Search in sources :

Example 1 with Permission

use of org.zalando.nakadi.domain.Permission in project nakadi by zalando.

the class AdminService method isAdmin.

public boolean isAdmin(final AuthorizationService.Operation operation) {
    final List<Permission> permissions = getAdmins();
    final Resource resource = new AdminResource(ADMIN_RESOURCE, ResourceAuthorization.fromPermissionsList(permissions));
    return authorizationService.isAuthorized(operation, resource);
}
Also used : Permission(org.zalando.nakadi.domain.Permission) AllDataAccessResource(org.zalando.nakadi.domain.AllDataAccessResource) Resource(org.zalando.nakadi.plugin.api.authz.Resource) AdminResource(org.zalando.nakadi.domain.AdminResource) AdminResource(org.zalando.nakadi.domain.AdminResource)

Example 2 with Permission

use of org.zalando.nakadi.domain.Permission in project nakadi by zalando.

the class AdminServiceTest method whenAddNewAdminCallCreatePermission.

@Test
public void whenAddNewAdminCallCreatePermission() {
    when(nakadiSettings.getDefaultAdmin()).thenReturn(defaultAdmin);
    when(authorizationDbRepository.listAdmins()).thenReturn(adminList);
    doNothing().when(authorizationDbRepository).update(any(), any());
    final ArgumentCaptor<List> addCaptor = ArgumentCaptor.forClass(List.class);
    final ArgumentCaptor<List> deleteCaptor = ArgumentCaptor.forClass(List.class);
    final List<Permission> newList = new ArrayList<>(adminList);
    newList.add(new Permission("nakadi", AuthorizationService.Operation.READ, new ResourceAuthorizationAttribute("user", "user42")));
    adminService.updateAdmins(newList);
    verify(authorizationDbRepository).update(addCaptor.capture(), deleteCaptor.capture());
    assertEquals(1, addCaptor.getValue().size());
    assertEquals(0, deleteCaptor.getValue().size());
}
Also used : Permission(org.zalando.nakadi.domain.Permission) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) ResourceAuthorizationAttribute(org.zalando.nakadi.domain.ResourceAuthorizationAttribute) Test(org.junit.Test)

Example 3 with Permission

use of org.zalando.nakadi.domain.Permission in project nakadi by zalando.

the class AdminService method hasAllDataAccess.

public boolean hasAllDataAccess(final AuthorizationService.Operation operation) {
    try {
        final List<Permission> permissions = resourceCache.get(ALL_DATA_ACCESS_RESOURCE, () -> authorizationDbRepository.listAllDataAccess());
        final Resource resource = new AllDataAccessResource(ALL_DATA_ACCESS_RESOURCE, ResourceAuthorization.fromPermissionsList(permissions));
        return authorizationService.isAuthorized(operation, resource);
    } catch (ExecutionException e) {
        LOG.error("Could not determine whether this application has all data access", e);
        return false;
    }
}
Also used : Permission(org.zalando.nakadi.domain.Permission) AllDataAccessResource(org.zalando.nakadi.domain.AllDataAccessResource) Resource(org.zalando.nakadi.plugin.api.authz.Resource) AdminResource(org.zalando.nakadi.domain.AdminResource) ExecutionException(java.util.concurrent.ExecutionException) AllDataAccessResource(org.zalando.nakadi.domain.AllDataAccessResource)

Aggregations

Permission (org.zalando.nakadi.domain.Permission)3 AdminResource (org.zalando.nakadi.domain.AdminResource)2 AllDataAccessResource (org.zalando.nakadi.domain.AllDataAccessResource)2 Resource (org.zalando.nakadi.plugin.api.authz.Resource)2 ArrayList (java.util.ArrayList)1 List (java.util.List)1 ExecutionException (java.util.concurrent.ExecutionException)1 Test (org.junit.Test)1 ResourceAuthorizationAttribute (org.zalando.nakadi.domain.ResourceAuthorizationAttribute)1