Examples with MCRAccessRule org.mycore.access.mcrimpl.MCRAccessRule used on opensource projects

Example 1 with MCRAccessRule

use of org.mycore.access.mcrimpl.MCRAccessRule in project mycore by MyCoRe-Org.

the class MCRRestAPIUtil method checkRestAPIAccess.

/**
 * checks if the given REST API operation is allowed
 * @param request - the HTTP request
 * @param permission "read" or "write"
 * @param path - the REST API path, e.g. /v1/messages
 *
 * @throws MCRRestAPIException if access is restricted
 */
public static void checkRestAPIAccess(HttpServletRequest request, MCRRestAPIACLPermission permission, String path) throws MCRRestAPIException {
    // save the current user and set REST API user into session,
    // because ACL System can only validate the current user in session.
    MCRUserInformation oldUser = MCRSessionMgr.getCurrentSession().getUserInformation();
    try {
        String userID = MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(request);
        if (userID != null) {
            if (MCRSystemUserInformation.getGuestInstance().getUserID().equals(userID)) {
                MCRSessionMgr.getCurrentSession().setUserInformation(MCRSystemUserInformation.getGuestInstance());
            } else {
                MCRSessionMgr.getCurrentSession().setUserInformation(MCRUserManager.getUser(userID));
            }
        }
        MCRIPAddress theIP = new MCRIPAddress(MCRFrontendUtil.getRemoteAddr(request));
        String thePath = path.startsWith("/") ? path : "/" + path;
        boolean hasAPIAccess = ((MCRAccessControlSystem) MCRAccessControlSystem.instance()).checkAccess("restapi:/", permission.toString(), userID, theIP);
        if (hasAPIAccess) {
            MCRAccessRule rule = (MCRAccessRule) MCRAccessControlSystem.instance().getAccessRule("restapi:" + thePath, permission.toString());
            if (rule != null) {
                if (rule.checkAccess(userID, new Date(), theIP)) {
                    return;
                }
            } else {
                return;
            }
        }
    } catch (UnknownHostException e) {
    // ignore
    } finally {
        MCRSessionMgr.getCurrentSession().setUserInformation(oldUser);
    }
    throw new MCRRestAPIException(Status.FORBIDDEN, new MCRRestAPIError(MCRRestAPIError.CODE_ACCESS_DENIED, "REST-API action is not allowed.", "Check access right '" + permission + "' on ACLs 'restapi:/' and 'restapi:" + path + "'!"));
}

Example 2 with MCRAccessRule

use of org.mycore.access.mcrimpl.MCRAccessRule in project mycore by MyCoRe-Org.

the class MCRAclEditorResource method editRule.

@PUT
@Path("rule")
@MCRRestrictedAccess(MCRAclEditorPermission.class)
@Consumes(MediaType.APPLICATION_JSON)
public Response editRule(String data) {
    JsonParser jsonParser = new JsonParser();
    JsonObject jsonObject = jsonParser.parse(data).getAsJsonObject();
    String ruleID = jsonObject.get("ruleID").getAsString();
    String ruleDesc = jsonObject.get("ruleDesc").getAsString();
    String ruleText = jsonObject.get("ruleText").getAsString();
    String uid = MCRSessionMgr.getCurrentSession().getUserInformation().getUserID();
    if (RULE_STORE.existsRule(ruleID)) {
        try {
            MCRAccessRule accessRule = new MCRAccessRule(ruleID, uid, new Date(), ruleText, ruleDesc);
            RULE_STORE.updateRule(accessRule);
            return Response.ok().build();
        } catch (Exception e) {
            return Response.status(Status.CONFLICT).build();
        }
    } else {
        return Response.status(Status.CONFLICT).build();
    }
}

Example 3 with MCRAccessRule

use of org.mycore.access.mcrimpl.MCRAccessRule in project mycore by MyCoRe-Org.

the class MCRAclEditorResource method createAccessRule.

private MCRAccessRule createAccessRule(String ruleDesc, String ruleText) {
    int freeRuleID = RULE_STORE.getNextFreeRuleID("SYSTEMRULE");
    String ruleID = "0000000000" + String.valueOf(freeRuleID);
    ruleID = ruleID.substring(ruleID.length() - "0000000000".length());
    String newRuleID = "SYSTEMRULE" + ruleID;
    String uid = MCRSessionMgr.getCurrentSession().getUserInformation().getUserID();
    return new MCRAccessRule(newRuleID, uid, new Date(), ruleText, ruleDesc);
}

Example 4 with MCRAccessRule

use of org.mycore.access.mcrimpl.MCRAccessRule in project mycore by MyCoRe-Org.

the class MCRWCMSAccessResource method getRuleList.

@GET
public String getRuleList() {
    JsonObject returnObject = new JsonObject();
    MCRRuleStore store = MCRRuleStore.getInstance();
    Collection<String> ruleIds = store.retrieveAllIDs();
    for (String id : ruleIds) {
        MCRAccessRule rule = store.getRule(id);
        returnObject.addProperty(rule.getId(), rule.getDescription());
    }
    return returnObject.toString();
}

Example 5 with MCRAccessRule

use of org.mycore.access.mcrimpl.MCRAccessRule in project mycore by MyCoRe-Org.

the class MCRAclEditorResource method addRule.

@POST
@Path("rule")
@MCRRestrictedAccess(MCRAclEditorPermission.class)
@Consumes(MediaType.APPLICATION_JSON)
public String addRule(String data) {
    JsonParser jsonParser = new JsonParser();
    JsonObject jsonObject = jsonParser.parse(data).getAsJsonObject();
    String ruleDesc = jsonObject.get("ruleDesc").getAsString();
    String ruleText = jsonObject.get("ruleText").getAsString();
    MCRAccessRule accessRule;
    try {
        accessRule = createAccessRule(ruleDesc, ruleText);
    } catch (Exception e) {
        return "";
    }
    RULE_STORE.createRule(accessRule);
    return accessRule.getId();
}