Examples with NamespacePermissionEnum org.finra.herd.model.api.xml.NamespacePermissionEnum used on opensource projects

Example 1 with NamespacePermissionEnum

use of org.finra.herd.model.api.xml.NamespacePermissionEnum in project herd by FINRAOS.

the class NamespaceSecurityHelper method checkPermission.

/**
 * Checks the current user's permissions against the given namespace.
 *
 * @param namespace The namespace
 * @param permissions The permissions the current user must have for the given namespace
 */
public void checkPermission(String namespace, NamespacePermissionEnum[] permissions) {
    // Skip the permission check if there is no authentication or namespace is not specified.
    if (!isAuthenticated() || StringUtils.isBlank(namespace)) {
        return;
    }
    // Trim the namespace.
    String namespaceTrimmed = namespace.trim();
    // Check if the current user is authorized to the given namespace and has the given permissions.
    ApplicationUser applicationUser = getApplicationUser();
    if (!isAuthorized(applicationUser, namespaceTrimmed, permissions)) {
        String permissionsString = Arrays.asList(permissions).stream().map(n -> n.toString()).collect(Collectors.joining(" OR "));
        permissionsString = "[" + permissionsString + "]";
        // The current user is not authorized to access the given namespace, so log a warning and throw an exception.
        LOGGER.warn(String.format("User does not have permission(s) to the namespace. %s namespace=\"%s\" permissions=\"%s\"", applicationUser, namespaceTrimmed, permissionsString));
        if (applicationUser != null) {
            throw new AccessDeniedException(String.format("User \"%s\" does not have \"%s\" permission(s) to the namespace \"%s\"", applicationUser.getUserId(), permissionsString, namespaceTrimmed));
        } else {
            throw new AccessDeniedException(String.format("Current user does not have \"%s\" permission(s) to the namespace \"%s\"", permissionsString, namespaceTrimmed));
        }
    }
}

Example 2 with NamespacePermissionEnum

use of org.finra.herd.model.api.xml.NamespacePermissionEnum in project herd by FINRAOS.

the class UserNamespaceAuthorizationServiceImpl method validateNamespacePermissions.

/**
 * Validates a list of namespace permissions.
 *
 * @param namespacePermissions the list of namespace permissions
 *
 * @throws IllegalArgumentException if any validation errors were found
 */
public void validateNamespacePermissions(List<NamespacePermissionEnum> namespacePermissions) throws IllegalArgumentException {
    Assert.isTrue(!CollectionUtils.isEmpty(namespacePermissions), "Namespace permissions must be specified.");
    // Ensure permission isn't a duplicate by using a hash set with uppercase permission values for case insensitivity.
    Set<NamespacePermissionEnum> validatedNamespacePermissions = new HashSet<>();
    // Validate the permissions.
    for (NamespacePermissionEnum namespacePermission : namespacePermissions) {
        // Fail if duplicate permission value is detected.
        if (validatedNamespacePermissions.contains(namespacePermission)) {
            throw new IllegalArgumentException(String.format("Duplicate namespace permission \"%s\" is found.", namespacePermission.value()));
        }
        validatedNamespacePermissions.add(namespacePermission);
    }
}