result.setSuccess( true ); result.getUser().setAdmin( PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( IAbsSecurityProvider.ADMINISTER_SECURITY_ACTION ) );
public static void validateAccess() throws PentahoAccessControlException { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); boolean isAdmin = policy.isAllowed( RepositoryReadAction.NAME ) && policy.isAllowed( RepositoryCreateAction.NAME ) && policy.isAllowed( PublishAction.NAME ); if ( !isAdmin ) { throw new PentahoAccessControlException( "Access Denied" ); } }
@Override protected void validateEtcReadAccess( String path ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); if ( !policy.isAllowed( RepositoryReadAction.NAME ) && path.startsWith( "/etc" ) ) { throw new RuntimeException( "This user is not allowed to access the ETC folder in JCR." ); } }
protected void validateEtcReadAccess( String path ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); boolean isAdmin = policy.isAllowed( AdministerSecurityAction.NAME ); if ( !isAdmin && path.startsWith( "/etc" ) ) { throw new RuntimeException( "This user is not allowed to access the ETC folder in JCR." ); } }
public boolean hasPermission() { if ( PentahoSessionHolder.getSession() != null ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class, PentahoSessionHolder.getSession() ); return policy.isAllowed( RepositoryReadAction.NAME ) && policy.isAllowed( RepositoryCreateAction.NAME ) && ( policy.isAllowed( AdministerSecurityAction.NAME ) ); } else { return false; } }
protected boolean isAdmin() { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); return policy.isAllowed( AdministerSecurityAction.NAME ); }
public boolean isPentahoAdministrator( final IPentahoSession session ) { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); return policy.isAllowed( "org.pentaho.repository.read" ) && policy.isAllowed( "org.pentaho.repository.create" ) && ( policy.isAllowed( "org.pentaho.security.administerSecurity" ) ); }
protected void mockUserAsAdmin( boolean isAdminUser ) { when( mockPolicy.isAllowed( RepositoryReadAction.NAME ) ).thenReturn( isAdminUser ); when( mockPolicy.isAllowed( RepositoryCreateAction.NAME ) ).thenReturn( isAdminUser ); when( mockPolicy.isAllowed( AdministerSecurityAction.NAME ) ).thenReturn( isAdminUser ); }
@Override protected boolean isAdmin() { IAuthorizationPolicy policy = PentahoSystem.get( IAuthorizationPolicy.class ); if ( policy == null ) { throw new IllegalStateException( Messages.getInstance().getString( "AuthorizationPolicyBasedUserRoleWebService.ERROR_0001_MISSING_AUTHZ_POLICY" ) ); //$NON-NLS-1$ } return policy.isAllowed( AdministerSecurityAction.NAME ); //$NON-NLS-1$ } }
private boolean isScheduleAllowed( final Serializable repositoryId ) { boolean canSchedule = false; canSchedule = getAuthorizationPolicy().isAllowed( SCHEDULER_ACTION_NAME ); if ( canSchedule ) { Map<String, Serializable> metadata = getRepository().getFileMetadata( repositoryId ); if ( metadata.containsKey( RepositoryFile.SCHEDULABLE_KEY ) ) { canSchedule = BooleanUtils.toBoolean( (String) metadata.get( RepositoryFile.SCHEDULABLE_KEY ) ); } } return canSchedule; }
@Override public boolean hasAccess( RepositoryFile file, RepositoryFilePermission operation, RepositoryFileAcl repositoryFileAcl, IPentahoSession session ) { if ( voters != null && !authorizationPolicy.isAllowed( AdministerSecurityAction.NAME ) && ( session.getName() != null && !session.getName().equals( repositoryAdminUsername ) ) ) { for ( IRepositoryAccessVoter voter : voters ) { if ( !voter.hasAccess( file, operation, repositoryFileAcl, session ) ) { return false; } } } return true; }
/** {@inheritDoc} */ public Job[] getJobs() throws SchedulerException { IScheduler scheduler = PentahoSystem.get( IScheduler.class, "IScheduler2", null ); //$NON-NLS-1$ IPentahoSession session = PentahoSessionHolder.getSession(); String principalName = session.getName(); Boolean canAdminister = PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( ADMIN_PERM ); return scheduler.getJobs( job -> { if ( canAdminister ) { return !IBlockoutManager.BLOCK_OUT_JOB_NAME.equals( job.getJobName() ); } return principalName.equals( job.getUserName() ); } ).toArray( new Job[0] ); }
@Test public void isPentahoAdministratorValidPolicyTest() { IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class ); when( emptySecurityHelper.getAuthorizationPolicy() ).thenReturn( policy ); when( policy.isAllowed( anyString() ) ).thenReturn( true ); assertTrue( emptySecurityHelper.isPentahoAdministrator( any() ) ); }
@Test public void isPentahoAdministratorInvalidPolicyTest() { IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class ); when( emptySecurityHelper.getAuthorizationPolicy() ).thenReturn( policy ); when( policy.isAllowed( anyString() ) ).thenReturn( false ); assertFalse( emptySecurityHelper.isPentahoAdministrator( any() ) ); }
@Test public void testGetUserSettingByName() throws Exception { final String settingName = USER_SETTING_NAME_3; final String defaultValue = "defaultValue"; IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class ); when( policy.isAllowed( anyString() ) ).thenReturn( true ); PentahoSystem.registerObject( policy ); //try to get existing setting final IUserSetting userSetting = userSettingService.getUserSetting( "test", settingName, defaultValue ); assertEquals( settingName, userSetting.getSettingName() ); assertEquals( USER_SETTING_VALUE_3, userSetting.getSettingValue() ); }