Example 1 with GRNPermission
use of org.graylog.security.permissions.GRNPermission in project graylog2-server by Graylog2.
the class RolesResource method getMembers.
@GET
@Path("{rolename}/members")
@RequiresPermissions({ RestPermissions.USERS_LIST, RestPermissions.ROLES_READ })
@ApiOperation("Retrieve the role's members")
public RoleMembershipResponse getMembers(@ApiParam(name = "rolename", required = true) @PathParam("rolename") String name) throws NotFoundException {
final Role role = roleService.load(name);
final Collection<User> users = userService.loadAllForRole(role);
Set<UserSummary> userSummaries = Sets.newHashSetWithExpectedSize(users.size());
for (User user : users) {
final Set<String> roleNames = userService.getRoleNames(user);
List<WildcardPermission> wildcardPermissions;
List<GRNPermission> grnPermissions;
if (isPermitted(RestPermissions.USERS_PERMISSIONSEDIT, user.getName())) {
wildcardPermissions = userService.getWildcardPermissionsForUser(user);
grnPermissions = userService.getGRNPermissionsForUser(user);
} else {
wildcardPermissions = ImmutableList.of();
grnPermissions = ImmutableList.of();
}
userSummaries.add(UserSummary.create(user.getId(), user.getName(), user.getEmail(), user.getFirstName().orElse(null), user.getLastName().orElse(null), user.getFullName(), wildcardPermissions, grnPermissions, user.getPreferences(), firstNonNull(user.getTimeZone(), DateTimeZone.UTC).getID(), user.getSessionTimeoutMs(), user.isReadOnly(), user.isExternalUser(), user.getStartpage(), roleNames, // there is no session information available in this call, so we set it to null
false, null, null, user.getAccountStatus()));
}
return RoleMembershipResponse.create(role.getName(), userSummaries);
}
Also used :
Role(org.graylog2.shared.users.Role)
GRNPermission(org.graylog.security.permissions.GRNPermission)
User(org.graylog2.plugin.database.users.User)
UserSummary(org.graylog2.rest.models.users.responses.UserSummary)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 2 with GRNPermission
use of org.graylog.security.permissions.GRNPermission in project graylog2-server by Graylog2.
the class UsersResource method toUserResponse.
private UserSummary toUserResponse(User user, boolean includePermissions, AllUserSessions sessions) {
final Set<String> roleIds = user.getRoleIds();
Set<String> roleNames = Collections.emptySet();
if (!roleIds.isEmpty()) {
roleNames = userManagementService.getRoleNames(user);
if (roleNames.isEmpty()) {
LOG.error("Unable to load role names for role IDs {} for user {}", roleIds, user);
}
}
boolean sessionActive = false;
Date lastActivity = null;
String clientAddress = null;
final Optional<MongoDbSession> mongoDbSession = sessions.forUser(user);
if (mongoDbSession.isPresent()) {
final MongoDbSession session = mongoDbSession.get();
sessionActive = true;
lastActivity = session.getLastAccessTime();
clientAddress = session.getHost();
}
List<WildcardPermission> wildcardPermissions;
List<GRNPermission> grnPermissions;
if (includePermissions) {
wildcardPermissions = userManagementService.getWildcardPermissionsForUser(user);
grnPermissions = userManagementService.getGRNPermissionsForUser(user);
} else {
wildcardPermissions = ImmutableList.of();
grnPermissions = ImmutableList.of();
}
return UserSummary.create(user.getId(), user.getName(), user.getEmail(), user.getFirstName().orElse(null), user.getLastName().orElse(null), user.getFullName(), wildcardPermissions, grnPermissions, user.getPreferences(), user.getTimeZone() == null ? null : user.getTimeZone().getID(), user.getSessionTimeoutMs(), user.isReadOnly(), user.isExternalUser(), user.getStartpage(), roleNames, sessionActive, lastActivity, clientAddress, user.getAccountStatus());
}
Also used :
GRNPermission(org.graylog.security.permissions.GRNPermission)
MongoDbSession(org.graylog2.security.MongoDbSession)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Date(java.util.Date)
Example 3 with GRNPermission
use of org.graylog.security.permissions.GRNPermission in project graylog2-server by Graylog2.
the class UserServiceImplTest method testGetPermissionsForUser.
@Test
public void testGetPermissionsForUser() throws Exception {
final InMemoryRolePermissionResolver permissionResolver = mock(InMemoryRolePermissionResolver.class);
final GRNRegistry grnRegistry = GRNRegistry.createWithBuiltinTypes();
final UserService userService = new UserServiceImpl(mongoConnection, configuration, roleService, accessTokenService, userFactory, permissionResolver, serverEventBus, grnRegistry, permissionAndRoleResolver);
final UserImplFactory factory = new UserImplFactory(new Configuration(), permissions);
final UserImpl user = factory.create(new HashMap<>());
user.setName("user");
final Role role = createRole("Foo");
user.setRoleIds(Collections.singleton(role.getId()));
user.setPermissions(Collections.singletonList("hello:world"));
when(permissionResolver.resolveStringPermission(role.getId())).thenReturn(Collections.singleton("foo:bar"));
final GRNPermission ownerShipPermission = GRNPermission.create(RestPermissions.ENTITY_OWN, grnRegistry.newGRN(GRNTypes.DASHBOARD, "1234"));
final GRN userGRN = grnRegistry.ofUser(user);
when(permissionAndRoleResolver.resolvePermissionsForPrincipal(userGRN)).thenReturn(ImmutableSet.of(new CaseSensitiveWildcardPermission("perm:from:grant"), ownerShipPermission));
final String roleId = "12345";
when(permissionAndRoleResolver.resolveRolesForPrincipal(userGRN)).thenReturn(ImmutableSet.of(roleId));
when(permissionResolver.resolveStringPermission(roleId)).thenReturn(ImmutableSet.of("perm:from:role"));
assertThat(userService.getPermissionsForUser(user).stream().map(p -> p instanceof CaseSensitiveWildcardPermission ? p.toString() : p).collect(Collectors.toSet())).containsExactlyInAnyOrder("users:passwordchange:user", "users:edit:user", "foo:bar", "hello:world", "users:tokenlist:user", "users:tokencreate:user", "users:tokenremove:user", "perm:from:grant", ownerShipPermission, "perm:from:role");
}
Also used :
DateTimeZone(org.joda.time.DateTimeZone)
InMemoryRolePermissionResolver(org.graylog2.security.InMemoryRolePermissionResolver)
Mock(org.mockito.Mock)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
HashMap(java.util.HashMap)
GRNRegistry(org.graylog.grn.GRNRegistry)
EventBus(com.google.common.eventbus.EventBus)
DBObject(com.mongodb.DBObject)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
AccessTokenService(org.graylog2.security.AccessTokenService)
MongoDBInstance(org.graylog.testing.mongodb.MongoDBInstance)
Map(java.util.Map)
MockitoJUnit(org.mockito.junit.MockitoJUnit)
Before(org.junit.Before)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableMap(com.google.common.collect.ImmutableMap)
BasicDBObjectBuilder(com.mongodb.BasicDBObjectBuilder)
PasswordAlgorithmFactory(org.graylog2.security.PasswordAlgorithmFactory)
GRNTypes(org.graylog.grn.GRNTypes)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
GRN(org.graylog.grn.GRN)
List(java.util.List)
Rule(org.junit.Rule)
Configuration(org.graylog2.Configuration)
UserService(org.graylog2.shared.users.UserService)
RestPermissions(org.graylog2.shared.security.RestPermissions)
ObjectId(org.bson.types.ObjectId)
PasswordAlgorithm(org.graylog2.plugin.security.PasswordAlgorithm)
Optional(java.util.Optional)
SHA1HashPasswordAlgorithm(org.graylog2.security.hashing.SHA1HashPasswordAlgorithm)
MockitoRule(org.mockito.junit.MockitoRule)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
MongoConnection(org.graylog2.database.MongoConnection)
User(org.graylog2.plugin.database.users.User)
Role(org.graylog2.shared.users.Role)
GRNPermission(org.graylog.security.permissions.GRNPermission)
Permissions(org.graylog2.shared.security.Permissions)
Collections(java.util.Collections)
PermissionAndRoleResolver(org.graylog.security.PermissionAndRoleResolver)
CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission)
Mockito.mock(org.mockito.Mockito.mock)
GRN(org.graylog.grn.GRN)
GRNRegistry(org.graylog.grn.GRNRegistry)
Configuration(org.graylog2.Configuration)
UserService(org.graylog2.shared.users.UserService)
InMemoryRolePermissionResolver(org.graylog2.security.InMemoryRolePermissionResolver)
CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission)
Role(org.graylog2.shared.users.Role)
GRNPermission(org.graylog.security.permissions.GRNPermission)
Test(org.junit.Test)
Aggregations
GRNPermission (org.graylog.security.permissions.GRNPermission)3
WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)2
User (org.graylog2.plugin.database.users.User)2
Role (org.graylog2.shared.users.Role)2
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Sets (com.google.common.collect.Sets)1
EventBus (com.google.common.eventbus.EventBus)1
BasicDBObjectBuilder (com.mongodb.BasicDBObjectBuilder)1
DBObject (com.mongodb.DBObject)1
ApiOperation (io.swagger.annotations.ApiOperation)1
Collections (java.util.Collections)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Collectors (java.util.stream.Collectors)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
