Example 1 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigration method migrateRoles.
private void migrateRoles(String viewId, Collection<String> roleNames) {
final GRN target = getTarget(viewId);
LOG.info("Migrate roles for view <{}> to grants: {}", target, roleNames);
final Set<Role> roles = roleNames.stream().map(roleName -> {
try {
return Optional.of(roleService.load(roleName));
} catch (NotFoundException e) {
return Optional.<Role>empty();
}
}).filter(Optional::isPresent).map(Optional::get).collect(Collectors.toSet());
for (final Role role : roles) {
for (final User user : userService.loadAllForRole(role)) {
ensureGrant(user, target);
}
}
}
Also used :
Role(org.graylog2.shared.users.Role)
Document(org.bson.Document)
MongoCollection(com.mongodb.client.MongoCollection)
Capability(org.graylog.security.Capability)
RoleService(org.graylog2.users.RoleService)
LoggerFactory(org.slf4j.LoggerFactory)
GRNRegistry(org.graylog.grn.GRNRegistry)
ViewDTO(org.graylog.plugins.views.search.views.ViewDTO)
Filters(com.mongodb.client.model.Filters)
DBGrantService(org.graylog.security.DBGrantService)
Named(javax.inject.Named)
NotFoundException(org.graylog2.database.NotFoundException)
Logger(org.slf4j.Logger)
GRNTypes(org.graylog.grn.GRNTypes)
Collection(java.util.Collection)
Set(java.util.Set)
GRNType(org.graylog.grn.GRNType)
Collectors(java.util.stream.Collectors)
GRN(org.graylog.grn.GRN)
Objects(java.util.Objects)
UserService(org.graylog2.shared.users.UserService)
ObjectId(org.bson.types.ObjectId)
Optional(java.util.Optional)
ViewService(org.graylog.plugins.views.search.views.ViewService)
MongoConnection(org.graylog2.database.MongoConnection)
User(org.graylog2.plugin.database.users.User)
Role(org.graylog2.shared.users.Role)
GRN(org.graylog.grn.GRN)
User(org.graylog2.plugin.database.users.User)
Optional(java.util.Optional)
NotFoundException(org.graylog2.database.NotFoundException)
Example 2 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class MongoDbAuthorizationRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
LOG.debug("Retrieving authorization information for: {}", principals);
// This realm can handle both, user String principals and GRN principals.
final GRN principal = getUserPrincipal(principals).orElseGet(() -> getGRNPrincipal(principals).orElse(null));
if (principal == null) {
return new SimpleAuthorizationInfo();
}
LOG.debug("GRN principal: {}", principal);
final ImmutableSet.Builder<Permission> permissionsBuilder = ImmutableSet.builder();
final ImmutableSet.Builder<String> rolesBuilder = ImmutableSet.builder();
// Resolve grant permissions and roles for the GRN
permissionsBuilder.addAll(permissionAndRoleResolver.resolvePermissionsForPrincipal(principal));
rolesBuilder.addAll(permissionAndRoleResolver.resolveRolesForPrincipal(principal));
if (GRNTypes.USER.equals(principal.grnType())) {
// If the principal is a user, we also need to load permissions and roles from the user object
final User user = userService.loadById(principal.entity());
if (user != null) {
final Set<Permission> userPermissions = user.getObjectPermissions();
permissionsBuilder.addAll(userPermissions);
rolesBuilder.addAll(user.getRoleIds());
} else {
LOG.warn("User <{}> not found for permission and role resolving", principal);
}
}
final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setObjectPermissions(permissionsBuilder.build());
info.setRoles(rolesBuilder.build());
if (LOG.isDebugEnabled()) {
LOG.debug("Authorization info for {} - permissions: {}", principal, info.getObjectPermissions());
LOG.debug("Authorization info for {} - roles: {}", principal, info.getRoles());
}
return info;
}
Also used :
GRN(org.graylog.grn.GRN)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
User(org.graylog2.plugin.database.users.User)
ImmutableSet(com.google.common.collect.ImmutableSet)
Permission(org.apache.shiro.authz.Permission)
Example 3 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class DefaultPermissionAndRoleResolver method resolvePermissionsForPrincipal.
@Override
public Set<Permission> resolvePermissionsForPrincipal(GRN principal) {
final Set<GrantDTO> grants = grantService.getForGranteesOrGlobal(resolveGrantees(principal));
final ImmutableSet.Builder<Permission> permissionsBuilder = ImmutableSet.builder();
for (GrantDTO grant : grants) {
final Optional<CapabilityDescriptor> capability = builtinCapabilities.get(grant.capability());
if (capability.isPresent()) {
final Set<GRN> targets = resolveTargets(grant.target());
for (String permission : capability.get().permissions()) {
for (GRN target : targets) {
if (target.isPermissionApplicable(permission)) {
// Possible solution: Don't use strings for the constants
if (permission.equals(RestPermissions.ENTITY_OWN)) {
permissionsBuilder.add(GRNPermission.create(permission, target));
} else {
permissionsBuilder.add(new CaseSensitiveWildcardPermission(permission + ":" + target.entity()));
}
}
}
}
} else {
logger.warn("Couldn't find capability <{}>", grant.capability());
}
}
return permissionsBuilder.build();
}
Also used :
GRN(org.graylog.grn.GRN)
ImmutableSet(com.google.common.collect.ImmutableSet)
Permission(org.apache.shiro.authz.Permission)
GRNPermission(org.graylog.security.permissions.GRNPermission)
CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission)
CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission)
Example 4 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntityOwnershipService method registerNewEventDefinition.
public void registerNewEventDefinition(String id, User user) {
final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_DEFINITION, id);
registerNewEntity(grn, user);
}
Also used :
GRN(org.graylog.grn.GRN)
Example 5 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntityOwnershipService method registerNewEventNotification.
public void registerNewEventNotification(String id, User user) {
final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_NOTIFICATION, id);
registerNewEntity(grn, user);
}
Also used :
GRN(org.graylog.grn.GRN)
Aggregations
GRN (org.graylog.grn.GRN)51
User (org.graylog2.plugin.database.users.User)19
DisplayName (org.junit.jupiter.api.DisplayName)16
Test (org.junit.jupiter.api.Test)16
Test (org.junit.Test)13
MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)11
Subject (org.apache.shiro.subject.Subject)10
ImmutableSet (com.google.common.collect.ImmutableSet)7
Collectors (java.util.stream.Collectors)5
GRNRegistry (org.graylog.grn.GRNRegistry)5
Capability (org.graylog.security.Capability)5
ImmutableMap (com.google.common.collect.ImmutableMap)4
EventBus (com.google.common.eventbus.EventBus)4
Set (java.util.Set)4
DBGrantService (org.graylog.security.DBGrantService)4
ZonedDateTime (java.time.ZonedDateTime)3
Collection (java.util.Collection)3
List (java.util.List)3
Map (java.util.Map)3
Objects (java.util.Objects)3
