Example 11 with AuthzRoles
use of cz.metacentrum.perun.core.impl.AuthzRoles in project perun by CESNET.
the class AuthzResolverBlImpl method init.
/**
* Retrieves information about the perun principal (in which VOs the principal is admin, ...)
*
* @param sess perunSession
* @throws InternalErrorException when problem
*/
protected static void init(PerunSession sess) throws InternalErrorException {
log.trace("Initializing AuthzResolver for [{}]", sess.getPerunPrincipal());
//Prepare service roles like engine, service, registrar, perunAdmin etc.
prepareServiceRoles(sess);
if (!sess.getPerunPrincipal().getRoles().isEmpty()) {
// We have some of the service principal, so we can quit
sess.getPerunPrincipal().setAuthzInitialized(true);
return;
}
// Prepare first users rights on all subgroups of groups where user is GroupAdmin and add them to AuthzRoles of the user
AuthzRoles authzRoles = addAllSubgroupsToAuthzRoles(sess, authzResolverImpl.getRoles(sess.getPerunPrincipal().getUser()));
// Load all user's roles with all possible subgroups
sess.getPerunPrincipal().setRoles(authzRoles);
// Add self role for the user
if (sess.getPerunPrincipal().getUser() != null) {
sess.getPerunPrincipal().getRoles().putAuthzRole(Role.SELF, sess.getPerunPrincipal().getUser());
// Add service user role
if (sess.getPerunPrincipal().getUser().isServiceUser()) {
sess.getPerunPrincipal().getRoles().putAuthzRole(Role.SERVICEUSER);
}
}
sess.getPerunPrincipal().setAuthzInitialized(true);
log.debug("AuthzResolver: Complete PerunPrincipal: {}", sess.getPerunPrincipal());
}
Also used :
AuthzRoles(cz.metacentrum.perun.core.impl.AuthzRoles)
Example 12 with AuthzRoles
use of cz.metacentrum.perun.core.impl.AuthzRoles in project perun by CESNET.
the class SecurityTeamsManagerEntryIntegrationTest method testGetSecurityTeamsSecurityAdmin.
@Test
public void testGetSecurityTeamsSecurityAdmin() throws Exception {
System.out.println(CLASS_NAME + "testGetSecurityTeamsSecurityAdmin");
AuthzRoles roles = sess.getPerunPrincipal().getRoles();
try {
setUpSecurityTeams();
setUpUsers();
List<SecurityTeam> expected = new ArrayList<>();
expected.add(st0);
sess.getPerunPrincipal().setRoles(new AuthzRoles(Role.SECURITYADMIN, st0));
List<SecurityTeam> actual = securityTeamsManagerEntry.getSecurityTeams(sess);
assertEquals(expected, actual);
} finally {
sess.getPerunPrincipal().setRoles(roles);
}
}
Also used :
AuthzRoles(cz.metacentrum.perun.core.impl.AuthzRoles)
SecurityTeam(cz.metacentrum.perun.core.api.SecurityTeam)
AbstractPerunIntegrationTest(cz.metacentrum.perun.core.AbstractPerunIntegrationTest)
Test(org.junit.Test)
Example 13 with AuthzRoles
use of cz.metacentrum.perun.core.impl.AuthzRoles in project perun by CESNET.
the class FacilitiesManagerEntryIntegrationTest method addHostSameDestinationDifferentAdmin.
@Test(expected = PrivilegeException.class)
public void addHostSameDestinationDifferentAdmin() throws Exception {
System.out.println(CLASS_NAME + "addHostSameDestinationDifferentAdmin");
// Initialize host, destination and service
String hostName = "TestHost";
Host host = new Host(0, hostName);
Destination destination = new Destination(0, hostName, Destination.DESTINATIONHOSTTYPE);
Service service = new Service(0, "testService");
ServicesManager servicesManagerEntry = perun.getServicesManager();
service = servicesManagerEntry.createService(sess, service);
// Creates second facility
Facility secondFacility = new Facility(0, "TestSecondFacility", "TestDescriptionText");
assertNotNull(perun.getFacilitiesManager().createFacility(sess, secondFacility));
// Set up two members
Member memberOne = setUpMember(vo);
Member memberTwo = setUpMember(vo);
// Set users as admins of different facilities
User userOne = perun.getUsersManagerBl().getUserByMember(sess, memberOne);
facilitiesManagerEntry.addAdmin(sess, facility, userOne);
User userTwo = perun.getUsersManagerBl().getUserByMember(sess, memberTwo);
facilitiesManagerEntry.addAdmin(sess, secondFacility, userTwo);
// Sets userOne as actor in this test with role facility admin for facility
AuthzRoles authzRoles = new AuthzRoles(Role.FACILITYADMIN, facility);
sess.getPerunPrincipal().setRoles(authzRoles);
sess.getPerunPrincipal().setUser(userOne);
// Adds destination to facility
servicesManagerEntry.addDestination(sess, service, facility, destination);
assertTrue(servicesManagerEntry.getDestinations(sess, service, facility).size() == 1);
// Change actor in this test to userTwo
authzRoles = new AuthzRoles(Role.FACILITYADMIN, secondFacility);
sess.getPerunPrincipal().setRoles(authzRoles);
sess.getPerunPrincipal().setUser(userTwo);
// Adds same host as destination to secondFacility with different admin -> should throw exception
facilitiesManagerEntry.addHost(sess, host, secondFacility);
}
Also used :
Destination(cz.metacentrum.perun.core.api.Destination)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
ServicesManager(cz.metacentrum.perun.core.api.ServicesManager)
AuthzRoles(cz.metacentrum.perun.core.impl.AuthzRoles)
Service(cz.metacentrum.perun.core.api.Service)
Host(cz.metacentrum.perun.core.api.Host)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Facility(cz.metacentrum.perun.core.api.Facility)
Member(cz.metacentrum.perun.core.api.Member)
AbstractPerunIntegrationTest(cz.metacentrum.perun.core.AbstractPerunIntegrationTest)
Test(org.junit.Test)
Example 14 with AuthzRoles
use of cz.metacentrum.perun.core.impl.AuthzRoles in project perun by CESNET.
