Example 6 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class OlapServiceImplTest method testRemoveOlap4jCatalogsWithoutPermission.
/**
* Validates getting a list of remote catalogs.
*/
@Test
public void testRemoveOlap4jCatalogsWithoutPermission() throws Exception {
stubGetChildren(repository, olapFolderPath, "myServer");
// Stub /etc/olap-servers/myServer
final String testServerPath = olapFolderPath + RepositoryFile.SEPARATOR + "myServer";
stubGetFolder(repository, testServerPath);
stubGetChildren(repository, testServerPath, "metadata");
// Stub /etc/olap-servers/myServer/metadata
final String metadataPath = testServerPath + RepositoryFile.SEPARATOR + "metadata";
stubGetFile(repository, metadataPath);
stubGetData(repository, metadataPath + RepositoryFile.SEPARATOR + "myServer", "server", pathPropertyPair("/server/name", "myServer"), pathPropertyPair("/server/user", "myUser"), pathPropertyPair("/server/password", "myPassword"), pathPropertyPair("/server/URL", "myUrl"), pathPropertyPair("/server/className", "someClass"));
// Get a list of catalogs.
final List<String> catalogs = olapService.getCatalogNames(session);
assertEquals(1, catalogs.size());
assertEquals("myServer", catalogs.get(0));
verify(repository).getChildren(eq(makeIdObject(olapFolderPath)));
// Stub the security
accessMock = new DefaultAccessImpl() {
public boolean hasAccess(String path, EnumSet<RepositoryFilePermission> perms, IPentahoSession session) {
if (perms.contains(RepositoryFilePermission.DELETE) && path.equals("myServer")) {
return false;
}
return true;
}
};
// Try to delete it. We expect it to fail.
try {
olapService.removeCatalog("myServer", session);
fail();
} catch (IOlapServiceException e) {
assertEquals(IOlapServiceException.Reason.ACCESS_DENIED, e.getReason());
assertTrue(e.getMessage().contains("OlapServiceImpl.ERROR_0003"));
}
// Make sure we didn't invoke the delete method.
verify(repository, never()).deleteFile((RepositoryFile) anyObject(), anyString());
}
Also used :
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
IOlapServiceException(org.pentaho.platform.plugin.action.olap.IOlapServiceException)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 7 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class ExportManifestTest method createMockAce.
private RepositoryFileAce createMockAce(String recipientName, String recipientType, RepositoryFilePermission first, RepositoryFilePermission... rest) {
RepositoryFileSid.Type type = RepositoryFileSid.Type.valueOf(recipientType);
RepositoryFileSid recipient = new RepositoryFileSid(recipientName, type);
return new RepositoryFileAce(recipient, EnumSet.of(first, rest));
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
Example 8 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclDao method addAce.
public void addAce(final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) {
if (isKioskEnabled()) {
// $NON-NLS-1$
throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
}
Assert.notNull(id);
Assert.notNull(recipient);
Assert.notNull(permission);
RepositoryFileAcl acl = getAcl(id);
Assert.notNull(acl);
// TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE
RepositoryFileSid newRecipient = recipient;
if (recipient.getType().equals(Type.USER)) {
if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) {
newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType());
}
} else {
if (JcrTenantUtils.getRoleNameUtils().getTenant(recipient.getName()) == null) {
newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedRole(recipient.getName()), recipient.getType());
}
}
RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build();
updateAcl(updatedAcl);
// $NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
logger.debug("added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission);
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 9 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclDao method internalUpdateAcl.
protected RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
if (isKioskEnabled()) {
// $NON-NLS-1$
throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
}
DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
Node node = session.getNodeByIdentifier(fileId.toString());
if (node == null) {
throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
fileId.toString()));
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
// clear all entries
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
for (int i = 0; i < acEntries.length; i++) {
acList.removeAccessControlEntry(acEntries[i]);
}
JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
// add entries to now empty list but only if not inheriting; force user to start with clean slate
boolean adminPrincipalExist = false;
ITenant principalTenant = null;
if (!acl.isEntriesInheriting()) {
for (RepositoryFileAce ace : acl.getAces()) {
Principal principal = null;
if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName());
if (tenantAdminAuthorityName.equals(principalName)) {
adminPrincipalExist = true;
}
principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
} else {
principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
}
acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
}
if (!adminPrincipalExist) {
if (acl.getAces() != null && acl.getAces().size() > 0) {
principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName());
}
if (principalTenant == null || principalTenant.getId() == null) {
principalTenant = JcrTenantUtils.getTenant();
}
List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>();
permissionList.add(RepositoryFilePermission.ALL);
Principal adminPrincipal = new SpringSecurityRolePrincipal(JcrTenantUtils.getRoleNameUtils().getPrincipleId(principalTenant, tenantAdminAuthorityName));
acList.addAccessControlEntry(adminPrincipal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, EnumSet.copyOf(permissionList)));
}
}
acMgr.setPolicy(absPath, acList);
session.save();
return getAcl(fileId);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
Node(javax.jcr.Node)
AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)
ArrayList(java.util.ArrayList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
ITenant(org.pentaho.platform.api.mt.ITenant)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)
Principal(java.security.Principal)
SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)
Example 10 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclUtils method addAce.
public static void addAce(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) throws RepositoryException {
RepositoryFileSid newRecipient = recipient;
if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) {
newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType());
}
RepositoryFileAcl acl = getAcl(session, pentahoJcrConstants, id);
RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build();
updateAcl(session, updatedAcl);
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Aggregations
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)13
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)8
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)8
ArrayList (java.util.ArrayList)7
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)6
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)4
HashSet (java.util.HashSet)2
RepositoryException (javax.jcr.RepositoryException)2
Privilege (javax.jcr.security.Privilege)2
Test (org.junit.Test)2
Matchers.anyString (org.mockito.Matchers.anyString)2
KettleException (org.pentaho.di.core.exception.KettleException)2
ObjectRecipient (org.pentaho.di.repository.ObjectRecipient)2
ObjectAce (org.pentaho.di.repository.pur.model.ObjectAce)2
RepositoryObjectAce (org.pentaho.di.repository.pur.model.RepositoryObjectAce)2
RepositoryObjectRecipient (org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)2
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)2
IPentahoJCRPrivilege (org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)2
IOlapServiceException (org.pentaho.platform.plugin.action.olap.IOlapServiceException)2
EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2
