Examples with Security org.structr.core.entity.Security used on opensource projects

Search in sources :

Example 1 with Security

use of org.structr.core.entity.Security in project structr by structr.

the class CreateNodeCommand method createNode.

// ----- private methods -----
private Node createNode(final DatabaseService graphDb, final Principal user, final Set<String> labels, final Map<String, Object> properties) throws FrameworkException {
    final Map<String, Object> parameters = new HashMap<>();
    final Map<String, Object> ownsProperties = new HashMap<>();
    final Map<String, Object> securityProperties = new HashMap<>();
    final StringBuilder buf = new StringBuilder();
    final String newUuid = (String) properties.get("id");
    final String tenantId = graphDb.getTenantIdentifier();
    if (user != null && user.shouldSkipSecurityRelationships() == false) {
        buf.append("MATCH (u:Principal) WHERE id(u) = {userId}");
        buf.append(" CREATE (u)-[o:OWNS {ownsProperties}]->(n");
        if (tenantId != null) {
            buf.append(":");
            buf.append(tenantId);
        }
        for (final String label : labels) {
            buf.append(":");
            buf.append(label);
        }
        buf.append(" {nodeProperties})<-[s:SECURITY {securityProperties}]-(u)");
        buf.append(" RETURN n");
        // configure OWNS relationship
        ownsProperties.put(GraphObject.id.dbName(), getNextUuid());
        ownsProperties.put(GraphObject.type.dbName(), PrincipalOwnsNode.class.getSimpleName());
        ownsProperties.put(AbstractRelationship.sourceId.dbName(), user.getUuid());
        ownsProperties.put(AbstractRelationship.targetId.dbName(), newUuid);
        // configure SECURITY relationship
        securityProperties.put(Security.allowed.dbName(), new String[] { Permission.read.name(), Permission.write.name(), Permission.delete.name(), Permission.accessControl.name() });
        securityProperties.put(GraphObject.id.dbName(), getNextUuid());
        securityProperties.put(GraphObject.type.dbName(), Security.class.getSimpleName());
        securityProperties.put(AbstractRelationship.sourceId.dbName(), user.getUuid());
        securityProperties.put(AbstractRelationship.targetId.dbName(), newUuid);
        // store properties in statement
        parameters.put("userId", user.getId());
        parameters.put("ownsProperties", ownsProperties);
        parameters.put("securityProperties", securityProperties);
    } else {
        buf.append("CREATE (n");
        if (tenantId != null) {
            buf.append(":");
            buf.append(tenantId);
        }
        for (final String label : labels) {
            buf.append(":");
            buf.append(label);
        }
        buf.append(" {nodeProperties})");
        buf.append(" RETURN n");
    }
    // make properties available to Cypher statement
    parameters.put("nodeProperties", properties);
    final NativeResult result = graphDb.execute(buf.toString(), parameters);
    try {
        if (result.hasNext()) {
            final Map<String, Object> data = result.next();
            final Node newNode = (Node) data.get("n");
            return newNode;
        }
    } catch (DataFormatException dex) {
        throw new FrameworkException(422, dex.getMessage());
    } catch (ConstraintViolationException qex) {
        throw new FrameworkException(422, qex.getMessage());
    }
    throw new RuntimeException("Unable to create new node.");
}
Also used : FrameworkException(org.structr.common.error.FrameworkException) HashMap(java.util.HashMap) NativeResult(org.structr.api.NativeResult) Node(org.structr.api.graph.Node) AbstractNode(org.structr.core.entity.AbstractNode) PrincipalOwnsNode(org.structr.core.entity.relationship.PrincipalOwnsNode) Security(org.structr.core.entity.Security) PrincipalOwnsNode(org.structr.core.entity.relationship.PrincipalOwnsNode) DataFormatException(org.structr.api.DataFormatException) ConstraintViolationException(org.structr.api.ConstraintViolationException) GraphObject(org.structr.core.GraphObject)

Example 2 with Security

use of org.structr.core.entity.Security in project structr by structr.

the class DOMNode method getSecurityInstructions.

