use of org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability in project graylog2-server by Graylog2.
the class RolesToGrantsMigration method migrateRoleToGrant.
private Set<String> migrateRoleToGrant(MigratableRole migratableRole) {
final Set<String> migratedRolePermissions = new HashSet<>();
final Collection<User> allRoleUsers = userService.loadAllForRole(migratableRole.role);
migratableRole.migratableEntities.forEach((entityID, permissions) -> {
final GrantsMetaMigration.GRNTypeCapability grnTypeCapability = MIGRATION_MAP.get(permissions);
// Permissions are mappable to a grant
if (grnTypeCapability != null) {
final Capability capability = grnTypeCapability.capability;
final GRNType grnType = grnTypeCapability.grnType;
allRoleUsers.forEach(user -> {
dbGrantService.ensure(grnRegistry.ofUser(user), capability, grnType.toGRN(entityID), rootUsername);
LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", grnType.toGRN(entityID), permissions, capability, user.getName());
});
migratedRolePermissions.addAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
} else {
LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
}
});
return migratedRolePermissions;
}
use of org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability in project graylog2-server by Graylog2.
the class UserPermissionsToGrantsMigration method migrateUserPermissions.
private void migrateUserPermissions(User user, Map<String, Set<String>> migratableEntities) {
migratableEntities.forEach((entityID, permissions) -> {
final GRNTypeCapability grnTypeCapability = GrantsMetaMigration.MIGRATION_MAP.get(permissions);
// Permissions are mappable to a grant
if (grnTypeCapability != null) {
final Capability capability = grnTypeCapability.capability;
GRN targetGRN;
if (permissions.stream().anyMatch(p -> p.contains(VIEW_READ))) {
// For views we need to load the database object to be able to determine if it's a
// search or a dashboard.
targetGRN = getViewGRNType(entityID).map(grnType -> grnType.toGRN(entityID)).orElse(null);
} else {
targetGRN = requireNonNull(grnTypeCapability.grnType, "grnType cannot be null - this is a bug").toGRN(entityID);
}
if (targetGRN != null) {
dbGrantService.ensure(grnRegistry.ofUser(user), capability, targetGRN, rootUsername);
}
final List<String> updatedPermissions = user.getPermissions();
updatedPermissions.removeAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
user.setPermissions(updatedPermissions);
try {
userService.save(user);
} catch (ValidationException e) {
LOG.error("Failed to update permssions on user <{}>", user.getName(), e);
}
LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", targetGRN, permissions, capability, user.getName());
} else {
LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
}
});
}
Aggregations