Example 1 with AuthorizableType
use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManagerIntegrationTest method testAuthorizableTypes.
@Test
public void testAuthorizableTypes() {
Set<AuthorizableType> authorizableTypes = manager.getAuthorizableTypes();
//
AuthorizableType role = authorizableTypes.stream().filter(a -> {
return IdmRole.class.equals(a.getType());
}).findFirst().get();
assertNotNull(role);
}
Also used :
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 2 with AuthorizableType
use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class AbstractReadDtoService method findEntities.
protected Page<E> findEntities(F filter, Pageable pageable, BasePermission... permission) {
// transform filter to criteria
Specification<E> criteria = new Specification<E>() {
public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
List<Predicate> predicates = new ArrayList<>();
// if filter is null, no filter predicates will be built
if (filter != null) {
predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
}
//
// permisions are not evaluated, if no permission was given or authorizable type is null (=> authorization policies are not supported)
BasePermission[] permissions = PermissionUtils.trimNull(permission);
if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
if (authorizableType != null && authorizableType.getType() != null) {
predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
}
}
//
return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
}
};
return getRepository().findAll(criteria, pageable);
}
Also used :
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
Root(javax.persistence.criteria.Root)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
ArrayList(java.util.ArrayList)
Specification(org.springframework.data.jpa.domain.Specification)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Predicate(javax.persistence.criteria.Predicate)
AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
Example 3 with AuthorizableType
use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManagerIntegrationTest method testAuthorizableTypes.
@Test
public void testAuthorizableTypes() {
Set<AuthorizableType> authorizableTypes = manager.getAuthorizableTypes();
//
AuthorizableType role = authorizableTypes.stream().filter(a -> {
return IdmRole.class.equals(a.getType());
}).findFirst().get();
assertNotNull(role);
}
Also used :
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Example 4 with AuthorizableType
use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class GeneralEntityExport method getAuthoritiesForEntity.
@Override
@SuppressWarnings("rawtypes")
protected List<String> getAuthoritiesForEntity() {
ReadWriteDtoService<AbstractDto, BaseFilter> service = getService();
if (!(service instanceof AuthorizableService)) {
// Service is not authorizable => only super admin can use report.
return Lists.newArrayList(IdmGroupPermission.APP_ADMIN);
}
AuthorizableService authorizableService = (AuthorizableService) service;
AuthorizableType authorizableType = authorizableService.getAuthorizableType();
if (authorizableType == null) {
// Service is authorizable but group is not specified => only super admin can use report.
return Lists.newArrayList(IdmGroupPermission.APP_ADMIN);
}
boolean readPermissionFound = authorizableType.getGroup().getPermissions().stream().filter(permission -> IdmBasePermission.READ == permission).findFirst().isPresent();
if (!readPermissionFound) {
// By default only super admin can use report.
return Lists.newArrayList(IdmGroupPermission.APP_ADMIN);
}
// If exist, read permission for that type will be returned.
return Lists.newArrayList(MessageFormat.format("{0}{1}{2}", authorizableType.getGroup().getName(), IdmBasePermission.SEPARATOR, IdmBasePermission.READ.name()));
}
Also used :
AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
BaseFilter(eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)
Example 5 with AuthorizableType
use of eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManager method getAuthorizableTypes.
/**
* {@inheritDoc}
*
* Services authorization policies support can be enabled / disabled dynamically
*/
@Override
public Set<AuthorizableType> getAuthorizableTypes() {
Set<AuthorizableType> authorizableTypes = new HashSet<>();
// types with authorization evaluators support
context.getBeansOfType(AuthorizableService.class).values().forEach(service -> {
if (service.getAuthorizableType() != null) {
authorizableTypes.add(service.getAuthorizableType());
}
});
// add default - doesn't supports authorization evaluators
moduleService.getAvailablePermissions().forEach(groupPermission -> {
boolean exists = authorizableTypes.stream().anyMatch(authorizableType -> {
// equals by group permission name only - name is identifier, base permission can be added in custom module
return authorizableType.getGroup().getName().equals(groupPermission.getName());
});
if (!exists) {
authorizableTypes.add(new AuthorizableType(groupPermission, null));
}
});
return authorizableTypes;
}
Also used :
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
HashSet(java.util.HashSet)
Aggregations
AuthorizableType (eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)6
AuthorizableService (eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)3
BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)2
ArrayList (java.util.ArrayList)2
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2
CriteriaQuery (javax.persistence.criteria.CriteriaQuery)2
Predicate (javax.persistence.criteria.Predicate)2
Root (javax.persistence.criteria.Root)2
Test (org.junit.Test)2
Specification (org.springframework.data.jpa.domain.Specification)2
AbstractDto (eu.bcvsolutions.idm.core.api.dto.AbstractDto)1
BaseFilter (eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)1
PermissionContext (eu.bcvsolutions.idm.core.api.dto.filter.PermissionContext)1
IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)1
AbstractEvaluatorIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)1
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)1
HashSet (java.util.HashSet)1
ExistsPredicate (org.hibernate.query.criteria.internal.predicate.ExistsPredicate)1
InPredicate (org.hibernate.query.criteria.internal.predicate.InPredicate)1
