result.setSuccess( true ); result.getUser().setAdmin( PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( IAbsSecurityProvider.ADMINISTER_SECURITY_ACTION ) );
public List<String> getAllowedActions( final String actionNamespace ) { return policy.getAllowedActions( actionNamespace ); }
public boolean isAllowed( final String actionName ) { return policy.isAllowed( actionName ); }
@Test public void testEverything() { final String RUNTIME_ROLE_AUTHENTICATED = "Authenticated"; roleBindingDaoWebService.setRoleBindings( RUNTIME_ROLE_AUTHENTICATED, Arrays.asList( new String[] { RepositoryReadAction.NAME, RepositoryCreateAction.NAME, SchedulerAction.NAME } ) ); List<String> allowedActions = policy.getAllowedActions( "org.pentaho" ); assertEquals( 3, allowedActions.size() ); } }
/** * internal validation of authorization * * @throws PentahoAccessControlException */ private void validateAccess() throws PentahoAccessControlException { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); boolean isAdmin = policy.isAllowed( RepositoryReadAction.NAME ) && policy.isAllowed( RepositoryCreateAction.NAME ) && ( policy.isAllowed( AdministerSecurityAction.NAME ) || policy.isAllowed( PublishAction.NAME ) ); if ( !isAdmin ) { throw new PentahoAccessControlException( "Access Denied" ); } }
public static void validateAccess() throws PentahoAccessControlException { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); boolean isAdmin = policy.isAllowed( RepositoryReadAction.NAME ) && policy.isAllowed( RepositoryCreateAction.NAME ) && policy.isAllowed( PublishAction.NAME ); if ( !isAdmin ) { throw new PentahoAccessControlException( "Access Denied" ); } }
/** * Utility method that communicates with the installed ACLVoter to determine administrator status * @deprecated use SystemUtils.canAdminister() instead * * @param session The users IPentahoSession object * @return true if the user is considered a Pentaho administrator */ @Override @Deprecated public boolean isPentahoAdministrator( final IPentahoSession session ) { IAuthorizationPolicy policy = getAuthorizationPolicy(); if ( policy == null ) { SecurityHelper.logger.warn( "No IAuthorizationPolicy set in PentahoSystem" ); return false; } // TODO externalize action names return policy.isAllowed( "org.pentaho.repository.read" ) && policy.isAllowed( "org.pentaho.repository.create" ) && ( policy.isAllowed( "org.pentaho.security.administerSecurity" ) ); }
@Override protected void validateEtcReadAccess( String path ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); if ( !policy.isAllowed( RepositoryReadAction.NAME ) && path.startsWith( "/etc" ) ) { throw new RuntimeException( "This user is not allowed to access the ETC folder in JCR." ); } }
protected void validateEtcReadAccess( String path ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); boolean isAdmin = policy.isAllowed( AdministerSecurityAction.NAME ); if ( !isAdmin && path.startsWith( "/etc" ) ) { throw new RuntimeException( "This user is not allowed to access the ETC folder in JCR." ); } }
public boolean hasPermission() { if ( PentahoSessionHolder.getSession() != null ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class, PentahoSessionHolder.getSession() ); return policy.isAllowed( RepositoryReadAction.NAME ) && policy.isAllowed( RepositoryCreateAction.NAME ) && ( policy.isAllowed( AdministerSecurityAction.NAME ) ); } else { return false; } }
protected boolean isAdmin() { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); return policy.isAllowed( AdministerSecurityAction.NAME ); }
public boolean isPentahoAdministrator( final IPentahoSession session ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); return policy.isAllowed( "org.pentaho.repository.read" ) && policy.isAllowed( "org.pentaho.repository.create" ) && ( policy.isAllowed( "org.pentaho.security.administerSecurity" ) ); }
public int vote( final Authentication authentication, final Object object, final Collection configAttributes ) { int result = ACCESS_ABSTAIN; Iterator iter = configAttributes.iterator(); while ( iter.hasNext() ) { ConfigAttribute attribute = (ConfigAttribute) iter.next(); if ( supports( attribute ) ) { String actionName = attribute.getAttribute().substring( prefix.length() ); if ( policy.isAllowed( actionName ) ) { return ACCESS_GRANTED; } else { return ACCESS_DENIED; } } } return result; }
protected void mockUserAsAdmin( boolean isAdminUser ) { when( mockPolicy.isAllowed( RepositoryReadAction.NAME ) ).thenReturn( isAdminUser ); when( mockPolicy.isAllowed( RepositoryCreateAction.NAME ) ).thenReturn( isAdminUser ); when( mockPolicy.isAllowed( AdministerSecurityAction.NAME ) ).thenReturn( isAdminUser ); }
/** * Returns true if the current user has Manage Data Source Security. Otherwise returns false. * @return */ protected boolean hasManageDataAccessPermission() { // If this breaks an OEM's plugin, provide a get-out-of-jail card with an entry in the pentaho.xml. final String override = PentahoSystem.getSystemSetting( "data-access-override", "false" ); final Boolean rtnOverride = Boolean.valueOf( override ); if ( !rtnOverride ) { final IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); if ( policy != null ) { return policy.isAllowed( "org.pentaho.platform.dataaccess.datasource.security.manage" ); } else { return false; } } else { return true; // Override the security policy with the entry in the pentaho.xml. } }