Example 21 with RepositoryFileSid
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testUpdateAcl.
@Test
public void testUpdateAcl() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
defaultBackingRepositoryLifecycleManager.newTenant();
login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
newFolder = repo.createFolder(parentFolder.getId(), newFolder, null);
RepositoryFileAcl acl = repo.getAcl(newFolder.getId());
RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acl);
RepositoryFileSid tiffanySid = new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY));
newAclBuilder.owner(tiffanySid);
repo.updateAcl(newAclBuilder.build());
RepositoryFileAcl fetchedAcl = repo.getAcl(newFolder.getId());
assertEquals(new RepositoryFileSid(USERNAME_TIFFANY), fetchedAcl.getOwner());
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
ITenant(org.pentaho.platform.api.mt.ITenant)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Test(org.junit.Test)
Example 22 with RepositoryFileSid
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-kettle by pentaho.
the class UIEERepositoryDirectoryIT method createUserHomeFolder.
private void createUserHomeFolder(final ITenant theTenant, final String theUsername) {
IPentahoSession origPentahoSession = PentahoSessionHolder.getSession();
Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
StandaloneSession pentahoSession = new StandaloneSession(repositoryAdminUsername);
pentahoSession.setAuthenticated(null, repositoryAdminUsername);
PentahoSessionHolder.setSession(pentahoSession);
try {
txnTemplate.execute(new TransactionCallbackWithoutResult() {
public void doInTransactionWithoutResult(final TransactionStatus status) {
Builder aclsForUserHomeFolder = null;
Builder aclsForTenantHomeFolder = null;
ITenant tenant = null;
String username = null;
if (theTenant == null) {
tenant = getTenant(username, true);
username = getPrincipalName(theUsername, true);
} else {
tenant = theTenant;
username = theUsername;
}
if (tenant == null || tenant.getId() == null) {
tenant = getCurrentTenant();
}
if (tenant == null || tenant.getId() == null) {
tenant = JcrTenantUtils.getDefaultTenant();
}
RepositoryFile userHomeFolder = null;
String userId = userNameUtils.getPrincipleId(theTenant, username);
final RepositoryFileSid userSid = new RepositoryFileSid(userId);
RepositoryFile tenantHomeFolder = null;
RepositoryFile tenantRootFolder = null;
// Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
tenantRootFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantRootFolderPath(theTenant));
if (tenantRootFolder != null) {
// Try to see if Tenant Home folder exist
tenantHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantHomeFolderPath(theTenant));
if (tenantHomeFolder == null) {
String ownerId = userNameUtils.getPrincipleId(theTenant, username);
RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
String tenantAuthenticatedRoleId = roleNameUtils.getPrincipleId(theTenant, tenantAuthenticatedRoleName);
RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
tenantHomeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).build(), aclsForTenantHomeFolder.build(), "tenant home folder");
} else {
String ownerId = userNameUtils.getPrincipleId(theTenant, username);
RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
}
// now check if user's home folder exist
userHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username));
if (userHomeFolder == null) {
userHomeFolder = repositoryFileDao.createFolder(tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
"user home folder");
}
}
}
});
} finally {
// Switch our identity back to the original user.
PentahoSessionHolder.setSession(origPentahoSession);
SecurityContextHolder.getContext().setAuthentication(origAuthentication);
}
}
Also used :
StandaloneSession(org.pentaho.platform.engine.core.system.StandaloneSession)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)
TransactionStatus(org.springframework.transaction.TransactionStatus)
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
ITenant(org.pentaho.platform.api.mt.ITenant)
Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)
Authentication(org.springframework.security.core.Authentication)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
TransactionCallbackWithoutResult(org.springframework.transaction.support.TransactionCallbackWithoutResult)
Example 23 with RepositoryFileSid
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-kettle by pentaho.
the class PurRepositoryTestingUtils method createUserHomeDirCallback.
/**
* Creates a callback for setting up {@code username}'s home folder. In the folder exists, noting is done. If
* {@code tenant}'s home folder does not exist nothing is done.
*
* @param tenant
* tenant
* @param username
* user name
* @param principleId
* user principle's id
* @param authenticatedRoleId
* user authenticated role's id
* @param fileDao
* file dao
* @return callback for performing the action
*/
static TransactionCallbackWithoutResult createUserHomeDirCallback(final ITenant tenant, final String username, final String principleId, final String authenticatedRoleId, final IRepositoryFileDao fileDao) {
return new TransactionCallbackWithoutResult() {
public void doInTransactionWithoutResult(final TransactionStatus status) {
String tenantRootFolderPath = ServerRepositoryPaths.getTenantRootFolderPath(tenant);
RepositoryFile tenantRootFolder = fileDao.getFileByAbsolutePath(tenantRootFolderPath);
if (tenantRootFolder == null) {
return;
}
String userHomeFolderPath = ServerRepositoryPaths.getUserHomeFolderPath(tenant, username);
RepositoryFile userHomeFolder = fileDao.getFileByAbsolutePath(userHomeFolderPath);
if (userHomeFolder != null) {
return;
}
RepositoryFileSid userSid = new RepositoryFileSid(principleId);
String tenantHomeFolderPath = ServerRepositoryPaths.getTenantHomeFolderPath(tenant);
RepositoryFile tenantHomeFolder = fileDao.getFileByAbsolutePath(tenantHomeFolderPath);
RepositoryFileAcl.Builder aclsForUserHomeFolder;
if (tenantHomeFolder == null) {
RepositoryFileSid ownerSid = new RepositoryFileSid(principleId, RepositoryFileSid.Type.USER);
RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(authenticatedRoleId, RepositoryFileSid.Type.ROLE);
RepositoryFileAcl.Builder aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
tenantHomeFolder = fileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).build(), aclsForTenantHomeFolder.build(), "tenant home folder");
} else {
RepositoryFileSid ownerSid = new RepositoryFileSid(principleId, RepositoryFileSid.Type.USER);
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
}
fileDao.createFolder(tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), "user home folder");
}
};
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
TransactionStatus(org.springframework.transaction.TransactionStatus)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
TransactionCallbackWithoutResult(org.springframework.transaction.support.TransactionCallbackWithoutResult)
Example 24 with RepositoryFileSid
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-kettle by pentaho.
