Search in sources :

Example 1 with SearchUser

use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.

the class FieldTypesResourceTest method allFieldTypesReturnsResultFromMappedFieldTypesService.

@Test
public void allFieldTypesReturnsResultFromMappedFieldTypesService() {
    final SearchUser searchUser = TestSearchUser.builder().allowStream("2323").allowStream("4242").build();
    when(permittedStreams.load(any())).thenReturn(ImmutableSet.of("2323", "4242"));
    final Set<MappedFieldTypeDTO> fieldTypes = Collections.singleton(MappedFieldTypeDTO.create("foobar", FieldTypes.Type.createType("long", ImmutableSet.of("numeric", "enumerable"))));
    when(mappedFieldTypesService.fieldTypesByStreamIds(eq(ImmutableSet.of("2323", "4242")), eq(RelativeRange.allTime()))).thenReturn(fieldTypes);
    final Set<MappedFieldTypeDTO> result = this.fieldTypesResource.allFieldTypes(searchUser);
    assertThat(result).isEqualTo(fieldTypes);
}
Also used : SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) Test(org.junit.Test)

Example 2 with SearchUser

use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.

the class FieldTypesResourceTest method byStreamReturnsTypesFromMappedFieldTypesService.

@Test
public void byStreamReturnsTypesFromMappedFieldTypesService() {
    final SearchUser searchUser = TestSearchUser.builder().allowStream("2323").allowStream("4242").build();
    final Set<MappedFieldTypeDTO> fieldTypes = Collections.singleton(MappedFieldTypeDTO.create("foobar", FieldTypes.Type.createType("long", ImmutableSet.of("numeric", "enumerable"))));
    when(mappedFieldTypesService.fieldTypesByStreamIds(eq(ImmutableSet.of("2323", "4242")), eq(RelativeRange.allTime()))).thenReturn(fieldTypes);
    final Set<MappedFieldTypeDTO> result = this.fieldTypesResource.byStreams(FieldTypesForStreamsRequest.Builder.builder().streams(ImmutableSet.of("2323", "4242")).build(), searchUser);
    verify(mappedFieldTypesService, times(1)).fieldTypesByStreamIds(streamIdCaptor.capture(), timeRangeArgumentCaptor.capture());
    assertThat(streamIdCaptor.getValue()).containsExactlyInAnyOrder("2323", "4242");
    assertThat(timeRangeArgumentCaptor.getValue()).isEqualTo(RelativeRange.allTime());
    assertThat(result).isEqualTo(fieldTypes);
}
Also used : SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) Test(org.junit.Test)

Example 3 with SearchUser

use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.

the class FieldTypesResourceTest method allFieldTypesChecksPermissionsForStream.

@Test
public void allFieldTypesChecksPermissionsForStream() {
    final SearchUser searchUser = TestSearchUser.builder().allowStream("4242").denyStream("2323").build();
    final MappedFieldTypesService dependency = Mockito.mock(MappedFieldTypesService.class);
    Mockito.when(dependency.fieldTypesByStreamIds(Mockito.any(), Mockito.any())).thenAnswer(invocation -> {
        final Collection<String> streamIDs = invocation.getArgument(0);
        // for each streamID return a field that's called exactly like the streamID
        return streamIDs.stream().map(streamID -> MappedFieldTypeDTO.create(streamID, FieldTypes.Type.builder().type("text").build())).collect(Collectors.toSet());
    });
    final FieldTypesResource resource = new FieldTypesResource(dependency);
    final Set<MappedFieldTypeDTO> fields = resource.allFieldTypes(searchUser);
    // field for allowed stream has to be present
    assertThat(fields.stream().anyMatch(f -> f.name().equals("4242"))).isTrue();
    // field for denied stream must not be present
    assertThat(fields.stream().anyMatch(f -> f.name().equals("2323"))).isFalse();
}
Also used : MappedFieldTypesService(org.graylog2.indexer.fieldtypes.MappedFieldTypesService) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) Captor(org.mockito.Captor) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) MockitoJUnit(org.mockito.junit.MockitoJUnit) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) Before(org.junit.Before) ImmutableSet(com.google.common.collect.ImmutableSet) Collection(java.util.Collection) Set(java.util.Set) MappedFieldTypesService(org.graylog2.indexer.fieldtypes.MappedFieldTypesService) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) Collectors(java.util.stream.Collectors) Mockito.verify(org.mockito.Mockito.verify) FieldTypes(org.graylog2.indexer.fieldtypes.FieldTypes) Mockito(org.mockito.Mockito) Rule(org.junit.Rule) MissingStreamPermissionException(org.graylog2.shared.rest.exceptions.MissingStreamPermissionException) SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) MockitoRule(org.mockito.junit.MockitoRule) Collections(java.util.Collections) SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) Test(org.junit.Test)

Example 4 with SearchUser

use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.

the class FieldTypesResourceTest method byStreamChecksPermissionsForStream.