static void getSecurityInstructions(final DOMNode thisNode, final Set<String> instructions) {
    final Principal _owner = thisNode.getOwnerNode();
    if (_owner != null) {
        instructions.add("@structr:owner(" + _owner.getProperty(AbstractNode.name) + ")");
    }
    for (final Security security : thisNode.getSecurityRelationships()) {
        if (security != null) {
            final Principal grantee = security.getSourceNode();
            final Set<String> perms = security.getPermissions();
            final StringBuilder shortPerms = new StringBuilder();
            // first character only
            for (final String perm : perms) {
                if (perm.length() > 0) {
                    shortPerms.append(perm.substring(0, 1));
                }
            }
            if (shortPerms.length() > 0) {
                // ignore SECURITY-relationships without permissions
                instructions.add("@structr:grant(" + grantee.getProperty(AbstractNode.name) + "," + shortPerms.toString() + ")");
            }
        }
    }
}
Also used : Security(org.structr.core.entity.Security) Principal(org.structr.core.entity.Principal)

Example 3 with Security

use of org.structr.core.entity.Security in project structr by structr.

the class CopyPermissionsFunction method apply.

@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
    if (arrayHasLengthAndAllElementsNotNull(sources, 2)) {
        final Object source = sources[0];
        final Object target = sources[1];
        if (source instanceof NodeInterface && target instanceof NodeInterface) {
            final NodeInterface sourceNode = (NodeInterface) source;
            final NodeInterface targetNode = (NodeInterface) target;
            for (final Security security : sourceNode.getIncomingRelationships(Security.class)) {
                final Principal principal = security.getSourceNode();
                for (final String perm : security.getPermissions()) {
                    targetNode.grant(Permissions.valueOf(perm), principal);
                }
            }
        } else {
            logParameterError(caller, sources, ctx.isJavaScriptContext());
        }
    } else {
        return usage(ctx.isJavaScriptContext());
    }
    return null;
}
Also used : Security(org.structr.core.entity.Security) NodeInterface(org.structr.core.graph.NodeInterface) Principal(org.structr.core.entity.Principal)

Example 4 with Security

use of org.structr.core.entity.Security in project structr by structr.

the class BasicTest method testRelationshipsOnNodeCreation.

