Examples with RepositoryFileAcl org.pentaho.platform.api.repository2.unified.RepositoryFileAcl used on opensource projects

Example 56 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testDeleteSid.

@Test
public void testDeleteSid() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantDuff = tenantManager.createTenant(systemTenant, TENANT_ID_DUFF, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantDuff, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantDuff, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    IPentahoUser userGeorge = userRoleDao.createUser(tenantDuff, USERNAME_GEORGE, PASSWORD, "", null);
    userRoleDao.createUser(tenantDuff, USERNAME_PAT, PASSWORD, "", null);
    login(USERNAME_GEORGE, tenantDuff, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
    RepositoryFile newFile = createSampleFile(parentFolder.getPath(), "hello.xaction", "", false, 2, false);
    RepositoryFileAcl acls = repo.getAcl(newFile.getId());
    RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acls);
    newAclBuilder.entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantDuff, USERNAME_PAT), RepositoryFileSid.Type.USER, RepositoryFilePermission.ALL);
    repo.updateAcl(newAclBuilder.build());
    login(USERNAME_PAT, tenantDuff, new String[] { tenantAuthenticatedRoleName });
    userRoleDao.deleteUser(userGeorge);
    // TestPrincipalProvider.enableGeorgeAndDuff(false); simulate delete of george who is owner and explicitly in
    // ACE
    RepositoryFile fetchedFile = repo.getFileById(newFile.getId());
    assertEquals(USERNAME_GEORGE, repo.getAcl(fetchedFile.getId()).getOwner().getName());
    assertEquals(RepositoryFileSid.Type.USER, repo.getAcl(fetchedFile.getId()).getOwner().getType());
    RepositoryFileAcl updatedAcl = repo.getAcl(newFile.getId());
    boolean foundGeorge = false;
    for (RepositoryFileAce ace : updatedAcl.getAces()) {
        if (USERNAME_GEORGE.equals(ace.getSid().getName())) {
            foundGeorge = true;
        }
    }
}

Example 57 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryContentIT method testGetRoot.

@Test
public void testGetRoot() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile rootFolder = repo.getFile("/");
    assertNotNull(rootFolder);
    assertEquals("", rootFolder.getName());
    assertNotNull(rootFolder.getId());
    assertNotNull(repo.getChildren(new RepositoryRequest(String.valueOf(rootFolder.getId()), true, -1, null)));
    RepositoryFileAcl rootFolderAcl = repo.getAcl(rootFolder.getId());
}

Example 58 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryContentIT method testWriteOnFileToMove.

@Test
public void testWriteOnFileToMove() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    defaultBackingRepositoryLifecycleManager.newTenant();
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
    RepositoryFile srcFolder = new RepositoryFile.Builder("src").folder(true).build();
    RepositoryFile destFolder = new RepositoryFile.Builder("dest").folder(true).build();
    srcFolder = repo.createFolder(parentFolder.getId(), srcFolder, null);
    destFolder = repo.createFolder(parentFolder.getId(), destFolder, null);
    RepositoryFile newFile = createSampleFile(srcFolder.getPath(), "helloworld.sample", "ddfdf", false, 83);
    RepositoryFileAcl acl = new RepositoryFileAcl.Builder(newFile.getId(), userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY), RepositoryFileSid.Type.USER).entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantAcme, USERNAME_SUZY), RepositoryFileSid.Type.USER, RepositoryFilePermission.READ).build();
    repo.updateAcl(acl);
    // moved; this should fail
    try {
        repo.moveFile(newFile.getId(), destFolder.getPath(), null);
        fail();
    } catch (UnifiedRepositoryAccessDeniedException e) {
    // ignore
    }
}

Example 59 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryContentIT method testMissingRef.

@Test
public void testMissingRef() throws Exception {
    // if a user does not have permission to a reference, it is removed from the node structure and
    // replaced with a missing link. previous releases would throw an exception.
    // create a file that suzy does not have permission to
    // create a file that suzy has permission to but references the one she doesn't
    // load the file as suzy, make sure no exceptions occur and that the node is a missing reference
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    DataNode node = new DataNode("kdjd");
    RepositoryFile sampleFile = createSampleFile(ClientRepositoryPaths.getPublicFolderPath(), "helloworld2.sample", "dfdd", true, 83);
    RepositoryFileAcl acl = repo.getAcl(sampleFile.getId());
    RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder(acl).entriesInheriting(false).clearAces().build();
    repo.updateAcl(newAcl);
    node.setProperty("urei2", new DataNodeRef(sampleFile.getId()));
    final String parentFolderPath = ClientRepositoryPaths.getPublicFolderPath();
    final String expectedName = "helloworld.doesnotmatter";
    RepositoryFile parentFolder = repo.getFile(parentFolderPath);
    assertNotNull(parentFolder);
    final String expectedPath = parentFolderPath + RepositoryFile.SEPARATOR + expectedName;
    NodeRepositoryFileData data = new NodeRepositoryFileData(node);
    RepositoryFile newFile = repo.createFile(parentFolder.getId(), new RepositoryFile.Builder(expectedName).build(), data, null);
    assertNotNull(newFile.getId());
    // now check that the ref is missing
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile foundFile = repo.getFile(expectedPath);
    assertNotNull(foundFile);
    DataNode foundNode = repo.getDataForRead(newFile.getId(), NodeRepositoryFileData.class).getNode();
    DataProperty d = foundNode.getProperty("urei2");
    assertNotNull(d);
    assertTrue(d.getType() == DataPropertyType.REF);
    assertTrue(d.getRef().getId() == DataNodeRef.REF_MISSING);
    // now change permissions back so she can get access to the node, confirm things are back to normal
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    newAcl = new RepositoryFileAcl.Builder(acl).entriesInheriting(true).clearAces().build();
    repo.updateAcl(newAcl);
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    foundFile = repo.getFile(expectedPath);
    assertNotNull(foundFile);
    foundNode = repo.getDataForRead(newFile.getId(), NodeRepositoryFileData.class).getNode();
    d = foundNode.getProperty("urei2");
    assertNotNull(d);
    assertTrue(d.getType() == DataPropertyType.REF);
    assertTrue(d.getRef().getId().equals(sampleFile.getId()));
}

Example 60 with RepositoryFileAcl

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.

the class JcrAclNodeHelperIT method ensureFolderExists.

private RepositoryFile ensureFolderExists(String folderName) {
    loginAsRepositoryAdmin();
    try {
        RepositoryFile folder = repo.getFile(folderName);
        if (folder == null) {
            folder = repo.createFolder(repo.getFile("/").getId(), new RepositoryFile.Builder(folderName).folder(true).build(), "");
        }
        RepositoryFileAcl acl = repo.getAcl(folder.getId());
        RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder(acl).entriesInheriting(true).ace(AUTHENTICATED_ROLE_NAME, RepositoryFileSid.Type.ROLE, EnumSet.of(RepositoryFilePermission.ALL)).build();
        repo.updateAcl(newAcl);
        return folder;
    } finally {
        logout();
    }
}