use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntitySharesService method prepareShare.
/**
* Prepares the sharing operation by running some checks and returning available capabilities and grantees
* as well as active shares and information about missing dependencies.
*
* @param ownedEntity the entity that should be shared and is owned by the sharing user
* @param request sharing request
* @param sharingUser the sharing user
* @param sharingSubject the sharing subject
* @return the response
*/
public EntityShareResponse prepareShare(GRN ownedEntity, EntityShareRequest request, User sharingUser, Subject sharingSubject) {
requireNonNull(ownedEntity, "ownedEntity cannot be null");
requireNonNull(request, "request cannot be null");
requireNonNull(sharingUser, "sharingUser cannot be null");
requireNonNull(sharingSubject, "sharingSubject cannot be null");
final GRN sharingUserGRN = grnRegistry.ofUser(sharingUser);
final Set<Grantee> availableGrantees = granteeService.getAvailableGrantees(sharingUser);
final Set<GRN> availableGranteeGRNs = availableGrantees.stream().map(Grantee::grn).collect(Collectors.toSet());
final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
return EntityShareResponse.builder().entity(ownedEntity.toString()).sharingUser(sharingUserGRN).availableGrantees(availableGrantees).availableCapabilities(getAvailableCapabilities()).activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).missingPermissionsOnDependencies(checkMissingPermissionsOnDependencies(ownedEntity, sharingUserGRN, activeShares, request)).validationResult(validateRequest(ownedEntity, request, sharingUser, availableGranteeGRNs)).build();
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewOwnershipToGrantsMigrationTest method dontmigrateNonExistingOwner.
@Test
@DisplayName("don't migrate non-existing owner")
void dontmigrateNonExistingOwner() {
final GRN testuserGRN = GRNTypes.USER.toGRN("olduser");
final GRN dashboard = GRNTypes.DASHBOARD.toGRN("54e3deadbeefdeadbeef0003");
when(userService.load(anyString())).thenReturn(null);
migration.upgrade();
assertThat(grantService.hasGrantFor(testuserGRN, Capability.OWN, dashboard)).isFalse();
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewOwnershipToGrantsMigrationTest method dontMigrateAdminOwners.
@Test
@DisplayName("dont migrate admin owners")
void dontMigrateAdminOwners() {
final GRN testuserGRN = GRNTypes.USER.toGRN("testuser");
final GRN search = GRNTypes.SEARCH.toGRN("54e3deadbeefdeadbeef0001");
final User testuser = mock(User.class);
when(testuser.getName()).thenReturn("testuser");
when(testuser.getId()).thenReturn("testuser");
final User adminuser = mock(User.class);
when(adminuser.isLocalAdmin()).thenReturn(true);
when(userService.load("testuser")).thenReturn(testuser);
when(userService.load("admin")).thenReturn(adminuser);
migration.upgrade();
assertThat(grantService.hasGrantFor(testuserGRN, Capability.OWN, search)).isFalse();
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class UserServiceImplTest method testGetPermissionsForUser.
@Test
public void testGetPermissionsForUser() throws Exception {
final InMemoryRolePermissionResolver permissionResolver = mock(InMemoryRolePermissionResolver.class);
final GRNRegistry grnRegistry = GRNRegistry.createWithBuiltinTypes();
final UserService userService = new UserServiceImpl(mongoConnection, configuration, roleService, accessTokenService, userFactory, permissionResolver, serverEventBus, grnRegistry, permissionAndRoleResolver);
final UserImplFactory factory = new UserImplFactory(new Configuration(), permissions);
final UserImpl user = factory.create(new HashMap<>());
user.setName("user");
final Role role = createRole("Foo");
user.setRoleIds(Collections.singleton(role.getId()));
user.setPermissions(Collections.singletonList("hello:world"));
when(permissionResolver.resolveStringPermission(role.getId())).thenReturn(Collections.singleton("foo:bar"));
final GRNPermission ownerShipPermission = GRNPermission.create(RestPermissions.ENTITY_OWN, grnRegistry.newGRN(GRNTypes.DASHBOARD, "1234"));
final GRN userGRN = grnRegistry.ofUser(user);
when(permissionAndRoleResolver.resolvePermissionsForPrincipal(userGRN)).thenReturn(ImmutableSet.of(new CaseSensitiveWildcardPermission("perm:from:grant"), ownerShipPermission));
final String roleId = "12345";
when(permissionAndRoleResolver.resolveRolesForPrincipal(userGRN)).thenReturn(ImmutableSet.of(roleId));
when(permissionResolver.resolveStringPermission(roleId)).thenReturn(ImmutableSet.of("perm:from:role"));
assertThat(userService.getPermissionsForUser(user).stream().map(p -> p instanceof CaseSensitiveWildcardPermission ? p.toString() : p).collect(Collectors.toSet())).containsExactlyInAnyOrder("users:passwordchange:user", "users:edit:user", "foo:bar", "hello:world", "users:tokenlist:user", "users:tokencreate:user", "users:tokenremove:user", "perm:from:grant", ownerShipPermission, "perm:from:role");
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntityDependencyResolverTest method resolveWithInclompleteDependency.
@Test
@DisplayName("Try resolve with a broken dependency")
void resolveWithInclompleteDependency() {
when(contentPackService.listAllEntityExcerpts()).thenReturn(ImmutableSet.of());
final EntityDescriptor streamDescriptor = EntityDescriptor.builder().type(ModelTypes.STREAM_V1).id(ModelId.of("54e3deadbeefdeadbeefaffe")).build();
when(contentPackService.resolveEntities(any())).thenReturn(ImmutableSet.of(streamDescriptor));
when(grnDescriptorService.getDescriptor(any(GRN.class))).thenAnswer(a -> {
GRN grnArg = a.getArgument(0);
return GRNDescriptor.builder().grn(grnArg).title("dummy").build();
});
final GRN dashboard = grnRegistry.newGRN("dashboard", "33e3deadbeefdeadbeefaffe");
final ImmutableSet<org.graylog.security.entities.EntityDescriptor> missingDependencies = entityDependencyResolver.resolve(dashboard);
assertThat(missingDependencies).hasSize(1);
assertThat(missingDependencies.asList().get(0)).satisfies(descriptor -> {
assertThat(descriptor.id().toString()).isEqualTo("grn::::stream:54e3deadbeefdeadbeefaffe");
assertThat(descriptor.title()).isEqualTo("unknown dependency: <grn::::stream:54e3deadbeefdeadbeefaffe>");
});
}
Aggregations