public static AdminsConfig admins(Admin... admins) { return new AdminsConfig(admins); }
@Override public void apply(AdminsConfig adminsConfig, Admin userOrRole) { adminsConfig.add(userOrRole); }}, OFF,
public static void toJSONWithoutLinks(OutputWriter jsonWriter, AdminsConfig admin) { jsonWriter.addChildList("roles", rolesAsString(admin.getRoles())); jsonWriter.addChildList("users", userAsString(admin.getUsers())); if (admin.hasErrors()) { jsonWriter.addChild("errors", errorWriter -> new ErrorGetter(Collections.singletonMap("SystemAdmin", "system_admin")) .toJSON(errorWriter, admin)); } }
public boolean hasAdminsDefined() { return !adminsConfig.equals(new AdminsConfig()); }
@Test public void shouldValidatePresenceOfUserName() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser("")); ValidationContext validationContext = mock(ValidationContext.class); assertFalse(adminsConfig.validateTree(validationContext)); assertTrue(adminsConfig.hasErrors()); assertThat(adminsConfig.errors().on("users"), is("User cannot be blank.")); }
public static AdminsConfig fromJSON(JsonReader jsonReader) { AdminsConfig adminsConfig = new AdminsConfig(); jsonReader.readArrayIfPresent("users", users -> { users.forEach(user -> adminsConfig.add(new AdminUser(new CaseInsensitiveString(user.getAsString())))); }); jsonReader.readArrayIfPresent("roles", roles -> { roles.forEach(role -> adminsConfig.add(new AdminRole(new CaseInsensitiveString(role.getAsString())))); }); return adminsConfig; }
@Test public void shouldReturnTrueIfHasUser() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("user1"))); assertThat("shouldReturnTrueIfHasUser", adminsConfig.hasUser(new CaseInsensitiveString("user1"), UserRoleMatcherMother.ALWAYS_FALSE_MATCHER), is(true)); }
@Test public void shouldReturnFalseIfAUserBelongsToAnAdminRoleNoRolesGiven() { CaseInsensitiveString username = new CaseInsensitiveString("USER1"); AdminsConfig adminsConfig = new AdminsConfig(new AdminRole(username)); // this is how isAdmin() is used in TemplatesConfig assertThat(adminsConfig.isAdmin(new AdminUser(username), null), is(false)); }
public static void toJSON(OutputWriter jsonWriter, Authorization authorization) { ViewConfig viewConfig = authorization.getViewConfig(); if (!viewConfig.isEmpty()) { jsonWriter.addChild("view", viewWriter -> writeUsersAndRoles(viewWriter, viewConfig.getUsers(), viewConfig.getRoles())); } AdminsConfig operationConfig = authorization.getOperationConfig(); if (!operationConfig.isEmpty()) { jsonWriter.addChild("operate", operateWriter -> writeUsersAndRoles(operateWriter, operationConfig.getUsers(), operationConfig.getRoles())); } AdminsConfig adminsConfig = authorization.getAdminsConfig(); if (!adminsConfig.isEmpty()) { jsonWriter.addChild("admins", adminsWriter -> writeUsersAndRoles(adminsWriter, adminsConfig.getUsers(), adminsConfig.getRoles())); } }
public CruiseConfig update(CruiseConfig cruiseConfig) { final AdminsConfig adminsConfig = cruiseConfig.server().security().adminsConfig(); switch (adminPrivilegeSelection.getAction()) { case add: if (!adminsConfig.hasUser(new CaseInsensitiveString(user), ALWAYS_FALSE_MATCHER)) { adminsConfig.add(new AdminUser(new CaseInsensitiveString(user))); } break; case remove: adminsConfig.remove(new AdminUser(new CaseInsensitiveString(user))); break; } return cruiseConfig; } }
@Override public List<AdminRole> getOperateRoles() { return authorization.getOperationConfig().getRoles(); }
@Test public void shouldUnderstandIfAUserIsAnAdminThroughRole() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("Role1"))); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("first")), new RoleConfig(new CaseInsensitiveString("role1")))), is(true)); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("role2")))), is(false)); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("loser")))), is(false)); }
@Test public void shouldReturnAuthorizationMapForView() { Authorization authorization = new Authorization(); authorization.getAdminsConfig().add(new AdminRole(new CaseInsensitiveString("group_of_losers"))); authorization.getOperationConfig().addAll(a(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("group_of_losers")), new AdminRole( new CaseInsensitiveString("gang_of_boozers")))); authorization.getViewConfig().addAll(a(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("loser")))); List<Authorization.PresentationElement> userAuthMap = authorization.getUserAuthorizations(); assertThat(userAuthMap.size(), is(2)); assetEntry(userAuthMap.get(0), "boozer", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.OFF, Authorization.UserType.USER); assetEntry(userAuthMap.get(1), "loser", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.ON, Authorization.UserType.USER); List<Authorization.PresentationElement> roleAuthMap = authorization.getRoleAuthorizations(); assertThat(roleAuthMap.size(), is(2)); assetEntry(roleAuthMap.get(0), "gang_of_boozers", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.UserType.ROLE); assetEntry(roleAuthMap.get(1), "group_of_losers", Authorization.PrivilegeState.ON, Authorization.PrivilegeState.DISABLED, Authorization.PrivilegeState.DISABLED, Authorization.UserType.ROLE); }
@Override public List<AdminUser> getOperateUsers() { return authorization.getOperationConfig().getUsers(); }
@Test public void shouldResolve_ConfigValue_MappedAsObject() { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("lo#{foo}"))); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("boo#{bar}"), new RoleUser(new CaseInsensitiveString("choo#{foo}")))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "ser"), param("bar", "zer"))), fieldCache).resolve(securityConfig); assertThat(CaseInsensitiveString.str(securityConfig.adminsConfig().get(0).getName()), is("loser")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getName()), is("boozer")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getUsers().get(0).getName()), is("chooser")); }
public boolean shouldAssociate(String userName, String ignore) { return adminsConfig.hasUser(new CaseInsensitiveString(userName), userRoleMatcher); }
public AdminsConfig(Set<Admin> admins) { addAll(admins); }
@Test public void shouldValidateIfRoleExists() { CaseInsensitiveString roleName = new CaseInsensitiveString("admin_role"); AdminsConfig adminsConfig = new AdminsConfig(new AdminRole(roleName)); ValidationContext validationContext = mock(ValidationContext.class); SecurityConfig securityConfig = mock(SecurityConfig.class); when(validationContext.shouldNotCheckRole()).thenReturn(false); when(validationContext.getServerSecurityConfig()).thenReturn(securityConfig); when(securityConfig.isRoleExist(roleName)).thenReturn(false); assertFalse(adminsConfig.validateTree(validationContext)); assertTrue(adminsConfig.hasErrors()); assertThat(adminsConfig.errors().on("roles"), is("Role \"admin_role\" does not exist.")); } }