Example 1 with GrantDTO
use of org.graylog.security.GrantDTO in project graylog2-server by Graylog2.
the class EntitySharesServiceTest method ignoreInvisibleOwners.
@DisplayName("The validation should ignore invisble owners")
@Test
void ignoreInvisibleOwners() {
final GRN entity = grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe");
final EntityShareRequest shareRequest = EntityShareRequest.create(ImmutableMap.of());
final Set<GRN> allGrantees = dbGrantService.getAll().stream().map(GrantDTO::grantee).collect(Collectors.toSet());
lenient().when(granteeService.getAvailableGrantees(any())).thenReturn(allGrantees.stream().filter(g -> g.toString().equals("grn::::user:invisible")).map(g -> Grantee.createUser(g, g.entity())).collect(Collectors.toSet()));
final User user = createMockUser("hans");
final Subject subject = mock(Subject.class);
final EntityShareResponse entityShareResponse = entitySharesService.prepareShare(entity, shareRequest, user, subject);
assertThat(entityShareResponse.validationResult()).satisfies(validationResult -> {
assertThat(validationResult.failed()).isFalse();
});
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
EntityDependencyPermissionChecker(org.graylog.security.entities.EntityDependencyPermissionChecker)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Mock(org.mockito.Mock)
BuiltinCapabilities(org.graylog.security.BuiltinCapabilities)
Capability(org.graylog.security.Capability)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Mockito.lenient(org.mockito.Mockito.lenient)
GRNRegistry(org.graylog.grn.GRNRegistry)
EventBus(com.google.common.eventbus.EventBus)
MongoDBTestService(org.graylog.testing.mongodb.MongoDBTestService)
DBGrantService(org.graylog.security.DBGrantService)
GrantDTO(org.graylog.security.GrantDTO)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
Subject(org.apache.shiro.subject.Subject)
ImmutableMultimap(com.google.common.collect.ImmutableMultimap)
MockitoExtension(org.mockito.junit.jupiter.MockitoExtension)
ImmutableSet(com.google.common.collect.ImmutableSet)
EntityDependencyResolver(org.graylog.security.entities.EntityDependencyResolver)
ImmutableMap(com.google.common.collect.ImmutableMap)
GRNTypes(org.graylog.grn.GRNTypes)
MongoJackObjectMapperProvider(org.graylog2.bindings.providers.MongoJackObjectMapperProvider)
Set(java.util.Set)
Mockito.when(org.mockito.Mockito.when)
Collectors(java.util.stream.Collectors)
MongoJackExtension(org.graylog.testing.mongodb.MongoJackExtension)
GRN(org.graylog.grn.GRN)
DisplayName(org.junit.jupiter.api.DisplayName)
Test(org.junit.jupiter.api.Test)
MongoDBExtension(org.graylog.testing.mongodb.MongoDBExtension)
GRNExtension(org.graylog.testing.GRNExtension)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
User(org.graylog2.plugin.database.users.User)
Mockito.mock(org.mockito.Mockito.mock)
GRN(org.graylog.grn.GRN)
User(org.graylog2.plugin.database.users.User)
Subject(org.apache.shiro.subject.Subject)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Example 2 with GrantDTO
use of org.graylog.security.GrantDTO in project graylog2-server by Graylog2.
the class EntityOwnershipServiceTest method registerNewEventDefinition.
@Test
void registerNewEventDefinition() {
final User mockUser = mock(User.class);
when(mockUser.getName()).thenReturn("mockuser");
when(mockUser.getId()).thenReturn("mockuser");
entityOwnershipService.registerNewEventDefinition("1234", mockUser);
ArgumentCaptor<GrantDTO> grant = ArgumentCaptor.forClass(GrantDTO.class);
ArgumentCaptor<User> user = ArgumentCaptor.forClass(User.class);
verify(dbGrantService).create(grant.capture(), user.capture());
assertThat(grant.getValue()).satisfies(g -> {
assertThat(g.capability()).isEqualTo(Capability.OWN);
assertThat(g.target().type()).isEqualTo(GRNTypes.EVENT_DEFINITION.type());
assertThat(g.target().entity()).isEqualTo("1234");
assertThat(g.grantee().type()).isEqualTo(GRNTypes.USER.type());
assertThat(g.grantee().entity()).isEqualTo("mockuser");
});
}Example 3 with GrantDTO
use of org.graylog.security.GrantDTO in project graylog2-server by Graylog2.
the class RolesToGrantsMigrationTest method migrateSimpleRole.
@Test
void migrateSimpleRole() throws NotFoundException {
final User testuser1 = userService.load("testuser1");
assertThat(testuser1).isNotNull();
final User testuser2 = userService.load("testuser2");
assertThat(testuser2).isNotNull();
assertThat(roleService.load("mig-test")).isNotNull();
assertThat(dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser1)))).isEmpty();
migration.upgrade();
// check created grants for testuser1
final ImmutableSet<GrantDTO> grants = dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser1)));
assertGrantInSet(grants, "grn::::dashboard:5e2afc66cd19517ec2dabadd", Capability.VIEW);
assertGrantInSet(grants, "grn::::dashboard:5e2afc66cd19517ec2dabadf", Capability.MANAGE);
assertGrantInSet(grants, "grn::::stream:5c40ad603c034441a56942bd", Capability.VIEW);
assertGrantInSet(grants, "grn::::stream:5e2f5cfb4868e67ad4da562d", Capability.VIEW);
assertGrantInSet(grants, "grn::::stream:000000000000000000000002", Capability.MANAGE);
assertThat(grants.size()).isEqualTo(5);
// testuser2 gets the same grants. a simple check should suffice
assertThat(dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser2)))).satisfies(grantDTOS -> {
assertThat(Iterables.size(grantDTOS)).isEqualTo(5);
});
// empty role should be dropped
assertThatThrownBy(() -> roleService.load("mig-test")).isInstanceOf(NotFoundException.class);
}Example 4 with GrantDTO
use of org.graylog.security.GrantDTO in project graylog2-server by Graylog2.
