Examples with PermissionExecutor com.yahoo.elide.core.security.PermissionExecutor used on opensource projects

Search in sources :

Example 11 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testBypassReadonlyFilterRestriction.

@Test
public void testBypassReadonlyFilterRestriction() throws Exception {
    RSQLFilterDialect dialect = RSQLFilterDialect.builder().dictionary(scope.getDictionary()).build();
    FilterExpression expression = dialect.parseFilterExpression("authors.name==foo", ClassType.of(Book.class), true);
    Book book = new Book();
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    DataStoreTransaction tx = scope.getTransaction();
    when(permissionExecutor.evaluateFilterJoinUserChecks(any(), any())).thenReturn(ExpressionResult.PASS);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // restricted HOME field
    assertTrue(expression.accept(visitor));
    verify(permissionExecutor, times(1)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, never()).checkSpecificFieldPermissions(any(), any(), any(), any());
    verify(permissionExecutor, never()).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, never()).handleFilterJoinReject(any(), any(), any());
    verify(tx, never()).getToManyRelation(any(), any(), any(), any());
}
Also used : PersistentResource(com.yahoo.elide.core.PersistentResource) Book(example.Book) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression) NotFilterExpression(com.yahoo.elide.core.filter.expression.NotFilterExpression) AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression) RSQLFilterDialect(com.yahoo.elide.core.filter.dialect.RSQLFilterDialect) Test(org.junit.jupiter.api.Test)

Example 12 with PermissionExecutor

use of com.yahoo.elide.core.security.PermissionExecutor in project elide by yahoo.

the class VerifyFieldAccessFilterExpressionVisitorTest method testAccept.

@Test
public void testAccept() throws Exception {
    Path p1Path = new Path(Arrays.asList(new PathElement(Book.class, Author.class, AUTHORS), new PathElement(Author.class, String.class, NAME)));
    FilterPredicate p1 = new InPredicate(p1Path, "foo", "bar");
    Path p2Path = new Path(Arrays.asList(new PathElement(Book.class, String.class, NAME)));
    FilterPredicate p2 = new InPredicate(p2Path, "blah");
    Path p3Path = new Path(Arrays.asList(new PathElement(Book.class, String.class, GENRE)));
    FilterPredicate p3 = new InPredicate(p3Path, SCIFI);
    // P4 is a duplicate of P3
    Path p4Path = new Path(Arrays.asList(new PathElement(Book.class, String.class, GENRE)));
    FilterPredicate p4 = new InPredicate(p4Path, SCIFI);
    OrFilterExpression or = new OrFilterExpression(p2, p3);
    AndFilterExpression and1 = new AndFilterExpression(or, p1);
    AndFilterExpression and2 = new AndFilterExpression(and1, p4);
    NotFilterExpression not = new NotFilterExpression(and2);
    Book book = new Book();
    Author author = new Author();
    book.setAuthors(Collections.singleton(author));
    author.setBooks(Collections.singleton(book));
    PersistentResource<Book> resource = new PersistentResource<>(book, "", scope);
    VerifyFieldAccessFilterExpressionVisitor visitor = new VerifyFieldAccessFilterExpressionVisitor(resource);
    // unrestricted fields
    assertTrue(not.accept(visitor));
    assertTrue(and1.accept(visitor));
    assertTrue(and2.accept(visitor));
    assertTrue(or.accept(visitor));
    assertTrue(p1.accept(visitor));
    assertTrue(p2.accept(visitor));
    assertTrue(p3.accept(visitor));
    assertTrue(p4.accept(visitor));
    PermissionExecutor permissionExecutor = scope.getPermissionExecutor();
    verify(permissionExecutor, times(17)).evaluateFilterJoinUserChecks(any(), any());
    verify(permissionExecutor, times(5)).checkSpecificFieldPermissions(resource, null, ReadPermission.class, NAME);
    verify(permissionExecutor, times(21)).checkUserPermissions(any(), any(), isA(String.class));
    verify(permissionExecutor, never()).handleFilterJoinReject(any(), any(), any());
}
Also used : Path(com.yahoo.elide.core.Path) PersistentResource(com.yahoo.elide.core.PersistentResource) OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression) PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor) InPredicate(com.yahoo.elide.core.filter.predicates.InPredicate) NotFilterExpression(com.yahoo.elide.core.filter.expression.NotFilterExpression) PathElement(com.yahoo.elide.core.Path.PathElement) Book(example.Book) Author(example.Author) FilterPredicate(com.yahoo.elide.core.filter.predicates.FilterPredicate) AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression) Test(org.junit.jupiter.api.Test)

Aggregations

PermissionExecutor (com.yahoo.elide.core.security.PermissionExecutor)12 PersistentResource (com.yahoo.elide.core.PersistentResource)10 AndFilterExpression (com.yahoo.elide.core.filter.expression.AndFilterExpression)10 NotFilterExpression (com.yahoo.elide.core.filter.expression.NotFilterExpression)10 OrFilterExpression (com.yahoo.elide.core.filter.expression.OrFilterExpression)10 Book (example.Book)9 Test (org.junit.jupiter.api.Test)9 FilterExpression (com.yahoo.elide.core.filter.expression.FilterExpression)8 RSQLFilterDialect (com.yahoo.elide.core.filter.dialect.RSQLFilterDialect)7 DataStoreTransaction (com.yahoo.elide.core.datastore.DataStoreTransaction)6 PathElement (com.yahoo.elide.core.Path.PathElement)5 Author (example.Author)5 FilterPredicate (com.yahoo.elide.core.filter.predicates.FilterPredicate)4 ReadPermission (com.yahoo.elide.annotation.ReadPermission)3 ForbiddenAccessException (com.yahoo.elide.core.exceptions.ForbiddenAccessException)3 Path (com.yahoo.elide.core.Path)2 RequestScope (com.yahoo.elide.core.RequestScope)2 EntityDictionary (com.yahoo.elide.core.dictionary.EntityDictionary)2 InPredicate (com.yahoo.elide.core.filter.predicates.InPredicate)2 ExpressionResult (com.yahoo.elide.core.security.permissions.ExpressionResult)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial