Search in sources :

Example 6 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetGroupPackagePermissions.

@Test
public void testGetGroupPackagePermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    MutableAcl acl3 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    AccessControlEntry ace2 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(groupSid);
    when(ace2.getSid()).thenReturn(groupSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
    when(acl3.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(packageIdentity1, acl1);
    acls.put(packageIdentity2, acl2);
    acls.put(packageIdentity3, acl3);
    when(mutableAclService.readAclsById(Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3), singletonList(groupSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(cumulativeEntityPermissionWrite);
    when(ace2.getPermission()).thenReturn(cumulativeEntityPermissionRead);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission1 = new org.molgenis.security.permission.Permission();
    permission1.setType("write");
    org.molgenis.security.permission.Permission permission2 = new org.molgenis.security.permission.Permission();
    permission2.setType("read");
    expected.setGroupId("1");
    expected.addGroupPermission(package1.getId(), permission1);
    expected.addGroupPermission(package2.getId(), permission2);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    ids.put("3", "3");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getGroupPackagePermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Example 7 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerControllerTest method testGetUserPackagePermissions.

@Test
public void testGetUserPackagePermissions() {
    MutableAcl acl1 = mock(MutableAcl.class);
    MutableAcl acl2 = mock(MutableAcl.class);
    MutableAcl acl3 = mock(MutableAcl.class);
    AccessControlEntry ace1 = mock(AccessControlEntry.class);
    AccessControlEntry ace2 = mock(AccessControlEntry.class);
    when(ace1.getSid()).thenReturn(userSid);
    when(ace2.getSid()).thenReturn(userSid);
    when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
    when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
    when(acl3.getEntries()).thenReturn(Collections.emptyList());
    Map<ObjectIdentity, Acl> acls = new HashMap<>();
    acls.put(packageIdentity1, acl1);
    acls.put(packageIdentity2, acl2);
    acls.put(packageIdentity3, acl3);
    when(mutableAclService.readAclsById(Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3), singletonList(userSid))).thenReturn(acls);
    when(ace1.getPermission()).thenReturn(cumulativeEntityPermissionWritemeta);
    when(ace2.getPermission()).thenReturn(cumulativeEntityPermissionCount);
    Permissions expected = new Permissions();
    org.molgenis.security.permission.Permission permission1 = new org.molgenis.security.permission.Permission();
    permission1.setType("writemeta");
    org.molgenis.security.permission.Permission permission2 = new org.molgenis.security.permission.Permission();
    permission2.setType("count");
    expected.setUserId("Ipsum");
    expected.addUserPermission(package1.getId(), permission1);
    expected.addUserPermission(package2.getId(), permission2);
    Map<String, String> ids = new HashMap<>();
    ids.put("1", "1");
    ids.put("2", "2");
    ids.put("3", "3");
    expected.setEntityIds(ids);
    assertEquals(permissionManagerController.getUserPackagePermissions("1"), expected);
}
Also used : HashMap(java.util.HashMap) Permissions(org.molgenis.security.permission.Permissions) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) EntityTypePermission(org.molgenis.data.security.EntityTypePermission) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Test(org.testng.annotations.Test)

Example 8 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerController method toPluginPermissions.

private Permissions toPluginPermissions(List<Plugin> plugins, Map<ObjectIdentity, Acl> aclMap, Sid sid) {
    Permissions permissions = new Permissions();
    // set permissions: entity ids
    Map<String, String> pluginMap = plugins.stream().collect(toMap(Plugin::getId, Plugin::getId, (u, v) -> {
        throw new IllegalStateException(format("Duplicate key %s", u));
    }, LinkedHashMap::new));
    permissions.setEntityIds(pluginMap);
    // set permissions: user of group id
    boolean isUser = setUserOrGroup(sid, permissions);
    // set permissions: permissions
    aclMap.forEach((objectIdentity, acl) -> {
        String pluginId = objectIdentity.getIdentifier().toString();
        acl.getEntries().forEach(ace -> {
            if (ace.getSid().equals(sid)) {
                org.molgenis.security.permission.Permission pluginPermission = toPluginPermission(ace);
                if (isUser) {
                    permissions.addUserPermission(pluginId, pluginPermission);
                } else {
                    permissions.addGroupPermission(pluginId, pluginPermission);
                }
            }
        });
    });
    return permissions;
}
Also used : PluginController(org.molgenis.web.PluginController) java.util(java.util) EntityTypeMetadata(org.molgenis.data.meta.model.EntityTypeMetadata) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) WebRequest(org.springframework.web.context.request.WebRequest) LoggerFactory(org.slf4j.LoggerFactory) PackageMetadata(org.molgenis.data.meta.model.PackageMetadata) Controller(org.springframework.stereotype.Controller) Collections.singletonList(java.util.Collections.singletonList) Valid(javax.validation.Valid) User(org.molgenis.data.security.auth.User) Model(org.springframework.ui.Model) Lists(com.google.common.collect.Lists) ANONYMOUS_USERNAME(org.molgenis.security.core.utils.SecurityUtils.ANONYMOUS_USERNAME) Collectors.toMap(java.util.stream.Collectors.toMap) USER(org.molgenis.data.security.auth.UserMetaData.USER) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Objects.requireNonNull(java.util.Objects.requireNonNull) PluginIdentity(org.molgenis.data.plugin.model.PluginIdentity) SystemEntityTypeRegistry(org.molgenis.data.meta.system.SystemEntityTypeRegistry) org.springframework.security.acls.model(org.springframework.security.acls.model) Comparator.comparing(java.util.Comparator.comparing) URI(org.molgenis.core.ui.admin.permission.PermissionManagerController.URI) SidUtils(org.molgenis.security.acl.SidUtils) Logger(org.slf4j.Logger) USERNAME(org.molgenis.data.security.auth.UserMetaData.USERNAME) org.molgenis.data.security(org.molgenis.data.security) SidUtils.createAnonymousSid(org.molgenis.security.acl.SidUtils.createAnonymousSid) EntityType(org.molgenis.data.meta.model.EntityType) Collectors(java.util.stream.Collectors) MutableAclClassService(org.molgenis.security.acl.MutableAclClassService) String.format(java.lang.String.format) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) HttpStatus(org.springframework.http.HttpStatus) Collectors.toList(java.util.stream.Collectors.toList) Stream(java.util.stream.Stream) GROUP(org.molgenis.data.security.auth.GroupMetaData.GROUP) org.springframework.web.bind.annotation(org.springframework.web.bind.annotation) DataService(org.molgenis.data.DataService) Package(org.molgenis.data.meta.model.Package) Group(org.molgenis.data.security.auth.Group) PLUGIN(org.molgenis.data.plugin.model.PluginMetadata.PLUGIN) Permissions(org.molgenis.security.permission.Permissions) Plugin(org.molgenis.data.plugin.model.Plugin) Transactional(org.springframework.transaction.annotation.Transactional) Permissions(org.molgenis.security.permission.Permissions)

