Search in sources :

Example 1 with Permission

use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.

the class PermissionEvaluator method hasPermission.

@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetTypeString, Object permissionObject) {
    Preconditions.checkArgument(null != permissionObject, "the permission is not provided");
    Permission permission = toPermission(permissionObject);
    TargetType targetType = Optional.ofNullable(targetTypeString).map(StringUtils::trimToNull).map(TargetType::valueOf).orElse(null);
    ObjectContext context = serverRuntime.newContext();
    if (userAuthorizationService.check(context, Optional.ofNullable(authentication).filter(a -> a instanceof UserAuthentication).filter(Authentication::isAuthenticated).map(a -> (ObjectId) authentication.getPrincipal()).map(userOid -> User.getByObjectId(context, userOid)).orElse(null), targetType, Optional.ofNullable(targetId).map(Object::toString).orElse(null), permission)) {
        return true;
    }
    if (null != targetId && targetType == TargetType.REPOSITORY && permission == Permission.REPOSITORY_IMPORT && Repository.tryGetByCode(context, targetId.toString()).filter(r -> checkRepositoryImport(authentication, r)).isPresent()) {
        return true;
    }
    return false;
}
Also used : ObjectContext(org.apache.cayenne.ObjectContext) Permission(org.haiku.haikudepotserver.security.model.Permission) TargetType(org.haiku.haikudepotserver.security.model.TargetType) Logger(org.slf4j.Logger) LoggerFactory(org.slf4j.LoggerFactory) StringUtils(org.apache.commons.lang3.StringUtils) Serializable(java.io.Serializable) Component(org.springframework.stereotype.Component) ObjectId(org.apache.cayenne.ObjectId) Repository(org.haiku.haikudepotserver.dataobjects.Repository) Optional(java.util.Optional) Preconditions(com.google.common.base.Preconditions) User(org.haiku.haikudepotserver.dataobjects.User) DataObject(org.apache.cayenne.DataObject) Authentication(org.springframework.security.core.Authentication) ServerRuntime(org.apache.cayenne.configuration.server.ServerRuntime) UserAuthorizationService(org.haiku.haikudepotserver.security.model.UserAuthorizationService) ObjectId(org.apache.cayenne.ObjectId) StringUtils(org.apache.commons.lang3.StringUtils) Authentication(org.springframework.security.core.Authentication) Permission(org.haiku.haikudepotserver.security.model.Permission) TargetType(org.haiku.haikudepotserver.security.model.TargetType) DataObject(org.apache.cayenne.DataObject) ObjectContext(org.apache.cayenne.ObjectContext)

Example 2 with Permission

use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.

the class PermissionEvaluator method hasPermission.

@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permissionObject) {
    Preconditions.checkArgument(null != permissionObject, "the permission is not provided");
    ObjectContext context = serverRuntime.newContext();
    Permission permission = toPermission(permissionObject);
    if (userAuthorizationService.check(context, Optional.ofNullable(authentication).filter(a -> a instanceof UserAuthentication).filter(Authentication::isAuthenticated).map(a -> (ObjectId) authentication.getPrincipal()).map(userOid -> User.getByObjectId(context, userOid)).orElse(null), (DataObject) targetDomainObject, permission)) {
        return true;
    }
    if (permission == Permission.REPOSITORY_IMPORT && targetDomainObject instanceof Repository && Optional.of(targetDomainObject).map(po -> (Repository) po).filter(r -> checkRepositoryImport(authentication, r)).isPresent()) {
        return true;
    }
    return false;
}
Also used : ObjectContext(org.apache.cayenne.ObjectContext) Permission(org.haiku.haikudepotserver.security.model.Permission) TargetType(org.haiku.haikudepotserver.security.model.TargetType) Logger(org.slf4j.Logger) LoggerFactory(org.slf4j.LoggerFactory) StringUtils(org.apache.commons.lang3.StringUtils) Serializable(java.io.Serializable) Component(org.springframework.stereotype.Component) ObjectId(org.apache.cayenne.ObjectId) Repository(org.haiku.haikudepotserver.dataobjects.Repository) Optional(java.util.Optional) Preconditions(com.google.common.base.Preconditions) User(org.haiku.haikudepotserver.dataobjects.User) DataObject(org.apache.cayenne.DataObject) Authentication(org.springframework.security.core.Authentication) ServerRuntime(org.apache.cayenne.configuration.server.ServerRuntime) UserAuthorizationService(org.haiku.haikudepotserver.security.model.UserAuthorizationService) Repository(org.haiku.haikudepotserver.dataobjects.Repository) ObjectId(org.apache.cayenne.ObjectId) Authentication(org.springframework.security.core.Authentication) Permission(org.haiku.haikudepotserver.security.model.Permission) ObjectContext(org.apache.cayenne.ObjectContext)

Example 3 with Permission

use of org.haiku.haikudepotserver.security.model.Permission in project haikudepotserver by haiku.

the class AuthorizationApiIT method checkAuthorizationRequest_asUserWithRule.