the class FacilitiesManagerEntryIntegrationTest method addHostsStringsSameDestinationDifferentAdmin.
@Test(expected = PrivilegeException.class)
public void addHostsStringsSameDestinationDifferentAdmin() throws Exception {
System.out.println(CLASS_NAME + "addHostsStringsSameDestinationDifferentAdmin");
// Sets list of hostnames
String hostName = "testHostOne";
List<String> listOfHosts = new ArrayList<String>();
listOfHosts.add(hostName);
hostName = "testHostTwo";
listOfHosts.add(hostName);
// Initialize destination and service
Destination destination = new Destination(0, hostName, Destination.DESTINATIONHOSTTYPE);
Service service = new Service(0, "testService");
ServicesManager servicesManagerEntry = perun.getServicesManager();
service = servicesManagerEntry.createService(sess, service);
// Creates second facility
Facility secondFacility = new Facility(0, "TestSecondFacility", "TestDescriptionText");
assertNotNull(perun.getFacilitiesManager().createFacility(sess, secondFacility));
// Set up two members
Member memberOne = setUpMember(vo);
Member memberTwo = setUpMember(vo);
// Set users as admins of different facilities
User userOne = perun.getUsersManagerBl().getUserByMember(sess, memberOne);
facilitiesManagerEntry.addAdmin(sess, facility, userOne);
User userTwo = perun.getUsersManagerBl().getUserByMember(sess, memberTwo);
facilitiesManagerEntry.addAdmin(sess, secondFacility, userTwo);
// Sets userOne as actor in this test with role facility admin for facility
AuthzRoles authzRoles = new AuthzRoles(Role.FACILITYADMIN, facility);
sess.getPerunPrincipal().setRoles(authzRoles);
sess.getPerunPrincipal().setUser(userOne);
// Adds destination to facility
servicesManagerEntry.addDestination(sess, service, facility, destination);
assertTrue(servicesManagerEntry.getDestinations(sess, service, facility).size() == 1);
// Change actor in this test to userTwo
authzRoles = new AuthzRoles(Role.FACILITYADMIN, secondFacility);
sess.getPerunPrincipal().setRoles(authzRoles);
sess.getPerunPrincipal().setUser(userTwo);
// Adds same host as destination to secondFacility with different admin -> should throw exception
facilitiesManagerEntry.addHosts(sess, secondFacility, listOfHosts);
}
Also used :
Destination(cz.metacentrum.perun.core.api.Destination)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
ServicesManager(cz.metacentrum.perun.core.api.ServicesManager)
ArrayList(java.util.ArrayList)
AuthzRoles(cz.metacentrum.perun.core.impl.AuthzRoles)
Service(cz.metacentrum.perun.core.api.Service)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Facility(cz.metacentrum.perun.core.api.Facility)
Member(cz.metacentrum.perun.core.api.Member)
AbstractPerunIntegrationTest(cz.metacentrum.perun.core.AbstractPerunIntegrationTest)
Test(org.junit.Test)
Aggregations
AuthzRoles (cz.metacentrum.perun.core.impl.AuthzRoles)14
AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)12
Test (org.junit.Test)12
Facility (cz.metacentrum.perun.core.api.Facility)8
Member (cz.metacentrum.perun.core.api.Member)8
User (cz.metacentrum.perun.core.api.User)8
BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)7
RichUser (cz.metacentrum.perun.core.api.RichUser)7
Destination (cz.metacentrum.perun.core.api.Destination)5
Host (cz.metacentrum.perun.core.api.Host)5
ArrayList (java.util.ArrayList)5
Service (cz.metacentrum.perun.core.api.Service)4
ServicesManager (cz.metacentrum.perun.core.api.ServicesManager)4
SecurityTeam (cz.metacentrum.perun.core.api.SecurityTeam)3
PerunBean (cz.metacentrum.perun.core.api.PerunBean)1
RichDestination (cz.metacentrum.perun.core.api.RichDestination)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
