Search in sources :

Example 6 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UsersResource method listUsers.

@GET
@RequiresPermissions(RestPermissions.USERS_LIST)
@ApiOperation(value = "List all users", notes = "The permissions assigned to the users are always included.")
public UserList listUsers() {
    final List<User> users = userService.loadAll();
    final Collection<MongoDbSession> sessions = sessionService.loadAll();
    // among all active sessions, find the last recently used for each user
    //noinspection OptionalGetWithoutIsPresent
    final Map<String, Optional<MongoDbSession>> lastSessionForUser = sessions.stream().filter(s -> s.getUsernameAttribute().isPresent()).collect(groupingBy(s -> s.getUsernameAttribute().get(), maxBy(Comparator.comparing(MongoDbSession::getLastAccessTime))));
    final List<UserSummary> resultUsers = Lists.newArrayListWithCapacity(users.size() + 1);
    final User adminUser = userService.getAdminUser();
    resultUsers.add(toUserResponse(adminUser, lastSessionForUser.getOrDefault(adminUser.getName(), Optional.empty())));
    for (User user : users) {
        resultUsers.add(toUserResponse(user, lastSessionForUser.getOrDefault(user.getName(), Optional.empty())));
    }
    return UserList.create(resultUsers);
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) UserList(org.graylog2.rest.models.users.responses.UserList) USERS_PERMISSIONSEDIT(org.graylog2.shared.security.RestPermissions.USERS_PERMISSIONSEDIT) Produces(javax.ws.rs.Produces) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) ApiParam(io.swagger.annotations.ApiParam) Valid(javax.validation.Valid) ApiOperation(io.swagger.annotations.ApiOperation) MongoDBSessionService(org.graylog2.security.MongoDBSessionService) MediaType(javax.ws.rs.core.MediaType) Consumes(javax.ws.rs.Consumes) AccessTokenService(org.graylog2.security.AccessTokenService) USERS_ROLESEDIT(org.graylog2.shared.security.RestPermissions.USERS_ROLESEDIT) CreateUserRequest(org.graylog2.rest.models.users.requests.CreateUserRequest) Map(java.util.Map) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) ChangePasswordRequest(org.graylog2.rest.models.users.requests.ChangePasswordRequest) AccessToken(org.graylog2.security.AccessToken) DELETE(javax.ws.rs.DELETE) Token(org.graylog2.rest.models.users.responses.Token) Collection(java.util.Collection) Set(java.util.Set) InternalServerErrorException(javax.ws.rs.InternalServerErrorException) TokenList(org.graylog2.rest.models.users.responses.TokenList) NotNull(javax.validation.constraints.NotNull) Sets(com.google.common.collect.Sets) NotFoundException(javax.ws.rs.NotFoundException) List(java.util.List) UserService(org.graylog2.shared.users.UserService) Response(javax.ws.rs.core.Response) AuditEventTypes(org.graylog2.audit.AuditEventTypes) UserSummary(org.graylog2.rest.models.users.responses.UserSummary) Startpage(org.graylog2.rest.models.users.requests.Startpage) Optional(java.util.Optional) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) Iterables(com.google.common.collect.Iterables) PathParam(javax.ws.rs.PathParam) GET(javax.ws.rs.GET) RoleService(org.graylog2.users.RoleService) Collectors.groupingBy(java.util.stream.Collectors.groupingBy) ApiResponses(io.swagger.annotations.ApiResponses) Roles(org.graylog2.shared.users.Roles) MongoDbSession(org.graylog2.security.MongoDbSession) Inject(javax.inject.Inject) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) AuditEvent(org.graylog2.audit.jersey.AuditEvent) Api(io.swagger.annotations.Api) ChangeUserRequest(org.graylog2.rest.models.users.requests.ChangeUserRequest) Nullable(javax.annotation.Nullable) PermissionEditRequest(org.graylog2.rest.models.users.requests.PermissionEditRequest) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) ForbiddenException(javax.ws.rs.ForbiddenException) RestResource(org.graylog2.shared.rest.resources.RestResource) Collectors.maxBy(java.util.stream.Collectors.maxBy) UpdateUserPreferences(org.graylog2.rest.models.users.requests.UpdateUserPreferences) ApiResponse(io.swagger.annotations.ApiResponse) ValidationException(org.graylog2.plugin.database.ValidationException) RestPermissions(org.graylog2.shared.security.RestPermissions) USERS_EDIT(org.graylog2.shared.security.RestPermissions.USERS_EDIT) PUT(javax.ws.rs.PUT) User(org.graylog2.plugin.database.users.User) Role(org.graylog2.shared.users.Role) Comparator(java.util.Comparator) Collections(java.util.Collections) User(org.graylog2.plugin.database.users.User) MongoDbSession(org.graylog2.security.MongoDbSession) Optional(java.util.Optional) UserSummary(org.graylog2.rest.models.users.responses.UserSummary) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 7 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class InMemoryRolePermissionResolver method resolveStringPermission.

