Example 1 with Check
use of com.yahoo.elide.core.security.checks.Check in project elide by yahoo.
the class EntityDictionary method getCheckInstance.
/**
* Returns the check mapped to a particular identifier.
*
* @param checkIdentifier the name from the expression string
* @return the {@link Check} mapped to the identifier.
*/
public Check getCheckInstance(String checkIdentifier) {
// Role checks may contain the same class for different checks.
if (roleChecks.containsKey(checkIdentifier)) {
return roleChecks.get(checkIdentifier);
}
Class<? extends Check> checkClass = getCheck(checkIdentifier);
Check check;
if (checkInstances.containsKey(checkClass)) {
check = checkInstances.get(checkClass);
} else {
check = injector.instantiate(checkClass);
injector.inject(check);
checkInstances.put(checkClass, check);
}
return check;
}
Also used :
SecurityCheck(com.yahoo.elide.annotation.SecurityCheck)
UserCheck(com.yahoo.elide.core.security.checks.UserCheck)
Check(com.yahoo.elide.core.security.checks.Check)
Example 2 with Check
use of com.yahoo.elide.core.security.checks.Check in project elide by yahoo.
the class PermissionToFilterExpressionVisitorTest method filterExpressionForPermissions.
private FilterExpression filterExpressionForPermissions(String permission) {
Function<Check, Expression> checkFn = (check) -> new CheckExpression(check, null, requestScope, null, cache);
ParseTree expression = EntityPermissions.parseExpression(permission);
PermissionToFilterExpressionVisitor fev = new PermissionToFilterExpressionVisitor(dictionary, requestScope, null);
return expression.accept(new PermissionExpressionVisitor(dictionary, checkFn)).accept(NORMALIZATION_VISITOR).accept(fev);
}
Also used :
CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression)
BeforeEach(org.junit.jupiter.api.BeforeEach)
FilterPredicate(com.yahoo.elide.core.filter.predicates.FilterPredicate)
Arrays(java.util.Arrays)
Path(com.yahoo.elide.core.Path)
Role(com.yahoo.elide.core.security.checks.prefab.Role)
User(com.yahoo.elide.core.security.User)
Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse)
OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression)
Map(java.util.Map)
PermissionExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionVisitor)
NO_EVALUATION_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION)
RequestScope(com.yahoo.elide.core.RequestScope)
OperationCheck(com.yahoo.elide.core.security.checks.OperationCheck)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
PermissionToFilterExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor)
UUID(java.util.UUID)
Arguments(org.junit.jupiter.params.provider.Arguments)
EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary)
Expression(com.yahoo.elide.core.security.permissions.expressions.Expression)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
Stream(java.util.stream.Stream)
ExpressionResultCache(com.yahoo.elide.core.security.permissions.ExpressionResultCache)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression)
Optional(java.util.Optional)
TRUE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.TRUE_USER_CHECK_EXPRESSION)
PermissionExpressionNormalizationVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionNormalizationVisitor)
TestDictionary(com.yahoo.elide.core.dictionary.TestDictionary)
ElideSettingsBuilder(com.yahoo.elide.ElideSettingsBuilder)
HashMap(java.util.HashMap)
Author(example.Author)
Function(java.util.function.Function)
NO_VERSION(com.yahoo.elide.core.dictionary.EntityDictionary.NO_VERSION)
ParseTree(org.antlr.v4.runtime.tree.ParseTree)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression)
FilterExpressionCheck(com.yahoo.elide.core.security.checks.FilterExpressionCheck)
ElideSettings(com.yahoo.elide.ElideSettings)
TestUser(com.yahoo.elide.core.security.TestUser)
ChangeSpec(com.yahoo.elide.core.security.ChangeSpec)
Check(com.yahoo.elide.core.security.checks.Check)
Book(example.Book)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
EntityPermissions(com.yahoo.elide.core.dictionary.EntityPermissions)
Type(com.yahoo.elide.core.type.Type)
Operator(com.yahoo.elide.core.filter.Operator)
Collections(java.util.Collections)
FALSE_USER_CHECK_EXPRESSION(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION)
CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression)
OrFilterExpression(com.yahoo.elide.core.filter.expression.OrFilterExpression)
Expression(com.yahoo.elide.core.security.permissions.expressions.Expression)
AndFilterExpression(com.yahoo.elide.core.filter.expression.AndFilterExpression)
FilterExpression(com.yahoo.elide.core.filter.expression.FilterExpression)
OperationCheck(com.yahoo.elide.core.security.checks.OperationCheck)
FilterExpressionCheck(com.yahoo.elide.core.security.checks.FilterExpressionCheck)
Check(com.yahoo.elide.core.security.checks.Check)
PermissionToFilterExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionToFilterExpressionVisitor)
PermissionExpressionVisitor(com.yahoo.elide.core.security.visitors.PermissionExpressionVisitor)
ParseTree(org.antlr.v4.runtime.tree.ParseTree)
CheckExpression(com.yahoo.elide.core.security.permissions.expressions.CheckExpression)
Example 3 with Check
use of com.yahoo.elide.core.security.checks.Check in project elide by yahoo.
the class AggregationDataStore method validateModelExpressionChecks.
/**
* Validates The security Check expression type for both Table and all its fields.
* Table Security Check Condition - User Checks and Filter Expression Checks
* Field Security Check Condition - User Checks
* @param dictionary - Entity Dictionary
* @param clz - Model Type.
*/
private void validateModelExpressionChecks(EntityDictionary dictionary, Type<?> clz) {
PermissionExpressionVisitor visitor = new PermissionExpressionVisitor();
ParseTree parseTree = dictionary.getPermissionsForClass(clz, ReadPermission.class);
if (parseTree != null) {
validateExpression(dictionary, visitor.visit(parseTree), (checkClass) -> UserCheck.class.isAssignableFrom(checkClass) || FilterExpressionCheck.class.isAssignableFrom(checkClass), "Table Can only have User Check and Filter Expression Check." + "Operation Checks Not allowed. given - %s");
}
dictionary.getAllExposedFields(clz).stream().map(field -> dictionary.getPermissionsForField(clz, field, ReadPermission.class)).filter(Objects::nonNull).forEach(tree -> validateExpression(dictionary, visitor.visit(tree), (checkClass) -> UserCheck.class.isAssignableFrom(checkClass), "Fields Can only have User checks. Given - %s"));
}
Also used :
ColumnMeta(com.yahoo.elide.datastores.aggregation.annotation.ColumnMeta)
Arrays(java.util.Arrays)
ArgumentType(com.yahoo.elide.core.dictionary.ArgumentType)
Join(com.yahoo.elide.datastores.aggregation.annotation.Join)
AccessibleObject(com.yahoo.elide.core.type.AccessibleObject)
TableMeta(com.yahoo.elide.datastores.aggregation.annotation.TableMeta)
UserCheck(com.yahoo.elide.core.security.checks.UserCheck)
PermissionExecutor(com.yahoo.elide.core.security.PermissionExecutor)
Function(java.util.function.Function)
ClassType(com.yahoo.elide.core.type.ClassType)
Column(com.yahoo.elide.datastores.aggregation.metadata.models.Column)
ToString(lombok.ToString)
ParseTree(org.antlr.v4.runtime.tree.ParseTree)
FilterExpressionCheck(com.yahoo.elide.core.security.checks.FilterExpressionCheck)
RequestScope(com.yahoo.elide.core.RequestScope)
DataStoreTransaction(com.yahoo.elide.core.datastore.DataStoreTransaction)
Check(com.yahoo.elide.core.security.checks.Check)
Cache(com.yahoo.elide.datastores.aggregation.cache.Cache)
FromSubquery(com.yahoo.elide.datastores.aggregation.queryengines.sql.annotation.FromSubquery)
PermissionExpressionVisitor(com.yahoo.elide.modelconfig.validator.PermissionExpressionVisitor)
NonNull(lombok.NonNull)
Predicate(java.util.function.Predicate)
ValueType(com.yahoo.elide.datastores.aggregation.metadata.enums.ValueType)
ArgumentDefinition(com.yahoo.elide.datastores.aggregation.metadata.models.ArgumentDefinition)
Set(java.util.Set)
FromTable(com.yahoo.elide.datastores.aggregation.queryengines.sql.annotation.FromTable)
AggregationStorePermissionExecutor(com.yahoo.elide.core.security.executors.AggregationStorePermissionExecutor)
EntityDictionary(com.yahoo.elide.core.dictionary.EntityDictionary)
Objects(java.util.Objects)
List(java.util.List)
ReadPermission(com.yahoo.elide.annotation.ReadPermission)
Builder(lombok.Builder)
DataStore(com.yahoo.elide.core.datastore.DataStore)
Type(com.yahoo.elide.core.type.Type)
TimeDimension(com.yahoo.elide.datastores.aggregation.metadata.models.TimeDimension)
Annotation(java.lang.annotation.Annotation)
Table(com.yahoo.elide.datastores.aggregation.metadata.models.Table)
QueryLogger(com.yahoo.elide.datastores.aggregation.core.QueryLogger)
PermissionExpressionVisitor(com.yahoo.elide.modelconfig.validator.PermissionExpressionVisitor)
ReadPermission(com.yahoo.elide.annotation.ReadPermission)
ParseTree(org.antlr.v4.runtime.tree.ParseTree)
Example 4 with Check
use of com.yahoo.elide.core.security.checks.Check in project elide by yahoo.
the class AggregationStorePermissionExecutorTest method setup.
@BeforeAll
public void setup() {
Map<String, Class<? extends Check>> checks = new HashMap<>();
checks.put("user all", Role.ALL.class);
checks.put("user none", Role.NONE.class);
checks.put("filter check", FilterCheck.class);
dictionary = TestDictionary.getTestDictionary(checks);
elideSettings = new ElideSettingsBuilder(null).withEntityDictionary(dictionary).build();
}
Also used :
Role(com.yahoo.elide.core.security.checks.prefab.Role)
ElideSettingsBuilder(com.yahoo.elide.ElideSettingsBuilder)
HashMap(java.util.HashMap)
FilterExpressionCheck(com.yahoo.elide.core.security.checks.FilterExpressionCheck)
Check(com.yahoo.elide.core.security.checks.Check)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Example 5 with Check
use of com.yahoo.elide.core.security.checks.Check in project elide by yahoo.
the class PermissionExpressionBuilderTest method setupEntityDictionary.
@BeforeEach
public void setupEntityDictionary() {
Map<String, Class<? extends Check>> checks = new HashMap<>();
checks.put("user has all access", Role.ALL.class);
checks.put("user has no access", Role.NONE.class);
dictionary = TestDictionary.getTestDictionary(checks);
ExpressionResultCache cache = new ExpressionResultCache();
builder = new PermissionExpressionBuilder(cache, dictionary);
elideSettings = new ElideSettingsBuilder(null).withEntityDictionary(dictionary).build();
}
Also used :
Role(com.yahoo.elide.core.security.checks.prefab.Role)
ElideSettingsBuilder(com.yahoo.elide.ElideSettingsBuilder)
HashMap(java.util.HashMap)
Check(com.yahoo.elide.core.security.checks.Check)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
Check (com.yahoo.elide.core.security.checks.Check)22
HashMap (java.util.HashMap)17
ElideSettingsBuilder (com.yahoo.elide.ElideSettingsBuilder)13
BeforeEach (org.junit.jupiter.api.BeforeEach)11
Elide (com.yahoo.elide.Elide)9
RequestScope (com.yahoo.elide.core.RequestScope)8
HashMapDataStore (com.yahoo.elide.core.datastore.inmemory.HashMapDataStore)8
EntityDictionary (com.yahoo.elide.core.dictionary.EntityDictionary)8
Role (com.yahoo.elide.core.security.checks.prefab.Role)6
FilterExpressionCheck (com.yahoo.elide.core.security.checks.FilterExpressionCheck)5
AsyncQuery (com.yahoo.elide.async.models.AsyncQuery)4
Injector (com.yahoo.elide.core.dictionary.Injector)4
FilterExpression (com.yahoo.elide.core.filter.expression.FilterExpression)4
User (com.yahoo.elide.core.security.User)4
UserCheck (com.yahoo.elide.core.security.checks.UserCheck)4
Type (com.yahoo.elide.core.type.Type)4
DefaultAsyncAPIDAO (com.yahoo.elide.async.service.dao.DefaultAsyncAPIDAO)3
FileResultStorageEngine (com.yahoo.elide.async.service.storageengine.FileResultStorageEngine)3
DataStoreTransaction (com.yahoo.elide.core.datastore.DataStoreTransaction)3
OrFilterExpression (com.yahoo.elide.core.filter.expression.OrFilterExpression)3
