Examples with PermissionExecutor com.yahoo.elide.core.security.PermissionExecutor used on opensource projects

Search in sources :

Example 6 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testShortCircuitPass.

@Test
public void testShortCircuitPass() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("authors.name==foo", ClassType.of(Book.class), true);
    Book book = new Book();
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    DataStoreTransaction tx = scope.getTransaction();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS)).thenReturn(ExpressionResult.PASS);
    when(permissionExecutor.checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, NAME)).thenReturn(ExpressionResult.PASS);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertTrue(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, AUTHORS);
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Author.class), ReadPermission.class, NAME);
    verify(permissionExecutor, never()).checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE);
    verify(permissionExecutor, times(2)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, never()).handleFilterJoinReject(any(), any(), any());
    verify(tx, never()).getToManyRelation(any(), any(), any(), any());
}
Also used : PersistentResource(com.yahoo.elide.core.PersistentResource) Book(example.Book) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction) Author(example.Author) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) NotFilterExpression(com.yahoo.elide.core.filter.expression.NotFilterExpression) AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression) RSQLFilterDialect(com.yahoo.elide.core.filter.dialect.RSQLFilterDialect) Test(org.junit.jupiter.api.Test)

Example 7 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitor method evaluateUserChecks.

/**
 * Scan the Path for user checks.
 * <ol>
 * <li>If all are PASS, return PASS
 * <li>If any FAIL, return FAIL
 * <li>Otherwise return DEFERRED
 * </ol>
 * @param filterPredicate filterPredicate
 * @param permissionExecutor permissionExecutor
 * @return ExpressionResult
 */
private ExpressionResult evaluateUserChecks(FilterPredicate filterPredicate, PermissionExecutor permissionExecutor) {
    PermissionExecutor executor = resource.getRequestScope().getPermissionExecutor();
    ExpressionResult ret = ExpressionResult.PASS;
    for (PathElement element : filterPredicate.getPath().getPathElements()) {
        ExpressionResult result;
        try {
            result = executor.checkUserPermissions(element.getType(), ReadPermission.class, element.getFieldName());
        } catch (ForbiddenAccessException e) {
            result = permissionExecutor.handleFilterJoinReject(filterPredicate, element, e);
        }
        if (result == ExpressionResult.FAIL) {
            return ExpressionResult.FAIL;
        }
        if (result != ExpressionResult.PASS) {
            ret = ExpressionResult.DEFERRED;
        }
    }
    return ret;
}
Also used : PathElement(com.yahoo.elide.core.Path.PathElement) ExpressionResult(com.yahoo.elide.core.security.permissions.ExpressionResult) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) ReadPermission(com.yahoo.elide.annotation.ReadPermission) ForbiddenAccessException(com.yahoo.elide.core.exceptions.ForbiddenAccessException)

Example 8 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method setupMocks.

@BeforeEach
public void setupMocks() {
    // this will test with the default interface implementation
    scope = mock(RequestScope.class);
    PermissionExecutor permissionExecutor = mock(PermissionExecutor.class);
    DataStoreTransaction transaction = mock(DataStoreTransaction.class);
    EntityDictionary dictionary = EntityDictionary.builder().build();
    dictionary.bindEntity(Book.class);
    dictionary.bindEntity(Author.class);
    when(scope.getDictionary()).thenReturn(dictionary);
    when(scope.getPermissionExecutor()).thenReturn(permissionExecutor);
    when(scope.getTransaction()).thenReturn(transaction);
    when(permissionExecutor.evaluateFilterJoinUserChecks(any(), any())).thenCallRealMethod();
    when(permissionExecutor.handleFilterJoinReject(any(), any(), any())).thenCallRealMethod();
}
Also used : PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction) RequestScope(com.yahoo.elide.core.RequestScope) EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 9 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testShortCircuitDeferred.

@Test
public void testShortCircuitDeferred() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("genre==foo", ClassType.of(Book.class), true);
    Book book = new Book();
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, GENRE)).thenReturn(ExpressionResult.DEFERRED);
    when(permissionExecutor.checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE)).thenThrow(ForbiddenAccessException.class);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertFalse(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, GENRE);
    verify(permissionExecutor, times(1)).checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE);
    verify(permissionExecutor, times(1)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, times(1)).handleFilterJoinReject(any(), any(), any());
}
Also used : PersistentResource(com.yahoo.elide.core.PersistentResource) Book(example.Book) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) NotFilterExpression(com.yahoo.elide.core.filter.expression.NotFilterExpression) AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression) RSQLFilterDialect(com.yahoo.elide.core.filter.dialect.RSQLFilterDialect) Test(org.junit.jupiter.api.Test)

Example 10 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testShortCircuitReject.

@Test
public void testShortCircuitReject() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("genre==foo", ClassType.of(Book.class), true);
    Book book = new Book();
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    when(permissionExecutor.checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, GENRE)).thenThrow(ForbiddenAccessException.class);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertFalse(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(1)).checkUserPermissions(ClassType.of(Book.class), ReadPermission.class, GENRE);
    verify(permissionExecutor, never()).checkSpecificFieldPermissions(resource, null, ReadPermission.class, GENRE);
    verify(permissionExecutor, times(1)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, times(1)).handleFilterJoinReject(any(), any(), any());
}
Also used : PersistentResource(com.yahoo.elide.core.PersistentResource) Book(example.Book) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) NotFilterExpression(com.yahoo.elide.core.filter.expression.NotFilterExpression) AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression) RSQLFilterDialect(com.yahoo.elide.core.filter.dialect.RSQLFilterDialect) Test(org.junit.jupiter.api.Test)

Aggregations

PermissionExecutor (com.yahoo.elide.core.security.PermissionExecutor)12 PersistentResource (com.yahoo.elide.core.PersistentResource)10 AndFilterExpression (com.yahoo.elide.core.filter.expression.AndFilterExpression)10 NotFilterExpression (com.yahoo.elide.core.filter.expression.NotFilterExpression)10 OrFilterExpression (com.yahoo.elide.core.filter.expression.OrFilterExpression)10 Book (example.Book)9 Test (org.junit.jupiter.api.Test)9 FilterExpression (com.yahoo.elide.core.filter.expression.FilterExpression)8 RSQLFilterDialect (com.yahoo.elide.core.filter.dialect.RSQLFilterDialect)7 DataStoreTransaction (com.yahoo.elide.core.datastore.DataStoreTransaction)6 PathElement (com.yahoo.elide.core.Path.PathElement)5 Author (example.Author)5 FilterPredicate (com.yahoo.elide.core.filter.predicates.FilterPredicate)4 ReadPermission (com.yahoo.elide.annotation.ReadPermission)3 ForbiddenAccessException (com.yahoo.elide.core.exceptions.ForbiddenAccessException)3 Path (com.yahoo.elide.core.Path)2 RequestScope (com.yahoo.elide.core.RequestScope)2 EntityDictionary (com.yahoo.elide.core.dictionary.EntityDictionary)2 InPredicate (com.yahoo.elide.core.filter.predicates.InPredicate)2 ExpressionResult (com.yahoo.elide.core.security.permissions.ExpressionResult)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial