Examples with PermissionBasedFieldVisibility nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility used on opensource projects

Search in sources :

Example 1 with PermissionBasedFieldVisibility

use of nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility in project timbuctoo by HuygensING.

the class GraphQl method executeGraphql.

public Response executeGraphql(String query, String acceptHeader, String acceptParam, String queryFromBody, Map variables, String operationName, String authHeader) {
    final SerializerWriter serializerWriter;
    if (acceptParam != null && !acceptParam.isEmpty()) {
        // Accept param overrules header because it's more under the user's control
        acceptHeader = acceptParam;
    }
    if (unSpecifiedAcceptHeader(acceptHeader)) {
        acceptHeader = MediaType.APPLICATION_JSON;
    }
    if (MediaType.APPLICATION_JSON.equals(acceptHeader)) {
        serializerWriter = null;
    } else {
        Optional<SerializerWriter> bestMatch = serializerWriterRegistry.getBestMatch(acceptHeader);
        if (bestMatch.isPresent()) {
            serializerWriter = bestMatch.get();
        } else {
            return Response.status(415).type(MediaType.APPLICATION_JSON_TYPE).entity("{\"errors\": [\"The available mediatypes are: " + String.join(", ", serializerWriterRegistry.getSupportedMimeTypes()) + "\"]}").build();
        }
    }
    if (query != null && queryFromBody != null) {
        return Response.status(400).type(MediaType.APPLICATION_JSON_TYPE).entity("{\"errors\": [\"There's both a query as url paramatere and a query in the body. Please pick one.\"]}").build();
    }
    if (query == null && queryFromBody == null) {
        return Response.status(400).type(MediaType.APPLICATION_JSON_TYPE).entity("{\"errors\": [\"Please provide the graphql query as the query property of a JSON encoded object. " + "E.g. {query: \\\"{\\n  persons {\\n ... \\\"}\"]}").build();
    }
    Optional<User> user;
    try {
        user = userValidator.getUserFromAccessToken(authHeader);
    } catch (UserValidationException e) {
        user = Optional.empty();
    }
    UserPermissionCheck userPermissionCheck = new UserPermissionCheck(user, permissionFetcher, newHashSet(Permission.READ));
    final GraphQLSchema transform = graphqlGetter.get().transform(b -> b.fieldVisibility(new PermissionBasedFieldVisibility(userPermissionCheck, dataSetRepository)));
    final GraphQL.Builder builder = GraphQL.newGraphQL(transform);
    if (serializerWriter != null) {
        builder.queryExecutionStrategy(new SerializerExecutionStrategy());
    }
    GraphQL graphQl = builder.build();
    final ExecutionResult result = graphQl.execute(newExecutionInput().root(new RootData(user)).context(contextData(userPermissionCheck, user)).query(queryFromBody).operationName(operationName).variables(variables == null ? Collections.emptyMap() : variables).build());
    if (serializerWriter == null) {
        return Response.ok().type(MediaType.APPLICATION_JSON_TYPE).entity(result.toSpecification()).build();
    } else {
        if (result.getErrors() != null && !result.getErrors().isEmpty()) {
            return Response.status(415).type(MediaType.APPLICATION_JSON_TYPE).entity(result.toSpecification()).build();
        }
        return Response.ok().type(serializerWriter.getMimeType()).entity((StreamingOutput) os -> {
            serializerWriter.getSerializationFactory().create(os).serialize(new SerializableResult(result.getData()));
        }).build();
    }
}
Also used : UserValidationException(nl.knaw.huygens.timbuctoo.v5.security.exceptions.UserValidationException) User(nl.knaw.huygens.timbuctoo.v5.security.dto.User) GraphQL(graphql.GraphQL) SerializableResult(nl.knaw.huygens.timbuctoo.v5.serializable.SerializableResult) SerializerWriter(nl.knaw.huygens.timbuctoo.v5.dropwizard.contenttypes.SerializerWriter) ExecutionResult(graphql.ExecutionResult) StreamingOutput(javax.ws.rs.core.StreamingOutput) GraphQLSchema(graphql.schema.GraphQLSchema) RootData(nl.knaw.huygens.timbuctoo.v5.graphql.datafetchers.dto.RootData) PermissionBasedFieldVisibility(nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility) SerializerExecutionStrategy(nl.knaw.huygens.timbuctoo.v5.graphql.serializable.SerializerExecutionStrategy) UserPermissionCheck(nl.knaw.huygens.timbuctoo.v5.graphql.security.UserPermissionCheck)

Example 2 with PermissionBasedFieldVisibility

use of nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility in project timbuctoo by HuygensING.

the class PermissionBasedFieldVisibilityTest method getFieldDefinitionsShowsNonDataSetFields.

@Test
public void getFieldDefinitionsShowsNonDataSetFields() throws Exception {
    final DataSetRepository dataSetRepository = mock(DataSetRepository.class);
    DataSet dataSet = createDataSetWithUserPermissions("user__dataSetUserHasAccessTo", Sets.newHashSet(Permission.READ));
    DataSet dataSet2 = createDataSetWithUserPermissions("user__dataSetUserDoesNotHasAccessTo", Sets.newHashSet());
    Collection<DataSet> dataSetCollection = Sets.newHashSet(dataSet, dataSet2);
    given(dataSetRepository.getDataSets()).willReturn(dataSetCollection);
    final PermissionBasedFieldVisibility permissionBasedFieldVisibility = new PermissionBasedFieldVisibility(userPermissionCheck, dataSetRepository);
    final GraphQLFieldsContainer graphQlFieldsContainer = createGraphQlFieldsContainer("user__dataSetUserHasAccessTo", "user__dataSetUserDoesNotHasAccessTo", "nonDataSetField");
    List<GraphQLFieldDefinition> retrievedGraphQlFieldDefinitions = permissionBasedFieldVisibility.getFieldDefinitions(graphQlFieldsContainer);
    assertThat(retrievedGraphQlFieldDefinitions, contains(hasProperty("name", is("user__dataSetUserHasAccessTo")), hasProperty("name", is("nonDataSetField"))));
}
Also used : DataSet(nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet) DataSetRepository(nl.knaw.huygens.timbuctoo.v5.dataset.DataSetRepository) GraphQLFieldDefinition(graphql.schema.GraphQLFieldDefinition) GraphQLFieldsContainer(graphql.schema.GraphQLFieldsContainer) Test(org.junit.Test)

Example 3 with PermissionBasedFieldVisibility

use of nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility in project timbuctoo by HuygensING.

the class PermissionBasedFieldVisibilityTest method getFieldDefinitionReturnsFieldDefinitionIfNotDataSetField.

@Test
public void getFieldDefinitionReturnsFieldDefinitionIfNotDataSetField() throws Exception {
    final DataSetRepository dataSetRepository = mock(DataSetRepository.class);
    DataSet dataSet = createDataSetWithUserPermissions("user__dataSetUserHasAccessTo", Sets.newHashSet(Permission.READ));
    DataSet dataSet2 = createDataSetWithUserPermissions("user__dataSetUserDoesNotHasAccessTo", Sets.newHashSet());
    Collection<DataSet> dataSetCollection = Sets.newHashSet(dataSet, dataSet2);
    given(dataSetRepository.getDataSets()).willReturn(dataSetCollection);
    final PermissionBasedFieldVisibility permissionBasedFieldVisibility = new PermissionBasedFieldVisibility(userPermissionCheck, dataSetRepository);
    final GraphQLFieldsContainer graphQlFieldsContainer = createGraphQlFieldsContainer("user__dataSetUserHasAccessTo", "user__dataSetUserDoesNotHasAccessTo", "nonDataSetField");
    GraphQLFieldDefinition retrievedGraphQlFieldDefinition = permissionBasedFieldVisibility.getFieldDefinition(graphQlFieldsContainer, // new String to make sure the
    new String("nonDataSetField"));
    // contents are compared not the instance.
    assertThat(retrievedGraphQlFieldDefinition, hasProperty("name", is("nonDataSetField")));
}
Also used : DataSet(nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet) DataSetRepository(nl.knaw.huygens.timbuctoo.v5.dataset.DataSetRepository) GraphQLFieldDefinition(graphql.schema.GraphQLFieldDefinition) GraphQLFieldsContainer(graphql.schema.GraphQLFieldsContainer) Test(org.junit.Test)

Example 4 with PermissionBasedFieldVisibility

use of nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility in project timbuctoo by HuygensING.

the class PermissionBasedFieldVisibilityTest method getFieldDefinitionReturnsFieldDefinitionIfUserHasPermission.

