use of org.structr.core.entity.Principal in project structr by structr.
the class AccessControlTest method test06GrantReadPermission.
@Test
public void test06GrantReadPermission() {
// remove auto-generated resource access objects
clearResourceAccess();
try {
List<Principal> users = createTestNodes(Principal.class, 2);
Principal user1 = (Principal) users.get(0);
Principal user2 = (Principal) users.get(1);
Result result = null;
// Let user 1 create a node
Class type = TestOne.class;
final TestOne t1 = createTestNode(TestOne.class, user1);
try (final Tx tx = app.tx()) {
// Grant read permission to user 2
t1.grant(Permission.read, user2);
tx.success();
}
// Let user 2 search
SecurityContext user2Context = SecurityContext.getInstance(user2, AccessMode.Backend);
try (final Tx tx = app.tx()) {
result = StructrApp.getInstance(user2Context).nodeQuery(type).getResult();
assertEquals(1, result.size());
assertEquals(t1.getUuid(), result.get(0).getUuid());
}
try (final Tx tx = app.tx()) {
// Revoke permission again
t1.revoke(Permission.read, user2);
tx.success();
}
try (final Tx tx = app.tx()) {
result = StructrApp.getInstance(user2Context).nodeQuery(type).getResult();
assertTrue(result.isEmpty());
}
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class BasicTest method testRelationshipsOnNodeCreation.
@Test
public void testRelationshipsOnNodeCreation() {
Principal user = null;
TestOne test = null;
// create user
try (final Tx tx = app.tx()) {
user = app.create(Principal.class, "tester");
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
final SecurityContext ctx = SecurityContext.getInstance(user, AccessMode.Backend);
final App app = StructrApp.getInstance(ctx);
// create object with user context
try (final Tx tx = app.tx()) {
test = app.create(TestOne.class);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
// query for relationships
try (final Tx tx = app.tx()) {
final List<? extends RelationshipInterface> rels1 = app.relationshipQuery().and(AbstractRelationship.sourceId, user.getUuid()).getAsList();
final List<Class> classes1 = rels1.stream().map(r -> r.getClass()).collect(Collectors.toList());
assertEquals("Invalid number of relationships after object creation", 2, rels1.size());
assertTrue("Invalid relationship type after object creation", classes1.contains(Security.class));
assertTrue("Invalid relationship type after object creation", classes1.contains(PrincipalOwnsNode.class));
final List<? extends RelationshipInterface> rels2 = app.relationshipQuery().and(AbstractRelationship.targetId, test.getUuid()).getAsList();
final List<Class> classes2 = rels2.stream().map(r -> r.getClass()).collect(Collectors.toList());
assertEquals("Invalid number of relationships after object creation", 2, rels2.size());
assertTrue("Invalid relationship type after object creation", classes2.contains(Security.class));
assertTrue("Invalid relationship type after object creation", classes2.contains(PrincipalOwnsNode.class));
final List<? extends RelationshipInterface> rels3 = Iterables.toList(test.getIncomingRelationships());
final List<Class> classes3 = rels3.stream().map(r -> r.getClass()).collect(Collectors.toList());
assertEquals("Invalid number of relationships after object creation", 2, rels3.size());
assertTrue("Invalid relationship type after object creation", classes3.contains(Security.class));
assertTrue("Invalid relationship type after object creation", classes3.contains(PrincipalOwnsNode.class));
final Security sec = app.relationshipQuery(Security.class).getFirst();
assertNotNull("Relationship caching on node creation is broken", sec);
final PrincipalOwnsNode owns = app.relationshipQuery(PrincipalOwnsNode.class).getFirst();
assertNotNull("Relationship caching on node creation is broken", owns);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class CustomPermissionQueriesTest method test02SimplePermissionResolutionWrite.
