Search in sources :

Example 46 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testStopThenStartInheriting.

@Test
public void testStopThenStartInheriting() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", null);
    login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile tiffanyHomeFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_TIFFANY));
    RepositoryFile testFolder = repo.createFolder(tiffanyHomeFolder.getId(), new RepositoryFile.Builder("test").folder(true).build(), null);
    RepositoryFileAcl acl = repo.getAcl(testFolder.getId());
    RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).entriesInheriting(false).build();
    updatedAcl = repo.updateAcl(updatedAcl);
    assertFalse(updatedAcl.isEntriesInheriting());
    updatedAcl = new RepositoryFileAcl.Builder(updatedAcl).entriesInheriting(true).build();
    updatedAcl = repo.updateAcl(updatedAcl);
    assertTrue(updatedAcl.isEntriesInheriting());
}
Also used : ITenant(org.pentaho.platform.api.mt.ITenant) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 47 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testGetAclOnlyVersion.

/**
 * While they may be filtered from the version history, we still must be able to fetch acl-only changes.
 */
@Test
public void testGetAclOnlyVersion() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    defaultBackingRepositoryLifecycleManager.newTenant();
    final String fileName = "helloworld.sample";
    RepositoryFile newFile = createSampleFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY), fileName, "blah", false, 123, true);
    assertEquals(1, repo.getVersionSummaries(newFile.getId()).size());
    RepositoryFileAcl acl = repo.getAcl(newFile.getId());
    // no change; just want to create a new version
    RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).build();
    repo.updateAcl(updatedAcl);
    assertEquals(2, repo.getVersionSummaries(newFile.getId()).size());
    assertNotNull(repo.getVersionSummary(newFile.getId(), "1.1"));
}
Also used : ITenant(org.pentaho.platform.api.mt.ITenant) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) Matchers.anyString(org.mockito.Matchers.anyString) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 48 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testUpdatingPermissionWhenNoGrantPermissionOnFile.

/**
 * Tests Updating the ACL when no GRANT_PERMISSION is assigned
 */
@Test
public void testUpdatingPermissionWhenNoGrantPermissionOnFile() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
    defaultBackingRepositoryLifecycleManager.newTenant();
    RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
    RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
    newFolder = repo.createFolder(parentFolder.getId(), newFolder, null);
    RepositoryFileAcl acls = repo.getAcl(newFolder.getId());
    RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acls);
    newAclBuilder.entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY), RepositoryFileSid.Type.USER, RepositoryFilePermission.READ);
    repo.updateAcl(newAclBuilder.build());
    login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFileAcl newAcl = repo.getAcl(newFolder.getId());
    RepositoryFileAcl.Builder anotherNewAclBuilder = new RepositoryFileAcl.Builder(newAcl);
    anotherNewAclBuilder.ace(new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), RepositoryFilePermission.READ, RepositoryFilePermission.WRITE, RepositoryFilePermission.DELETE);
    try {
        repo.updateAcl(anotherNewAclBuilder.build());
        fail();
    } catch (UnifiedRepositoryException e) {
        assertNotNull(e);
    }
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ITenant(org.pentaho.platform.api.mt.ITenant) UnifiedRepositoryException(org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 49 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testCreateFolderWithAcl.

@Test
public void testCreateFolderWithAcl() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
    RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
    RepositoryFileSid tiffanySid = new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY));
    RepositoryFileSid suzySid = new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, USERNAME_SUZY));
    // tiffany owns it but suzy is creating it
    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(tiffanySid);
    // need this to be able to fetch acl as suzy
    aclBuilder.ace(suzySid, RepositoryFilePermission.READ);
    newFolder = repo.createFolder(parentFolder.getId(), newFolder, aclBuilder.build(), null);
    RepositoryFileAcl fetchedAcl = repo.getAcl(newFolder.getId());
    assertEquals(new RepositoryFileSid(USERNAME_TIFFANY), fetchedAcl.getOwner());
    assertLocalAceExists(newFolder, new RepositoryFileSid(USERNAME_SUZY), EnumSet.of(RepositoryFilePermission.READ));
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ITenant(org.pentaho.platform.api.mt.ITenant) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 50 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testWriteWhenNoWritePermissionOnFile.

/**
 * Tests deleting a file when no delete permission is given to the role
 */
@Test
public void testWriteWhenNoWritePermissionOnFile() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    defaultBackingRepositoryLifecycleManager.newTenant();
    RepositoryFile publicFolderFile = createSampleFile(repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName())).getPath(), "helloworld.sample", "ddfdf", false, 83);
    RepositoryFileAcl publicFolderFileAcl = new RepositoryFileAcl.Builder(publicFolderFile.getId(), userNameUtils.getPrincipleId(tenantAcme, USERNAME_ADMIN), RepositoryFileSid.Type.USER).entriesInheriting(false).ace(new RepositoryFileSid(roleNameUtils.getPrincipleId(tenantAcme, tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), RepositoryFilePermission.READ).build();
    repo.updateAcl(publicFolderFileAcl);
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    final String modSampleString = "Ciao World!";
    final boolean modSampleBoolean = true;
    final int modSampleInteger = 99;
    final SampleRepositoryFileData modContent = new SampleRepositoryFileData(modSampleString, modSampleBoolean, modSampleInteger);
    try {
        repo.updateFile(publicFolderFile, modContent, null);
        fail();
    } catch (UnifiedRepositoryException e) {
        assertNotNull(e);
    }
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    try {
        repo.updateFile(publicFolderFile, modContent, null);
        assertTrue(true);
    } catch (UnifiedRepositoryException e) {
        fail();
    }
}
Also used : SampleRepositoryFileData(org.pentaho.platform.api.repository2.unified.data.sample.SampleRepositoryFileData) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ITenant(org.pentaho.platform.api.mt.ITenant) UnifiedRepositoryException(org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) Matchers.anyString(org.mockito.Matchers.anyString) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Aggregations

RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)99 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)73 Test (org.junit.Test)50 ITenant (org.pentaho.platform.api.mt.ITenant)25 RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)23 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)15 Node (javax.jcr.Node)13 Matchers.anyString (org.mockito.Matchers.anyString)13 UnifiedRepositoryException (org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)13 Serializable (java.io.Serializable)12 Session (javax.jcr.Session)12 JcrCallback (org.springframework.extensions.jcr.JcrCallback)12 ArrayList (java.util.ArrayList)11 RepositoryException (javax.jcr.RepositoryException)10 ByteArrayInputStream (java.io.ByteArrayInputStream)9 IOException (java.io.IOException)9 DataNode (org.pentaho.platform.api.repository2.unified.data.node.DataNode)9 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)8 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)8 InputStream (java.io.InputStream)7