the class UserPermissionsToGrantsMigrationTest method migrateAllUserPermissions.
@Test
void migrateAllUserPermissions() {
final ViewDTO view1 = mock(ViewDTO.class);
final ViewDTO view2 = mock(ViewDTO.class);
when(view1.type()).thenReturn(ViewDTO.Type.DASHBOARD);
when(view2.type()).thenReturn(ViewDTO.Type.SEARCH);
when(viewService.get("5c40ad603c034441a56943be")).thenReturn(Optional.of(view1));
when(viewService.get("5c40ad603c034441a56943c0")).thenReturn(Optional.of(view2));
User testuser1 = userService.load("testuser1");
assertThat(testuser1).isNotNull();
assertThat(testuser1.getPermissions().size()).isEqualTo(11 + userSelfEditPermissionCount);
assertThat(dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser1)))).isEmpty();
migration.upgrade();
// check created grants for testuser1
final ImmutableSet<GrantDTO> grants = dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser1)));
assertGrantInSet(grants, "grn::::dashboard:5e2afc66cd19517ec2dabadd", Capability.VIEW);
assertGrantInSet(grants, "grn::::dashboard:5e2afc66cd19517ec2dabadf", Capability.MANAGE);
assertGrantInSet(grants, "grn::::stream:5c40ad603c034441a56942bd", Capability.VIEW);
assertGrantInSet(grants, "grn::::stream:5e2f5cfb4868e67ad4da562d", Capability.VIEW);
assertGrantInSet(grants, "grn::::dashboard:5c40ad603c034441a56943be", Capability.MANAGE);
assertGrantInSet(grants, "grn::::search:5c40ad603c034441a56943c0", Capability.VIEW);
assertGrantInSet(grants, "grn::::event_definition:5c40ad603c034441a56942bf", Capability.MANAGE);
assertGrantInSet(grants, "grn::::event_definition:5c40ad603c034441a56942c0", Capability.VIEW);
assertThat(grants.size()).isEqualTo(8);
// reload user and check that all migrated permissions have been removed
testuser1 = userService.load("testuser1");
assertThat(testuser1).isNotNull();
assertThat(testuser1.getPermissions().size()).isEqualTo(userSelfEditPermissionCount);
}Example 5 with GrantDTO
use of org.graylog.security.GrantDTO in project graylog2-server by Graylog2.
the class UserPermissionsToGrantsMigrationTest method migrateSomeUserPermissions.
@Test
void migrateSomeUserPermissions() {
User testuser2 = userService.load("testuser2");
assertThat(testuser2).isNotNull();
assertThat(testuser2.getPermissions().size()).isEqualTo(6 + userSelfEditPermissionCount);
assertThat(dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser2)))).isEmpty();
migration.upgrade();
// check created grants for testuser2
final ImmutableSet<GrantDTO> grants = dbGrantService.getForGranteesOrGlobal(ImmutableSet.of(grnRegistry.ofUser(testuser2)));
assertGrantInSet(grants, "grn::::dashboard:5e2afc66cd19517ec2dabadf", Capability.MANAGE);
assertThat(grants.size()).isEqualTo(1);
// reload user and check that all migrated permissions have been removed. (should be only two less)
testuser2 = userService.load("testuser2");
assertThat(testuser2).isNotNull();
assertThat(testuser2.getPermissions().size()).isEqualTo(4 + userSelfEditPermissionCount);
}Aggregations
GrantDTO (org.graylog.security.GrantDTO)7
User (org.graylog2.plugin.database.users.User)7
Test (org.junit.jupiter.api.Test)5
ImmutableMap (com.google.common.collect.ImmutableMap)3
ImmutableSet (com.google.common.collect.ImmutableSet)3
EventBus (com.google.common.eventbus.EventBus)3
Set (java.util.Set)3
Collectors (java.util.stream.Collectors)3
Subject (org.apache.shiro.subject.Subject)3
GRN (org.graylog.grn.GRN)3
GRNRegistry (org.graylog.grn.GRNRegistry)3
BuiltinCapabilities (org.graylog.security.BuiltinCapabilities)3
Capability (org.graylog.security.Capability)3
DBGrantService (org.graylog.security.DBGrantService)3
EntityDependencyPermissionChecker (org.graylog.security.entities.EntityDependencyPermissionChecker)3
EntityDependencyResolver (org.graylog.security.entities.EntityDependencyResolver)3
ZoneOffset (java.time.ZoneOffset)2
ZonedDateTime (java.time.ZonedDateTime)2
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