@Test
public void getFieldDefinitionReturnsFieldDefinitionIfUserHasPermission() throws Exception {
    final DataSetRepository dataSetRepository = mock(DataSetRepository.class);
    DataSet dataSet = createDataSetWithUserPermissions("user__dataSetUserHasAccessTo", Sets.newHashSet(Permission.READ));
    DataSet dataSet2 = createDataSetWithUserPermissions("user__dataSetUserDoesNotHasAccessTo", Sets.newHashSet());
    Collection<DataSet> dataSetCollection = Sets.newHashSet(dataSet, dataSet2);
    given(dataSetRepository.getDataSets()).willReturn(dataSetCollection);
    final PermissionBasedFieldVisibility permissionBasedFieldVisibility = new PermissionBasedFieldVisibility(userPermissionCheck, dataSetRepository);
    final GraphQLFieldsContainer graphQlFieldsContainer = createGraphQlFieldsContainer("user__dataSetUserHasAccessTo", "user__dataSetUserDoesNotHasAccessTo");
    GraphQLFieldDefinition retrievedGraphQlFieldDefinition = permissionBasedFieldVisibility.getFieldDefinition(graphQlFieldsContainer, "user__dataSetUserHasAccessTo");
    assertThat(retrievedGraphQlFieldDefinition, hasProperty("name", is("user__dataSetUserHasAccessTo")));
}
Also used : DataSet(nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet) DataSetRepository(nl.knaw.huygens.timbuctoo.v5.dataset.DataSetRepository) GraphQLFieldDefinition(graphql.schema.GraphQLFieldDefinition) GraphQLFieldsContainer(graphql.schema.GraphQLFieldsContainer) Test(org.junit.Test)

Example 5 with PermissionBasedFieldVisibility

use of nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility in project timbuctoo by HuygensING.

the class PermissionBasedFieldVisibilityTest method getFieldDefinitionReturnsNullIfUserHasNoPermission.

@Test
public void getFieldDefinitionReturnsNullIfUserHasNoPermission() throws Exception {
    final DataSetRepository dataSetRepository = mock(DataSetRepository.class);
    DataSet dataSet = createDataSetWithUserPermissions("user__dataSetUserHasAccessTo", Sets.newHashSet(Permission.READ));
    DataSet dataSet2 = createDataSetWithUserPermissions("user__dataSetUserDoesNotHasAccessTo", Sets.newHashSet());
    Collection<DataSet> dataSetCollection = Sets.newHashSet(dataSet, dataSet2);
    given(dataSetRepository.getDataSets()).willReturn(dataSetCollection);
    final PermissionBasedFieldVisibility permissionBasedFieldVisibility = new PermissionBasedFieldVisibility(userPermissionCheck, dataSetRepository);
    final GraphQLFieldsContainer graphQlFieldsContainer = createGraphQlFieldsContainer("user__dataSetUserHasAccessTo", "user__dataSetUserDoesNotHasAccessTo");
    GraphQLFieldDefinition retrievedGraphQlFieldDefinition = permissionBasedFieldVisibility.getFieldDefinition(graphQlFieldsContainer, "user__dataSetUserDoesNotHasAccessTo");
    assertThat(retrievedGraphQlFieldDefinition, is(nullValue()));
}
Also used : DataSet(nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet) DataSetRepository(nl.knaw.huygens.timbuctoo.v5.dataset.DataSetRepository) GraphQLFieldDefinition(graphql.schema.GraphQLFieldDefinition) GraphQLFieldsContainer(graphql.schema.GraphQLFieldsContainer) Test(org.junit.Test)

Aggregations

GraphQLFieldDefinition (graphql.schema.GraphQLFieldDefinition)5 GraphQLFieldsContainer (graphql.schema.GraphQLFieldsContainer)5 DataSetRepository (nl.knaw.huygens.timbuctoo.v5.dataset.DataSetRepository)5 DataSet (nl.knaw.huygens.timbuctoo.v5.dataset.dto.DataSet)5 Test (org.junit.Test)5 ExecutionResult (graphql.ExecutionResult)1 GraphQL (graphql.GraphQL)1 GraphQLSchema (graphql.schema.GraphQLSchema)1 StreamingOutput (javax.ws.rs.core.StreamingOutput)1 SerializerWriter (nl.knaw.huygens.timbuctoo.v5.dropwizard.contenttypes.SerializerWriter)1 RootData (nl.knaw.huygens.timbuctoo.v5.graphql.datafetchers.dto.RootData)1 PermissionBasedFieldVisibility (nl.knaw.huygens.timbuctoo.v5.graphql.security.PermissionBasedFieldVisibility)1 UserPermissionCheck (nl.knaw.huygens.timbuctoo.v5.graphql.security.UserPermissionCheck)1 SerializerExecutionStrategy (nl.knaw.huygens.timbuctoo.v5.graphql.serializable.SerializerExecutionStrategy)1 User (nl.knaw.huygens.timbuctoo.v5.security.dto.User)1 UserValidationException (nl.knaw.huygens.timbuctoo.v5.security.exceptions.UserValidationException)1 SerializableResult (nl.knaw.huygens.timbuctoo.v5.serializable.SerializableResult)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial