org.springframework.security.acls.domain.PrincipalSid Java Examples

The following examples show how to use org.springframework.security.acls.domain.PrincipalSid. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetAllAvailableSids() {
  User user = mock(User.class);
  when(user.getUsername()).thenReturn("username");
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(UserMetadata.USER), READ_DATA);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA);
  when(userService.getUsers()).thenReturn(Collections.singletonList(user));

  Role role = mock(Role.class);
  when(role.getString(RoleMetadata.NAME)).thenReturn("role1");
  List<Entity> roles = Collections.singletonList(role);
  when(dataService.findAll(RoleMetadata.ROLE)).thenReturn(roles.stream());
  assertEquals(
      newHashSet(
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_ANONYMOUS"),
          new PrincipalSid("username")),
      userRoleTools.getAllAvailableSids());
}
 
Example #2
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #3
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #4
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  permissionServiceDecorator.createPermission(permission);
  verify(permissionService).createPermission(permission);
  resetContext();
}
 
Example #5
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
    MutableAclRecord acl = null;
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        // Create acl record for secured domain object.
        acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
    } catch (AlreadyExistsException e) {
        acl = aclService.readAcl(objectIdentity);
    }

    if (null != initPermission) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);
        acl = grant(ae, initPermission, sid);
    }

    return acl;
}
 
Example #6
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermissions() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.createPermissions(Collections.singleton(permission));
  verify(permissionService).createPermissions(Collections.singleton(permission));
  resetContext();
}
 
Example #7
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testUpdatePermission() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermission(permission);
  verify(permissionService).updatePermission(permission);
  resetContext();
}
 
Example #8
Source File: AclServiceTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #9
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #10
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetSids() {
  List<Sid> expected =
      Arrays.asList(
          new PrincipalSid("user1"),
          new PrincipalSid("user2"),
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_role2"));

  Query query = mock(Query.class);

  doReturn(query).when(query).eq(RoleMetadata.NAME, "role1");
  doReturn(query).when(query).eq(RoleMetadata.NAME, "role2");
  doReturn(mock(Role.class)).when(query).findOne();

  doReturn(mock(User.class)).when(userService).getUser("user1");
  doReturn(mock(User.class)).when(userService).getUser("user2");

  when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query);
  when(query.findOne()).thenReturn(mock(Role.class));

  assertTrue(
      userRoleTools
          .getSids(Arrays.asList("user1", "user2"), Arrays.asList("role1", "role2"))
          .containsAll(expected));
}
 
Example #11
Source File: PermissionInheritanceResolverTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example #12
Source File: OwnershipDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testAddStream() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(Stream.of(entity));

  verify(delegate).add(streamCaptor.capture());
  assertEquals(singletonList(entity), streamCaptor.getValue().collect(toList()));
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example #13
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #14
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
    MutableAclRecord acl = null;
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        // Create acl record for secured domain object.
        acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
    } catch (AlreadyExistsException e) {
        acl = aclService.readAcl(objectIdentity);
    }

    if (null != initPermission) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);
        acl = grant(ae, initPermission, sid);
    }

    return acl;
}
 
Example #15
Source File: OwnershipDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testAdd() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(entity);

  verify(delegate).add(entity);
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example #16
Source File: AclServiceTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #17
Source File: MultiTenancySupport.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
/**
 * Fix null tenant for principals and validate.
 * @param sid
 * @param <T>
 * @return
 */
@SuppressWarnings("unchecked")
public static <T extends TenantSid> T fixTenant(T sid) {
    if(sid == null) {
        return sid;
    }
    final String tenant = sid.getTenant();
    if(sid instanceof GrantedAuthoritySid && tenant == null) {
        return sid;
    }
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    ExtendedUserDetails eud = (ExtendedUserDetails) auth.getPrincipal();
    final String authTenant = eud.getTenant();
    if(authTenant.equals(tenant)) {
        return sid;
    }
    if(tenant == null) {
        return (T) TenantPrincipalSid.from((PrincipalSid) sid);
    }
    if(!ROOT_TENANT.equals(authTenant)) {
        // we must check tenancy access through TenantHierarchy, but now we does not have any full tenancy support
        throw new IllegalArgumentException("Sid " + sid + " has incorrect tenant: " + tenant + " it allow only for root tenant.");
    }
    return sid;
}
 