Example 9 with Permissions

use of org.molgenis.security.permission.Permissions in project molgenis by molgenis.

the class PermissionManagerController method toPackagePermissions.

private Permissions toPackagePermissions(List<Package> packages, Map<ObjectIdentity, Acl> aclMap, Sid sid) {
    Permissions permissions = new Permissions();
    // set permissions: entity ids
    Map<String, String> entityTypeMap = packages.stream().collect(toMap(Package::getId, Package::getId, (u, v) -> {
        throw new IllegalStateException(format("Duplicate key %s", u));
    }, LinkedHashMap::new));
    permissions.setEntityIds(entityTypeMap);
    return toEntityTypePermissions(aclMap, sid, permissions);
}
Also used : PluginController(org.molgenis.web.PluginController) java.util(java.util) EntityTypeMetadata(org.molgenis.data.meta.model.EntityTypeMetadata) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) WebRequest(org.springframework.web.context.request.WebRequest) LoggerFactory(org.slf4j.LoggerFactory) PackageMetadata(org.molgenis.data.meta.model.PackageMetadata) Controller(org.springframework.stereotype.Controller) Collections.singletonList(java.util.Collections.singletonList) Valid(javax.validation.Valid) User(org.molgenis.data.security.auth.User) Model(org.springframework.ui.Model) Lists(com.google.common.collect.Lists) ANONYMOUS_USERNAME(org.molgenis.security.core.utils.SecurityUtils.ANONYMOUS_USERNAME) Collectors.toMap(java.util.stream.Collectors.toMap) USER(org.molgenis.data.security.auth.UserMetaData.USER) PluginPermission(org.molgenis.data.plugin.model.PluginPermission) Objects.requireNonNull(java.util.Objects.requireNonNull) PluginIdentity(org.molgenis.data.plugin.model.PluginIdentity) SystemEntityTypeRegistry(org.molgenis.data.meta.system.SystemEntityTypeRegistry) org.springframework.security.acls.model(org.springframework.security.acls.model) Comparator.comparing(java.util.Comparator.comparing) URI(org.molgenis.core.ui.admin.permission.PermissionManagerController.URI) SidUtils(org.molgenis.security.acl.SidUtils) Logger(org.slf4j.Logger) USERNAME(org.molgenis.data.security.auth.UserMetaData.USERNAME) org.molgenis.data.security(org.molgenis.data.security) SidUtils.createAnonymousSid(org.molgenis.security.acl.SidUtils.createAnonymousSid) EntityType(org.molgenis.data.meta.model.EntityType) Collectors(java.util.stream.Collectors) MutableAclClassService(org.molgenis.security.acl.MutableAclClassService) String.format(java.lang.String.format) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) HttpStatus(org.springframework.http.HttpStatus) Collectors.toList(java.util.stream.Collectors.toList) Stream(java.util.stream.Stream) GROUP(org.molgenis.data.security.auth.GroupMetaData.GROUP) org.springframework.web.bind.annotation(org.springframework.web.bind.annotation) DataService(org.molgenis.data.DataService) Package(org.molgenis.data.meta.model.Package) Group(org.molgenis.data.security.auth.Group) PLUGIN(org.molgenis.data.plugin.model.PluginMetadata.PLUGIN) Permissions(org.molgenis.security.permission.Permissions) Plugin(org.molgenis.data.plugin.model.Plugin) Transactional(org.springframework.transaction.annotation.Transactional) Permissions(org.molgenis.security.permission.Permissions)

Aggregations

PluginPermission (org.molgenis.data.plugin.model.PluginPermission)9 Permissions (org.molgenis.security.permission.Permissions)9 HashMap (java.util.HashMap)6 EntityTypePermission (org.molgenis.data.security.EntityTypePermission)6 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)6 Test (org.testng.annotations.Test)6 Lists (com.google.common.collect.Lists)3 String.format (java.lang.String.format)3 java.util (java.util)3 Collections.singletonList (java.util.Collections.singletonList)3 Comparator.comparing (java.util.Comparator.comparing)3 Objects.requireNonNull (java.util.Objects.requireNonNull)3 Collectors (java.util.stream.Collectors)3 Collectors.toList (java.util.stream.Collectors.toList)3 Collectors.toMap (java.util.stream.Collectors.toMap)3 Stream (java.util.stream.Stream)3 Valid (javax.validation.Valid)3 URI (org.molgenis.core.ui.admin.permission.PermissionManagerController.URI)3 DataService (org.molgenis.data.DataService)3 EntityType (org.molgenis.data.meta.model.EntityType)3