@Test
public void testRelationshipsOnNodeCreation() {
    Principal user = null;
    TestOne test = null;
    // create user
    try (final Tx tx = app.tx()) {
        user = app.create(Principal.class, "tester");
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
    final SecurityContext ctx = SecurityContext.getInstance(user, AccessMode.Backend);
    final App app = StructrApp.getInstance(ctx);
    // create object with user context
    try (final Tx tx = app.tx()) {
        test = app.create(TestOne.class);
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
    // query for relationships
    try (final Tx tx = app.tx()) {
        final List<? extends RelationshipInterface> rels1 = app.relationshipQuery().and(AbstractRelationship.sourceId, user.getUuid()).getAsList();
        final List<Class> classes1 = rels1.stream().map(r -> r.getClass()).collect(Collectors.toList());
        assertEquals("Invalid number of relationships after object creation", 2, rels1.size());
        assertTrue("Invalid relationship type after object creation", classes1.contains(Security.class));
        assertTrue("Invalid relationship type after object creation", classes1.contains(PrincipalOwnsNode.class));
        final List<? extends RelationshipInterface> rels2 = app.relationshipQuery().and(AbstractRelationship.targetId, test.getUuid()).getAsList();
        final List<Class> classes2 = rels2.stream().map(r -> r.getClass()).collect(Collectors.toList());
        assertEquals("Invalid number of relationships after object creation", 2, rels2.size());
        assertTrue("Invalid relationship type after object creation", classes2.contains(Security.class));
        assertTrue("Invalid relationship type after object creation", classes2.contains(PrincipalOwnsNode.class));
        final List<? extends RelationshipInterface> rels3 = Iterables.toList(test.getIncomingRelationships());
        final List<Class> classes3 = rels3.stream().map(r -> r.getClass()).collect(Collectors.toList());
        assertEquals("Invalid number of relationships after object creation", 2, rels3.size());
        assertTrue("Invalid relationship type after object creation", classes3.contains(Security.class));
        assertTrue("Invalid relationship type after object creation", classes3.contains(PrincipalOwnsNode.class));
        final Security sec = app.relationshipQuery(Security.class).getFirst();
        assertNotNull("Relationship caching on node creation is broken", sec);
        final PrincipalOwnsNode owns = app.relationshipQuery(PrincipalOwnsNode.class).getFirst();
        assertNotNull("Relationship caching on node creation is broken", owns);
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
}
Also used : App(org.structr.core.app.App) StructrApp(org.structr.core.app.StructrApp) LoggerFactory(org.slf4j.LoggerFactory) RelationshipType(org.structr.api.graph.RelationshipType) TestTen(org.structr.core.entity.TestTen) StringUtils(org.apache.commons.lang3.StringUtils) GenericNode(org.structr.core.entity.GenericNode) FrameworkException(org.structr.common.error.FrameworkException) App(org.structr.core.app.App) StringProperty(org.structr.core.property.StringProperty) Assert.fail(org.junit.Assert.fail) Location(org.structr.core.entity.Location) ResourceAccess(org.structr.core.entity.ResourceAccess) OneThreeOneToOne(org.structr.core.entity.OneThreeOneToOne) NodeHasLocation(org.structr.core.entity.relationship.NodeHasLocation) AbstractRelationship(org.structr.core.entity.AbstractRelationship) SixOneOneToOne(org.structr.core.entity.SixOneOneToOne) NotInTransactionException(org.structr.api.NotInTransactionException) GraphObject(org.structr.core.GraphObject) OneTwoOneToOne(org.structr.core.entity.OneTwoOneToOne) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) SixOneManyToMany(org.structr.core.entity.SixOneManyToMany) List(java.util.List) DynamicResourceAccess(org.structr.core.entity.DynamicResourceAccess) StructrApp(org.structr.core.app.StructrApp) TestOne(org.structr.core.entity.TestOne) Security(org.structr.core.entity.Security) TestSix(org.structr.core.entity.TestSix) PropertyMap(org.structr.core.property.PropertyMap) NotFoundException(org.structr.api.NotFoundException) NodeAttribute(org.structr.core.graph.NodeAttribute) PropertyKey(org.structr.core.property.PropertyKey) TestNine(org.structr.core.entity.TestNine) Result(org.structr.core.Result) LinkedList(java.util.LinkedList) AbstractNode(org.structr.core.entity.AbstractNode) TestTwo(org.structr.core.entity.TestTwo) NodeInterface(org.structr.core.graph.NodeInterface) SixThreeOneToMany(org.structr.core.entity.SixThreeOneToMany) Logger(org.slf4j.Logger) Iterables(org.structr.api.util.Iterables) GenericRelationship(org.structr.core.entity.GenericRelationship) Assert.assertNotNull(org.junit.Assert.assertNotNull) Group(org.structr.core.entity.Group) Tx(org.structr.core.graph.Tx) Principal(org.structr.core.entity.Principal) Relation(org.structr.core.entity.Relation) PrincipalOwnsNode(org.structr.core.entity.relationship.PrincipalOwnsNode) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) TestSeven(org.structr.core.entity.TestSeven) TestThree(org.structr.core.entity.TestThree) TestFour(org.structr.core.entity.TestFour) NodeServiceCommand(org.structr.core.graph.NodeServiceCommand) Localization(org.structr.core.entity.Localization) SchemaRelationshipNode(org.structr.core.entity.SchemaRelationshipNode) RelationshipInterface(org.structr.core.graph.RelationshipInterface) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) SchemaNode(org.structr.core.entity.SchemaNode) PrincipalOwnsNode(org.structr.core.entity.relationship.PrincipalOwnsNode) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) TestOne(org.structr.core.entity.TestOne) Security(org.structr.core.entity.Security) Principal(org.structr.core.entity.Principal) Test(org.junit.Test)

Example 5 with Security

use of org.structr.core.entity.Security in project structr by structr.

the class DeploymentTest method hash.

