Examples with Role org.jboss.hal.config.Role used on opensource projects

Example 6 with Role

use of org.jboss.hal.config.Role in project console by hal.

the class ReadAuthentication method call.

@Override
public Completable call(FlowContext context) {
    logger.debug("Read authentication");
    ResourceAddress address = CORE_SERVICE_TEMPLATE.resolve(statementContext);
    Operation opAuthorization = new Operation.Builder(address, READ_CHILDREN_RESOURCES_OPERATION).param(CHILD_TYPE, ACCESS).param(INCLUDE_RUNTIME, true).param(RECURSIVE_DEPTH, 1).build();
    Operation opWhoami = new Operation.Builder(ResourceAddress.root(), WHOAMI).param(VERBOSE, true).build();
    return dispatcher.execute(new Composite(opAuthorization, opWhoami)).doOnSuccess((CompositeResult compositeResult) -> {
        ModelNode result = compositeResult.step(0).get(RESULT);
        if (result.hasDefined(AUTHORIZATION)) {
            result = result.get(AUTHORIZATION);
            // provider
            AccessControlProvider accessControlProvider = asEnumValue(result, PROVIDER, AccessControlProvider::valueOf, SIMPLE);
            environment.setAccessControlProvider(accessControlProvider);
            // standard roles
            if (result.hasDefined(STANDARD_ROLE_NAMES)) {
                result.get(STANDARD_ROLE_NAMES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
            }
            // scoped roles
            if (!environment.isStandalone()) {
                if (result.hasDefined(HOST_SCOPED_ROLE)) {
                    result.get(HOST_SCOPED_ROLE).asPropertyList().stream().map(property -> scopedRole(property, Role.Type.HOST, HOSTS)).forEach(role -> environment.getRoles().add(role));
                }
                if (result.hasDefined(SERVER_GROUP_SCOPED_ROLE)) {
                    result.get(SERVER_GROUP_SCOPED_ROLE).asPropertyList().stream().map(property -> scopedRole(property, Role.Type.SERVER_GROUP, SERVER_GROUPS)).forEach(role -> environment.getRoles().add(role));
                }
            }
        } else {
            logger.warn("Unable to read {} (insufficient rights?). Use :whoami values as fallback.", CORE_SERVICE_TEMPLATE.append("access=authorization"));
            ModelNode resultWhoami = compositeResult.step(1).get(RESULT);
            environment.setAccessControlProvider(RBAC);
            environment.getRoles().clear();
            if (resultWhoami.hasDefined(ROLES)) {
                resultWhoami.get(ROLES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
            } else if (resultWhoami.hasDefined(MAPPED_ROLES)) {
                resultWhoami.get(MAPPED_ROLES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
            }
        }
    }).onErrorResumeNext(throwable -> {
        if (throwable instanceof DispatchFailure) {
            logger.error("Unable to read {}. Use :whoami values as fallback.", CORE_SERVICE_TEMPLATE);
            return Single.just(new CompositeResult(new ModelNode()));
        } else {
            return Single.error(throwable);
        }
    }).toCompletable();
}

Example 7 with Role

use of org.jboss.hal.config.Role in project console by hal.

the class ReadEnvironment method call.

