Example 36 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigrationTest method migrateUserShares.
@Test
@DisplayName("migrate user shares")
void migrateUserShares() throws Exception {
final GRN jane = GRNTypes.USER.toGRN("jane");
final GRN john = GRNTypes.USER.toGRN("john");
final GRN search = GRNTypes.SEARCH.toGRN("54e3deadbeefdeadbeef0001");
when(roleService.load(anyString())).thenThrow(new NotFoundException());
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, search)).isFalse();
migration.upgrade();
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, search)).isTrue();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, search)).isTrue();
assertThat(grantService.hasGrantFor(jane, Capability.OWN, search)).isFalse();
assertThat(grantService.hasGrantFor(jane, Capability.MANAGE, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.OWN, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.MANAGE, search)).isFalse();
assertDeletedViewSharing("54e3deadbeefdeadbeef0001");
}
Also used :
GRN(org.graylog.grn.GRN)
NotFoundException(org.graylog2.database.NotFoundException)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Example 37 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigrationTest method migrateRoleShares.
@Test
@DisplayName("migrate role shares")
void migrateRoleShares() throws Exception {
final User userJane = createUser("jane");
final User userJohn = createUser("john");
final Role role1 = createRole("role1");
final Role role2 = createRole("role2");
when(userService.loadAllForRole(role1)).thenReturn(ImmutableSet.of(userJane, userJohn));
when(userService.loadAllForRole(role2)).thenReturn(Collections.emptySet());
when(roleService.load(role1.getName())).thenReturn(role1);
when(roleService.load(role2.getName())).thenReturn(role2);
final GRN jane = GRNTypes.USER.toGRN(userJane.getName());
final GRN john = GRNTypes.USER.toGRN(userJohn.getName());
final GRN dashboard1 = GRNTypes.DASHBOARD.toGRN("54e3deadbeefdeadbeef0002");
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, dashboard1)).isFalse();
migration.upgrade();
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, dashboard1)).isTrue();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, dashboard1)).isTrue();
assertThat(grantService.hasGrantFor(jane, Capability.OWN, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(jane, Capability.MANAGE, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.OWN, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.MANAGE, dashboard1)).isFalse();
assertDeletedViewSharing("54e3deadbeefdeadbeef0002");
}
Also used :
Role(org.graylog2.shared.users.Role)
GRN(org.graylog.grn.GRN)
User(org.graylog2.plugin.database.users.User)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Example 38 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewOwnershipToGrantsMigrationTest method migrateExistingOwner.
@Test
@DisplayName("migrate existing owner")
void migrateExistingOwner() {
final GRN testuserGRN = GRNTypes.USER.toGRN("testuser");
final GRN dashboard = GRNTypes.DASHBOARD.toGRN("54e3deadbeefdeadbeef0002");
final User testuser = mock(User.class);
when(testuser.getName()).thenReturn("testuser");
when(testuser.getId()).thenReturn("testuser");
final User adminuser = mock(User.class);
when(adminuser.isLocalAdmin()).thenReturn(true);
when(userService.load("testuser")).thenReturn(testuser);
when(userService.load("admin")).thenReturn(adminuser);
migration.upgrade();
assertThat(grantService.hasGrantFor(testuserGRN, Capability.OWN, dashboard)).isTrue();
}
Also used :
GRN(org.graylog.grn.GRN)
User(org.graylog2.plugin.database.users.User)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Example 39 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntitySharesResource method prepareShare.
@POST
@ApiOperation(value = "Prepare shares for an entity or collection")
@Path("entities/{entityGRN}/prepare")
@NoAuditEvent("This does not change any data")
public EntityShareResponse prepareShare(@ApiParam(name = "entityGRN", required = true) @PathParam("entityGRN") @NotBlank String entityGRN, @ApiParam(name = "JSON Body", required = true) @NotNull @Valid EntityShareRequest request) {
final GRN grn = grnRegistry.parse(entityGRN);
checkOwnership(grn);
// This should probably be a POST request with a JSON payload.
return entitySharesService.prepareShare(grn, request, getCurrentUser(), getSubject());
}
Also used :
GRN(org.graylog.grn.GRN)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
ApiOperation(io.swagger.annotations.ApiOperation)
NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)
Example 40 with GRN
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntitySharesService method updateEntityShares.
/**
* Share / unshare an entity with one or more grantees.
* The grants in the request are created or, if they already exist, updated.