private void hash(final NodeInterface node, final StringBuilder buf) {
    // AbstractNode
    buf.append(valueOrEmpty(node, AbstractNode.type));
    buf.append(valueOrEmpty(node, AbstractNode.name));
    buf.append(valueOrEmpty(node, AbstractNode.visibleToPublicUsers));
    buf.append(valueOrEmpty(node, AbstractNode.visibleToAuthenticatedUsers));
    // include owner in content hash generation!
    final Principal owner = node.getOwnerNode();
    if (owner != null) {
        buf.append(valueOrEmpty(owner, AbstractNode.name));
    }
    // include grants in content hash generation!
    for (final Security r : node.getSecurityRelationships()) {
        if (r != null) {
            buf.append(r.getSourceNode().getName());
            buf.append(r.getPermissions());
        }
    }
    // DOMNode
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "showConditions")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "hideConditions")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "showForLocales")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "hideForLocales")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "hideOnIndex")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "hideOnDetail")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "renderDetails")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMNode.class, "sharedComponentConfiguration")));
    if (node instanceof DOMNode) {
        final Page ownerDocument = ((DOMNode) node).getOwnerDocument();
        if (ownerDocument != null) {
            buf.append(valueOrEmpty(ownerDocument, AbstractNode.name));
        }
    }
    // DOMElement
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "dataKey")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "restQuery")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "cypherQuery")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "xpathQuery")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "functionQuery")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-reload")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-confirm")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-action")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-attributes")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-attr")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-name")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-hide")));
    buf.append(valueOrEmpty(node, StructrApp.key(DOMElement.class, "data-structr-raw-value")));
    // Content
    buf.append(valueOrEmpty(node, StructrApp.key(Content.class, "contentType")));
    buf.append(valueOrEmpty(node, StructrApp.key(Content.class, "content")));
    // Page
    buf.append(valueOrEmpty(node, StructrApp.key(Page.class, "cacheForSeconds")));
    buf.append(valueOrEmpty(node, StructrApp.key(Page.class, "dontCache")));
    buf.append(valueOrEmpty(node, StructrApp.key(Page.class, "pageCreatesRawData")));
    buf.append(valueOrEmpty(node, StructrApp.key(Page.class, "position")));
    buf.append(valueOrEmpty(node, StructrApp.key(Page.class, "showOnErrorCodes")));
    // HTML attributes
    if (node instanceof DOMElement) {
        for (final PropertyKey key : ((DOMElement) node).getHtmlAttributes()) {
            buf.append(valueOrEmpty(node, key));
        }
    }
    for (final PropertyKey key : node.getPropertyKeys(PropertyView.All)) {
        if (!key.isPartOfBuiltInSchema()) {
            buf.append(valueOrEmpty(node, key));
        }
    }
}
Also used : Page(org.structr.web.entity.dom.Page) Security(org.structr.core.entity.Security) DOMNode(org.structr.web.entity.dom.DOMNode) DOMElement(org.structr.web.entity.dom.DOMElement) Principal(org.structr.core.entity.Principal) PropertyKey(org.structr.core.property.PropertyKey)

Aggregations

Security (org.structr.core.entity.Security)6 Principal (org.structr.core.entity.Principal)5 HashMap (java.util.HashMap)2 LinkedList (java.util.LinkedList)2 FrameworkException (org.structr.common.error.FrameworkException)2 GraphObject (org.structr.core.GraphObject)2 AbstractNode (org.structr.core.entity.AbstractNode)2 PrincipalOwnsNode (org.structr.core.entity.relationship.PrincipalOwnsNode)2 NodeInterface (org.structr.core.graph.NodeInterface)2 PropertyKey (org.structr.core.property.PropertyKey)2 PropertyMap (org.structr.core.property.PropertyMap)2 IOException (java.io.IOException)1 Collections (java.util.Collections)1 LinkedHashMap (java.util.LinkedHashMap)1 List (java.util.List)1 Map (java.util.Map)1 TreeMap (java.util.TreeMap)1 UUID (java.util.UUID)1 Collectors (java.util.stream.Collectors)1 StringUtils (org.apache.commons.lang3.StringUtils)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial