use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigration method migrateRoles.
private void migrateRoles(String viewId, Collection<String> roleNames) {
final GRN target = getTarget(viewId);
LOG.info("Migrate roles for view <{}> to grants: {}", target, roleNames);
final Set<Role> roles = roleNames.stream().map(roleName -> {
try {
return Optional.of(roleService.load(roleName));
} catch (NotFoundException e) {
return Optional.<Role>empty();
}
}).filter(Optional::isPresent).map(Optional::get).collect(Collectors.toSet());
for (final Role role : roles) {
for (final User user : userService.loadAllForRole(role)) {
ensureGrant(user, target);
}
}
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class MongoDbAuthorizationRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
LOG.debug("Retrieving authorization information for: {}", principals);
// This realm can handle both, user String principals and GRN principals.
final GRN principal = getUserPrincipal(principals).orElseGet(() -> getGRNPrincipal(principals).orElse(null));
if (principal == null) {
return new SimpleAuthorizationInfo();
}
LOG.debug("GRN principal: {}", principal);
final ImmutableSet.Builder<Permission> permissionsBuilder = ImmutableSet.builder();
final ImmutableSet.Builder<String> rolesBuilder = ImmutableSet.builder();
// Resolve grant permissions and roles for the GRN
permissionsBuilder.addAll(permissionAndRoleResolver.resolvePermissionsForPrincipal(principal));
rolesBuilder.addAll(permissionAndRoleResolver.resolveRolesForPrincipal(principal));
if (GRNTypes.USER.equals(principal.grnType())) {
// If the principal is a user, we also need to load permissions and roles from the user object
final User user = userService.loadById(principal.entity());
if (user != null) {
final Set<Permission> userPermissions = user.getObjectPermissions();
permissionsBuilder.addAll(userPermissions);
rolesBuilder.addAll(user.getRoleIds());
} else {
LOG.warn("User <{}> not found for permission and role resolving", principal);
}
}
final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setObjectPermissions(permissionsBuilder.build());
info.setRoles(rolesBuilder.build());
if (LOG.isDebugEnabled()) {
LOG.debug("Authorization info for {} - permissions: {}", principal, info.getObjectPermissions());
LOG.debug("Authorization info for {} - roles: {}", principal, info.getRoles());
}
return info;
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class DefaultPermissionAndRoleResolver method resolvePermissionsForPrincipal.
@Override
public Set<Permission> resolvePermissionsForPrincipal(GRN principal) {
final Set<GrantDTO> grants = grantService.getForGranteesOrGlobal(resolveGrantees(principal));
final ImmutableSet.Builder<Permission> permissionsBuilder = ImmutableSet.builder();
for (GrantDTO grant : grants) {
final Optional<CapabilityDescriptor> capability = builtinCapabilities.get(grant.capability());
if (capability.isPresent()) {
final Set<GRN> targets = resolveTargets(grant.target());
for (String permission : capability.get().permissions()) {
for (GRN target : targets) {
if (target.isPermissionApplicable(permission)) {
// Possible solution: Don't use strings for the constants
if (permission.equals(RestPermissions.ENTITY_OWN)) {
permissionsBuilder.add(GRNPermission.create(permission, target));
} else {
permissionsBuilder.add(new CaseSensitiveWildcardPermission(permission + ":" + target.entity()));
}
}
}
}
} else {
logger.warn("Couldn't find capability <{}>", grant.capability());
}
}
return permissionsBuilder.build();
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntityOwnershipService method registerNewEventDefinition.
public void registerNewEventDefinition(String id, User user) {
final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_DEFINITION, id);
registerNewEntity(grn, user);
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntityOwnershipService method registerNewEventNotification.
public void registerNewEventNotification(String id, User user) {
final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_NOTIFICATION, id);
registerNewEntity(grn, user);
}
Aggregations