getRequestScope();
    assertEquals(ExpressionResult.DEFERRED, requestScope.getPermissionExecutor().checkSpecificFieldPermissions(resource, null, UpdatePermission.class, "field"));
    assertThrows(ForbiddenAccessException.class, () -> requestScope.getPermissionExecutor().executeCommitChecks());
}
Also used : Entity(javax.persistence.Entity) PersistentResource(com.yahoo.elide.core.PersistentResource) Include(com.yahoo.elide.annotation.Include) RequestScope(com.yahoo.elide.core.RequestScope) UpdatePermission(com.yahoo.elide.annotation.UpdatePermission) Test(org.junit.jupiter.api.Test)

Aggregations

UpdatePermission (com.yahoo.elide.annotation.UpdatePermission)13 Include (com.yahoo.elide.annotation.Include)12 PersistentResource (com.yahoo.elide.core.PersistentResource)12 Entity (javax.persistence.Entity)12 Test (org.junit.jupiter.api.Test)12 RequestScope (com.yahoo.elide.core.RequestScope)11 ChangeSpec (com.yahoo.elide.core.security.ChangeSpec)1 Expression (com.yahoo.elide.core.security.permissions.expressions.Expression)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial