protected WorkspaceAccessLimits intersection(WorkspaceAccessLimits a, WorkspaceAccessLimits b) { CatalogMode mode = intersection(a.getMode(), b.getMode()); return new WorkspaceAccessLimits( mode, a.isReadable() && b.isReadable(), a.isWritable() && b.isWritable(), a.isAdminable() && b.isAdminable()); }
} else { canRead = wl.isReadable(); canWrite = wl.isWritable();
@Test public void testCiteCannotWriteOnWorkspace() { if (!IS_GEOFENCE_AVAILABLE) { return; } configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "cite", "cite", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_AUTHENTICATED") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertFalse(wl.isWritable()); }
@Test public void testCiteCannotWriteOnWorkspace() { if (!IS_GEOFENCE_AVAILABLE) { return; } configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "cite", "cite", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_AUTHENTICATED") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertFalse(wl.isWritable()); }
private boolean canAccess( ResourceAccessManager manager, Authentication user, WorkspaceInfo catalogInfo, AccessMode mode) { WorkspaceAccessLimits limits = manager.getAccessLimits(user, catalogInfo); if (limits == null) { return true; } else if (mode == AccessMode.READ) { return limits.isReadable(); } else if (mode == AccessMode.WRITE) { return limits.isWritable(); } else if (mode == AccessMode.ADMIN) { return limits.isAdminable(); } else { throw new RuntimeException("Unknown access mode " + mode); } } }
@Test public void testCiteCanWriteOnWorkspace() { if (!IS_GEOFENCE_AVAILABLE) { return; } configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(true); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "cite", "cite", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_AUTHENTICATED") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false); }
@Test public void testCiteCanWriteOnWorkspace() { if (!IS_GEOFENCE_AVAILABLE) { return; } configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(true); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "cite", "cite", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_AUTHENTICATED") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false); }
public void IGNOREtestCiteWorkspaceAccess() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("cite", "cite"); // check workspace access on cite WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check workspace access on any other but not cite and sf (should fail) WorkspaceInfo cdfWS = catalog.getWorkspaceByName(MockData.CDF_PREFIX); wl = accessManager.getAccessLimits(user, cdfWS); assertFalse(wl.isReadable()); assertFalse(wl.isWritable()); // check workspace access on sf (should work, we can do at least a getmap) WorkspaceInfo sfWS = catalog.getWorkspaceByName(MockData.SF_PREFIX); wl = accessManager.getAccessLimits(user, sfWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); }
@Test public void testCiteWorkspaceAccess() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("cite", "cite"); // check workspace access on cite WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check workspace access on any other but not cite and sf (should fail) WorkspaceInfo cdfWS = catalog.getWorkspaceByName(MockData.CDF_PREFIX); wl = accessManager.getAccessLimits(user, cdfWS); assertFalse(wl.isReadable()); assertFalse(wl.isWritable()); // check workspace access on sf (should work, we can do at least a getmap) WorkspaceInfo sfWS = catalog.getWorkspaceByName(MockData.SF_PREFIX); wl = accessManager.getAccessLimits(user, sfWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } assertTrue(geofenceAdminService.getCountAll() > 0); RuleFilter ruleFilter = new RuleFilter(); ShortRule adminRule = geofenceAdminService.getRule(ruleFilter); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }