public Set<Authorization> getAuthorizations(List<String> userRoles) { if (!isRestricted()) { return UNRESTRICTED_AUTH; } return this.permissions .entrySet() .stream() .filter(entry -> !Collections.disjoint(entry.getValue(), userRoles)) .map(Map.Entry::getKey) .collect(Collectors.toSet()); }
public View(Account account, Set<Role> userRoles, boolean isAdmin) { this.name = account.name; if (isAdmin) { this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); } else { this.authorizations = account.permissions.getAuthorizations(userRoles); } } }
@Override @SuppressWarnings("unchecked") public Set<R> getAllRestricted(@NonNull Set<Role> roles, boolean isAdmin) throws ProviderException { return (Set<R>) getAll() .stream() .filter(resource -> resource instanceof Resource.AccessControlled) .map(resource -> (Resource.AccessControlled) resource) .filter(resource -> resource.getPermissions().isRestricted()) .filter(resource -> resource.getPermissions().isAuthorized(roles) || isAdmin) .collect(Collectors.toSet()); }
public Permissions build() { ImmutableMap.Builder<Authorization, List<String>> builder = ImmutableMap.builder(); this.forEach((auth, groups) -> { List<String> lowerGroups = groups.stream() .map(String::trim) .map(String::toLowerCase) .collect(Collectors.toList()); builder.put(auth, ImmutableList.copyOf(lowerGroups)); }); return new Permissions(builder.build()); } }
@Override protected Set<Application> loadAll() throws ProviderException { try { Map<String, Application> appByName = front50Service .getAllApplicationPermissions() .stream() .collect(Collectors.toMap(Application::getName, Function.identity())); clouddriverService .getApplications() .stream() .filter(app -> !appByName.containsKey(app.getName())) .forEach(app -> appByName.put(app.getName(), app)); if (allowAccessToUnknownApplications) { // no need to include applications w/o explicit permissions if we're allowing access to unknown applications by default return appByName .values() .stream() .filter(a -> !a.getPermissions().isEmpty()) .collect(Collectors.toSet()); } return new HashSet<>(appByName.values()); } catch (Exception e) { throw new ProviderException(this.getClass(), e.getCause()); } }
@Override @SuppressWarnings("unchecked") public Set<R> getAllRestricted(@NonNull Set<Role> roles, boolean isAdmin) throws ProviderException { return (Set<R>) getAll() .stream() .filter(resource -> resource instanceof Resource.AccessControlled) .map(resource -> (Resource.AccessControlled) resource) .filter(resource -> resource.getPermissions().isRestricted()) .filter(resource -> resource.getPermissions().isAuthorized(roles) || isAdmin) .collect(Collectors.toSet()); }
public Permissions build() { ImmutableMap.Builder<Authorization, List<String>> builder = ImmutableMap.builder(); this.forEach((auth, groups) -> { List<String> lowerGroups = groups.stream() .map(String::trim) .map(String::toLowerCase) .collect(Collectors.toList()); builder.put(auth, ImmutableList.copyOf(lowerGroups)); }); return new Permissions(builder.build()); } }
@Override protected Set<Application> loadAll() throws ProviderException { try { Map<String, Application> appByName = front50Service .getAllApplicationPermissions() .stream() .collect(Collectors.toMap(Application::getName, Function.identity())); clouddriverService .getApplications() .stream() .filter(app -> !appByName.containsKey(app.getName())) .forEach(app -> appByName.put(app.getName(), app)); if (allowAccessToUnknownApplications) { // no need to include applications w/o explicit permissions if we're allowing access to unknown applications by default return appByName .values() .stream() .filter(a -> !a.getPermissions().isEmpty()) .collect(Collectors.toSet()); } return new HashSet<>(appByName.values()); } catch (Exception e) { throw new ProviderException(this.getClass(), e.getCause()); } }
public Set<Authorization> getAuthorizations(List<String> userRoles) { if (!isRestricted()) { return UNRESTRICTED_AUTH; } return this.permissions .entrySet() .stream() .filter(entry -> !Collections.disjoint(entry.getValue(), userRoles)) .map(Map.Entry::getKey) .collect(Collectors.toSet()); }
public View(Application application, Set<Role> userRoles, boolean isAdmin) { this.name = application.name; if (isAdmin) { this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); } else { this.authorizations = application.permissions.getAuthorizations(userRoles); } } }
@Override @SuppressWarnings("unchecked") public Set<R> getAllUnrestricted() throws ProviderException { return (Set<R>) getAll() .stream() .filter(resource -> resource instanceof Resource.AccessControlled) .map(resource -> (Resource.AccessControlled) resource) .filter(resource -> !resource.getPermissions().isRestricted()) .collect(Collectors.toSet()); }
public View(Account account, Set<Role> userRoles, boolean isAdmin) { this.name = account.name; if (isAdmin) { this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); } else { this.authorizations = account.permissions.getAuthorizations(userRoles); } } }
@Override @SuppressWarnings("unchecked") public Set<R> getAllUnrestricted() throws ProviderException { return (Set<R>) getAll() .stream() .filter(resource -> resource instanceof Resource.AccessControlled) .map(resource -> (Resource.AccessControlled) resource) .filter(resource -> !resource.getPermissions().isRestricted()) .collect(Collectors.toSet()); }
public boolean isAuthorized(Set<Role> userRoles) { return !getAuthorizations(userRoles).isEmpty(); }
if (getPermissions() != null && getPermissions().isRestricted()) { String msg = String.join(" ", "`requiredGroupMembership` found on",
public View(Application application, Set<Role> userRoles, boolean isAdmin) { this.name = application.name; if (isAdmin) { this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); } else { this.authorizations = application.permissions.getAuthorizations(userRoles); } } }
if (getPermissions() != null && getPermissions().isRestricted()) { String msg = String.join(" ", "`requiredGroupMembership` found on",
public boolean isAuthorized(Set<Role> userRoles) { return !getAuthorizations(userRoles).isEmpty(); }
public Set<Authorization> getAuthorizations(Set<Role> userRoles) { val r = userRoles.stream().map(Role::getName).collect(Collectors.toList()); return getAuthorizations(r); }
public Set<Authorization> getAuthorizations(Set<Role> userRoles) { val r = userRoles.stream().map(Role::getName).collect(Collectors.toList()); return getAuthorizations(r); }