Example #18
Source File: PermissionsControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@BeforeEach
private void beforeMethod() {
  RSQLParser rsqlParser = new RSQLParser();
  PermissionsController controller =
      new PermissionsController(
          permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper);
  mockMvc =
      MockMvcBuilders.standaloneSetup(controller)
          .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter)
          .build();

  user1 = new PrincipalSid("user1");
  user2 = new PrincipalSid("user2");
  role1 = new GrantedAuthoritySid("ROLE_role1");
  role2 = new GrantedAuthoritySid("ROLE_role2");

  objectIdentity = new ObjectIdentityImpl("typeId", "identifier");
}
 
Example #19
Source File: TenantBasedPermissionGrantedStrategy.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
/**
 * Note that position of SIDs is important
 * @param authSid
 * @param aclSid
 * @return
 */
private boolean compareSids(Sid authSid, Sid aclSid) {
    if(MultiTenancySupport.isNoTenant(aclSid)) {
        // acl sid can has no tenant, we must consider this
        // not that null tenant mean that it common rule for any GrantedAuthorities of tenants
        if(authSid instanceof GrantedAuthoritySid) {
            return (aclSid instanceof GrantedAuthoritySid) && Objects.equals(
              ((GrantedAuthoritySid) authSid).getGrantedAuthority(),
              ((GrantedAuthoritySid) aclSid).getGrantedAuthority()
            );
        }
        if(authSid instanceof PrincipalSid) {
            return (aclSid instanceof PrincipalSid) && Objects.equals(
              ((PrincipalSid) authSid).getPrincipal(),
              ((PrincipalSid) aclSid).getPrincipal()
            );
        }
    }
    // there a unsupported sids or its has tenant, compare its as usual objects
    return aclSid.equals(authSid);
}
 
Example #20
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #21
Source File: DefaultCalendarService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 
Example #22
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #23
Source File: AclService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    }
}
 
Example #24
Source File: SidUtils.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static Sid createUserSid(String username) {
  if (username.equals(SecurityUtils.ANONYMOUS_USERNAME)) {
    return createAnonymousSid();
  } else {
    return new PrincipalSid(username);
  }
}
 
Example #25
Source File: BookHandler.java    From spring-data-rest-acl with Apache License 2.0 5 votes vote down vote up
private void addACL(AbstractSecuredEntity type) {
	if(type != null) {
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.ADMINISTRATION);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.READ);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.WRITE);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.DELETE);
	
		securityACLDAO.addPermission(type, new GrantedAuthoritySid("ROLE_ADMIN"), BasePermission.ADMINISTRATION);
	}		
}
 
Example #26
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetPermissionsForType1() {
  setUser();
  Sid sid = new PrincipalSid("user");
  permissionServiceDecorator.getPermissionsForType(
      "entity-typeId", Collections.singleton(sid), 10, 10);
  verify(permissionService)
      .getPermissionsForType("entity-typeId", Collections.singleton(sid), 10, 10);
  resetContext();
}
 
Example #27
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example #28
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetPermissionsForType() {
  setUser();
  Sid sid = new PrincipalSid("user");
  permissionServiceDecorator.getPermissionsForType(
      "entity-typeId", Collections.singleton(sid), false);
  verify(permissionService)
      .getPermissionsForType("entity-typeId", Collections.singleton(sid), false);
  resetContext();
}
 
Example #29
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetPermissions() {
  setUser();
  Sid sid = new PrincipalSid("user");
  permissionServiceDecorator.getPermissions(Collections.singleton(sid), false);
  verify(permissionService).getPermissions(Collections.singleton(sid), false);
  resetContext();
}
 
Example #30
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRolesForSid() {
  User molgenisUser = mock(User.class);
  when(molgenisUser.getId()).thenReturn("user");
  when(userService.getUser("user")).thenReturn(molgenisUser);

  PrincipalSid user = mock(PrincipalSid.class);
  when(user.getPrincipal()).thenReturn("user");
  Role role1 = mock(Role.class);
  when(role1.getName()).thenReturn("role1");
  Role role2 = mock(Role.class);
  when(role2.getName()).thenReturn("role2");

  RoleMembership roleMembership1 = mock(RoleMembership.class);
  RoleMembership roleMembership2 = mock(RoleMembership.class);

  when(roleMembership1.getRole()).thenReturn(role1);
  when(roleMembership2.getRole()).thenReturn(role2);

  Repository userRepository = mock(Repository.class);
  Query userQuery = mock(Query.class);
  when(userQuery.eq(RoleMembershipMetadata.USER, "user")).thenReturn(userQuery);
  when(userQuery.findAll()).thenReturn(Stream.of(roleMembership1, roleMembership2));
  when(userRepository.query()).thenReturn(userQuery);
  doReturn(userRepository)
      .when(dataService)
      .getRepository(RoleMembershipMetadata.ROLE_MEMBERSHIP, RoleMembership.class);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(
          new EntityTypeIdentity(RoleMembershipMetadata.ROLE_MEMBERSHIP),
          EntityTypePermission.READ_DATA);

  List<Sid> expected =
      Arrays.asList(new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_role2"));
  UserRoleTools userRoleTools =
      new UserRoleTools(userService, dataService, userPermissionEvaluator);
  assertEquals(expected, userRoleTools.getRolesForSid(user));
}