protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public Permission[] getPermissions(Permission[] permissions) { List<Permission> result = new ArrayList<Permission>(); for (Permission permission : permissions) { if((AUTH_TYPE_GLOBAL == authorizationType || AUTH_TYPE_GRANT == authorizationType) && isPermissionGranted(permission)) { result.add(permission); } else if(AUTH_TYPE_REVOKE == authorizationType && isPermissionRevoked(permission)) { result.add(permission); } } return result.toArray(new Permission[ result.size() ]); }
public void setPermissions(Permission[] permissions) { resetPermissions(); for (Permission permission : permissions) { if(AUTH_TYPE_REVOKE == authorizationType) { removePermission(permission); } else { addPermission(permission); } } }
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionRevoked(ALL)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertEquals(0, perms.size()); authorization.removePermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(READ)); assertTrue(perms.contains(ALL)); assertEquals(2, perms.size()); try { authorization.isPermissionGranted(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.getMessage()); } }
protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId) { boolean sameUserId = areIdsEqual(authEntity.getUserId(), userId); boolean sameGroupId = areIdsEqual(authEntity.getGroupId(), groupId); boolean sameResourceId = areIdsEqual(authEntity.getResourceId(), (resourceId)); boolean sameResourceType = authEntity.getResourceType() == resource.resourceType(); boolean sameAuthorizationType = authEntity.getAuthorizationType() == AUTH_TYPE_GRANT; return sameUserId && sameGroupId && sameResourceType && sameResourceId && sameAuthorizationType; }
protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public Authorization createNewAuthorization(int type) { checkAuthorization(CREATE, AUTHORIZATION, null); return new AuthorizationEntity(type); }
/** * Searches through the cache, if there is already an authorization with same rights. If that's the case * update the given authorization with the permissions and remove the old one from the cache. */ protected void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId) { DbEntityManager dbManager = Context.getCommandContext().getDbEntityManager(); List<AuthorizationEntity> list = dbManager.getCachedEntitiesByType(AuthorizationEntity.class); for (AuthorizationEntity authEntity : list) { boolean hasSameAuthRights = hasEntitySameAuthorizationRights(authEntity, userId, groupId, resource, resourceId); if (hasSameAuthRights) { int previousPermissions = authEntity.getPermissions(); authorization.setPermissions(previousPermissions); dbManager.getDbEntityCache().remove(authEntity); return; } } }
public void testGrantAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); assertFalse(authorization.isPermissionRevoked(ALL)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertEquals(0, perms.size()); authorization.removePermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(READ)); assertTrue(perms.contains(ALL)); assertEquals(2, perms.size()); try { authorization.isPermissionGranted(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.getMessage()); } }
protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId) { boolean sameUserId = areIdsEqual(authEntity.getUserId(), userId); boolean sameGroupId = areIdsEqual(authEntity.getGroupId(), groupId); boolean sameResourceId = areIdsEqual(authEntity.getResourceId(), (resourceId)); boolean sameResourceType = authEntity.getResourceType() == resource.resourceType(); boolean sameAuthorizationType = authEntity.getAuthorizationType() == AUTH_TYPE_GRANT; return sameUserId && sameGroupId && sameResourceType && sameResourceId && sameAuthorizationType; }
protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public Authorization createNewAuthorization(int type) { checkAuthorization(CREATE, AUTHORIZATION, null); return new AuthorizationEntity(type); }
/** * Searches through the cache, if there is already an authorization with same rights. If that's the case * update the given authorization with the permissions and remove the old one from the cache. */ protected void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId) { DbEntityManager dbManager = Context.getCommandContext().getDbEntityManager(); List<AuthorizationEntity> list = dbManager.getCachedEntitiesByType(AuthorizationEntity.class); for (AuthorizationEntity authEntity : list) { boolean hasSameAuthRights = hasEntitySameAuthorizationRights(authEntity, userId, groupId, resource, resourceId); if (hasSameAuthRights) { int previousPermissions = authEntity.getPermissions(); authorization.setPermissions(previousPermissions); dbManager.getDbEntityCache().remove(authEntity); return; } } }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void setPermissions(Permission[] permissions) { resetPermissions(); for (Permission permission : permissions) { if(AUTH_TYPE_REVOKE == authorizationType) { removePermission(permission); } else { addPermission(permission); } } }
protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId) { boolean sameUserId = areIdsEqual(authEntity.getUserId(), userId); boolean sameGroupId = areIdsEqual(authEntity.getGroupId(), groupId); boolean sameResourceId = areIdsEqual(authEntity.getResourceId(), (resourceId)); boolean sameResourceType = authEntity.getResourceType() == resource.resourceType(); boolean sameAuthorizationType = authEntity.getAuthorizationType() == AUTH_TYPE_GRANT; return sameUserId && sameGroupId && sameResourceType && sameResourceId && sameAuthorizationType; }
public AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee) { AuthorizationEntity[] authorizations = super.newTaskAssignee(task, oldAssignee, newAssignee); authorizations[0].addPermission(Permissions.DELETE); return authorizations; } }