Java Code Examples for org.springframework.security.acls.model.Acl

The following examples show how to use org.springframework.security.acls.model.Acl. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: kylin-on-parquet-v2   Source File: AclServiceTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example 2
Source Project: kylin-on-parquet-v2   Source File: AclService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 
Example 3
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example 4
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example 5
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example 6
public static InheritedPermissionsResult getInheritedPermissionsResult(
    Acl packageAcl, Acl parentPackageAcl, Sid role1, Sid role2, Sid role3) {
  // Permissions on parentpackage
  InheritedUserPermissionsResult parentPackageAclPermissionsRole3 =
      InheritedUserPermissionsResult.create(
          role3, PermissionSet.WRITEMETA, Collections.emptyList());
  InheritedUserPermissionsResult parentPackageAclPermissionsRole1 =
      InheritedUserPermissionsResult.create(
          role1, null, Collections.singletonList(parentPackageAclPermissionsRole3));
  InheritedAclPermissionsResult parentPackageAclPermissions =
      InheritedAclPermissionsResult.create(
          parentPackageAcl,
          null,
          Collections.singletonList(parentPackageAclPermissionsRole1),
          null);
  // Permissions on package
  InheritedAclPermissionsResult packageAclPermissions =
      InheritedAclPermissionsResult.create(
          packageAcl, PermissionSet.READ, Collections.emptyList(), parentPackageAclPermissions);
  // Permissions on entity
  InheritedUserPermissionsResult entityPermissionRole2 =
      InheritedUserPermissionsResult.create(role2, PermissionSet.WRITE, Collections.emptyList());

  return InheritedPermissionsResult.create(
      Collections.singletonList(entityPermissionRole2), packageAclPermissions);
}
 
Example 7
private void getPermissionResponsesForSingleSid(
    Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (sid.equals(ace.getSid())) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>();
  if (isReturnInheritedPermissions) {
    inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid));
  }
  if (ownPermission != null || !inheritedPermissions.isEmpty()) {
    inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions;
    result.add(
        LabelledPermission.create(
            sid,
            entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()),
            ownPermission,
            inheritedPermissions));
  }
}
 
Example 8
private Optional<InheritedAclPermissionsResult> getParentAclPermissions(Acl acl, Sid sid) {
  InheritedAclPermissionsResult parentAclPermissions;
  List<InheritedUserPermissionsResult> parentRolePermissions;
  Acl parentAcl = acl.getParentAcl();
  if (parentAcl != null) {
    PermissionSet ownPermission = getPermissionsForAcl(parentAcl, sid);
    parentRolePermissions = getPermissionsForRoles(parentAcl, sid);
    parentAclPermissions =
        getParentAclPermissions(parentAcl, sid)
            .orElse(null); // Get permissions for parentAcl of the parentAcl - Recursive
    InheritedAclPermissionsResult inheritedAclPermissionsResult =
        InheritedAclPermissionsResult.create(
            parentAcl, ownPermission, parentRolePermissions, parentAclPermissions);
    if (isNotEmpty(inheritedAclPermissionsResult)) {
      return Optional.of(inheritedAclPermissionsResult);
    }
  }
  return Optional.empty();
}
 
Example 9
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 10
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 11
/**
 * Same as {@link JdbcMutableAclService#createAcl(ObjectIdentity)} except for duplicate key
 * checking which is handled by by the database for performance reasons.
 */
@Transactional
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) {
  Assert.notNull(objectIdentity, "Object Identity required");

  // Need to retrieve the current principal, in order to know who "owns" this ACL
  // (can be changed later on)
  Sid sid = SidUtils.createSecurityContextSid();

  try {
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
  } catch (DuplicateKeyException e) {
    throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
  }
  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  Acl acl = readAclById(objectIdentity);
  Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

  return (MutableAcl) acl;
}
 
Example 12
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 13
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 14
Source Project: kylin   Source File: AclServiceTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example 15
Source Project: kylin   Source File: MigrationService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getCubeAdmins(CubeInstance cubeInstance) {
    ProjectInstance prjInstance = cubeInstance.getProjectInstance();
    AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid());
    logger.info("ProjectUUID : " + prjInstance.getUuid());
    Acl acl = accessService.getAcl(ae);

