Example 21 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project data-access by pentaho.
the class CsvDatasourceServiceImpl method hasManageDataAccessPermission.
/**
* Returns true if the current user has Manage Data Source Security. Otherwise returns false.
* @return
*/
protected boolean hasManageDataAccessPermission() {
// If this breaks an OEM's plugin, provide a get-out-of-jail card with an entry in the pentaho.xml.
final String override = PentahoSystem.getSystemSetting("data-access-override", "false");
final Boolean rtnOverride = Boolean.valueOf(override);
if (!rtnOverride) {
final IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
if (policy != null) {
return policy.isAllowed("org.pentaho.platform.dataaccess.datasource.security.manage");
} else {
return false;
}
} else {
// Override the security policy with the entry in the pentaho.xml.
return true;
}
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
Example 22 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class FileService method validateAccess.
protected void validateAccess(String importDir) throws PentahoAccessControlException {
IAuthorizationPolicy policy = getPolicy();
// check if we are admin or have publish permission
boolean isAdminOrPublish = policy.isAllowed(RepositoryReadAction.NAME) && policy.isAllowed(RepositoryCreateAction.NAME) && (policy.isAllowed(AdministerSecurityAction.NAME) || policy.isAllowed(PublishAction.NAME));
if (!isAdminOrPublish) {
// the user does not have admin or publish permission, so we will check if the user imports to their home folder
boolean usingHomeFolder = false;
String tenatedUserName = PentahoSessionHolder.getSession().getName();
// get user home home folder path
String userHomeFolderPath = ServerRepositoryPaths.getUserHomeFolderPath(JcrTenantUtils.getUserNameUtils().getTenant(tenatedUserName), JcrTenantUtils.getUserNameUtils().getPrincipleName(tenatedUserName));
if (userHomeFolderPath != null && userHomeFolderPath.length() > 0) {
// we pass the relative path so add serverside root folder for every home folder
usingHomeFolder = (ServerRepositoryPaths.getTenantRootFolderPath() + importDir).contains(userHomeFolderPath);
}
if (!(usingHomeFolder && policy.isAllowed(RepositoryCreateAction.NAME) && policy.isAllowed(RepositoryReadAction.NAME))) {
throw new PentahoAccessControlException("User is not authorized to perform this operation");
}
}
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
Example 23 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class FileService method doGetFileOrDirAsDownload.
public DownloadFileWrapper doGetFileOrDirAsDownload(String userAgent, String pathId, String strWithManifest) throws Throwable {
// change file id to path
String path = idToPath(pathId);
validateAccess(path);
IAuthorizationPolicy policy = getPolicy();
String originalFileName, encodedFileName = null;
// if no path is sent, return bad request
if (StringUtils.isEmpty(pathId)) {
throw new InvalidParameterException(pathId);
}
// check if path is valid
if (!isPathValid(path)) {
throw new IllegalSelectorException();
}
// check if entity exists in repo
RepositoryFile repositoryFile = getRepository().getFile(path);
if (repositoryFile == null) {
// file does not exist or is not readable but we can't tell at this point
throw new FileNotFoundException(path);
}
// send zip with manifest by default
boolean withManifest = "false".equals(strWithManifest) ? false : true;
boolean requiresZip = repositoryFile.isFolder() || withManifest;
BaseExportProcessor exportProcessor = getDownloadExportProcessor(path, requiresZip, withManifest);
// $NON-NLS-1$//$NON-NLS-2$
originalFileName = requiresZip ? repositoryFile.getName() + ".zip" : repositoryFile.getName();
encodedFileName = makeEncodedFileName(originalFileName);
String quotedFileName = makeQuotedFileName(originalFileName);
// add export handlers for each expected file type
exportProcessor.addExportHandler(getDownloadExportHandler());
// copy streaming output
StreamingOutput streamingOutput = getDownloadStream(repositoryFile, exportProcessor);
final String attachment = makeAttachment(userAgent, encodedFileName, quotedFileName);
return new DownloadFileWrapper(streamingOutput, attachment, encodedFileName);
}
Also used :
InvalidParameterException(java.security.InvalidParameterException)
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
FileNotFoundException(java.io.FileNotFoundException)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
StreamingOutput(javax.ws.rs.core.StreamingOutput)
IllegalSelectorException(java.nio.channels.IllegalSelectorException)
BaseExportProcessor(org.pentaho.platform.plugin.services.importexport.BaseExportProcessor)
Example 24 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class AuthorizationActionServiceTest method testDoValidateAuth.
@Test
public void testDoValidateAuth() {
IAuthorizationPolicy policy = mock(IAuthorizationPolicy.class);
List<IAuthorizationAction> actions = new ArrayList();
actions.add(new AdministerSecurityAction());
doReturn(actions).when(authorizationActionService).getActionList();
doReturn(policy).when(authorizationActionService).getPolicy();
doReturn(true).when(policy).isAllowed("org.pentaho.security.administerSecurity");
boolean isAllowed = authorizationActionService.validateAuth("org.pentaho.security.administerSecurity");
assertEquals(isAllowed, true);
isAllowed = authorizationActionService.validateAuth("invalid-auth");
assertEquals(isAllowed, false);
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
IAuthorizationAction(org.pentaho.platform.api.engine.IAuthorizationAction)
AdministerSecurityAction(org.pentaho.platform.security.policy.rolebased.actions.AdministerSecurityAction)
ArrayList(java.util.ArrayList)
Test(org.junit.Test)
Example 25 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class FileServiceTest method testDoCanAdminister.
public void testDoCanAdminister() throws Exception {
IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
doReturn(authorizationPolicy).when(fileService).getPolicy();
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
assertTrue(fileService.doCanAdminister());
doReturn(false).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
assertFalse(fileService.doCanAdminister());
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
doReturn(false).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
assertFalse(fileService.doCanAdminister());
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
doReturn(true).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
doReturn(false).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
assertFalse(fileService.doCanAdminister());
doReturn(false).when(authorizationPolicy).isAllowed(RepositoryReadAction.NAME);
doReturn(false).when(authorizationPolicy).isAllowed(RepositoryCreateAction.NAME);
doReturn(false).when(authorizationPolicy).isAllowed(AdministerSecurityAction.NAME);
assertFalse(fileService.doCanAdminister());
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
Aggregations
IAuthorizationPolicy (org.pentaho.platform.api.engine.IAuthorizationPolicy)40
Test (org.junit.Test)18
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)11
MicroPlatform (org.pentaho.test.platform.engine.core.MicroPlatform)7
Serializable (java.io.Serializable)6
IUserRoleListService (org.pentaho.platform.api.engine.IUserRoleListService)6
File (java.io.File)5
Before (org.junit.Before)5
PentahoAccessControlException (org.pentaho.platform.api.engine.PentahoAccessControlException)5
FileNotFoundException (java.io.FileNotFoundException)4
HashMap (java.util.HashMap)4
IPluginResourceLoader (org.pentaho.platform.api.engine.IPluginResourceLoader)4
IUnifiedRepository (org.pentaho.platform.api.repository2.unified.IUnifiedRepository)4
PluginClassLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginClassLoader)4
PluginResourceLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginResourceLoader)4
InputStream (java.io.InputStream)3
Matchers.anyString (org.mockito.Matchers.anyString)3
SystemSettings (org.pentaho.platform.engine.core.system.SystemSettings)3
MockSecurityHelper (org.pentaho.test.platform.engine.security.MockSecurityHelper)3
OutputStream (java.io.OutputStream)2
