Examples with ActiveShare org.graylog.security.shares.EntityShareResponse.ActiveShare used on opensource projects

Search in sources :

Example 1 with ActiveShare

use of org.graylog.security.shares.EntityShareResponse.ActiveShare in project graylog2-server by Graylog2.

the class EntitySharesService method prepareShare.

/**
 * Prepares the sharing operation by running some checks and returning available capabilities and grantees
 * as well as active shares and information about missing dependencies.
 *
 * @param ownedEntity    the entity that should be shared and is owned by the sharing user
 * @param request        sharing request
 * @param sharingUser    the sharing user
 * @param sharingSubject the sharing subject
 * @return the response
 */
public EntityShareResponse prepareShare(GRN ownedEntity, EntityShareRequest request, User sharingUser, Subject sharingSubject) {
    requireNonNull(ownedEntity, "ownedEntity cannot be null");
    requireNonNull(request, "request cannot be null");
    requireNonNull(sharingUser, "sharingUser cannot be null");
    requireNonNull(sharingSubject, "sharingSubject cannot be null");
    final GRN sharingUserGRN = grnRegistry.ofUser(sharingUser);
    final Set<Grantee> availableGrantees = granteeService.getAvailableGrantees(sharingUser);
    final Set<GRN> availableGranteeGRNs = availableGrantees.stream().map(Grantee::grn).collect(Collectors.toSet());
    final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
    return EntityShareResponse.builder().entity(ownedEntity.toString()).sharingUser(sharingUserGRN).availableGrantees(availableGrantees).availableCapabilities(getAvailableCapabilities()).activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).missingPermissionsOnDependencies(checkMissingPermissionsOnDependencies(ownedEntity, sharingUserGRN, activeShares, request)).validationResult(validateRequest(ownedEntity, request, sharingUser, availableGranteeGRNs)).build();
}
Also used : GRN(org.graylog.grn.GRN) ActiveShare(org.graylog.security.shares.EntityShareResponse.ActiveShare)

Example 2 with ActiveShare

use of org.graylog.security.shares.EntityShareResponse.ActiveShare in project graylog2-server by Graylog2.

the class EntitySharesService method updateEntityShares.

/**
 * Share / unshare an entity with one or more grantees.
 * The grants in the request are created or, if they already exist, updated.
 *
 * @param ownedEntity the target entity for the updated grants
 * @param request     the request containing grantees and their capabilities
 * @param sharingUser the user executing the request
 */
public EntityShareResponse updateEntityShares(GRN ownedEntity, EntityShareRequest request, User sharingUser) {
    requireNonNull(ownedEntity, "ownedEntity cannot be null");
    requireNonNull(request, "request cannot be null");
    requireNonNull(sharingUser, "sharingUser cannot be null");
    final ImmutableMap<GRN, Capability> selectedGranteeCapabilities = request.selectedGranteeCapabilities().orElse(ImmutableMap.of());
    final String userName = sharingUser.getName();
    final GRN sharingUserGRN = grnRegistry.ofUser(sharingUser);
    final Set<Grantee> availableGrantees = granteeService.getAvailableGrantees(sharingUser);
    final Set<GRN> availableGranteeGRNs = availableGrantees.stream().map(Grantee::grn).collect(Collectors.toSet());
    final List<GrantDTO> existingGrants = grantService.getForTargetExcludingGrantee(ownedEntity, sharingUserGRN);
    existingGrants.removeIf(grant -> !availableGranteeGRNs.contains(grant.grantee()));
    final EntityShareResponse.Builder responseBuilder = EntityShareResponse.builder().entity(ownedEntity.toString()).sharingUser(sharingUserGRN).availableGrantees(availableGrantees).availableCapabilities(getAvailableCapabilities()).missingPermissionsOnDependencies(checkMissingPermissionsOnDependencies(ownedEntity, sharingUserGRN, ImmutableSet.of(), request));
    final EntitySharesUpdateEvent.Builder updateEventBuilder = EntitySharesUpdateEvent.builder().user(sharingUser).entity(ownedEntity);
    // Abort if validation fails, but try to return a complete EntityShareResponse
    final ValidationResult validationResult = validateRequest(ownedEntity, request, sharingUser, availableGranteeGRNs);
    if (validationResult.failed()) {
        final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
        return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).validationResult(validationResult).build();
    }
    // Update capabilities of existing grants (for a grantee)
    existingGrants.stream().filter(grantDTO -> request.grantees().contains(grantDTO.grantee())).forEach((g -> {
        final Capability newCapability = selectedGranteeCapabilities.get(g.grantee());
        if (!g.capability().equals(newCapability)) {
            grantService.save(g.toBuilder().capability(newCapability).updatedBy(userName).updatedAt(ZonedDateTime.now(ZoneOffset.UTC)).build());
            updateEventBuilder.addUpdates(g.grantee(), newCapability, g.capability());
        }
    }));
    // Create newly added grants
    // TODO Create multiple entries with one db query
    selectedGranteeCapabilities.forEach((grantee, capability) -> {
        if (existingGrants.stream().noneMatch(eg -> eg.grantee().equals(grantee))) {
            grantService.create(GrantDTO.builder().grantee(grantee).capability(capability).target(ownedEntity).build(), sharingUser);
            updateEventBuilder.addCreates(grantee, capability);
        }
    });
    // remove grants that are not present anymore
    // TODO delete multiple entries with one db query
    existingGrants.forEach((g) -> {
        if (!selectedGranteeCapabilities.containsKey(g.grantee())) {
            grantService.delete(g.id());
            updateEventBuilder.addDeletes(g.grantee(), g.capability());
        }
    });
    postUpdateEvent(updateEventBuilder.build());
    final ImmutableSet<ActiveShare> activeShares = getActiveShares(ownedEntity, sharingUser, availableGranteeGRNs);
    return responseBuilder.activeShares(activeShares).selectedGranteeCapabilities(getSelectedGranteeCapabilities(activeShares, request)).build();
}
Also used : GrantDTO(org.graylog.security.GrantDTO) EntityDependencyPermissionChecker(org.graylog.security.entities.EntityDependencyPermissionChecker) BuiltinCapabilities(org.graylog.security.BuiltinCapabilities) Capability(org.graylog.security.Capability) ZonedDateTime(java.time.ZonedDateTime) GRNRegistry(org.graylog.grn.GRNRegistry) ArrayList(java.util.ArrayList) EventBus(com.google.common.eventbus.EventBus) Inject(javax.inject.Inject) DBGrantService(org.graylog.security.DBGrantService) GrantDTO(org.graylog.security.GrantDTO) Subject(org.apache.shiro.subject.Subject) Locale(java.util.Locale) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) ZoneOffset(java.time.ZoneOffset) ImmutableSet(com.google.common.collect.ImmutableSet) EntityDependencyResolver(org.graylog.security.entities.EntityDependencyResolver) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) Set(java.util.Set) ActiveShare(org.graylog.security.shares.EntityShareResponse.ActiveShare) Collectors(java.util.stream.Collectors) GRN(org.graylog.grn.GRN) Objects(java.util.Objects) List(java.util.List) EntityDescriptor(org.graylog.security.entities.EntityDescriptor) EntitySharesUpdateEvent(org.graylog.security.events.EntitySharesUpdateEvent) ValidationResult(org.graylog2.plugin.rest.ValidationResult) User(org.graylog2.plugin.database.users.User) AvailableCapability(org.graylog.security.shares.EntityShareResponse.AvailableCapability) GRN(org.graylog.grn.GRN) Capability(org.graylog.security.Capability) AvailableCapability(org.graylog.security.shares.EntityShareResponse.AvailableCapability) ActiveShare(org.graylog.security.shares.EntityShareResponse.ActiveShare) ValidationResult(org.graylog2.plugin.rest.ValidationResult) EntitySharesUpdateEvent(org.graylog.security.events.EntitySharesUpdateEvent)

Aggregations

GRN (org.graylog.grn.GRN)2 ActiveShare (org.graylog.security.shares.EntityShareResponse.ActiveShare)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 EventBus (com.google.common.eventbus.EventBus)1 ZoneOffset (java.time.ZoneOffset)1 ZonedDateTime (java.time.ZonedDateTime)1 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 List (java.util.List)1 Locale (java.util.Locale)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Objects.requireNonNull (java.util.Objects.requireNonNull)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1 Inject (javax.inject.Inject)1 Subject (org.apache.shiro.subject.Subject)1 GRNRegistry (org.graylog.grn.GRNRegistry)1 BuiltinCapabilities (org.graylog.security.BuiltinCapabilities)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial