Example 16 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class OlapServiceImplTest method testGetOlap4jCatalogsWithoutAccess.
/**
* Validates getting a list of remote catalogs if we don't have access to them.
*/
@Test
public void testGetOlap4jCatalogsWithoutAccess() throws Exception {
stubGetChildren(repository, olapFolderPath, "myServer");
// Stub /etc/olap-servers/myServer
final String testServerPath = olapFolderPath + RepositoryFile.SEPARATOR + "myServer";
stubGetFolder(repository, testServerPath);
stubGetChildren(repository, testServerPath, "metadata");
// Stub /etc/olap-servers/myServer/metadata
final String metadataPath = testServerPath + RepositoryFile.SEPARATOR + "metadata";
stubGetFile(repository, metadataPath);
stubGetData(repository, metadataPath + RepositoryFile.SEPARATOR + "myServer", "server", pathPropertyPair("/server/name", "myServer"), pathPropertyPair("/server/user", "myUser"), pathPropertyPair("/server/password", "myPassword"), pathPropertyPair("/server/URL", "myUrl"), pathPropertyPair("/server/className", "someClass"));
// Stub the security
accessMock = new DefaultAccessImpl() {
public boolean hasAccess(String path, EnumSet<RepositoryFilePermission> perms, IPentahoSession session) {
if (!perms.contains(RepositoryFilePermission.READ)) {
fail();
}
return false;
}
};
// Get a list of catalogs.
final List<String> catalogs = olapService.getCatalogNames(session);
assertEquals(0, catalogs.size());
verify(repository).getChildren(eq(makeIdObject(olapFolderPath)));
// Now try obtaining it anyways.
try {
olapService.getConnection("myServer", session);
fail();
} catch (IOlapServiceException e) {
assertEquals(IOlapServiceException.Reason.ACCESS_DENIED, e.getReason());
assertTrue(e.getMessage().contains("OlapServiceImpl.ERROR_0003"));
}
}
Also used :
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
IOlapServiceException(org.pentaho.platform.plugin.action.olap.IOlapServiceException)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 17 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method assertLocalAceExists.
private void assertLocalAceExists(final RepositoryFile file, final RepositoryFileSid sid, final EnumSet<RepositoryFilePermission> permissions) {
RepositoryFileAcl acl = repo.getAcl(file.getId());
List<RepositoryFileAce> aces = acl.getAces();
for (RepositoryFileAce ace : aces) {
if (sid.equals(ace.getSid()) && permissions.equals(ace.getPermissions())) {
return;
}
}
fail();
}
Also used :
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 18 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class JcrAclNodeHelper method canAccess.
@Override
public boolean canAccess(final RepositoryFile repositoryFile, final EnumSet<RepositoryFilePermission> permissions) {
if (repositoryFile == null) {
return false;
}
// Obtain a reference to ACL node as "system", guaranteed access
final RepositoryFile aclNode = getAclNode(repositoryFile);
// Removed redundant call to getAclNode via BISERVER-12780
if (aclNode == null) {
return true;
}
boolean notFound;
try {
// Check to see if user has READ access to file, this will return null if not.
notFound = (unifiedRepository.getFileById(aclNode.getId()) == null);
} catch (Exception e) {
if (logger.isWarnEnabled()) {
logger.warn("Error checking access for file", e);
}
notFound = true;
}
if (notFound) {
return false;
}
// if read passed, check the other permissions
return unifiedRepository.hasAccess(aclNode.getPath(), permissions);
}
Also used :
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
Example 19 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class DefaultPermissionConversionHelper method privilegesToPentahoPermissions.
public EnumSet<RepositoryFilePermission> privilegesToPentahoPermissions(final Session session, final Privilege[] privileges) throws RepositoryException {
Assert.notNull(session);
Assert.notNull(privileges);
new PentahoJcrConstants(session);
EnumSet<RepositoryFilePermission> permissions = EnumSet.noneOf(RepositoryFilePermission.class);
Privilege[] expandedPrivileges = JcrRepositoryFileAclUtils.expandPrivileges(privileges, true);
for (Privilege privilege : expandedPrivileges) {
// this privilege name is of the format xyz:blah where xyz is the namespace prefix;
// convert it to match the Privilege.JCR_* string constants
String extendedPrivilegeName = privilege.getName();
String privilegeName = privilege.getName();
// $NON-NLS-1$
int colonIndex = privilegeName.indexOf(':');
if (colonIndex > -1) {
String namespaceUri = session.getNamespaceURI(privilegeName.substring(0, colonIndex));
// $NON-NLS-1$ //$NON-NLS-2$
extendedPrivilegeName = "{" + namespaceUri + "}" + privilegeName.substring(colonIndex + 1);
}
if (privilegeNameToPermissionEnumsMap.containsKey(extendedPrivilegeName)) {
Collection<RepositoryFilePermission> permEnums = privilegeNameToPermissionEnumsMap.get(extendedPrivilegeName);
for (RepositoryFilePermission perm : permEnums) {
permissions.add(perm);
}
} else {
logger.debug(// $NON-NLS-1$
"skipping privilege with name=" + extendedPrivilegeName + // $NON-NLS-1$
" as it doesn't have any corresponding permissions");
}
}
Assert.isTrue(!permissions.isEmpty(), "no permissions; see previous 'skipping privilege' messages");
return permissions;
}
Also used :
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
Privilege(javax.jcr.security.Privilege)
IPentahoJCRPrivilege(org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)
Example 20 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class ActionSequenceJCRHelper method getSolutionDocument.
public Document getSolutionDocument(final String documentPath, final RepositoryFilePermission actionOperation) {
RepositoryFile file = repository.getFile(documentPath);
Document document = null;
SimpleRepositoryFileData data = null;
if (file != null) {
data = repository.getDataForRead(file.getId(), SimpleRepositoryFileData.class);
if (data != null) {
try {
document = XmlDom4JHelper.getDocFromStream(data.getStream());
} catch (Throwable t) {
logger.error(Messages.getInstance().getErrorString("ActionSequenceJCRHelper.ERROR_0017_INVALID_XML_DOCUMENT", documentPath), // $NON-NLS-1$
t);
return null;
}
} else {
logger.error(Messages.getInstance().getErrorString("ActionSequenceJCRHelper.ERROR_0019_NO_DATA_IN_FILE", // $NON-NLS-1$
file.getName()));
return null;
}
if ((document == null) && (file != null) && (data != null)) {
// the document exists but cannot be parsed
logger.error(Messages.getInstance().getErrorString("ActionSequenceJCRHelper.ERROR_0009_INVALID_DOCUMENT", // $NON-NLS-1$
documentPath));
return null;
}
localizeDoc(document, file);
}
return document;
}
Also used :
SimpleRepositoryFileData(org.pentaho.platform.api.repository2.unified.data.simple.SimpleRepositoryFileData)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
Document(org.dom4j.Document)
Aggregations
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)13
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)8
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)8
ArrayList (java.util.ArrayList)7
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)6
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)4
HashSet (java.util.HashSet)2
RepositoryException (javax.jcr.RepositoryException)2
Privilege (javax.jcr.security.Privilege)2
Test (org.junit.Test)2
Matchers.anyString (org.mockito.Matchers.anyString)2
KettleException (org.pentaho.di.core.exception.KettleException)2
ObjectRecipient (org.pentaho.di.repository.ObjectRecipient)2
ObjectAce (org.pentaho.di.repository.pur.model.ObjectAce)2
RepositoryObjectAce (org.pentaho.di.repository.pur.model.RepositoryObjectAce)2
RepositoryObjectRecipient (org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)2
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)2
IPentahoJCRPrivilege (org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)2
IOlapServiceException (org.pentaho.platform.plugin.action.olap.IOlapServiceException)2
EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2
