Search in sources :

Example 6 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRRestAPIUtil method checkRestAPIAccess.

/**
 * checks if the given REST API operation is allowed
 * @param request - the HTTP request
 * @param permission "read" or "write"
 * @param path - the REST API path, e.g. /v1/messages
 *
 * @throws MCRRestAPIException if access is restricted
 */
public static void checkRestAPIAccess(HttpServletRequest request, MCRRestAPIACLPermission permission, String path) throws MCRRestAPIException {
    // save the current user and set REST API user into session,
    // because ACL System can only validate the current user in session.
    MCRUserInformation oldUser = MCRSessionMgr.getCurrentSession().getUserInformation();
    try {
        String userID = MCRJSONWebTokenUtil.retrieveUsernameFromAuthenticationToken(request);
        if (userID != null) {
            if (MCRSystemUserInformation.getGuestInstance().getUserID().equals(userID)) {
                MCRSessionMgr.getCurrentSession().setUserInformation(MCRSystemUserInformation.getGuestInstance());
            } else {
                MCRSessionMgr.getCurrentSession().setUserInformation(MCRUserManager.getUser(userID));
            }
        }
        MCRIPAddress theIP = new MCRIPAddress(MCRFrontendUtil.getRemoteAddr(request));
        String thePath = path.startsWith("/") ? path : "/" + path;
        boolean hasAPIAccess = ((MCRAccessControlSystem) MCRAccessControlSystem.instance()).checkAccess("restapi:/", permission.toString(), userID, theIP);
        if (hasAPIAccess) {
            MCRAccessRule rule = (MCRAccessRule) MCRAccessControlSystem.instance().getAccessRule("restapi:" + thePath, permission.toString());
            if (rule != null) {
                if (rule.checkAccess(userID, new Date(), theIP)) {
                    return;
                }
            } else {
                return;
            }
        }
    } catch (UnknownHostException e) {
    // ignore
    } finally {
        MCRSessionMgr.getCurrentSession().setUserInformation(oldUser);
    }
    throw new MCRRestAPIException(Status.FORBIDDEN, new MCRRestAPIError(MCRRestAPIError.CODE_ACCESS_DENIED, "REST-API action is not allowed.", "Check access right '" + permission + "' on ACLs 'restapi:/' and 'restapi:" + path + "'!"));
}
Also used : MCRIPAddress(org.mycore.access.mcrimpl.MCRIPAddress) MCRRestAPIException(org.mycore.restapi.v1.errors.MCRRestAPIException) UnknownHostException(java.net.UnknownHostException) MCRRestAPIError(org.mycore.restapi.v1.errors.MCRRestAPIError) MCRAccessRule(org.mycore.access.mcrimpl.MCRAccessRule) MCRAccessControlSystem(org.mycore.access.mcrimpl.MCRAccessControlSystem) MCRUserInformation(org.mycore.common.MCRUserInformation) Date(java.util.Date)

Example 7 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRCreatorRuleStrategy method isCreatorRuleAvailable.

public boolean isCreatorRuleAvailable(String id, String permission) {
    if (MCRAccessManager.PERMISSION_WRITE.equals(permission)) {
        MCRObjectID mcrObjectId = null;
        try {
            mcrObjectId = MCRObjectID.getInstance(id);
            MCRUserInformation currentUser = MCRSessionMgr.getCurrentSession().getUserInformation();
            if (currentUser.isUserInRole(CREATOR_ROLE) && objectStatusIsSubmitted(mcrObjectId)) {
                if (isCurrentUserCreator(mcrObjectId, currentUser)) {
                    return true;
                }
            }
        } catch (RuntimeException e) {
            if (mcrObjectId == null) {
                LOGGER.debug("id is not a valid object ID", e);
            } else {
                LOGGER.warn("Eror while checking permission.", e);
            }
        }
    }
    return false;
}
Also used : MCRObjectID(org.mycore.datamodel.metadata.MCRObjectID) MCRUserInformation(org.mycore.common.MCRUserInformation)

Example 8 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRUserAttributeMapperTest method testUserUpdate.

