Search in sources :

Example 21 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class WorkspaceAccessPluginTest method testPermittedWhenOwnerOnUpdatedRoles.

@Test
public void testPermittedWhenOwnerOnUpdatedRoles() throws Exception {
    String id = "0";
    WorkspaceMetacardImpl before = WorkspaceMetacardImpl.from(ImmutableMap.of(Metacard.ID, id, Core.METACARD_OWNER, "before", WorkspaceAttributes.WORKSPACE_SHARING, ImmutableList.of()));
    WorkspaceMetacardImpl after = WorkspaceMetacardImpl.from(ImmutableMap.of(Metacard.ID, id, Core.METACARD_OWNER, "after", WorkspaceAttributes.WORKSPACE_SHARING, ImmutableList.of("<xml/>")));
    UpdateRequest update = mockUpdateRequest(ImmutableMap.of(id, after));
    ArgumentCaptor<KeyValueCollectionPermission> args = ArgumentCaptor.forClass(KeyValueCollectionPermission.class);
    doReturn(true).when(subject).isPermitted(args.capture());
    accessPlugin.processPreUpdate(update, ImmutableMap.of(id, before));
    KeyValuePermission permission = (KeyValuePermission) args.getValue().getKeyValuePermissionList().get(0);
    assertThat(permission.getKey(), is(Constants.EMAIL_ADDRESS_CLAIM_URI));
    // NOTE: the permission should contain the owner of the before metacard, not after
    assertThat(permission.getValues(), is(ImmutableSet.of(before.getOwner())));
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) UpdateRequest(ddf.catalog.operation.UpdateRequest) KeyValuePermission(ddf.security.permission.KeyValuePermission) WorkspaceMetacardImpl(org.codice.ddf.catalog.ui.metacard.workspace.WorkspaceMetacardImpl) Test(org.junit.Test)

Example 22 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class Policy method getAllowedAttributePermissions.

@Override
public CollectionPermission getAllowedAttributePermissions() {
    List<KeyValuePermission> perms = new ArrayList<>();
    for (ContextAttributeMapping mapping : attributeMappings) {
        perms.add(mapping.getAttributePermission());
    }
    KeyValueCollectionPermission permissions = new KeyValueCollectionPermission(getContextPath());
    permissions.addAll(perms);
    return permissions;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) KeyValuePermission(ddf.security.permission.KeyValuePermission) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)

Aggregations

KeyValuePermission (ddf.security.permission.KeyValuePermission)22 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)18 ArrayList (java.util.ArrayList)10 Test (org.junit.Test)10 CollectionPermission (ddf.security.permission.CollectionPermission)8 Permission (org.apache.shiro.authz.Permission)8 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)4 HashSet (java.util.HashSet)3 List (java.util.List)3 Expansion (ddf.security.expansion.Expansion)2 AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2 HashMap (java.util.HashMap)2 AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)2 AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)2 AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)2 WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)2 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 XmlParser (org.codice.ddf.parser.xml.XmlParser)2 Before (org.junit.Before)2 XSString (org.opensaml.core.xml.schema.XSString)2