Search in sources :

Example 71 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class PermissionResolutionTest method test01SimplePermissionResolution.

@Test
public void test01SimplePermissionResolution() {
    SchemaRelationshipNode rel = null;
    PropertyKey key = null;
    Principal user1 = null;
    Class type1 = null;
    Class type2 = null;
    try (final Tx tx = app.tx()) {
        // create a test user
        user1 = app.create(Principal.class, "user1");
        // create schema setup with permission propagation
        final SchemaNode t1 = app.create(SchemaNode.class, "Type1");
        final SchemaNode t2 = app.create(SchemaNode.class, "Type2");
        rel = app.create(SchemaRelationshipNode.class, new NodeAttribute<>(SchemaRelationshipNode.sourceNode, t1), new NodeAttribute<>(SchemaRelationshipNode.targetNode, t2), new NodeAttribute<>(SchemaRelationshipNode.relationshipType, "RELATED"), new NodeAttribute<>(SchemaRelationshipNode.sourceMultiplicity, "1"), new NodeAttribute<>(SchemaRelationshipNode.targetMultiplicity, "1"), new NodeAttribute<>(SchemaRelationshipNode.sourceJsonName, "source"), new NodeAttribute<>(SchemaRelationshipNode.targetJsonName, "target"));
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    Assert.assertNotNull("User should have been created", user1);
    // expect object of type 2 to be visible as well
    try (final Tx tx = app.tx()) {
        type1 = StructrApp.getConfiguration().getNodeEntityClass("Type1");
        type2 = StructrApp.getConfiguration().getNodeEntityClass("Type2");
        key = StructrApp.key(type1, "target");
        Assert.assertNotNull("Node type Type1 should exist.", type1);
        Assert.assertNotNull("Node type Type2 should exist.", type2);
        Assert.assertNotNull("Property key \"target\" should exist.", key);
        final NodeInterface instance1 = app.create(type1, "instance1OfType1");
        final NodeInterface instance2 = app.create(type2, "instance1OfType2");
        Assert.assertNotNull("Instance of type Type1 should exist", instance1);
        Assert.assertNotNull("Instance of type Type2 should exist", instance2);
        instance1.setProperty(key, instance2);
        // make instance1 visible to user1
        instance1.grant(Permission.read, user1);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    final App userApp = StructrApp.getInstance(SecurityContext.getInstance(user1, AccessMode.Backend));
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        Assert.assertNull("User1 should NOT be able to find instance of type Type2", userApp.nodeQuery(type2).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // because the resolution direction is wrong.
    try (final Tx tx = app.tx()) {
        rel.setProperty(SchemaRelationshipNode.permissionPropagation, Direction.In);
        rel.setProperty(SchemaRelationshipNode.readPropagation, Propagation.Add);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        Assert.assertNull("User1 should NOT be able to find instance of type Type2", userApp.nodeQuery(type2).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // because the resolution direction is correct
    try (final Tx tx = app.tx()) {
        rel.setProperty(SchemaRelationshipNode.permissionPropagation, Direction.Out);
        rel.setProperty(SchemaRelationshipNode.readPropagation, Propagation.Add);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        Assert.assertNotNull("User1 should be able to find instance of type Type2", userApp.nodeQuery(type2).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // because both resolution directions are enabled
    try (final Tx tx = app.tx()) {
        rel.setProperty(SchemaRelationshipNode.permissionPropagation, Direction.Both);
        rel.setProperty(SchemaRelationshipNode.readPropagation, Propagation.Add);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        Assert.assertNotNull("User1 should be able to find instance of type Type2", userApp.nodeQuery(type2).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // object invisible again.
    try (final Tx tx = app.tx()) {
        rel.setProperty(SchemaRelationshipNode.permissionPropagation, Direction.None);
        rel.setProperty(SchemaRelationshipNode.readPropagation, Propagation.Add);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        Assert.assertNull("User1 should NOT be able to find instance of type Type2", userApp.nodeQuery(type2).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) SchemaNode(org.structr.core.entity.SchemaNode) NodeAttribute(org.structr.core.graph.NodeAttribute) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) SchemaRelationshipNode(org.structr.core.entity.SchemaRelationshipNode) PropertyKey(org.structr.core.property.PropertyKey) Principal(org.structr.core.entity.Principal) NodeInterface(org.structr.core.graph.NodeInterface) Test(org.junit.Test)

Example 72 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class SearchAndSortingTest method test06PagingVisibility.

