Example 1 with User
use of com.yahoo.elide.core.security.User in project elide by yahoo.
the class JsonApiEndpoint method post.
/**
* Create handler.
*
* @param path request path
* @param uriInfo URI info
* @param headers the request headers
* @param securityContext security context
* @param jsonapiDocument post data as jsonapi document
* @return response
*/
@POST
@Path("{path:.*}")
@Consumes(JSONAPI_CONTENT_TYPE)
public Response post(@PathParam("path") String path, @Context UriInfo uriInfo, @Context HttpHeaders headers, @Context SecurityContext securityContext, String jsonapiDocument) {
MultivaluedMap<String, String> queryParams = uriInfo.getQueryParameters();
String apiVersion = HeaderUtils.resolveApiVersion(headers.getRequestHeaders());
Map<String, List<String>> requestHeaders = HeaderUtils.lowercaseAndRemoveAuthHeaders(headers.getRequestHeaders());
User user = new SecurityContextUser(securityContext);
return build(elide.post(getBaseUrlEndpoint(uriInfo), path, jsonapiDocument, queryParams, requestHeaders, user, apiVersion, UUID.randomUUID()));
}Example 2 with User
use of com.yahoo.elide.core.security.User in project elide by yahoo.
the class JsonApiEndpoint method get.
/**
* Read handler.
*
* @param path request path
* @param uriInfo URI info
* @param headers the request headers
* @param securityContext security context
* @return response
*/
@GET
@Path("{path:.*}")
public Response get(@PathParam("path") String path, @Context UriInfo uriInfo, @Context HttpHeaders headers, @Context SecurityContext securityContext) {
MultivaluedMap<String, String> queryParams = uriInfo.getQueryParameters();
String apiVersion = HeaderUtils.resolveApiVersion(headers.getRequestHeaders());
Map<String, List<String>> requestHeaders = HeaderUtils.lowercaseAndRemoveAuthHeaders(headers.getRequestHeaders());
User user = new SecurityContextUser(securityContext);
return build(elide.get(getBaseUrlEndpoint(uriInfo), path, queryParams, requestHeaders, user, apiVersion, UUID.randomUUID()));
}Example 3 with User
use of com.yahoo.elide.core.security.User in project elide by yahoo.
the class JsonApiEndpoint method delete.
/**
* Delete relationship handler (expects body with resource ids and types).
*
* @param path request path
* @param uriInfo URI info
* @param headers the request headers
* @param securityContext security context
* @param jsonApiDocument DELETE document
* @return response
*/
@DELETE
@Path("{path:.*}")
@Consumes(JSONAPI_CONTENT_TYPE)
public Response delete(@PathParam("path") String path, @Context UriInfo uriInfo, @Context HttpHeaders headers, @Context SecurityContext securityContext, String jsonApiDocument) {
MultivaluedMap<String, String> queryParams = uriInfo.getQueryParameters();
String apiVersion = HeaderUtils.resolveApiVersion(headers.getRequestHeaders());
Map<String, List<String>> requestHeaders = HeaderUtils.lowercaseAndRemoveAuthHeaders(headers.getRequestHeaders());
User user = new SecurityContextUser(securityContext);
return build(elide.delete(getBaseUrlEndpoint(uriInfo), path, jsonApiDocument, queryParams, requestHeaders, user, apiVersion, UUID.randomUUID()));
}Example 4 with User
use of com.yahoo.elide.core.security.User in project elide by yahoo.
the class TableExportIT method tableExportModelAdminReadPermissions.
/**
* Tests Read Permissions on TableExport Model for Admin Role.
* @throws IOException IOException
*/
@Test
public void tableExportModelAdminReadPermissions() throws IOException {
ElideResponse response = null;
String id = "edc4a871-dff2-4054-804e-d80075c08959";
String query = "test-query";
com.yahoo.elide.async.models.TableExport queryObj = new com.yahoo.elide.async.models.TableExport();
queryObj.setId(id);
queryObj.setQuery(query);
queryObj.setResultType(ResultType.CSV);
queryObj.setQueryType(QueryType.JSONAPI_V1_0);
queryObj.setPrincipalName("owner-user");
EntityDictionary dictionary = EntityDictionary.builder().checks(AsyncIntegrationTestApplicationResourceConfig.MAPPINGS).build();
dataStore.populateEntityDictionary(dictionary);
DataStoreTransaction tx = dataStore.beginTransaction();
tx.createObject(queryObj, null);
tx.commit(null);
tx.close();
Elide elide = new Elide(new ElideSettingsBuilder(dataStore).withEntityDictionary(dictionary).withAuditLogger(new TestAuditLogger()).build());
User ownerUser = new User(() -> "owner-user");
SecurityContextUser securityContextAdminUser = new SecurityContextUser(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return () -> "1";
}
@Override
public boolean isUserInRole(String s) {
return true;
}
@Override
public boolean isSecure() {
return false;
}
@Override
public String getAuthenticationScheme() {
return null;
}
});
SecurityContextUser securityContextNonAdminUser = new SecurityContextUser(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return () -> "2";
}
@Override
public boolean isUserInRole(String s) {
return false;
}
@Override
public boolean isSecure() {
return false;
}
@Override
public String getAuthenticationScheme() {
return null;
}
});
String baseUrl = "/";
// Principal is Owner
response = elide.get(baseUrl, "/tableExport/" + id, new MultivaluedHashMap<>(), ownerUser, NO_VERSION);
assertEquals(HttpStatus.SC_OK, response.getResponseCode());
// Principal has Admin Role
response = elide.get(baseUrl, "/tableExport/" + id, new MultivaluedHashMap<>(), securityContextAdminUser, NO_VERSION);
assertEquals(HttpStatus.SC_OK, response.getResponseCode());
// Principal without Admin Role
response = elide.get(baseUrl, "/tableExport/" + id, new MultivaluedHashMap<>(), securityContextNonAdminUser, NO_VERSION);
assertEquals(HttpStatus.SC_NOT_FOUND, response.getResponseCode());
}
Also used :
User(com.yahoo.elide.core.security.User)
SecurityContextUser(com.yahoo.elide.jsonapi.resources.SecurityContextUser)
SecurityContextUser(com.yahoo.elide.jsonapi.resources.SecurityContextUser)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
ElideSettingsBuilder(com.yahoo.elide.ElideSettingsBuilder)
ElideResponse(com.yahoo.elide.ElideResponse)
SecurityContext(javax.ws.rs.core.SecurityContext)
DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction)
TestAuditLogger(com.yahoo.elide.core.audit.TestAuditLogger)
Elide(com.yahoo.elide.Elide)
EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary)
Principal(java.security.Principal)
Test(org.junit.jupiter.api.Test)
Example 5 with User
use of com.yahoo.elide.core.security.User in project elide by yahoo.