@Test
public void test02SimplePermissionResolutionWrite() {
final Class<Principal> principalType = StructrApp.getConfiguration().getNodeEntityClass("Principal");
Principal user1 = null;
Class type1 = null;
try (final Tx tx = app.tx()) {
// create a test user
user1 = app.create(principalType, "user1");
final SchemaNode t1 = app.create(SchemaNode.class, "Type1");
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
Assert.assertNotNull("User should have been created", user1);
try (final Tx tx = app.tx()) {
type1 = StructrApp.getConfiguration().getNodeEntityClass("Type1");
Assert.assertNotNull("Node type Type1 should exist.", type1);
final NodeInterface instance1 = app.create(type1, "instance1OfType1");
Assert.assertNotNull("Instance of type Type1 should exist", instance1);
// make instance1 visible to user1
instance1.grant(Permission.read, user1);
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
// check access for user1 on instance1
final App userApp = StructrApp.getInstance(SecurityContext.getInstance(user1, AccessMode.Backend));
try (final Tx tx = userApp.tx()) {
userApp.nodeQuery(type1).getFirst().setProperty(GraphObject.visibleToPublicUsers, true);
tx.success();
} catch (FrameworkException fex) {
Assert.assertEquals("User1 should NOT be able to modify instance of type Type1", 403, fex.getStatus());
}
// set custom permission query on user
try (final Tx tx = userApp.tx()) {
// query returns always true if user exists
user1.setProperty(StructrApp.key(Principal.class, "customPermissionQueryWrite"), "MATCH (p:Principal {id: {principalUuid}}) RETURN p IS NOT NULL");
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
// check access for user1 on instance1
try (final Tx tx = userApp.tx()) {
userApp.nodeQuery(type1).getFirst().setProperty(GraphObject.visibleToPublicUsers, true);
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
// set custom permission query on user
try (final Tx tx = userApp.tx()) {
// query returns always false if user exists
user1.setProperty(StructrApp.key(Principal.class, "customPermissionQueryRead"), "MATCH (p:Principal {id: {principalUuid}}) RETURN p IS NULL");
tx.success();
} catch (FrameworkException fex) {
fex.printStackTrace();
fail("Unexpected exception");
}
// check access for user1 on instance1
try (final Tx tx = userApp.tx()) {
userApp.nodeQuery(type1).getFirst().setProperty(GraphObject.visibleToPublicUsers, true);
tx.success();
} catch (FrameworkException fex) {
Assert.assertEquals("User1 should NOT be able to modify instance of type Type1", 403, fex.getStatus());
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class RestAuthenticator method doLogout.
@Override
public void doLogout(final HttpServletRequest request) {
try {
final Principal user = getUser(request, false);
if (user != null) {
AuthHelper.doLogout(request, user);
}
final HttpSession session = request.getSession(false);
if (session != null) {
SessionHelper.invalidateSession(session);
}
} catch (IllegalStateException | FrameworkException ex) {
logger.warn("Error while logging out user", ex);
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class RestAuthenticator method checkResourceAccess.
@Override
public void checkResourceAccess(final SecurityContext securityContext, final HttpServletRequest request, final String rawResourceSignature, final String propertyView) throws FrameworkException {
final ResourceAccess resourceAccess = ResourceAccess.findGrant(securityContext, rawResourceSignature);
final Method method = methods.get(request.getMethod());
final Principal user = getUser(request, true);
final boolean validUser = (user != null);
// super user is always authenticated
if (validUser && (user instanceof SuperUser || user.isAdmin())) {
return;
}
// no grants => no access rights
if (resourceAccess == null) {
logger.info("No resource access grant found for signature {}.", rawResourceSignature);
throw new UnauthorizedException("Forbidden");
} else {
switch(method) {
case GET:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
return;
}
break;
case PUT:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
return;
}
break;
case POST:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
return;
}
break;
case DELETE:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
return;
}
break;
case OPTIONS:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
return;
}
break;
case HEAD:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
return;
}
break;
}
}
logger.info("Resource access grant found for signature {}, but method {} not allowed for {}.", new Object[] { rawResourceSignature, method, validUser ? "authenticated users" : "public users" });
throw new UnauthorizedException("Forbidden");
}
Aggregations