@Test
public void test06PagingVisibility() {
    Principal tester1 = null;
    Principal tester2 = null;
    try (final Tx tx = app.tx()) {
        // create non-admin user
        tester1 = app.create(Principal.class, "tester1");
        tester2 = app.create(Principal.class, "tester2");
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception");
    }
    try {
        final SecurityContext tester1Context = SecurityContext.getInstance(tester1, AccessMode.Backend);
        final SecurityContext tester2Context = SecurityContext.getInstance(tester2, AccessMode.Backend);
        final App tester1App = StructrApp.getInstance(tester1Context);
        final App tester2App = StructrApp.getInstance(tester2Context);
        final Class type = TestOne.class;
        final int number = 1000;
        final List<NodeInterface> allNodes = this.createTestNodes(type, number);
        final List<NodeInterface> tester1Nodes = new LinkedList<>();
        final List<NodeInterface> tester2Nodes = new LinkedList<>();
        final int offset = 0;
        try (final Tx tx = app.tx()) {
            int i = offset;
            for (NodeInterface node : allNodes) {
                // System.out.println("Node ID: " + node.getNodeId());
                String _name = "TestOne-" + StringUtils.leftPad(Integer.toString(i), 5, "0");
                final double rand = Math.random();
                if (rand < 0.3) {
                    node.setProperty(NodeInterface.owner, tester1);
                    tester1Nodes.add(node);
                } else if (rand < 0.6) {
                    node.setProperty(NodeInterface.owner, tester2);
                    tester2Nodes.add(node);
                }
                i++;
                node.setProperty(AbstractNode.name, _name);
            }
            tx.success();
        }
        final int tester1NodeCount = tester1Nodes.size();
        final int tester2NodeCount = tester2Nodes.size();
        try (final Tx tx = app.tx()) {
            final PropertyKey sortKey = AbstractNode.name;
            final boolean sortDesc = false;
            final int pageSize = 10;
            final int page = 22;
            final Result result = tester1App.nodeQuery(type).sort(sortKey).order(sortDesc).pageSize(pageSize).page(page).getResult();
            assertEquals("Invalid paging result count with non-superuser security context", tester1NodeCount, (int) result.getRawResultCount());
            tx.success();
        }
        try (final Tx tx = app.tx()) {
            final PropertyKey sortKey = AbstractNode.name;
            final boolean sortDesc = false;
            final int pageSize = 10;
            final int page = 22;
            final Result result = tester2App.nodeQuery(type).sort(sortKey).order(sortDesc).pageSize(pageSize).page(page).getResult();
            assertEquals("Invalid paging result count with non-superuser security context", tester2NodeCount, (int) result.getRawResultCount());
            tx.success();
        }
    } catch (FrameworkException ex) {
        logger.error(ex.toString());
        fail("Unexpected exception");
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) LinkedList(java.util.LinkedList) Result(org.structr.core.Result) TestOne(org.structr.core.entity.TestOne) Principal(org.structr.core.entity.Principal) NodeInterface(org.structr.core.graph.NodeInterface) PropertyKey(org.structr.core.property.PropertyKey) Test(org.junit.Test)

Example 73 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class SystemTest method testPasswordAndHashSecurity.

@Test
public void testPasswordAndHashSecurity() {
    final Class userType = StructrApp.getConfiguration().getNodeEntityClass("Principal");
    final PropertyKey<String> passwordKey = StructrApp.key(userType, "password");
    final PropertyKey<String> saltKey = StructrApp.key(userType, "salt");
    // actual test: test performance of node association on supernode
    try (final Tx tx = app.tx()) {
        app.create(Principal.class, new NodeAttribute<>(Principal.name, "tester"), new NodeAttribute<>(passwordKey, "password"));
        tx.success();
    } catch (FrameworkException fex) {
        fail("Unexpected exception");
    }
    // actual test: test performance of node association on supernode
    try (final Tx tx = app.tx()) {
        final Principal user = app.nodeQuery(Principal.class).getFirst();
        assertEquals("Password hash IS NOT SECURE!", Principal.HIDDEN, user.getProperty(passwordKey));
        assertEquals("Password salt IS NOT SECURE!", Principal.HIDDEN, user.getProperty(saltKey));
        tx.success();
    } catch (FrameworkException fex) {
        fail("Unexpected exception");
    }
}
Also used : Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Principal(org.structr.core.entity.Principal) Test(org.junit.Test)

