Search in sources :

Example 1 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerController method toEntityTypePermissions.

private Permissions toEntityTypePermissions(List<EntityType> entityTypes, Map<ObjectIdentity, Acl> aclMap, Sid sid) {
    Permissions permissions = new Permissions();
    // set permissions: entity ids
    Map<String, String> entityTypeMap = entityTypes.stream().collect(toMap(EntityType::getId, EntityType::getId, (u, v) -> {
        throw new IllegalStateException(format("Duplicate key %s", u));
    }, LinkedHashMap::new));
    permissions.setEntityIds(entityTypeMap);
    return toEntityTypePermissions(aclMap, sid, permissions);
}
Also used : PluginController(org.molgenis.web.PluginController) java.util(java.util) EntityTypeMetadata(org.molgenis.data.meta.model.EntityTypeMetadata) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) WebRequest(org.springframework.web.context.request.WebRequest) LoggerFactory(org.slf4j.LoggerFactory) PackageMetadata(org.molgenis.data.meta.model.PackageMetadata) Controller(org.springframework.stereotype.Controller) Collections.singletonList(java.util.Collections.singletonList) Valid(javax.validation.Valid) User(org.molgenis.data.security.auth.User) Model(org.springframework.ui.Model) Lists(com.google.common.collect.Lists) ANONYMOUS_USERNAME(org.molgenis.security.core.utils.SecurityUtils.ANONYMOUS_USERNAME) Collectors.toMap(java.util.stream.Collectors.toMap) USER(org.molgenis.data.security.auth.UserMetaData.USER) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Objects.requireNonNull(java.util.Objects.requireNonNull) PluginIdentity(org.molgenis.data.plugin.model.PluginIdentity) SystemEntityTypeRegistry(org.molgenis.data.meta.system.SystemEntityTypeRegistry) org.springframework.security.acls.model(org.springframework.security.acls.model) Comparator.comparing(java.util.Comparator.comparing) URI(org.molgenis.core.ui.admin.permission.PermissionManagerController.URI) SidUtils(org.molgenis.security.acl.SidUtils) Logger(org.slf4j.Logger) USERNAME(org.molgenis.data.security.auth.UserMetaData.USERNAME) org.molgenis.data.security(org.molgenis.data.security) SidUtils.createAnonymousSid(org.molgenis.security.acl.SidUtils.createAnonymousSid) EntityType(org.molgenis.data.meta.model.EntityType) Collectors(java.util.stream.Collectors) MutableAclClassService(org.molgenis.security.acl.MutableAclClassService) String.format(java.lang.String.format) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) HttpStatus(org.springframework.http.HttpStatus) Collectors.toList(java.util.stream.Collectors.toList) Stream(java.util.stream.Stream) GROUP(org.molgenis.data.security.auth.GroupMetaData.GROUP) org.springframework.web.bind.annotation(org.springframework.web.bind.annotation) DataService(org.molgenis.data.DataService) Package(org.molgenis.data.meta.model.Package) Group(org.molgenis.data.security.auth.Group) PLUGIN(org.molgenis.data.plugin.model.PluginMetadata.PLUGIN) Permissions(org.molgenis.security.permission.Permissions) Plugin(org.molgenis.data.plugin.model.Plugin) Transactional(org.springframework.transaction.annotation.Transactional) Permissions(org.molgenis.security.permission.Permissions)

Example 2 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetUserPluginPermissions.

@Test
public void testGetUserPluginPermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(userSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(pluginIdentity1, acl1);
    acls.put(pluginIdentity2, acl2);
    when(mutableAclService.readAclsById(Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(userSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(pluginPermissionRead);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission = new org.molgenis.security.permission.Permission();
    permission.setType("read");
    expected.setUserId("Ipsum");
    expected.addUserPermission(plugin1.getId(), permission);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getUserPluginPermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Example 3 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetGroupEntityTypePermissions.

@Test
public void testGetGroupEntityTypePermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    MutableAcl acl3 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    AccessControlEntry ace2 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(groupSid);
    when(ace2.getSid()).thenReturn(groupSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
    when(acl3.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(entityIdentity1, acl1);
    acls.put(entityIdentity2, acl2);
    acls.put(entityIdentity3, acl3);
    when(mutableAclService.readAclsById(Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3), singletonList(groupSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(cumulativeEntityPermissionWrite);
    when(ace2.getPermission()).thenReturn(cumulativeEntityPermissionRead);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission1 = new org.molgenis.security.permission.Permission();
    permission1.setType("write");
    org.molgenis.security.permission.Permission permission2 = new org.molgenis.security.permission.Permission();
    permission2.setType("read");
    expected.setGroupId("1");
    expected.addGroupPermission(entityType1.getId(), permission1);
    expected.addGroupPermission(entityType2.getId(), permission2);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    ids.put("3", "3");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getGroupEntityClassPermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Example 4 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetUserEntityClassPermissions.

@Test
public void testGetUserEntityClassPermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    MutableAcl acl3 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    AccessControlEntry ace2 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(userSid);
    when(ace2.getSid()).thenReturn(userSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
    when(acl3.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(entityIdentity1, acl1);
    acls.put(entityIdentity2, acl2);
    acls.put(entityIdentity3, acl3);
    when(mutableAclService.readAclsById(Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3), singletonList(userSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(cumulativeEntityPermissionWritemeta);
    when(ace2.getPermission()).thenReturn(cumulativeEntityPermissionCount);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission1 = new org.molgenis.security.permission.Permission();
    permission1.setType("writemeta");
    org.molgenis.security.permission.Permission permission2 = new org.molgenis.security.permission.Permission();
    permission2.setType("count");
    expected.setUserId("Ipsum");
    expected.addUserPermission(entityType1.getId(), permission1);
    expected.addUserPermission(entityType2.getId(), permission2);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    ids.put("3", "3");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getUserEntityClassPermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Example 5 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetGroupPluginPermissions.

@Test
public void testGetGroupPluginPermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(groupSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(pluginIdentity1, acl1);
    acls.put(pluginIdentity2, acl2);
    when(mutableAclService.readAclsById(Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(groupSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(pluginPermissionRead);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission = new org.molgenis.security.permission.Permission();
    permission.setType("read");
    expected.setGroupId("1");
    expected.addGroupPermission(entityType1.getId(), permission);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getGroupPluginPermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Aggregations

PluginPermission (org.molgenis.data.plugin.model.PluginPermission)9 Permissions (org.molgenis.security.permission.Permissions)9 HashMap (java.util.HashMap)6 EntityTypePermission (org.molgenis.data.security.EntityTypePermission)6 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)6 Test (org.testng.annotations.Test)6 Lists (com.google.common.collect.Lists)3 String.format (java.lang.String.format)3 java.util (java.util)3 Collections.singletonList (java.util.Collections.singletonList)3 Comparator.comparing (java.util.Comparator.comparing)3 Objects.requireNonNull (java.util.Objects.requireNonNull)3 Collectors (java.util.stream.Collectors)3 Collectors.toList (java.util.stream.Collectors.toList)3 Collectors.toMap (java.util.stream.Collectors.toMap)3 Stream (java.util.stream.Stream)3 Valid (javax.validation.Valid)3 URI (org.molgenis.core.ui.admin.permission.PermissionManagerController.URI)3 DataService (org.molgenis.data.DataService)3 EntityType (org.molgenis.data.meta.model.EntityType)3