the class Elide method patch.
/**
* Handle PATCH.
*
* @param baseUrlEndPoint base URL with prefix endpoint
* @param contentType the content type
* @param accept the accept
* @param path the path
* @param jsonApiDocument the json api document
* @param queryParams the query params
* @param requestHeaders the request headers
* @param opaqueUser the opaque user
* @param apiVersion the API version
* @param requestId the request ID
* @return Elide response object
*/
public ElideResponse patch(String baseUrlEndPoint, String contentType, String accept, String path, String jsonApiDocument, MultivaluedMap<String, String> queryParams, Map<String, List<String>> requestHeaders, User opaqueUser, String apiVersion, UUID requestId) {
Handler<DataStoreTransaction, User, HandlerResult> handler;
if (JsonApiPatch.isPatchExtension(contentType) && JsonApiPatch.isPatchExtension(accept)) {
handler = (tx, user) -> {
PatchRequestScope requestScope = new PatchRequestScope(baseUrlEndPoint, path, apiVersion, tx, user, requestId, queryParams, requestHeaders, elideSettings);
try {
Supplier<Pair<Integer, JsonNode>> responder = JsonApiPatch.processJsonPatch(dataStore, path, jsonApiDocument, requestScope);
return new HandlerResult(requestScope, responder);
} catch (RuntimeException e) {
return new HandlerResult(requestScope, e);
}
};
} else {
handler = (tx, user) -> {
JsonApiDocument jsonApiDoc = mapper.readJsonApiDocument(jsonApiDocument);
RequestScope requestScope = new RequestScope(baseUrlEndPoint, path, apiVersion, jsonApiDoc, tx, user, queryParams, requestHeaders, requestId, elideSettings);
requestScope.setEntityProjection(new EntityProjectionMaker(elideSettings.getDictionary(), requestScope).parsePath(path));
BaseVisitor visitor = new PatchVisitor(requestScope);
return visit(path, requestScope, visitor);
};
}
return handleRequest(false, opaqueUser, dataStore::beginTransaction, requestId, handler);
}
Also used :
PatchRequestScope(com.yahoo.elide.jsonapi.extensions.PatchRequestScope)
User(com.yahoo.elide.core.security.User)
JsonApiDocument(com.yahoo.elide.jsonapi.models.JsonApiDocument)
PatchVisitor(com.yahoo.elide.jsonapi.parser.PatchVisitor)
EntityProjectionMaker(com.yahoo.elide.jsonapi.EntityProjectionMaker)
PatchRequestScope(com.yahoo.elide.jsonapi.extensions.PatchRequestScope)
RequestScope(com.yahoo.elide.core.RequestScope)
BaseVisitor(com.yahoo.elide.jsonapi.parser.BaseVisitor)
DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction)
Pair(org.apache.commons.lang3.tuple.Pair)
Aggregations
User (com.yahoo.elide.core.security.User)25
List (java.util.List)13
ElideResponse (com.yahoo.elide.ElideResponse)12
Elide (com.yahoo.elide.Elide)7
AuthenticationUser (com.yahoo.elide.spring.security.AuthenticationUser)6
UUID (java.util.UUID)6
Callable (java.util.concurrent.Callable)6
DataStoreTransaction (com.yahoo.elide.core.datastore.DataStoreTransaction)5
HashMap (java.util.HashMap)5
ElideSettingsBuilder (com.yahoo.elide.ElideSettingsBuilder)4
RequestScope (com.yahoo.elide.core.RequestScope)4
Consumes (javax.ws.rs.Consumes)4
Test (org.junit.jupiter.api.Test)4
InvalidOperationException (com.yahoo.elide.core.exceptions.InvalidOperationException)3
SecurityContextUser (com.yahoo.elide.jsonapi.resources.SecurityContextUser)3
Path (javax.ws.rs.Path)3
AsyncAPIInlineChecks (com.yahoo.elide.async.models.security.AsyncAPIInlineChecks)2
AsyncExecutorService (com.yahoo.elide.async.service.AsyncExecutorService)2
FileResultStorageEngine (com.yahoo.elide.async.service.storageengine.FileResultStorageEngine)2
Slf4jLogger (com.yahoo.elide.core.audit.Slf4jLogger)2
