use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.
the class PermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetTypeString, Object permissionObject) {
Preconditions.checkArgument(null != permissionObject, "the permission is not provided");
Permission permission = toPermission(permissionObject);
TargetType targetType = Optional.ofNullable(targetTypeString).map(StringUtils::trimToNull).map(TargetType::valueOf).orElse(null);
ObjectContext context = serverRuntime.newContext();
if (userAuthorizationService.check(context, Optional.ofNullable(authentication).filter(a -> a instanceof UserAuthentication).filter(Authentication::isAuthenticated).map(a -> (ObjectId) authentication.getPrincipal()).map(userOid -> User.getByObjectId(context, userOid)).orElse(null), targetType, Optional.ofNullable(targetId).map(Object::toString).orElse(null), permission)) {
return true;
}
if (null != targetId && targetType == TargetType.REPOSITORY && permission == Permission.REPOSITORY_IMPORT && Repository.tryGetByCode(context, targetId.toString()).filter(r -> checkRepositoryImport(authentication, r)).isPresent()) {
return true;
}
return false;
}
use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.
the class PermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permissionObject) {
Preconditions.checkArgument(null != permissionObject, "the permission is not provided");
ObjectContext context = serverRuntime.newContext();
Permission permission = toPermission(permissionObject);
if (userAuthorizationService.check(context, Optional.ofNullable(authentication).filter(a -> a instanceof UserAuthentication).filter(Authentication::isAuthenticated).map(a -> (ObjectId) authentication.getPrincipal()).map(userOid -> User.getByObjectId(context, userOid)).orElse(null), (DataObject) targetDomainObject, permission)) {
return true;
}
if (permission == Permission.REPOSITORY_IMPORT && targetDomainObject instanceof Repository && Optional.of(targetDomainObject).map(po -> (Repository) po).filter(r -> checkRepositoryImport(authentication, r)).isPresent()) {
return true;
}
return false;
}
use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.
the class AuthorizationApiIT method checkAuthorizationRequest_asUserWithRule.
/**
* <P>With a user-pkg rule in place we should see this authorization come through in a check
* for that permission against the package being true.</P>
*/
@Test
public void checkAuthorizationRequest_asUserWithRule() {
integrationTestSupportService.createStandardTestData();
{
ObjectContext context = serverRuntime.newContext();
User user1 = integrationTestSupportService.createBasicUser(context, "testuser1", "fakepassword");
integrationTestSupportService.agreeToUserUsageConditions(context, user1);
Pkg pkg1 = Pkg.tryGetByName(context, "pkg1").get();
org.haiku.haikudepotserver.dataobjects.Permission permission = org.haiku.haikudepotserver.dataobjects.Permission.getByCode(context, Permission.PKG_EDITICON.name().toLowerCase()).get();
PermissionUserPkg pup_u1p1 = context.newObject(PermissionUserPkg.class);
pup_u1p1.setPkg(pkg1);
pup_u1p1.setUser(user1);
pup_u1p1.setPermission(permission);
context.commitChanges();
}
CheckAuthorizationRequest request = new CheckAuthorizationRequest();
request.targetAndPermissions = new ArrayList<>();
request.targetAndPermissions.add(new CheckAuthorizationRequest.AuthorizationTargetAndPermission(AuthorizationTargetType.PKG, "pkg1", Permission.PKG_EDITICON.name()));
setAuthenticatedUser("testuser1");
// ------------------------------------
CheckAuthorizationResult result = authorizationApi.checkAuthorization(request);
// ------------------------------------
Assertions.assertThat(result.targetAndPermissions.size()).isEqualTo(1);
Assertions.assertThat(result.targetAndPermissions.get(0).authorized).isTrue();
}
Aggregations