@Nonnull
public Set<String> resolveStringPermission(String roleId) {
    final ImmutableMap<String, Role> index = idToRoleIndex.get();
    final Role role = index.get(roleId);
    if (role == null) {
        log.debug("Unknown role {}, cannot resolve permissions.", roleId);
        return Collections.emptySet();
    }
    final Set<String> permissions = role.getPermissions();
    if (permissions == null) {
        log.debug("Role {} has no permissions assigned, cannot resolve permissions.", roleId);
        return Collections.emptySet();
    }
    return permissions;
}
Also used : Role(org.graylog2.shared.users.Role) Nonnull(javax.annotation.Nonnull)

Example 8 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class PermissionsTest method testPluginPermissions.

@Test
public void testPluginPermissions() throws Exception {
    final ImmutableSet<Permission> pluginPermissions = ImmutableSet.of(Permission.create("foo:bar", "bar"), Permission.create("foo:baz", "baz"), Permission.create("hello:world", "hello"));
    final PermissionsPluginPermissions plugin = new PermissionsPluginPermissions(pluginPermissions);
    final Permissions permissions = new Permissions(ImmutableSet.of(restPermissions, plugin));
    assertThat(permissions.allPermissionsMap().get("foo")).containsOnly("bar", "baz");
    assertThat(permissions.allPermissionsMap().get("hello")).containsOnly("world");
}
Also used : Permission(org.graylog2.plugin.security.Permission) PluginPermissions(org.graylog2.plugin.security.PluginPermissions) Test(org.junit.Test)

Example 9 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class PermissionsTest method setUp.

@Before
public void setUp() throws Exception {
    restPermissions = new RestPermissions();
    permissions = new Permissions(ImmutableSet.of(restPermissions));
}
Also used : PluginPermissions(org.graylog2.plugin.security.PluginPermissions) Before(org.junit.Before)

Example 10 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UserImplTest method getPermissionsReturnsListOfPermissions.

@Test
public void getPermissionsReturnsListOfPermissions() throws Exception {
    final Permissions permissions = new Permissions(Collections.emptySet());
    final List<String> customPermissions = Collections.singletonList("subject:action");
    final Map<String, Object> fields = ImmutableMap.of(UserImpl.USERNAME, "foobar", UserImpl.PERMISSIONS, customPermissions);
    user = new UserImpl(passwordAlgorithmFactory, permissions, fields);
    assertThat(user.getPermissions()).containsAll(permissions.userSelfEditPermissions("foobar")).contains("subject:action");
}
Also used : Permissions(org.graylog2.shared.security.Permissions) Test(org.junit.Test)

Aggregations

User (org.graylog2.plugin.database.users.User)9 ApiOperation (io.swagger.annotations.ApiOperation)7 Permissions (org.graylog2.shared.security.Permissions)7 ApiResponses (io.swagger.annotations.ApiResponses)6 Test (org.junit.Test)6 Path (javax.ws.rs.Path)5 NotFoundException (javax.ws.rs.NotFoundException)4 AuditEvent (org.graylog2.audit.jersey.AuditEvent)4 Role (org.graylog2.shared.users.Role)4 GET (javax.ws.rs.GET)3 RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3 Lists (com.google.common.collect.Lists)2 Sets (com.google.common.collect.Sets)2 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2 URI (java.net.URI)2 List (java.util.List)2 Set (java.util.Set)2 Inject (javax.inject.Inject)2 BadRequestException (javax.ws.rs.BadRequestException)2 POST (javax.ws.rs.POST)2