/**
 * <P>With a user-pkg rule in place we should see this authorization come through in a check
 * for that permission against the package being true.</P>
 */
@Test
public void checkAuthorizationRequest_asUserWithRule() {
    integrationTestSupportService.createStandardTestData();
    {
        ObjectContext context = serverRuntime.newContext();
        User user1 = integrationTestSupportService.createBasicUser(context, "testuser1", "fakepassword");
        integrationTestSupportService.agreeToUserUsageConditions(context, user1);
        Pkg pkg1 = Pkg.tryGetByName(context, "pkg1").get();
        org.haiku.haikudepotserver.dataobjects.Permission permission = org.haiku.haikudepotserver.dataobjects.Permission.getByCode(context, Permission.PKG_EDITICON.name().toLowerCase()).get();
        PermissionUserPkg pup_u1p1 = context.newObject(PermissionUserPkg.class);
        pup_u1p1.setPkg(pkg1);
        pup_u1p1.setUser(user1);
        pup_u1p1.setPermission(permission);
        context.commitChanges();
    }
    CheckAuthorizationRequest request = new CheckAuthorizationRequest();
    request.targetAndPermissions = new ArrayList<>();
    request.targetAndPermissions.add(new CheckAuthorizationRequest.AuthorizationTargetAndPermission(AuthorizationTargetType.PKG, "pkg1", Permission.PKG_EDITICON.name()));
    setAuthenticatedUser("testuser1");
    // ------------------------------------
    CheckAuthorizationResult result = authorizationApi.checkAuthorization(request);
    // ------------------------------------
    Assertions.assertThat(result.targetAndPermissions.size()).isEqualTo(1);
    Assertions.assertThat(result.targetAndPermissions.get(0).authorized).isTrue();
}
Also used : User(org.haiku.haikudepotserver.dataobjects.User) Permission(org.haiku.haikudepotserver.security.model.Permission) CheckAuthorizationResult(org.haiku.haikudepotserver.api1.model.authorization.CheckAuthorizationResult) ObjectContext(org.apache.cayenne.ObjectContext) CheckAuthorizationRequest(org.haiku.haikudepotserver.api1.model.authorization.CheckAuthorizationRequest) Pkg(org.haiku.haikudepotserver.dataobjects.Pkg) PermissionUserPkg(org.haiku.haikudepotserver.dataobjects.PermissionUserPkg) PermissionUserPkg(org.haiku.haikudepotserver.dataobjects.PermissionUserPkg) AbstractIntegrationTest(org.haiku.haikudepotserver.AbstractIntegrationTest) Test(org.junit.jupiter.api.Test)

Aggregations

ObjectContext (org.apache.cayenne.ObjectContext)3 User (org.haiku.haikudepotserver.dataobjects.User)3 Permission (org.haiku.haikudepotserver.security.model.Permission)3 Preconditions (com.google.common.base.Preconditions)2 Serializable (java.io.Serializable)2 Optional (java.util.Optional)2 DataObject (org.apache.cayenne.DataObject)2 ObjectId (org.apache.cayenne.ObjectId)2 ServerRuntime (org.apache.cayenne.configuration.server.ServerRuntime)2 StringUtils (org.apache.commons.lang3.StringUtils)2 Repository (org.haiku.haikudepotserver.dataobjects.Repository)2 TargetType (org.haiku.haikudepotserver.security.model.TargetType)2 UserAuthorizationService (org.haiku.haikudepotserver.security.model.UserAuthorizationService)2 Logger (org.slf4j.Logger)2 LoggerFactory (org.slf4j.LoggerFactory)2 Authentication (org.springframework.security.core.Authentication)2 Component (org.springframework.stereotype.Component)2 AbstractIntegrationTest (org.haiku.haikudepotserver.AbstractIntegrationTest)1 CheckAuthorizationRequest (org.haiku.haikudepotserver.api1.model.authorization.CheckAuthorizationRequest)1 CheckAuthorizationResult (org.haiku.haikudepotserver.api1.model.authorization.CheckAuthorizationResult)1