Example 11 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testDeleteSid.
@Test
public void testDeleteSid() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantDuff = tenantManager.createTenant(systemTenant, TENANT_ID_DUFF, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantDuff, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantDuff, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
IPentahoUser userGeorge = userRoleDao.createUser(tenantDuff, USERNAME_GEORGE, PASSWORD, "", null);
userRoleDao.createUser(tenantDuff, USERNAME_PAT, PASSWORD, "", null);
login(USERNAME_GEORGE, tenantDuff, new String[] { tenantAuthenticatedRoleName });
RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
RepositoryFile newFile = createSampleFile(parentFolder.getPath(), "hello.xaction", "", false, 2, false);
RepositoryFileAcl acls = repo.getAcl(newFile.getId());
RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acls);
newAclBuilder.entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantDuff, USERNAME_PAT), RepositoryFileSid.Type.USER, RepositoryFilePermission.ALL);
repo.updateAcl(newAclBuilder.build());
login(USERNAME_PAT, tenantDuff, new String[] { tenantAuthenticatedRoleName });
userRoleDao.deleteUser(userGeorge);
// TestPrincipalProvider.enableGeorgeAndDuff(false); simulate delete of george who is owner and explicitly in
// ACE
RepositoryFile fetchedFile = repo.getFileById(newFile.getId());
assertEquals(USERNAME_GEORGE, repo.getAcl(fetchedFile.getId()).getOwner().getName());
assertEquals(RepositoryFileSid.Type.USER, repo.getAcl(fetchedFile.getId()).getOwner().getType());
RepositoryFileAcl updatedAcl = repo.getAcl(newFile.getId());
boolean foundGeorge = false;
for (RepositoryFileAce ace : updatedAcl.getAces()) {
if (USERNAME_GEORGE.equals(ace.getSid().getName())) {
foundGeorge = true;
}
}
}
Also used :
ITenant(org.pentaho.platform.api.mt.ITenant)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Test(org.junit.Test)
Example 12 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class JcrAclNodeHelperIT method administratorRoleIsAdded.
@Test
public void administratorRoleIsAdded() {
makeDsPrivate();
loginAsSuzy();
helper.resetAclNodeCallCounter();
RepositoryFileAcl aclReturned = helper.getAclFor(targetFile);
// This tests that getAclFor doesn't make redundant calls to getAclNode - BISERVER-12780
assertEquals(1, helper.getAclNodeCallCounter());
boolean adminPresent = false;
for (RepositoryFileAce ace : aclReturned.getAces()) {
if (ace.getSid().getName() == tenantAdminRoleName) {
adminPresent = true;
break;
}
}
assertFalse(adminPresent);
loginAsRepositoryAdmin();
aclReturned = helper.getAclFor(targetFile);
adminPresent = false;
for (RepositoryFileAce ace : aclReturned.getAces()) {
if (ace.getSid().getName() == tenantAdminRoleName) {
adminPresent = true;
break;
}
}
assertTrue(adminPresent);
}
Also used :
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Test(org.junit.Test)
Example 13 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class AccessVoterToLegacyAcl method convert.
private LegacyRepositoryFile convert(RepositoryFile file, RepositoryFileAcl acl) {
LegacyRepositoryFile legacy = new LegacyRepositoryFile(file.getName(), file.getPath(), file.isFolder());
legacy.setId(file.getId());
if (file.getLastModifiedDate() != null) {
legacy.setLastModified(file.getLastModifiedDate().getTime());
}
List<IPentahoAclEntry> legacyAcls = new ArrayList<IPentahoAclEntry>();
for (RepositoryFileAce fileAce : acl.getAces()) {
if (fileAce != null && fileAce.getSid() != null && fileAce.getPermissions() != null) {
for (RepositoryFilePermission filePermission : fileAce.getPermissions()) {
PentahoAclEntry fileAcl = new PentahoAclEntry();
if (RepositoryFileSid.Type.USER == fileAce.getSid().getType()) {
// user
fileAcl.setRecipient(fileAce.getSid().getName());
} else {
// role
fileAcl.setRecipient(new SimpleGrantedAuthority(fileAce.getSid().getName()));
}
fileAcl.setMask(mask(filePermission));
legacyAcls.add(fileAcl);
}
}
}
legacy.setAccessControls(legacyAcls);
return legacy;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
ArrayList(java.util.ArrayList)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
IPentahoAclEntry(org.pentaho.platform.api.engine.IPentahoAclEntry)
PentahoAclEntry(org.pentaho.platform.engine.security.acls.PentahoAclEntry)
IPentahoAclEntry(org.pentaho.platform.api.engine.IPentahoAclEntry)
Example 14 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class RepositoryFileImportFileHandlerTest method createRepositoryFileAcl2.
private RepositoryFileAcl createRepositoryFileAcl2() {
final RepositoryFileSid sid = new RepositoryFileSid(USER_NAME2);
final boolean inheriting = false;
final RepositoryFileAce ace1 = new RepositoryFileAce(sid, RepositoryFilePermission.READ, RepositoryFilePermission.WRITE, RepositoryFilePermission.DELETE);
final RepositoryFileAce ace2 = new RepositoryFileAce(new RepositoryFileSid(USER_NAME), RepositoryFilePermission.READ, RepositoryFilePermission.WRITE, RepositoryFilePermission.DELETE);
final List<RepositoryFileAce> aces = Arrays.asList(ace1, ace2);
return new RepositoryFileAcl("", sid, inheriting, aces);
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 15 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method assertLocalAceExists.
private void assertLocalAceExists(final RepositoryFile file, final RepositoryFileSid sid, final EnumSet<RepositoryFilePermission> permissions) {
RepositoryFileAcl acl = repo.getAcl(file.getId());
List<RepositoryFileAce> aces = acl.getAces();
for (RepositoryFileAce ace : aces) {
if (sid.equals(ace.getSid()) && permissions.equals(ace.getPermissions())) {
return;
}
}
fail();
}
Also used :
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Aggregations
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)19
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)11
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)9
ArrayList (java.util.ArrayList)7
Test (org.junit.Test)5
ITenant (org.pentaho.platform.api.mt.ITenant)5
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)5
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)5
SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)5
Principal (java.security.Principal)4
SpringSecurityUserPrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)4
Node (javax.jcr.Node)3
RepositoryException (javax.jcr.RepositoryException)3
AccessControlEntry (javax.jcr.security.AccessControlEntry)3
AccessControlList (javax.jcr.security.AccessControlList)3
AccessControlManager (javax.jcr.security.AccessControlManager)2
Privilege (javax.jcr.security.Privilege)2
EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2
AclMetadata (org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)2
IPermissionConversionHelper (org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)2
