use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigrationTest method migrateUserShares.
@Test
@DisplayName("migrate user shares")
void migrateUserShares() throws Exception {
final GRN jane = GRNTypes.USER.toGRN("jane");
final GRN john = GRNTypes.USER.toGRN("john");
final GRN search = GRNTypes.SEARCH.toGRN("54e3deadbeefdeadbeef0001");
when(roleService.load(anyString())).thenThrow(new NotFoundException());
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, search)).isFalse();
migration.upgrade();
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, search)).isTrue();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, search)).isTrue();
assertThat(grantService.hasGrantFor(jane, Capability.OWN, search)).isFalse();
assertThat(grantService.hasGrantFor(jane, Capability.MANAGE, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.OWN, search)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.MANAGE, search)).isFalse();
assertDeletedViewSharing("54e3deadbeefdeadbeef0001");
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewSharingToGrantsMigrationTest method migrateRoleShares.
@Test
@DisplayName("migrate role shares")
void migrateRoleShares() throws Exception {
final User userJane = createUser("jane");
final User userJohn = createUser("john");
final Role role1 = createRole("role1");
final Role role2 = createRole("role2");
when(userService.loadAllForRole(role1)).thenReturn(ImmutableSet.of(userJane, userJohn));
when(userService.loadAllForRole(role2)).thenReturn(Collections.emptySet());
when(roleService.load(role1.getName())).thenReturn(role1);
when(roleService.load(role2.getName())).thenReturn(role2);
final GRN jane = GRNTypes.USER.toGRN(userJane.getName());
final GRN john = GRNTypes.USER.toGRN(userJohn.getName());
final GRN dashboard1 = GRNTypes.DASHBOARD.toGRN("54e3deadbeefdeadbeef0002");
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, dashboard1)).isFalse();
migration.upgrade();
assertThat(grantService.hasGrantFor(jane, Capability.VIEW, dashboard1)).isTrue();
assertThat(grantService.hasGrantFor(john, Capability.VIEW, dashboard1)).isTrue();
assertThat(grantService.hasGrantFor(jane, Capability.OWN, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(jane, Capability.MANAGE, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.OWN, dashboard1)).isFalse();
assertThat(grantService.hasGrantFor(john, Capability.MANAGE, dashboard1)).isFalse();
assertDeletedViewSharing("54e3deadbeefdeadbeef0002");
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class ViewOwnershipToGrantsMigrationTest method migrateExistingOwner.
@Test
@DisplayName("migrate existing owner")
void migrateExistingOwner() {
final GRN testuserGRN = GRNTypes.USER.toGRN("testuser");
final GRN dashboard = GRNTypes.DASHBOARD.toGRN("54e3deadbeefdeadbeef0002");
final User testuser = mock(User.class);
when(testuser.getName()).thenReturn("testuser");
when(testuser.getId()).thenReturn("testuser");
final User adminuser = mock(User.class);
when(adminuser.isLocalAdmin()).thenReturn(true);
when(userService.load("testuser")).thenReturn(testuser);
when(userService.load("admin")).thenReturn(adminuser);
migration.upgrade();
assertThat(grantService.hasGrantFor(testuserGRN, Capability.OWN, dashboard)).isTrue();
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntitySharesResource method prepareShare.
@POST
@ApiOperation(value = "Prepare shares for an entity or collection")
@Path("entities/{entityGRN}/prepare")
@NoAuditEvent("This does not change any data")
public EntityShareResponse prepareShare(@ApiParam(name = "entityGRN", required = true) @PathParam("entityGRN") @NotBlank String entityGRN, @ApiParam(name = "JSON Body", required = true) @NotNull @Valid EntityShareRequest request) {
final GRN grn = grnRegistry.parse(entityGRN);
checkOwnership(grn);
// This should probably be a POST request with a JSON payload.
return entitySharesService.prepareShare(grn, request, getCurrentUser(), getSubject());
}
use of org.graylog.grn.GRN in project graylog2-server by Graylog2.
the class EntitySharesService method updateEntityShares.
/**
* Share / unshare an entity with one or more grantees.
* The grants in the request are created or, if they already exist, updated.
*
* @param ownedEntity the target entity for the updated grants
* @param request the request containing grantees and their capabilities
* @param sharingUser the user executing the request
*/
public EntityShareResponse updateEntityShares(GRN ownedEntity, EntityShareRequest request, User sharingUser) {
requireNonNull(ownedEntity, "ownedEntity cannot be null");
requireNonNull(request, "request cannot be null");
requireNonNull(sharingUser, "sharingUser cannot be null");
final ImmutableMap<GRN, Capability> selectedGranteeCapabilities = request.selectedGranteeCapabilities().orElse(ImmutableMap.of());
final String userName = sharingUser.getName();
final GRN sharingUserGRN = grnRegistry.ofUser(sharingUser);
final Set<Grantee> availableGrantees = granteeService.getAvailableGrantees(sharingUser);
final Set<GRN> availableGranteeGRNs = availableGrantees.stream().map(Grantee::grn).collect(Collectors.toSet());
final List<GrantDTO> existingGrants = grantService.getForTargetExcludingGrantee(ownedEntity, sharingUserGRN);
existingGrants.removeIf(grant -> !availableGranteeGRNs.contains(grant.grantee()));
final EntityShareResponse.Builder responseBuilder = EntityShareResponse.builder().entity(ownedEntity.toString()).sharingUser(sharingUserGRN).availableGrantees(availableGrantees).availableCapabilities(getAvailableCapabilities()).missingPermissionsOnDependencies(checkMissingPermissionsOnDependencies(ownedEntity, sharingUserGRN, ImmutableSet.of(), request));
final EntitySharesUpdateEvent.Builder updateEventBuilder = EntitySharesUpdateEvent.builder().user(sharingUser).entity(ownedEntity);
// Abort if validation fails, but try to return a complete EntityShareResponse
final ValidationResult validationResult = validateRequest(ownedEntity, request, sharingUser, availableGranteeGRNs);
if (validationResult.failed()) {
final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).validationResult(validationResult).build();
}
// Update capabilities of existing grants (for a grantee)
existingGrants.stream().filter(grantDTO -> request.grantees().contains(grantDTO.grantee())).forEach((g -> {
final Capability newCapability = selectedGranteeCapabilities.get(g.grantee());
if (!g.capability().equals(newCapability)) {
grantService.save(g.toBuilder().capability(newCapability).updatedBy(userName).updatedAt(ZonedDateTime.now(ZoneOffset.UTC)).build());
updateEventBuilder.addUpdates(g.grantee(), newCapability, g.capability());
}
}));
// Create newly added grants
// TODO Create multiple entries with one db query
selectedGranteeCapabilities.forEach((grantee, capability) -> {
if (existingGrants.stream().noneMatch(eg -> eg.grantee().equals(grantee))) {
grantService.create(GrantDTO.builder().grantee(grantee).capability(capability).target(ownedEntity).build(), sharingUser);
updateEventBuilder.addCreates(grantee, capability);
}
});
// remove grants that are not present anymore
// TODO delete multiple entries with one db query
existingGrants.forEach((g) -> {
if (!selectedGranteeCapabilities.containsKey(g.grantee())) {
grantService.delete(g.id());
updateEventBuilder.addDeletes(g.grantee(), g.capability());
}
});
postUpdateEvent(updateEventBuilder.build());
final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).build();
}
Aggregations