private void validateAuthenticationContext(AuthenticationContext ctx) { if (ctx == null || ctx.getPrincipal() == null) { throw new AuthorizationException("No principal in AuthenticationContext"); } }
private boolean checkRole(AuthenticationContext ctx, String role) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } return userHasRole(user, Roles.ROLE_ADMIN) || userHasRole(user, role); }
@Override public void removeAcl(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } catalogService.listUserAcls(user.getId(), targetEntityNamespace, targetEntityId).forEach(acl -> { LOG.debug("Removing Acl {}", acl); catalogService.removeAcl(acl.getId()); }); }
private boolean checkPermissions(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId, EnumSet<Permission> permissions) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } return userHasRole(user, Roles.ROLE_ADMIN) || catalogService.checkUserPermissions(targetEntityNamespace, targetEntityId, user.getId(), permissions); }
@Override public void addAcl(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId, boolean owner, boolean grant, EnumSet<Permission> permissions) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } AclEntry aclEntry = new AclEntry(); aclEntry.setObjectId(targetEntityId); aclEntry.setObjectNamespace(targetEntityNamespace); aclEntry.setSidId(user.getId()); aclEntry.setSidType(AclEntry.SidType.USER); aclEntry.setOwner(owner); aclEntry.setGrant(grant); aclEntry.setPermissions(permissions); catalogService.addAcl(aclEntry); }