Example 6 with ResourceAccess
use of org.structr.core.entity.ResourceAccess in project structr by structr.
the class RestAuthenticator method checkResourceAccess.
@Override
public void checkResourceAccess(final SecurityContext securityContext, final HttpServletRequest request, final String rawResourceSignature, final String propertyView) throws FrameworkException {
final ResourceAccess resourceAccess = ResourceAccess.findGrant(securityContext, rawResourceSignature);
final Method method = methods.get(request.getMethod());
final Principal user = getUser(request, true);
final boolean validUser = (user != null);
// super user is always authenticated
if (validUser && (user instanceof SuperUser || user.isAdmin())) {
return;
}
// no grants => no access rights
if (resourceAccess == null) {
logger.info("No resource access grant found for signature {}.", rawResourceSignature);
throw new UnauthorizedException("Forbidden");
} else {
switch(method) {
case GET:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
return;
}
break;
case PUT:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
return;
}
break;
case POST:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
return;
}
break;
case DELETE:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
return;
}
break;
case OPTIONS:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
return;
}
break;
case HEAD:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
return;
}
break;
}
}
logger.info("Resource access grant found for signature {}, but method {} not allowed for {}.", new Object[] { rawResourceSignature, method, validUser ? "authenticated users" : "public users" });
throw new UnauthorizedException("Forbidden");
}
Also used :
ResourceAccess(org.structr.core.entity.ResourceAccess)
UnauthorizedException(org.structr.core.auth.exception.UnauthorizedException)
SuperUser(org.structr.core.entity.SuperUser)
Principal(org.structr.core.entity.Principal)
Example 7 with ResourceAccess
use of org.structr.core.entity.ResourceAccess in project structr by structr.
the class ResourceAccessTest method createResourceAccess.
/**
* Creates a new ResourceAccess entity with the given signature and
* flags in the database.
*
* @param signature the name of the new page, defaults to "page" if not
* set
* @param flags
*
* @return the new resource access node
* @throws FrameworkException
*/
public static ResourceAccess createResourceAccess(String signature, long flags) throws FrameworkException {
final PropertyMap properties = new PropertyMap();
final App app = StructrApp.getInstance();
properties.put(ResourceAccess.signature, signature);
properties.put(ResourceAccess.flags, flags);
try {
ResourceAccess access = app.create(ResourceAccess.class, properties);
return access;
} catch (Throwable t) {
logger.warn("", t);
}
return null;
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
ResourceAccess(org.structr.core.entity.ResourceAccess)
PropertyMap(org.structr.core.property.PropertyMap)
Example 8 with ResourceAccess
use of org.structr.core.entity.ResourceAccess in project structr by structr.
the class ResourceAccessTest method test02ResourceAccessPOST.
@Test
public void test02ResourceAccessPOST() {
// clear resource access objects that are created by the dynamic schema
clearResourceAccess();
ResourceAccess folderGrant = null;
try (final Tx tx = app.tx()) {
// no resource access node at all => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().post("/folders");
folderGrant = createResourceAccess("Folder", UiAuthenticator.FORBIDDEN);
// resource access explicetly set to FORBIDDEN => forbidden
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().post("/folders");
// allow POST for authenticated users => access without user/pass should be still forbidden
folderGrant.setFlag(UiAuthenticator.AUTH_USER_POST);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").expect().statusCode(401).when().post("/folders");
// allow POST for non-authenticated users => access without user/pass should be allowed
folderGrant.setProperties(folderGrant.getSecurityContext(), new PropertyMap(GraphObject.visibleToPublicUsers, true));
folderGrant.setFlag(UiAuthenticator.NON_AUTH_USER_POST);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
logger.error(fex.toString());
fail("Unexpected exception");
}
try (final Tx tx = app.tx()) {
RestAssured.given().contentType("application/json; charset=UTF-8").body("{'name':'Test01'}").expect().statusCode(201).when().post("/folders");
tx.success();
} catch (FrameworkException ex) {
logger.warn("", ex);
logger.error(ex.toString());
fail("Unexpected exception");
}
}
Also used :
ResourceAccess(org.structr.core.entity.ResourceAccess)
PropertyMap(org.structr.core.property.PropertyMap)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
Test(org.junit.Test)
StructrUiTest(org.structr.web.StructrUiTest)
Example 9 with ResourceAccess
use of org.structr.core.entity.ResourceAccess in project structr by structr.
the class SchemaHelper method createDynamicGrants.
public static List<DynamicResourceAccess> createDynamicGrants(final String signature) {
final List<DynamicResourceAccess> grants = new LinkedList<>();
final long initialFlagsValue = 0;
final App app = StructrApp.getInstance();
try {
ResourceAccess grant = app.nodeQuery(ResourceAccess.class).and(ResourceAccess.signature, signature).getFirst();
if (grant == null) {
// create new grant
grants.add(app.create(DynamicResourceAccess.class, new NodeAttribute(DynamicResourceAccess.signature, signature), new NodeAttribute(DynamicResourceAccess.flags, initialFlagsValue)));
logger.debug("New signature created: {}", new Object[] { (signature) });
}
final String schemaSig = schemaResourceSignature(signature);
ResourceAccess schemaGrant = app.nodeQuery(ResourceAccess.class).and(ResourceAccess.signature, schemaSig).getFirst();
if (schemaGrant == null) {
// create additional grant for the _schema resource
grants.add(app.create(DynamicResourceAccess.class, new NodeAttribute(DynamicResourceAccess.signature, schemaSig), new NodeAttribute(DynamicResourceAccess.flags, initialFlagsValue)));
logger.debug("New signature created: {}", new Object[] { schemaSig });
}
final String uiSig = uiViewResourceSignature(signature);
ResourceAccess uiViewGrant = app.nodeQuery(ResourceAccess.class).and(ResourceAccess.signature, uiSig).getFirst();
if (uiViewGrant == null) {
// create additional grant for the Ui view
grants.add(app.create(DynamicResourceAccess.class, new NodeAttribute(DynamicResourceAccess.signature, uiSig), new NodeAttribute(DynamicResourceAccess.flags, initialFlagsValue)));
logger.debug("New signature created: {}", new Object[] { uiSig });
}
} catch (Throwable t) {
logger.warn("", t);
}
return grants;
}
Also used :
DynamicResourceAccess(org.structr.core.entity.DynamicResourceAccess)
App(org.structr.core.app.App)
StructrApp(org.structr.core.app.StructrApp)
ResourceAccess(org.structr.core.entity.ResourceAccess)
DynamicResourceAccess(org.structr.core.entity.DynamicResourceAccess)
NodeAttribute(org.structr.core.graph.NodeAttribute)
LinkedList(java.util.LinkedList)
Example 10 with ResourceAccess
use of org.structr.core.entity.ResourceAccess in project structr by structr.
the class DeployCommand method exportResourceAccessGrants.
private void exportResourceAccessGrants(final Path target) throws FrameworkException {
logger.info("Exporting resource access grants");
final List<Map<String, Object>> grants = new LinkedList<>();
final App app = StructrApp.getInstance();
try (final Tx tx = app.tx()) {
for (final ResourceAccess res : app.nodeQuery(ResourceAccess.class).sort(ResourceAccess.signature).getAsList()) {
final Map<String, Object> grant = new TreeMap<>();
grants.add(grant);
grant.put("signature", res.getProperty(ResourceAccess.signature));
grant.put("flags", res.getProperty(ResourceAccess.flags));
}
tx.success();
}
try (final Writer fos = new OutputStreamWriter(new FileOutputStream(target.toFile()))) {
getGson().toJson(grants, fos);
} catch (IOException ioex) {
logger.warn("", ioex);
}
}
Also used :
App(org.structr.core.app.App)
StructrApp(org.structr.core.app.StructrApp)
ResourceAccess(org.structr.core.entity.ResourceAccess)
Tx(org.structr.core.graph.Tx)
IOException(java.io.IOException)
TreeMap(java.util.TreeMap)
LinkedList(java.util.LinkedList)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
Map(java.util.Map)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
PropertyMap(org.structr.core.property.PropertyMap)
TreeMap(java.util.TreeMap)
Writer(java.io.Writer)
OutputStreamWriter(java.io.OutputStreamWriter)
FileWriter(java.io.FileWriter)
Aggregations
ResourceAccess (org.structr.core.entity.ResourceAccess)10
PropertyMap (org.structr.core.property.PropertyMap)7
Tx (org.structr.core.graph.Tx)6
Test (org.junit.Test)5
FrameworkException (org.structr.common.error.FrameworkException)5
StructrUiTest (org.structr.web.StructrUiTest)4
App (org.structr.core.app.App)3
StructrApp (org.structr.core.app.StructrApp)3
Folder (org.structr.web.entity.Folder)3
IOException (java.io.IOException)2
LinkedList (java.util.LinkedList)2
UnauthorizedException (org.structr.core.auth.exception.UnauthorizedException)2
DynamicResourceAccess (org.structr.core.entity.DynamicResourceAccess)2
Principal (org.structr.core.entity.Principal)2
SuperUser (org.structr.core.entity.SuperUser)2
User (org.structr.web.entity.User)2
FileOutputStream (java.io.FileOutputStream)1
FileWriter (java.io.FileWriter)1
OutputStreamWriter (java.io.OutputStreamWriter)1
Writer (java.io.Writer)1
