Examples with Permissions org.graylog2.shared.security.Permissions used on opensource projects

Search in sources :

Example 11 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UserImplTest method permissionsArentModified.

@Test
public void permissionsArentModified() {
    final Permissions permissions = new Permissions(Collections.emptySet());
    final Map<String, Object> fields = Collections.singletonMap(UserImpl.USERNAME, "foobar");
    user = new UserImpl(passwordAlgorithmFactory, permissions, fields);
    final List<String> newPermissions = ImmutableList.<String>builder().addAll(user.getPermissions()).add("perm:1").build();
    user.setPermissions(newPermissions);
}
Also used : Permissions(org.graylog2.shared.security.Permissions) Test(org.junit.Test)

Example 12 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UserImplTest method getPermissionsWorksWithEmptyPermissions.

@Test
public void getPermissionsWorksWithEmptyPermissions() throws Exception {
    final Permissions permissions = new Permissions(Collections.emptySet());
    final Map<String, Object> fields = Collections.singletonMap(UserImpl.USERNAME, "foobar");
    user = new UserImpl(passwordAlgorithmFactory, permissions, fields);
    assertThat(user.getPermissions()).containsAll(permissions.userSelfEditPermissions("foobar"));
}
Also used : Permissions(org.graylog2.shared.security.Permissions) Test(org.junit.Test)

Example 13 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UserServiceImplTest method setUp.

@Before
public void setUp() throws Exception {
    this.mongoConnection = mongoRule.getMongoConnection();
    this.configuration = new Configuration();
    this.userFactory = new UserImplFactory(configuration);
    this.permissions = new Permissions(ImmutableSet.of(new RestPermissions()));
    this.userService = new UserServiceImpl(mongoConnection, configuration, roleService, userFactory, permissionsResolver);
    when(roleService.getAdminRoleObjectId()).thenReturn("deadbeef");
}
Also used : RestPermissions(org.graylog2.shared.security.RestPermissions) Configuration(org.graylog2.Configuration) RestPermissions(org.graylog2.shared.security.RestPermissions) Permissions(org.graylog2.shared.security.Permissions) Before(org.junit.Before)

Example 14 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UsersResource method create.

@POST
@RequiresPermissions(RestPermissions.USERS_CREATE)
@ApiOperation("Create a new user account.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid user details.") })
@AuditEvent(type = AuditEventTypes.USER_CREATE)
public Response create(@ApiParam(name = "JSON body", value = "Must contain username, full_name, email, password and a list of permissions.", required = true) @Valid @NotNull CreateUserRequest cr) throws ValidationException {
    if (userService.load(cr.username()) != null) {
        final String msg = "Cannot create user " + cr.username() + ". Username is already taken.";
        LOG.error(msg);
        throw new BadRequestException(msg);
    }
    // Create user.
    User user = userService.create();
    user.setName(cr.username());
    user.setPassword(cr.password());
    user.setFullName(cr.fullName());
    user.setEmail(cr.email());
    user.setPermissions(cr.permissions());
    setUserRoles(cr.roles(), user);
    if (cr.timezone() != null) {
        user.setTimeZone(cr.timezone());
    }
    final Long sessionTimeoutMs = cr.sessionTimeoutMs();
    if (sessionTimeoutMs != null) {
        user.setSessionTimeoutMs(sessionTimeoutMs);
    }
    final Startpage startpage = cr.startpage();
    if (startpage != null) {
        user.setStartpage(startpage.type(), startpage.id());
    }
    final String id = userService.save(user);
    LOG.debug("Saved user {} with id {}", user.getName(), id);
    final URI userUri = getUriBuilderToSelf().path(UsersResource.class).path("{username}").build(user.getName());
    return Response.created(userUri).build();
}
Also used : User(org.graylog2.plugin.database.users.User) Startpage(org.graylog2.rest.models.users.requests.Startpage) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) POST(javax.ws.rs.POST) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ApiResponses(io.swagger.annotations.ApiResponses)

Example 15 with Permissions

use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.

the class UsersResource method editPermissions.

@PUT
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Update a user's permission set.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid permission data.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_UPDATE)
public void editPermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The list of permissions to assign to the user.", required = true) @Valid @NotNull PermissionEditRequest permissionRequest) throws ValidationException {
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("Couldn't find user " + username);
    }
    user.setPermissions(getEffectiveUserPermissions(user, permissionRequest.permissions()));
    userService.save(user);
}
Also used : User(org.graylog2.plugin.database.users.User) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

User (org.graylog2.plugin.database.users.User)9 ApiOperation (io.swagger.annotations.ApiOperation)7 Permissions (org.graylog2.shared.security.Permissions)7 ApiResponses (io.swagger.annotations.ApiResponses)6 Test (org.junit.Test)6 Path (javax.ws.rs.Path)5 NotFoundException (javax.ws.rs.NotFoundException)4 AuditEvent (org.graylog2.audit.jersey.AuditEvent)4 Role (org.graylog2.shared.users.Role)4 GET (javax.ws.rs.GET)3 RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3 Lists (com.google.common.collect.Lists)2 Sets (com.google.common.collect.Sets)2 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2 URI (java.net.URI)2 List (java.util.List)2 Set (java.util.Set)2 Inject (javax.inject.Inject)2 BadRequestException (javax.ws.rs.BadRequestException)2 POST (javax.ws.rs.POST)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial