Examples with GRNTypeCapability org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability used on opensource projects

Example 1 with GRNTypeCapability

use of org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability in project graylog2-server by Graylog2.

the class RolesToGrantsMigration method migrateRoleToGrant.

private Set<String> migrateRoleToGrant(MigratableRole migratableRole) {
    final Set<String> migratedRolePermissions = new HashSet<>();
    final Collection<User> allRoleUsers = userService.loadAllForRole(migratableRole.role);
    migratableRole.migratableEntities.forEach((entityID, permissions) -> {
        final GrantsMetaMigration.GRNTypeCapability grnTypeCapability = MIGRATION_MAP.get(permissions);
        // Permissions are mappable to a grant
        if (grnTypeCapability != null) {
            final Capability capability = grnTypeCapability.capability;
            final GRNType grnType = grnTypeCapability.grnType;
            allRoleUsers.forEach(user -> {
                dbGrantService.ensure(grnRegistry.ofUser(user), capability, grnType.toGRN(entityID), rootUsername);
                LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", grnType.toGRN(entityID), permissions, capability, user.getName());
            });
            migratedRolePermissions.addAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
        } else {
            LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
        }
    });
    return migratedRolePermissions;
}

Example 2 with GRNTypeCapability

use of org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability in project graylog2-server by Graylog2.

the class UserPermissionsToGrantsMigration method migrateUserPermissions.

private void migrateUserPermissions(User user, Map<String, Set<String>> migratableEntities) {
    migratableEntities.forEach((entityID, permissions) -> {
        final GRNTypeCapability grnTypeCapability = GrantsMetaMigration.MIGRATION_MAP.get(permissions);
        // Permissions are mappable to a grant
        if (grnTypeCapability != null) {
            final Capability capability = grnTypeCapability.capability;
            GRN targetGRN;
            if (permissions.stream().anyMatch(p -> p.contains(VIEW_READ))) {
                // For views we need to load the database object to be able to determine if it's a
                // search or a dashboard.
                targetGRN = getViewGRNType(entityID).map(grnType -> grnType.toGRN(entityID)).orElse(null);
            } else {
                targetGRN = requireNonNull(grnTypeCapability.grnType, "grnType cannot be null - this is a bug").toGRN(entityID);
            }
            if (targetGRN != null) {
                dbGrantService.ensure(grnRegistry.ofUser(user), capability, targetGRN, rootUsername);
            }
            final List<String> updatedPermissions = user.getPermissions();
            updatedPermissions.removeAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
            user.setPermissions(updatedPermissions);
            try {
                userService.save(user);
            } catch (ValidationException e) {
                LOG.error("Failed to update permssions on user <{}>", user.getName(), e);
            }
            LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", targetGRN, permissions, capability, user.getName());
        } else {
            LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
        }
    });
}