@Override
public Completable call(FlowContext context) {
    logger.debug("Read environment");
    Keycloak keycloak = keycloakHolder.getKeycloak();
    environment.setSingleSignOn(keycloak != null);
    if (keycloak != null) {
        logger.debug("Keycloak token: {}", keycloak.token);
    }
    List<Operation> ops = new ArrayList<>();
    ops.add(new Operation.Builder(ResourceAddress.root(), READ_RESOURCE_OPERATION).param(ATTRIBUTES_ONLY, true).param(INCLUDE_RUNTIME, true).build());
    ops.add(new Operation.Builder(ResourceAddress.root(), WHOAMI).param(VERBOSE, true).build());
    ops.add(new Operation.Builder(ResourceAddress.root(), READ_CHILDREN_RESOURCES_OPERATION).param(CHILD_TYPE, CORE_SERVICE).param(RECURSIVE, false).build());
    return dispatcher.execute(new Composite(ops)).doOnSuccess((CompositeResult result) -> {
        ModelNode node = result.step(0).get(RESULT);
        // operation mode
        OperationMode operationMode = asEnumValue(node, LAUNCH_TYPE, (name) -> OperationMode.valueOf(name), OperationMode.UNDEFINED);
        environment.setOperationMode(operationMode);
        logger.debug("Operation mode: {}", operationMode);
        // name and org
        if (node.get(NAME).isDefined()) {
            String name = node.get(NAME).asString();
            environment.setName(name);
        }
        String orgAttribute = environment.isStandalone() ? ORGANIZATION : DOMAIN_ORGANIZATION;
        if (node.get(orgAttribute).isDefined()) {
            String org = node.get(orgAttribute).asString();
            environment.setOrganization(org);
        }
        // server info
        environment.setInstanceInfo(node.get(PRODUCT_NAME).asString(), node.get(PRODUCT_VERSION).asString(), node.get(RELEASE_CODENAME).asString(), node.get(RELEASE_VERSION).asString());
        // management version
        Version version = ManagementModel.parseVersion(node);
        environment.setManagementVersion(version);
        logger.debug("Management model version: {}", version);
        if (environment.isStandalone()) {
            Server.STANDALONE.addServerAttributes(node);
        }
        // user info
        if (environment.isSingleSignOn()) {
            user.setName(keycloak.userProfile.username);
            // are not supported on the javascript side when run in the browser.
            if (keycloak.realmAccess != null && keycloak.realmAccess.roles != null) {
                for (int i = 0; i < keycloak.realmAccess.roles.length; i++) {
                    String role = keycloak.realmAccess.roles[i];
                    user.addRole(new Role(role));
                }
            }
        } else {
            ModelNode whoami = result.step(1).get(RESULT);
            String username = whoami.get("identity").get("username").asString();
            user.setName(username);
            if (whoami.hasDefined("mapped-roles")) {
                List<ModelNode> roles = whoami.get("mapped-roles").asList();
                for (ModelNode role : roles) {
                    String roleName = role.asString();
                    user.addRole(new Role(roleName));
                }
            }
        }
        user.setAuthenticated(true);
        logger.debug("User info: {} {}", user.getName(), user.getRoles());
        ModelNode step = result.step(2).get(RESULT);
        environment.setPatchingEnabled(!environment.isStandalone() || step.get(PATCHING).isDefined());
    }).toCompletable();
}

Example 8 with Role

use of org.jboss.hal.config.Role in project console by hal.

the class RoleColumn method editStandardRole.

// ------------------------------------------------------ modify roles
private void editStandardRole(Role role) {
    Metadata metadata = metadataRegistry.lookup(ROLE_MAPPING_TEMPLATE);
    Form<ModelNode> form = new ModelNodeForm.Builder<>(Ids.ROLE_MAPPING_FORM, metadata).unboundFormItem(new NameItem(), 0).include(INCLUDE_ALL).build();
    form.getFormItem(NAME).setEnabled(false);
    form.getFormItem(NAME).setRequired(false);
    ModelNode modelNode = new ModelNode();
    modelNode.get(INCLUDE_ALL).set(role.isIncludeAll());
    new ModifyResourceDialog(resources.messages().modifyResourceTitle(resources.constants().role()), form, (frm, changedValues) -> series(new FlowContext(progress.get()), new CheckRoleMapping(dispatcher, role), new AddRoleMapping(dispatcher, role, status -> status == 404), new ModifyIncludeAll(dispatcher, role, frm.getModel().get(INCLUDE_ALL).asBoolean())).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {

        @Override
        public void onSuccess(FlowContext context) {
            MessageEvent.fire(eventBus, Message.success(resources.messages().modifyResourceSuccess(resources.constants().role(), role.getName())));
            accessControl.reload(() -> {
                refresh(role.getId());
                eventBus.fireEvent(new RolesChangedEvent());
            });
        }
    })).show(modelNode);
    form.getFormItem(NAME).setValue(role.getName());
}

Example 9 with Role

use of org.jboss.hal.config.Role in project console by hal.

the class RoleColumn method removeScopedRole.