Example 74 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class AccessControlTest method test01PublicAccessToNonPublicNode.

@Test
public void test01PublicAccessToNonPublicNode() {
    final Class principalType = StructrApp.getConfiguration().getNodeEntityClass("Principal");
    // remove auto-generated resource access objects
    clearResourceAccess();
    try {
        Principal user = (Principal) createTestNode(principalType);
        // Create node with user context
        Class type = TestOne.class;
        createTestNode(TestOne.class, user);
        SecurityContext publicContext = SecurityContext.getInstance(null, AccessMode.Frontend);
        try (final Tx tx = app.tx()) {
            Result result = StructrApp.getInstance(publicContext).nodeQuery(type).getResult();
            // Node should not be visible in public context (no user logged in)
            assertTrue(result.isEmpty());
        }
    } catch (FrameworkException ex) {
        logger.warn("", ex);
        fail("Unexpected exception");
    }
}
Also used : Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) TestOne(org.structr.core.entity.TestOne) Principal(org.structr.core.entity.Principal) Result(org.structr.core.Result) Test(org.junit.Test)

Example 75 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class AccessControlTest method test03PublicAccessToProtectedNode.

@Test
public void test03PublicAccessToProtectedNode() {
    // remove auto-generated resource access objects
    clearResourceAccess();
    try {
        List<Principal> users = createTestNodes(Principal.class, 1);
        Principal user = (Principal) users.get(0);
        PropertyMap props = new PropertyMap();
        props.put(AbstractNode.visibleToPublicUsers, true);
        // Create two nodes with user context, one of them is visible to public users
        Class type = TestOne.class;
        TestOne t1 = createTestNode(TestOne.class, props, user);
        props = new PropertyMap();
        props.put(AbstractNode.visibleToAuthenticatedUsers, true);
        TestOne t2 = createTestNode(TestOne.class, props, user);
        SecurityContext publicContext = SecurityContext.getInstance(null, AccessMode.Frontend);
        try (final Tx tx = app.tx()) {
            Result result = StructrApp.getInstance(publicContext).nodeQuery(type).getResult();
            assertEquals(1, result.size());
            assertEquals(t1.getUuid(), result.get(0).getUuid());
        }
    } catch (FrameworkException ex) {
        logger.warn("", ex);
        fail("Unexpected exception");
    }
}
Also used : PropertyMap(org.structr.core.property.PropertyMap) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) TestOne(org.structr.core.entity.TestOne) Principal(org.structr.core.entity.Principal) Result(org.structr.core.Result) Test(org.junit.Test)

Aggregations

Principal (org.structr.core.entity.Principal)112 FrameworkException (org.structr.common.error.FrameworkException)68 Tx (org.structr.core.graph.Tx)65 Test (org.junit.Test)41 App (org.structr.core.app.App)31 StructrApp (org.structr.core.app.StructrApp)31 TestOne (org.structr.core.entity.TestOne)16 Group (org.structr.core.entity.Group)14 NodeAttribute (org.structr.core.graph.NodeAttribute)13 PropertyMap (org.structr.core.property.PropertyMap)13 SecurityContext (org.structr.common.SecurityContext)10 LinkedList (java.util.LinkedList)9 Result (org.structr.core.Result)8 User (org.structr.web.entity.User)8 AbstractNode (org.structr.core.entity.AbstractNode)7 SuperUser (org.structr.core.entity.SuperUser)7 StructrUiTest (org.structr.web.StructrUiTest)7 Page (org.structr.web.entity.dom.Page)7 IOException (java.io.IOException)6 List (java.util.List)6