@Test
public void testUserUpdate() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    attributes.put("eduPersonPrincipalName", mcrUser.getUserName() + "@" + realmId);
    attributes.put("displayName", mcrUser.getRealName());
    attributes.put("mail", mcrUser.getEMailAddress());
    attributes.put("eduPersonAffiliation", roles);
    MCRUserInformation userInfo = new MCRShibbolethUserInformation(mcrUser.getUserName(), realmId, attributes);
    MCRTransientUser user = new MCRTransientUser(userInfo);
    assertEquals(mcrUser.getUserName(), user.getUserName());
    assertEquals(mcrUser.getRealName(), user.getRealName());
    assertTrue(user.isUserInRole("editor"));
    Map<String, String> extraAttribs = new HashMap<>();
    extraAttribs.put("attrib1", "test123");
    extraAttribs.put("attrib2", "test321");
    user.setAttributes(extraAttribs);
    MCRUserManager.createUser(user);
    startNewTransaction();
    attributes = new HashMap<>();
    attributes.put("eduPersonPrincipalName", mcrUser.getUserName() + "@" + realmId);
    attributes.put("displayName", mcrUser.getRealName());
    attributes.put("mail", "new@mycore.de");
    attributes.put("eduPersonAffiliation", "admin");
    MCRUser storedUser = MCRUserManager.getUser(user.getUserName(), realmId);
    MCRUserAttributeMapper attributeMapper = MCRRealmFactory.getAttributeMapper(realmId);
    boolean changed = attributeMapper.mapAttributes(storedUser, attributes);
    assertTrue("should changed", changed);
    assertNotEquals(user.getEMailAddress(), storedUser.getEMailAddress());
    Document exportableXML = MCRUserTransformer.buildExportableXML(storedUser);
    new XMLOutputter(Format.getPrettyFormat()).output(exportableXML, System.out);
}
Also used : XMLOutputter(org.jdom2.output.XMLOutputter) HashMap(java.util.HashMap) MCRShibbolethUserInformation(org.mycore.user2.login.MCRShibbolethUserInformation) Document(org.jdom2.Document) MCRUserInformation(org.mycore.common.MCRUserInformation) Test(org.junit.Test)

Example 9 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRFixedUserCallable method call.

@Override
public V call() throws Exception {
    final boolean hasSession = MCRSessionMgr.hasCurrentSession();
    this.session = MCRSessionMgr.getCurrentSession();
    try {
        MCRUserInformation currentUser = this.session.getUserInformation();
        if (hasSession) {
            if (!currentUser.equals(userInfo)) {
                throw new MCRException("MCRFixedUserCallable is bound to " + currentUser.getUserID() + " and not to " + userInfo.getUserID() + ".");
            }
        } else {
            this.session.setUserInformation(userInfo);
        }
        return super.call();
    } finally {
        if (!hasSession && this.session != null) {
            this.session.close();
        }
    }
}
Also used : MCRException(org.mycore.common.MCRException) MCRUserInformation(org.mycore.common.MCRUserInformation)

Example 10 with MCRUserInformation

use of org.mycore.common.MCRUserInformation in project mycore by MyCoRe-Org.

the class MCRGroupClauseTest method setUp.

@Before
public void setUp() throws Exception {
    super.setUp();
    MCRUserInformation userInfo = new MCRUserInformation() {

        @Override
        public boolean isUserInRole(String role) {
            return INGROUP_NAME.equals(role);
        }

        @Override
        public String getUserID() {
            return "junit";
        }

        @Override
        public String getUserAttribute(String attribute) {
            // TODO Auto-generated method stub
            return null;
        }
    };
    MCRSessionMgr.getCurrentSession().setUserInformation(userInfo);
}
Also used : MCRUserInformation(org.mycore.common.MCRUserInformation) Before(org.junit.Before)

Aggregations

MCRUserInformation (org.mycore.common.MCRUserInformation)19 MCRSession (org.mycore.common.MCRSession)9 MCRObjectID (org.mycore.datamodel.metadata.MCRObjectID)6 SignedJWT (com.nimbusds.jwt.SignedJWT)5 MCRRestAPIException (org.mycore.restapi.v1.errors.MCRRestAPIException)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 Test (org.junit.Test)4 MCRAccessException (org.mycore.access.MCRAccessException)4 MCRPersistenceException (org.mycore.common.MCRPersistenceException)4 MCRRestAPIError (org.mycore.restapi.v1.errors.MCRRestAPIError)4 MCRUser (org.mycore.user2.MCRUser)4 Response (javax.ws.rs.core.Response)3 Document (org.jdom2.Document)3 XMLOutputter (org.jdom2.output.XMLOutputter)3 MCRDerivate (org.mycore.datamodel.metadata.MCRDerivate)3 MCRShibbolethUserInformation (org.mycore.user2.login.MCRShibbolethUserInformation)3 TreeMap (java.util.TreeMap)2 MCRException (org.mycore.common.MCRException)2 BufferedInputStream (java.io.BufferedInputStream)1