Examples with IAuthorizationPolicy org.pentaho.platform.api.engine.IAuthorizationPolicy used on opensource projects

Search in sources :

Example 11 with IAuthorizationPolicy

use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.

the class RepositoryImportResource method validateAccess.

protected void validateAccess(String importDir) throws PentahoAccessControlException {
    IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
    // check if we are admin or have publish permisson
    boolean isAdmin = policy.isAllowed(RepositoryReadAction.NAME) && policy.isAllowed(RepositoryCreateAction.NAME) && (policy.isAllowed(AdministerSecurityAction.NAME) || policy.isAllowed(PublishAction.NAME));
    if (!isAdmin) {
        // the user does not have admin or publish permisson, so we will check if the user imports to their home folder
        boolean importingToHomeFolder = false;
        String tenatedUserName = PentahoSessionHolder.getSession().getName();
        // get user home home folder path
        String userHomeFolderPath = ServerRepositoryPaths.getUserHomeFolderPath(JcrTenantUtils.getUserNameUtils().getTenant(tenatedUserName), JcrTenantUtils.getUserNameUtils().getPrincipleName(tenatedUserName));
        if (userHomeFolderPath != null && userHomeFolderPath.length() > 0) {
            // we pass the relative path so add serverside root folder for every home folder
            importingToHomeFolder = (ServerRepositoryPaths.getTenantRootFolderPath() + importDir).contains(userHomeFolderPath);
        }
        if (!(importingToHomeFolder && policy.isAllowed(RepositoryCreateAction.NAME) && policy.isAllowed(RepositoryReadAction.NAME))) {
            throw new PentahoAccessControlException("User is not authorized to perform this operation");
        }
    }
}
Also used : IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)

Example 12 with IAuthorizationPolicy

use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.

the class FileServiceTest method testSystemRestore.

@Test
public void testSystemRestore() throws Exception {
    InputStream inputStreamMock = mock(InputStream.class);
    IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
    IRepositoryImportLogger iRepositoryImportLogger = mock(IRepositoryImportLogger.class);
    doReturn(authorizationPolicy).when(fileService).getPolicy();
    doReturn(true).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
    doReturn(true).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
    doReturn(true).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
    doReturn(iRepositoryImportLogger).when(platformImporter).getRepositoryImportLogger();
    fileService.systemRestore(inputStreamMock, "true", "false", "true");
    verify(fileService).doCanAdminister();
    verify(iRepositoryImportLogger).startJob(any(), anyString(), any());
    verify(iRepositoryImportLogger).endJob();
    ArgumentCaptor<RepositoryFileImportBundle> argumentCaptor = ArgumentCaptor.forClass(RepositoryFileImportBundle.class);
    verify(platformImporter).importFile(argumentCaptor.capture());
    RepositoryFileImportBundle bundle = argumentCaptor.getValue();
    assertTrue(bundle.getInputStream() == inputStreamMock);
    assertEquals("UTF-8", bundle.getCharSet());
    assertEquals(RepositoryFile.HIDDEN_BY_DEFAULT, bundle.isHidden());
    assertEquals(RepositoryFile.SCHEDULABLE_BY_DEFAULT, bundle.isSchedulable());
    assertEquals("/", bundle.getPath());
    assertEquals(true, bundle.overwriteInRepository());
    assertEquals("SystemBackup.zip", bundle.getName());
    assertFalse(bundle.isApplyAclSettings());
    assertTrue(bundle.isRetainOwnership());
    assertTrue(bundle.isOverwriteAclSettings());
    assertTrue(bundle.isPreserveDsw());
    ImportSession session = ImportSession.getSession();
    assertFalse(session.isApplyAclSettings());
    assertTrue(session.isRetainOwnership());
    assertTrue(session.isOverwriteAclSettings());
}
Also used : ImportSession(org.pentaho.platform.plugin.services.importexport.ImportSession) IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) RepositoryFileInputStream(org.pentaho.platform.repository2.unified.fileio.RepositoryFileInputStream) InputStream(java.io.InputStream) IRepositoryImportLogger(org.pentaho.platform.plugin.services.importexport.IRepositoryImportLogger) RepositoryFileImportBundle(org.pentaho.platform.plugin.services.importer.RepositoryFileImportBundle) Test(org.junit.Test)

Example 13 with IAuthorizationPolicy

use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.

the class RepositoryPublishServiceTest method prohibitedForAdministerSecurity.

@Test(expected = PentahoAccessControlException.class)
public void prohibitedForAdministerSecurity() throws PentahoAccessControlException {
    IAuthorizationPolicy policy = mock(IAuthorizationPolicy.class);
    when(policy.isAllowed(RepositoryReadAction.NAME)).thenReturn(true);
    when(policy.isAllowed(RepositoryCreateAction.NAME)).thenReturn(true);
    when(policy.isAllowed(AdministerSecurityAction.NAME)).thenReturn(true);
    when(policy.isAllowed(PublishAction.NAME)).thenReturn(false);
    repositoryPublishService.validateAccess();
}
Also used : IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) Test(org.junit.Test)

Example 14 with IAuthorizationPolicy

use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryWebService method validateEtcReadAccess.

protected void validateEtcReadAccess(String path) {
    IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
    boolean isAdmin = policy.isAllowed(AdministerSecurityAction.NAME);
    if (!isAdmin && path.startsWith("/etc")) {
        throw new RuntimeException("This user is not allowed to access the ETC folder in JCR.");
    }
}
Also used : IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)

Example 15 with IAuthorizationPolicy

use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryWebService method getTreeFromRequest.

public RepositoryFileTreeDto getTreeFromRequest(final RepositoryRequest repositoryRequest) {
    // RepositoryFileTree tree = repo.getTree( path, depth, filter, showHidden );
    IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
    boolean isAdmin = policy.isAllowed(AdministerSecurityAction.NAME);
    // PDI uses this web-service and system folders must be returned to admin repository database connections.
    if (!isAdmin) {
        // Non Admin users can never get system folders
        repositoryRequest.setIncludeSystemFolders(false);
        getLogger().warn("User does not have administrator privileges; setting includeSystemFolders to false.");
    }
    RepositoryFileTree tree = repo.getTree(repositoryRequest);
    return new RepositoryFileTreeAdapter(repositoryRequest).marshal(tree);
}
Also used : IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) RepositoryFileTree(org.pentaho.platform.api.repository2.unified.RepositoryFileTree)

Aggregations

IAuthorizationPolicy (org.pentaho.platform.api.engine.IAuthorizationPolicy)40 Test (org.junit.Test)18 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)11 MicroPlatform (org.pentaho.test.platform.engine.core.MicroPlatform)7 Serializable (java.io.Serializable)6 IUserRoleListService (org.pentaho.platform.api.engine.IUserRoleListService)6 File (java.io.File)5 Before (org.junit.Before)5 PentahoAccessControlException (org.pentaho.platform.api.engine.PentahoAccessControlException)5 FileNotFoundException (java.io.FileNotFoundException)4 HashMap (java.util.HashMap)4 IPluginResourceLoader (org.pentaho.platform.api.engine.IPluginResourceLoader)4 IUnifiedRepository (org.pentaho.platform.api.repository2.unified.IUnifiedRepository)4 PluginClassLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginClassLoader)4 PluginResourceLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginResourceLoader)4 InputStream (java.io.InputStream)3 Matchers.anyString (org.mockito.Matchers.anyString)3 SystemSettings (org.pentaho.platform.engine.core.system.SystemSettings)3 MockSecurityHelper (org.pentaho.test.platform.engine.security.MockSecurityHelper)3 OutputStream (java.io.OutputStream)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial