/** * Indicates whether the effected permissions of this node revoke all of the specified permissions. * * @param possiblyRevokedPermissions the permissions the be evaluated against the effected revoked permissions of * this node. * @return {@code true} if the effected revoked permissions of this node contain all of * {@code possiblyRevokedPermissions}, {@code false} else. * @throws NullPointerException if {@code possiblyRevokedPermissions} is {@code null}. */ public boolean areAllRevoked(@Nonnull final Collection<String> possiblyRevokedPermissions) { checkPermissionsToBeEvaluated(possiblyRevokedPermissions); final Permissions actuallyRevokedPermissions = permissions.getRevokedPermissions(); return actuallyRevokedPermissions.containsAll(possiblyRevokedPermissions); }
/** * Indicates whether the effected permissions of this node grant all of the specified permissions and do revoke * none of them. * * @param possiblyGrantedPermissions the permissions to be evaluated against the effected permissions of this node. * @return {@code true} if the effected granted permissions of this node contain all of * {@code possiblyGrantedPermissions} and none of {@code possiblyGrantedPermissions} is revoked, {@code false} else. * @throws NullPointerException if {@code possiblyGrantedPermissions} is {@code null}. */ public boolean areAllGranted(@Nonnull final Collection<String> possiblyGrantedPermissions) { checkPermissionsToBeEvaluated(possiblyGrantedPermissions); final Permissions actuallyGrantedPermissions = permissions.getGrantedPermissions(); final Permissions actuallyRevokedPermissions = permissions.getRevokedPermissions(); final boolean areAllGranted = actuallyGrantedPermissions.containsAll(possiblyGrantedPermissions); final boolean isNoneRevoked = Collections.disjoint(actuallyRevokedPermissions, possiblyGrantedPermissions); return areAllGranted && isNoneRevoked; }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
private static void mergePermissions(final Resource resource, final ResourceNode existingChild) { final EffectedPermissions existingChildPermissions = existingChild.getPermissions(); final Collection<String> mergedGrantedPermissions = new HashSet<>(existingChildPermissions.getGrantedPermissions()); final Collection<String> mergedRevokedPermissions = new HashSet<>(existingChildPermissions.getRevokedPermissions()); if (!resource.getEffectedPermissions().getRevokedPermissions().isEmpty()) { mergedRevokedPermissions.addAll(resource.getEffectedPermissions().getRevokedPermissions()); } if (!resource.getEffectedPermissions().getGrantedPermissions().isEmpty()) { mergedGrantedPermissions.addAll(resource.getEffectedPermissions().getGrantedPermissions()); } existingChild.setPermissions( EffectedPermissions.newInstance(mergedGrantedPermissions, mergedRevokedPermissions)); }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
@Override public ImmutablePolicyBuilder setPermissionsFor(final CharSequence label, final ResourceKey resourceKey, final EffectedPermissions effectedPermissions) { checkResourceKey(resourceKey); checkNotNull(effectedPermissions, "permissions to be set"); retrieveGrantedPermissions(label).put(resourceKey, effectedPermissions.getGrantedPermissions()); retrieveRevokedPermissions(label).put(resourceKey, effectedPermissions.getRevokedPermissions()); return this; }
@Override public ImmutablePolicyBuilder setResourcesFor(final CharSequence label, final Resources resources) { checkNotNull(resources, "Resources to be set"); final Map<ResourceKey, Permissions> grantedMap = retrieveGrantedPermissions(label); final Map<ResourceKey, Permissions> revokedMap = retrieveRevokedPermissions(label); resources.forEach(resource -> { final ResourceKey resourceKey = resource.getResourceKey(); final EffectedPermissions effectedPermissions = resource.getEffectedPermissions(); grantedMap.put(resourceKey, effectedPermissions.getGrantedPermissions()); revokedMap.put(resourceKey, effectedPermissions.getRevokedPermissions()); }); return this; }
private static void addPermission(final String permission, final JsonPointer resource, final Collection<PointerAndPermission> grantedResources, final Collection<PointerAndPermission> revokedResources, final int level, final ResourceNode resourceNode) { final JsonPointer resourceToAdd = ROOT_RESOURCE.equals(resource.toString()) ? JsonFactory.newPointer(ROOT_RESOURCE) : getPrefixPointerOrThrow(resource, level); final EffectedPermissions effectedPermissions = resourceNode.getPermissions(); if (effectedPermissions.getGrantedPermissions().contains(permission)) { grantedResources.add(new PointerAndPermission(resourceToAdd, permission)); } if (effectedPermissions.getRevokedPermissions().contains(permission)) { revokedResources.add(new PointerAndPermission(resourceToAdd, permission)); } }
private void aggregateWeightedPermissions(final ResourceNode resourceNode) { final PointerLocation pointerLocation = getLocationInRelationToTargetPointer(resourceNode); if (PointerLocation.ABOVE == pointerLocation || PointerLocation.SAME == pointerLocation) { final EffectedPermissions effectedPermissions = resourceNode.getPermissions(); final Permissions grantedPermissions = effectedPermissions.getGrantedPermissions(); final Permissions revokedPermissions = effectedPermissions.getRevokedPermissions(); weightedPermissionsForSubjectId.addGranted(grantedPermissions, resourceNode.getLevel()); weightedPermissionsForSubjectId.addRevoked(revokedPermissions, resourceNode.getLevel()); } }
private void aggregateWeightedPermissions(final ResourceNode resourceNode) { final PointerLocation pointerLocation = getLocationInRelationToTargetPointer(resourceNode); final EffectedPermissions effectedPermissions = resourceNode.getPermissions(); final Permissions grantedPermissions = effectedPermissions.getGrantedPermissions(); if (PointerLocation.ABOVE == pointerLocation || PointerLocation.SAME == pointerLocation) { final Permissions revokedPermissions = effectedPermissions.getRevokedPermissions(); weightedPermissionsForSubjectId.addGranted(grantedPermissions, resourceNode.getLevel()); weightedPermissionsForSubjectId.addRevoked(revokedPermissions, resourceNode.getLevel()); } else if (PointerLocation.BELOW == pointerLocation) { weightedPermissionsForSubjectId.addGranted(grantedPermissions, resourceNode.getLevel()); } }
@Override protected void aggregateWeightedPermissions(final ResourceNode resourceNode, final WeightedPermissions weightedPermissions) { final EffectedPermissions effectedPermissions = resourceNode.getPermissions(); final Permissions grantedPermissions = effectedPermissions.getGrantedPermissions(); final Permissions revokedPermissions = effectedPermissions.getRevokedPermissions(); final PointerLocation pointerLocation = getLocationInRelationToTargetPointer(resourceNode); if (PointerLocation.ABOVE == pointerLocation || PointerLocation.SAME == pointerLocation) { weightedPermissions.addGranted(grantedPermissions, resourceNode.getLevel()); weightedPermissions.addRevoked(revokedPermissions, resourceNode.getLevel()); } else if (PointerLocation.BELOW == pointerLocation) { weightedPermissions.addGranted(grantedPermissions, resourceNode.getLevel()); } }
@Override protected void aggregateWeightedPermissions(final ResourceNode resourceNode, final WeightedPermissions weightedPermissions) { final EffectedPermissions effectedPermissions = resourceNode.getPermissions(); final Permissions grantedPermissions = effectedPermissions.getGrantedPermissions(); final Permissions revokedPermissions = effectedPermissions.getRevokedPermissions(); final PointerLocation pointerLocation = getLocationInRelationToTargetPointer(resourceNode); if (PointerLocation.ABOVE == pointerLocation || PointerLocation.SAME == pointerLocation) { weightedPermissions.addGranted(grantedPermissions, resourceNode.getLevel()); weightedPermissions.addRevoked(revokedPermissions, resourceNode.getLevel()); } else if (PointerLocation.BELOW == pointerLocation) { weightedPermissions.addRevoked(revokedPermissions, resourceNode.getLevel()); } }
private void addPolicyEntry(final PolicyEntry policyEntry) { final Collection<String> subjectIds = getSubjectIds(policyEntry.getSubjects()); policyEntry.getResources().forEach(resource -> { final PolicyTrie target = seekOrCreate(getJsonKeyIterator(resource.getResourceKey())); final EffectedPermissions effectedPermissions = resource.getEffectedPermissions(); target.grant(subjectIds, effectedPermissions.getGrantedPermissions()); target.revoke(subjectIds, effectedPermissions.getRevokedPermissions()); }); }