*
* @param ownedEntity the target entity for the updated grants
* @param request the request containing grantees and their capabilities
* @param sharingUser the user executing the request
*/
public EntityShareResponse updateEntityShares(GRN ownedEntity, EntityShareRequest request, User sharingUser) {
requireNonNull(ownedEntity, "ownedEntity cannot be null");
requireNonNull(request, "request cannot be null");
requireNonNull(sharingUser, "sharingUser cannot be null");
final ImmutableMap<GRN, Capability> selectedGranteeCapabilities = request.selectedGranteeCapabilities().orElse(ImmutableMap.of());
final String userName = sharingUser.getName();
final GRN sharingUserGRN = grnRegistry.ofUser(sharingUser);
final Set<Grantee> availableGrantees = granteeService.getAvailableGrantees(sharingUser);
final Set<GRN> availableGranteeGRNs = availableGrantees.stream().map(Grantee::grn).collect(Collectors.toSet());
final List<GrantDTO> existingGrants = grantService.getForTargetExcludingGrantee(ownedEntity, sharingUserGRN);
existingGrants.removeIf(grant -> !availableGranteeGRNs.contains(grant.grantee()));
final EntityShareResponse.Builder responseBuilder = EntityShareResponse.builder().entity(ownedEntity.toString()).sharingUser(sharingUserGRN).availableGrantees(availableGrantees).availableCapabilities(getAvailableCapabilities()).missingPermissionsOnDependencies(checkMissingPermissionsOnDependencies(ownedEntity, sharingUserGRN, ImmutableSet.of(), request));
final EntitySharesUpdateEvent.Builder updateEventBuilder = EntitySharesUpdateEvent.builder().user(sharingUser).entity(ownedEntity);
// Abort if validation fails, but try to return a complete EntityShareResponse
final ValidationResult validationResult = validateRequest(ownedEntity, request, sharingUser, availableGranteeGRNs);
if (validationResult.failed()) {
final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).validationResult(validationResult).build();
}
// Update capabilities of existing grants (for a grantee)
existingGrants.stream().filter(grantDTO -> request.grantees().contains(grantDTO.grantee())).forEach((g -> {
final Capability newCapability = selectedGranteeCapabilities.get(g.grantee());
if (!g.capability().equals(newCapability)) {
grantService.save(g.toBuilder().capability(newCapability).updatedBy(userName).updatedAt(ZonedDateTime.now(ZoneOffset.UTC)).build());
updateEventBuilder.addUpdates(g.grantee(), newCapability, g.capability());
}
}));
// Create newly added grants
// TODO Create multiple entries with one db query
selectedGranteeCapabilities.forEach((grantee, capability) -> {
if (existingGrants.stream().noneMatch(eg -> eg.grantee().equals(grantee))) {
grantService.create(GrantDTO.builder().grantee(grantee).capability(capability).target(ownedEntity).build(), sharingUser);
updateEventBuilder.addCreates(grantee, capability);
}
});
// remove grants that are not present anymore
// TODO delete multiple entries with one db query
existingGrants.forEach((g) -> {
if (!selectedGranteeCapabilities.containsKey(g.grantee())) {
grantService.delete(g.id());
updateEventBuilder.addDeletes(g.grantee(), g.capability());
}
});
postUpdateEvent(updateEventBuilder.build());
final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).build();
}
Also used :
GrantDTO(org.graylog.security.GrantDTO)
EntityDependencyPermissionChecker(org.graylog.security.entities.EntityDependencyPermissionChecker)
BuiltinCapabilities(org.graylog.security.BuiltinCapabilities)
Capability(org.graylog.security.Capability)
ZonedDateTime(java.time.ZonedDateTime)
GRNRegistry(org.graylog.grn.GRNRegistry)
ArrayList(java.util.ArrayList)
EventBus(com.google.common.eventbus.EventBus)
Inject(javax.inject.Inject)
DBGrantService(org.graylog.security.DBGrantService)
GrantDTO(org.graylog.security.GrantDTO)
Subject(org.apache.shiro.subject.Subject)
Locale(java.util.Locale)
Map(java.util.Map)
Objects.requireNonNull(java.util.Objects.requireNonNull)
ZoneOffset(java.time.ZoneOffset)
ImmutableSet(com.google.common.collect.ImmutableSet)
EntityDependencyResolver(org.graylog.security.entities.EntityDependencyResolver)
ImmutableMap(com.google.common.collect.ImmutableMap)
Collection(java.util.Collection)
Set(java.util.Set)
ActiveShare(org.graylog.security.shares.EntityShareResponse.ActiveShare)
Collectors(java.util.stream.Collectors)
GRN(org.graylog.grn.GRN)
Objects(java.util.Objects)
List(java.util.List)
EntityDescriptor(org.graylog.security.entities.EntityDescriptor)
EntitySharesUpdateEvent(org.graylog.security.events.EntitySharesUpdateEvent)
ValidationResult(org.graylog2.plugin.rest.ValidationResult)
User(org.graylog2.plugin.database.users.User)
AvailableCapability(org.graylog.security.shares.EntityShareResponse.AvailableCapability)
GRN(org.graylog.grn.GRN)
Capability(org.graylog.security.Capability)
AvailableCapability(org.graylog.security.shares.EntityShareResponse.AvailableCapability)
ActiveShare(org.graylog.security.shares.EntityShareResponse.ActiveShare)
ValidationResult(org.graylog2.plugin.rest.ValidationResult)
EntitySharesUpdateEvent(org.graylog.security.events.EntitySharesUpdateEvent)
Aggregations
GRN (org.graylog.grn.GRN)51
User (org.graylog2.plugin.database.users.User)19
DisplayName (org.junit.jupiter.api.DisplayName)16
Test (org.junit.jupiter.api.Test)16
Test (org.junit.Test)13
MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)11
Subject (org.apache.shiro.subject.Subject)10
ImmutableSet (com.google.common.collect.ImmutableSet)7
Collectors (java.util.stream.Collectors)5
GRNRegistry (org.graylog.grn.GRNRegistry)5
Capability (org.graylog.security.Capability)5
ImmutableMap (com.google.common.collect.ImmutableMap)4
EventBus (com.google.common.eventbus.EventBus)4
Set (java.util.Set)4
DBGrantService (org.graylog.security.DBGrantService)4
ZonedDateTime (java.time.ZonedDateTime)3
Collection (java.util.Collection)3
List (java.util.List)3
Map (java.util.Map)3
Objects (java.util.Objects)3