@Test
public void byStreamChecksPermissionsForStream() {
    final SearchUser searchUser = TestSearchUser.builder().allowStream("2323").allowStream("4242").build();
    final MappedFieldTypesService dependency = Mockito.mock(MappedFieldTypesService.class);
    Mockito.when(dependency.fieldTypesByStreamIds(Mockito.any(), Mockito.any())).thenAnswer(invocation -> {
        final Collection<String> streamIDs = invocation.getArgument(0);
        // for each streamID return a field that's called exactly like the streamID
        return streamIDs.stream().map(streamID -> MappedFieldTypeDTO.create(streamID, FieldTypes.Type.builder().type("text").build())).collect(Collectors.toSet());
    });
    final FieldTypesResource resource = new FieldTypesResource(dependency);
    final Set<MappedFieldTypeDTO> fields = resource.byStreams(FieldTypesForStreamsRequest.Builder.builder().streams(ImmutableSet.of("2323", "4242")).build(), searchUser);
    // field for allowed stream has to be present
    assertThat(fields.stream().anyMatch(f -> f.name().equals("2323"))).isTrue();
    assertThat(fields.stream().anyMatch(f -> f.name().equals("4242"))).isTrue();
}
Also used : MappedFieldTypesService(org.graylog2.indexer.fieldtypes.MappedFieldTypesService) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) Captor(org.mockito.Captor) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) MockitoJUnit(org.mockito.junit.MockitoJUnit) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) Before(org.junit.Before) ImmutableSet(com.google.common.collect.ImmutableSet) Collection(java.util.Collection) Set(java.util.Set) MappedFieldTypesService(org.graylog2.indexer.fieldtypes.MappedFieldTypesService) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) Collectors(java.util.stream.Collectors) Mockito.verify(org.mockito.Mockito.verify) FieldTypes(org.graylog2.indexer.fieldtypes.FieldTypes) Mockito(org.mockito.Mockito) Rule(org.junit.Rule) MissingStreamPermissionException(org.graylog2.shared.rest.exceptions.MissingStreamPermissionException) SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) MockitoRule(org.mockito.junit.MockitoRule) Collections(java.util.Collections) SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) Test(org.junit.Test)

Example 5 with SearchUser

use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.

the class FieldTypesResourceTest method shouldNotAllowAccessWithoutPermission.

@Test
public void shouldNotAllowAccessWithoutPermission() {
    final SearchUser searchUser = TestSearchUser.builder().denyStream("2323").allowStream("4242").build();
    assertThatExceptionOfType(MissingStreamPermissionException.class).isThrownBy(() -> fieldTypesResource.byStreams(FieldTypesForStreamsRequest.Builder.builder().streams(ImmutableSet.of("2323", "4242")).build(), searchUser)).satisfies(ex -> assertThat(ex.streamsWithMissingPermissions()).contains("2323"));
}
Also used : SearchUser(org.graylog.plugins.views.search.permissions.SearchUser) Test(org.junit.Test)

Aggregations

SearchUser (org.graylog.plugins.views.search.permissions.SearchUser)26 Test (org.junit.Test)19 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4 ForbiddenException (javax.ws.rs.ForbiddenException)4 Search (org.graylog.plugins.views.search.Search)4 RestResourceBaseTest (org.graylog2.rest.resources.RestResourceBaseTest)4 ImmutableSet (com.google.common.collect.ImmutableSet)3 ApiOperation (io.swagger.annotations.ApiOperation)3 Collection (java.util.Collection)3 POST (javax.ws.rs.POST)3 ViewDTO (org.graylog.plugins.views.search.views.ViewDTO)3 RelativeRange (org.graylog2.plugin.indexer.searches.timeranges.RelativeRange)3 Test (org.junit.jupiter.api.Test)3 Api (io.swagger.annotations.Api)2 ApiParam (io.swagger.annotations.ApiParam)2 Collections (java.util.Collections)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)2 AuditEvent (org.graylog2.audit.jersey.AuditEvent)2