// ------------------------------------------------------ remove roles
private void removeScopedRole(Role role, String type) {
    List<Task<FlowContext>> tasks = new ArrayList<>();
    List<Assignment> assignments = accessControl.assignments().byRole(role).collect(toList());
    if (!assignments.isEmpty()) {
        tasks.add(new RemoveAssignments(dispatcher, assignments));
    }
    tasks.add(new CheckRoleMapping(dispatcher, role));
    tasks.add(new RemoveRoleMapping(dispatcher, role, status -> status == 200));
    tasks.add(new RemoveScopedRole(dispatcher, role));
    series(new FlowContext(progress.get()), tasks).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {

        @Override
        public void onSuccess(FlowContext context) {
            MessageEvent.fire(eventBus, Message.success(resources.messages().removeResourceSuccess(type, role.getName())));
            accessControl.reload(() -> {
                refresh(RefreshMode.CLEAR_SELECTION);
                eventBus.fireEvent(new RolesChangedEvent());
            });
        }
    });
}

Example 10 with Role

use of org.jboss.hal.config.Role in project console by hal.

the class RoleColumn method addScopedRole.

// ------------------------------------------------------ add roles
@SuppressWarnings("ConstantConditions")
private void addScopedRole(Role.Type type, String typeName, AddressTemplate template, AddressTemplate typeaheadTemplate, String formId, String scopeAttribute) {
    Metadata metadata = metadataRegistry.lookup(template);
    Form<ModelNode> form = new ModelNodeForm.Builder<>(formId, metadata).addOnly().unboundFormItem(new NameItem(), 0).unboundFormItem(new SwitchItem(INCLUDE_ALL, new LabelBuilder().label(INCLUDE_ALL)), 3, resources.messages().includeAllHelpText()).include(BASE_ROLE, scopeAttribute).customFormItem(BASE_ROLE, attributeDescription -> {
        SingleSelectBoxItem item = new SingleSelectBoxItem(BASE_ROLE, new LabelBuilder().label(BASE_ROLE), standardRoleNames, false);
        item.setRequired(true);
        return item;
    }).build();
    form.getFormItem(scopeAttribute).setRequired(true);
    form.getFormItem(scopeAttribute).registerSuggestHandler(new ReadChildrenAutoComplete(dispatcher, statementContext, typeaheadTemplate));
    form.attach();
    AddResourceDialog dialog = new AddResourceDialog(resources.messages().addResourceTitle(typeName), form, (name, model) -> {
        List<Task<FlowContext>> tasks = new ArrayList<>();
        tasks.add(new AddScopedRole(dispatcher, type, name, model));
        Boolean includeAll = form.<Boolean>getFormItem(INCLUDE_ALL).getValue();
        Role transientRole = new Role(name, null, type, null);
        // We only need the role name in the functions,
        // so it's ok to setup a transient role w/o the other attributes.
        tasks.add(new CheckRoleMapping(dispatcher, transientRole));
        tasks.add(new AddRoleMapping(dispatcher, transientRole, status -> status == 404));
        if (includeAll != null && includeAll) {
            tasks.add(new ModifyIncludeAll(dispatcher, transientRole, includeAll));
        }
        series(new FlowContext(progress.get()), tasks).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {

            @Override
            public void onSuccess(FlowContext context) {
                MessageEvent.fire(eventBus, Message.success(resources.messages().addResourceSuccess(typeName, name)));
                accessControl.reload(() -> {
                    refresh(Ids.role(name));
                    eventBus.fireEvent(new RolesChangedEvent());
                });
            }
        });
    });
    dialog.getForm().<String>getFormItem(NAME).addValidationHandler(createUniqueValidation());
    dialog.show();
}