the class UnifiedRepositoryConnectionAclService method setAcl.
@Override
public void setAcl(ObjectId fileId, ObjectAcl objectAcl) throws KettleException {
try {
RepositoryFileAcl acl = pur.getAcl(fileId.getId());
RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acl).entriesInheriting(objectAcl.isEntriesInheriting()).clearAces();
if (!objectAcl.isEntriesInheriting()) {
List<ObjectAce> aces = objectAcl.getAces();
for (ObjectAce objectAce : aces) {
EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions();
EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
ObjectRecipient recipient = objectAce.getRecipient();
RepositoryFileSid sid;
if (recipient.getType().equals(Type.ROLE)) {
sid = new RepositoryFileSid(recipient.getName(), RepositoryFileSid.Type.ROLE);
} else {
sid = new RepositoryFileSid(recipient.getName());
}
if (permissions != null) {
permissionSet.addAll(permissions);
}
newAclBuilder.ace(sid, permissionSet);
}
}
pur.updateAcl(newAclBuilder.build());
} catch (Exception drfe) {
// The user does not have rights to view or set the acl information.
throw new KettleException(drfe);
}
}
Also used :
KettleException(org.pentaho.di.core.exception.KettleException)
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
ObjectRecipient(org.pentaho.di.repository.ObjectRecipient)
RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce)
RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
KettleException(org.pentaho.di.core.exception.KettleException)
Example 25 with RepositoryFileSid
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-kettle by pentaho.
the class UnifiedRepositoryConnectionAclService method getAcl.
@Override
public ObjectAcl getAcl(ObjectId fileId, boolean forceParentInheriting) throws KettleException {
RepositoryFileAcl acl = null;
try {
acl = pur.getAcl(fileId.getId());
} catch (Exception drfe) {
// The user does not have rights to view the acl information.
throw new KettleException(drfe);
}
RepositoryFileSid sid = acl.getOwner();
ObjectRecipient owner = new RepositoryObjectRecipient(sid.getName());
if (sid.getType().equals(RepositoryFileSid.Type.USER)) {
owner.setType(Type.USER);
} else {
owner.setType(Type.ROLE);
}
ObjectAcl objectAcl = new RepositoryObjectAcl(owner);
List<RepositoryFileAce> aces;
if (forceParentInheriting) {
objectAcl.setEntriesInheriting(true);
aces = pur.getEffectiveAces(acl.getId(), true);
} else {
objectAcl.setEntriesInheriting(acl.isEntriesInheriting());
aces = (acl.isEntriesInheriting()) ? pur.getEffectiveAces(acl.getId()) : acl.getAces();
}
List<ObjectAce> objectAces = new ArrayList<ObjectAce>();
for (RepositoryFileAce ace : aces) {
EnumSet<RepositoryFilePermission> permissions = ace.getPermissions();
EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
RepositoryFileSid aceSid = ace.getSid();
ObjectRecipient recipient = new RepositoryObjectRecipient(aceSid.getName());
if (aceSid.getType().equals(RepositoryFileSid.Type.USER)) {
recipient.setType(Type.USER);
} else {
recipient.setType(Type.ROLE);
}
permissionSet.addAll(permissions);
objectAces.add(new RepositoryObjectAce(recipient, permissionSet));
}
objectAcl.setAces(objectAces);
return objectAcl;
}
Also used :
KettleException(org.pentaho.di.core.exception.KettleException)
RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl)
ObjectAcl(org.pentaho.di.repository.pur.model.ObjectAcl)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
ObjectRecipient(org.pentaho.di.repository.ObjectRecipient)
RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)
ArrayList(java.util.ArrayList)
ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce)
RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce)
RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce)
KettleException(org.pentaho.di.core.exception.KettleException)
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl)
RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Aggregations
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)37
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)30
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)25
ITenant (org.pentaho.platform.api.mt.ITenant)15
Test (org.junit.Test)12
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)10
Builder (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)7
Matchers.anyString (org.mockito.Matchers.anyString)5
ArrayList (java.util.ArrayList)4
UnifiedRepositoryException (org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)4
Serializable (java.io.Serializable)3
Node (javax.jcr.Node)3
RepositoryException (javax.jcr.RepositoryException)3
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)3
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)3
StandaloneSession (org.pentaho.platform.engine.core.system.StandaloneSession)3
SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)3
Authentication (org.springframework.security.core.Authentication)3
TransactionStatus (org.springframework.transaction.TransactionStatus)3
TransactionCallbackWithoutResult (org.springframework.transaction.support.TransactionCallbackWithoutResult)3
