Search in sources :

Example 1 with Record

use of io.vertigo.account.authorization.model.Record in project vertigo by KleeGroup.

the class VSecurityManagerTest method createRecord.

private Record createRecord() {
    final Record record = new Record();
    record.setDosId(++currentDosId);
    record.setRegId(DEFAULT_REG_ID);
    record.setDepId(DEFAULT_DEP_ID);
    record.setComId(DEFAULT_COM_ID);
    record.setTypId(DEFAULT_TYPE_ID);
    record.setTitle("Record de test #" + currentDosId);
    record.setAmount(DEFAULT_MONTANT_MAX);
    record.setUtiIdOwner(DEFAULT_UTI_ID);
    record.setEtaCd("CRE");
    return record;
}
Also used : Record(io.vertigo.account.authorization.model.Record)

Example 2 with Record

use of io.vertigo.account.authorization.model.Record in project vertigo by KleeGroup.

the class VSecurityManagerTest method testSecuritySqlOnEntity.

@Test
public void testSecuritySqlOnEntity() {
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
        Assert.assertTrue(canReadRecord);
        final SqlDialect sqlDialect = new PostgreSqlDataBase().getSqlDialect();
        final Tuple2<String, CriteriaCtx> readRecordSql = authorizationManager.getCriteriaSecurity(Record.class, RecordOperations.READ).toSql(sqlDialect);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertEquals("( AMOUNT <= #AMOUNT_0# OR UTI_ID_OWNER = #UTI_ID_OWNER_1# ) ", readRecordSql.getVal1());
        Assert.assertEquals(100.0, readRecordSql.getVal2().getAttributeValue("AMOUNT_0"));
        Assert.assertEquals(1000L, readRecordSql.getVal2().getAttributeValue("UTI_ID_OWNER_1"));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) CriteriaCtx(io.vertigo.dynamo.criteria.CriteriaCtx) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) SqlDialect(io.vertigo.database.sql.vendor.SqlDialect) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) PostgreSqlDataBase(io.vertigo.database.impl.sql.vendor.postgresql.PostgreSqlDataBase) Test(org.junit.Test)

Example 3 with Record

use of io.vertigo.account.authorization.model.Record in project vertigo by KleeGroup.

the class VSecurityManagerTest method testSecuritySearchOnEntity.

@Test
public void testSecuritySearchOnEntity() {
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$WRITE)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$CREATE)).addAuthorization(getAuthorization(RecordAuthorizations.ATZ_RECORD$DELETE));
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
        Assert.assertTrue(canReadRecord);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertEquals("(+AMOUNT:<=100.0) (+UTI_ID_OWNER:1000)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ));
        Assert.assertEquals("(AMOUNT:<=100.0 UTI_ID_OWNER:1000)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ2));
        Assert.assertEquals("(*:*)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.READ_HP));
        Assert.assertEquals("(+UTI_ID_OWNER:1000 +ETA_CD:<ARC) (+TYP_ID:10 +AMOUNT:<=100.0 +ETA_CD:<ARC)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.WRITE));
        Assert.assertEquals("(+TYP_ID:10 +AMOUNT:<=100.0)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.CREATE));
        Assert.assertEquals("(+TYP_ID:10) (+UTI_ID_OWNER:1000 +ETA_CD:<PUB)", authorizationManager.getSearchSecurity(Record.class, RecordOperations.DELETE));
        final boolean canReadNotify = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY);
        Assert.assertFalse(canReadNotify);
        Assert.assertEquals("", authorizationManager.getSearchSecurity(Record.class, RecordOperations.NOTIFY));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Example 4 with Record

use of io.vertigo.account.authorization.model.Record in project vertigo by KleeGroup.

the class VSecurityManagerTest method testAuthorizedOnEntityOverride.

@Test
public void testAuthorizedOnEntityOverride() {
    final Record record = createRecord();
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
        Assert.assertTrue(canReadRecord);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordTooExpensive, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Example 5 with Record

use of io.vertigo.account.authorization.model.Record in project vertigo by KleeGroup.

the class VSecurityManagerTest method testAuthorizedOnEntityTreeAxes.

@Test
public void testAuthorizedOnEntityTreeAxes() {
    final Record record = createRecord();
    record.setEtaCd("PUB");
    final Record recordOtherType = createRecord();
    recordOtherType.setEtaCd("PUB");
    recordOtherType.setTypId(11L);
    final Record recordOtherEtat = createRecord();
    recordOtherEtat.setEtaCd("CRE");
    final Record recordOtherUser = createRecord();
    recordOtherUser.setEtaCd("PUB");
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setEtaCd("PUB");
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Record recordOtherCommune = createRecord();
    recordOtherCommune.setEtaCd("PUB");
    recordOtherCommune.setComId(3L);
    final Record recordDepartement = createRecord();
    recordDepartement.setEtaCd("PUB");
    recordDepartement.setComId(null);
    final Record recordOtherDepartement = createRecord();
    recordOtherDepartement.setEtaCd("PUB");
    recordOtherDepartement.setDepId(10L);
    recordOtherDepartement.setComId(null);
    final Record recordRegion = createRecord();
    recordRegion.setEtaCd("PUB");
    recordRegion.setDepId(null);
    recordRegion.setComId(null);
    final Record recordNational = createRecord();
    recordNational.setEtaCd("PUB");
    recordNational.setRegId(null);
    recordNational.setDepId(null);
    recordNational.setComId(null);
    final Authorization recordNotify = getAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).withSecurityKeys("geo", // droit sur tout un département
        new Long[] { DEFAULT_REG_ID, DEFAULT_DEP_ID, null }).addAuthorization(recordNotify);
        Assert.assertTrue(authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY));
        // grant read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
        // grant read2 -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ2));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ2));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ2));
        // notify -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.NOTIFY));
        // override write -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
        // default write don't apply : (UTI_ID_OWNER=${utiId} and ETA_CD<ARC) or (TYP_ID=${typId} and MONTANT<=${montantMax} and ETA_CD<ARC)
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.WRITE));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Aggregations

Record (io.vertigo.account.authorization.model.Record)9 Authorization (io.vertigo.account.authorization.metamodel.Authorization)8 TestUserSession (io.vertigo.account.data.TestUserSession)8 UserSession (io.vertigo.persona.security.UserSession)8 Test (org.junit.Test)8 PostgreSqlDataBase (io.vertigo.database.impl.sql.vendor.postgresql.PostgreSqlDataBase)1 SqlDialect (io.vertigo.database.sql.vendor.SqlDialect)1 CriteriaCtx (io.vertigo.dynamo.criteria.CriteriaCtx)1