    String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix();
    List<String> cubeAdmins = Lists.newArrayList();
    if (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            if (ace.getPermission().getMask() == 16) {
                PrincipalSid ps = (PrincipalSid) ace.getSid();
                cubeAdmins.add(ps.getPrincipal() + mailSuffix);
            }
        }
    }

    if (cubeAdmins.isEmpty()) {
        throw new BadRequestException("Cube access list is null, please add at least one role in it.");
    }
    return cubeAdmins;
}
 
Example 16
Source Project: kylin   Source File: AclRecord.java    License: Apache License 2.0 6 votes vote down vote up
public void init(Acl parentAcl, PermissionFactory aclPermissionFactory,
        PermissionGrantingStrategy permissionGrantingStrategy) {
    this.aclPermissionFactory = aclPermissionFactory;
    this.permissionGrantingStrategy = permissionGrantingStrategy;
    this.parentAcl = parentAcl;

    if (entries == null)
        entries = new ArrayList<>();

    // convert legacy ace
    if (legacyAceInfo != null) {
        for (LegacyAceInfo legacy : legacyAceInfo.values()) {
            entries.add(new AceImpl(legacy));
        }
        Collections.sort(entries, AceImpl.SID_ORDER);
        legacyAceInfo = null;
    }

    for (int i = 0; i < entries.size(); i++) {
        entries.get(i).init(this, i);
    }
}
 
Example 17
Source Project: kylin   Source File: AclService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 
Example 18
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example 19
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example 20
private PermissionSet getPermissionsForAcl(Acl acl, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (ace.getSid().equals(sid)) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  return ownPermission;
}
 
Example 21
@Test
void testGetRolePluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(entityType1.getId(), "read"));
  Permissions actual = permissionManagerController.getRolePluginPermissions("ONE");
  assertEquals(expected, actual);
}
 
Example 22
@Test
void testGetRoleEntityTypePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);
  when(ace2.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWrite);
  when(ace2.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "write", entityType2.getId(), "read"));

  assertEquals(expected, permissionManagerController.getRoleEntityClassPermissions("ONE"));
}
 
Example 23
@Test
void testGetUserPackagePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(packageIdentity1, acl1);
  acls.put(packageIdentity2, acl2);
  acls.put(packageIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(package1.getId(), "writemeta", package2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserPackagePermissions("Ipsum"));
}
 
Example 24
Source Project: kylin-on-parquet-v2   Source File: AccessController.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example 25
Source Project: kylin-on-parquet-v2   Source File: AccessController.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example 26
Source Project: kylin-on-parquet-v2   Source File: AccessController.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example 27
Source Project: kylin-on-parquet-v2   Source File: AclService.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
    Message msg = MsgPicker.getMsg();
    Map<ObjectIdentity, Acl> aclsMap = readAclsById(Arrays.asList(object), sids);
    if (!aclsMap.containsKey(object)) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getNO_ACL_ENTRY(), object));
    }
    return aclsMap.get(object);
}
 
Example 28
private Multimap<String, String> getPermissions(Map<ObjectIdentity, Acl> acls, Sid sid) {
  Multimap<String, String> result = LinkedHashMultimap.create();
  acls.forEach(
      (objectIdentity, acl) -> {
        String id = objectIdentity.getIdentifier().toString();
        acl.getEntries().stream()
            .filter(ace -> ace.getSid().equals(sid))
            .map(this::getPermissionString)
            .forEach(permission -> result.put(id, permission));
      });
  return result;
}
 
Example 29
@Override
public Map<String, Set<LabelledPermission>> getPermissionsForType(
    String typeId, Set<Sid> sids, int page, int pageSize) {
  entityHelper.checkEntityTypeExists(typeId);

  List<ObjectIdentity> objectIdentities =
      objectIdentityService.getObjectIdentities(typeId, sids, pageSize, (page - 1) * pageSize);

  Map<ObjectIdentity, Acl> aclMap = new LinkedHashMap<>();
  if (!objectIdentities.isEmpty()) {
    aclMap = mutableAclService.readAclsById(objectIdentities, userRoleTools.sortSids(sids));
  }
  return getPermissions(aclMap, objectIdentities, sids, false);
}
 
Example 30
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);

    // Check every requested object identity was found (throw NotFoundException if needed)
    for (ObjectIdentity oid : objects) {
        if (!result.containsKey(oid)) {
            throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
        }
    }

    return result;
}