use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.
the class SearchDomainTest method loadsSearchIfSearchIsPermittedViaViews.
@Test
public void loadsSearchIfSearchIsPermittedViaViews() {
final Search search = mockSearchWithOwner("someone else");
final SearchUser searchUser = mock(SearchUser.class);
final ViewDTO viewDTO = mock(ViewDTO.class);
when(viewService.forSearch(anyString())).thenReturn(ImmutableList.of(viewDTO));
when(searchUser.canReadView(viewDTO)).thenReturn(true);
final Optional<Search> result = sut.getForUser(search.id(), searchUser);
assertThat(result).isEqualTo(Optional.of(search));
}
use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.
the class SearchExecutorTest method throwsExceptionIfSearchIsNotFound.
@Test
public void throwsExceptionIfSearchIsNotFound() {
final SearchUser searchUser = mock(SearchUser.class);
when(searchUser.canReadView(any())).thenReturn(true);
when(searchUser.canReadStream(any())).thenReturn(true);
when(searchDomain.getForUser(eq("search1"), eq(searchUser))).thenReturn(Optional.empty());
assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> this.searchExecutor.execute("search1", searchUser, ExecutionState.empty())).withMessage("No search found with id <search1>.");
}
use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.
the class SearchExecutorTest method appliesSearchExecutionState.
@Test
public void appliesSearchExecutionState() {
final Search search = mockSearch();
final SearchUser searchUser = mock(SearchUser.class);
when(searchUser.canReadView(any())).thenReturn(true);
when(searchUser.canReadStream(any())).thenReturn(true);
when(searchUser.username()).thenReturn("frank-drebin");
final SearchJob searchJob = mock(SearchJob.class);
when(searchJobService.create(search, "frank-drebin")).thenReturn(searchJob);
when(searchJob.getResultFuture()).thenReturn(CompletableFuture.completedFuture(null));
when(queryEngine.execute(searchJob)).thenReturn(searchJob);
when(searchDomain.getForUser(eq("search1"), eq(searchUser))).thenReturn(Optional.of(search));
final ExecutionState executionState = ExecutionState.builder().addAdditionalParameter("foo", 42).build();
this.searchExecutor.execute("search1", searchUser, executionState);
verify(search, times(1)).applyExecutionState(any(), executionStateCaptor.capture());
assertThat(executionStateCaptor.getValue()).isEqualTo(executionState);
}
use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.
the class ViewsResource method create.
@POST
@ApiOperation("Create a new view")
@AuditEvent(type = ViewsAuditEventTypes.VIEW_CREATE)
public ViewDTO create(@ApiParam @Valid @NotNull(message = "View is mandatory") ViewDTO dto, @Context UserContext userContext, @Context SearchUser searchUser) throws ValidationException {
if (dto.type().equals(ViewDTO.Type.DASHBOARD) && !searchUser.canCreateDashboards()) {
throw new ForbiddenException("User is not allowed to create new dashboards.");
}
validateIntegrity(dto, searchUser);
final User user = userContext.getUser();
return dbService.saveWithOwner(dto.toBuilder().owner(searchUser.username()).build(), user);
}
use of org.graylog.plugins.views.search.permissions.SearchUser in project graylog2-server by Graylog2.
the class ViewsResource method validateIntegrity.
private void validateIntegrity(ViewDTO dto, SearchUser searchUser) {
final Search search = searchDomain.getForUser(dto.searchId(), searchUser).orElseThrow(() -> new BadRequestException("Search " + dto.searchId() + " not available"));
final Set<String> searchQueries = search.queries().stream().map(Query::id).collect(Collectors.toSet());
final Set<String> stateQueries = dto.state().keySet();
if (!searchQueries.containsAll(stateQueries)) {
final Sets.SetView<String> diff = Sets.difference(searchQueries, stateQueries);
throw new BadRequestException("Search queries do not correspond to view/state queries, missing query IDs: " + diff);
}
final Set<String> searchTypes = search.queries().stream().flatMap(q -> q.searchTypes().stream()).map(SearchType::id).collect(Collectors.toSet());
final Set<String> stateTypes = dto.state().values().stream().flatMap(v -> v.widgetMapping().values().stream()).flatMap(Collection::stream).collect(Collectors.toSet());
if (!searchTypes.containsAll(stateTypes)) {
final Sets.SetView<String> diff = Sets.difference(searchTypes, stateTypes);
throw new BadRequestException("Search types do not correspond to view/search types, missing searches: " + diff);
}
final Set<String> widgetIds = dto.state().values().stream().flatMap(v -> v.widgets().stream()).map(WidgetDTO::id).collect(Collectors.toSet());
final Set<String> widgetPositions = dto.state().values().stream().flatMap(v -> v.widgetPositions().keySet().stream()).collect(Collectors.toSet());
if (!widgetPositions.containsAll(widgetIds)) {
final Sets.SetView<String> diff = Sets.difference(widgetPositions, widgetIds);
throw new BadRequestException("Widget positions don't correspond to widgets, missing widget possitions: " + diff);
}
}
Aggregations