org.springframework.security.acls.domain.GrantedAuthoritySid Java Examples

The following examples show how to use org.springframework.security.acls.domain.GrantedAuthoritySid. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PermissionsControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@BeforeEach
private void beforeMethod() {
  RSQLParser rsqlParser = new RSQLParser();
  PermissionsController controller =
      new PermissionsController(
          permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper);
  mockMvc =
      MockMvcBuilders.standaloneSetup(controller)
          .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter)
          .build();

  user1 = new PrincipalSid("user1");
  user2 = new PrincipalSid("user2");
  role1 = new GrantedAuthoritySid("ROLE_role1");
  role2 = new GrantedAuthoritySid("ROLE_role2");

  objectIdentity = new ObjectIdentityImpl("typeId", "identifier");
}
 
Example #2
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetSids() {
  List<Sid> expected =
      Arrays.asList(
          new PrincipalSid("user1"),
          new PrincipalSid("user2"),
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_role2"));

  Query query = mock(Query.class);

  doReturn(query).when(query).eq(RoleMetadata.NAME, "role1");
  doReturn(query).when(query).eq(RoleMetadata.NAME, "role2");
  doReturn(mock(Role.class)).when(query).findOne();

  doReturn(mock(User.class)).when(userService).getUser("user1");
  doReturn(mock(User.class)).when(userService).getUser("user2");

  when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query);
  when(query.findOne()).thenReturn(mock(Role.class));

  assertTrue(
      userRoleTools
          .getSids(Arrays.asList("user1", "user2"), Arrays.asList("role1", "role2"))
          .containsAll(expected));
}
 
Example #3
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetAllAvailableSids() {
  User user = mock(User.class);
  when(user.getUsername()).thenReturn("username");
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(UserMetadata.USER), READ_DATA);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA);
  when(userService.getUsers()).thenReturn(Collections.singletonList(user));

  Role role = mock(Role.class);
  when(role.getString(RoleMetadata.NAME)).thenReturn("role1");
  List<Entity> roles = Collections.singletonList(role);
  when(dataService.findAll(RoleMetadata.ROLE)).thenReturn(roles.stream());
  assertEquals(
      newHashSet(
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_ANONYMOUS"),
          new PrincipalSid("username")),
      userRoleTools.getAllAvailableSids());
}
 
Example #4
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #5
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #6
Source File: MultiTenancySupport.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
/**
 * Fix null tenant for principals and validate.
 * @param sid
 * @param <T>
 * @return
 */
@SuppressWarnings("unchecked")
public static <T extends TenantSid> T fixTenant(T sid) {
    if(sid == null) {
        return sid;
    }
    final String tenant = sid.getTenant();
    if(sid instanceof GrantedAuthoritySid && tenant == null) {
        return sid;
    }
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    ExtendedUserDetails eud = (ExtendedUserDetails) auth.getPrincipal();
    final String authTenant = eud.getTenant();
    if(authTenant.equals(tenant)) {
        return sid;
    }
    if(tenant == null) {
        return (T) TenantPrincipalSid.from((PrincipalSid) sid);
    }
    if(!ROOT_TENANT.equals(authTenant)) {
        // we must check tenancy access through TenantHierarchy, but now we does not have any full tenancy support
        throw new IllegalArgumentException("Sid " + sid + " has incorrect tenant: " + tenant + " it allow only for root tenant.");
    }
    return sid;
}
 
Example #7
Source File: PermissionInheritanceResolverTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example #8
Source File: UserRoleTools.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
Set<Sid> getAllAvailableSids() {
  Set<Sid> sids = new HashSet<>();
  if (userPermissionEvaluator.hasPermission(
      new EntityTypeIdentity(UserMetadata.USER), READ_DATA)) {
    sids =
        userService.getUsers().stream()
            .map(user -> new PrincipalSid(user.getUsername()))
            .collect(toSet());
  }
  if (userPermissionEvaluator.hasPermission(
      new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA)) {
    Set<Sid> roles =
        dataService
            .findAll(RoleMetadata.ROLE)
            .map(role -> new GrantedAuthoritySid(ROLE_PREFIX + role.getString(RoleMetadata.NAME)))
            .collect(toSet());

    sids.addAll(roles);
  }
  sids.add(SidUtils.createSecurityContextSid());

  return sids;
}
 
Example #9
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #10
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #11
Source File: TenantBasedPermissionGrantedStrategy.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
/**
 * Note that position of SIDs is important
 * @param authSid
 * @param aclSid
 * @return
 */
private boolean compareSids(Sid authSid, Sid aclSid) {
    if(MultiTenancySupport.isNoTenant(aclSid)) {
        // acl sid can has no tenant, we must consider this
        // not that null tenant mean that it common rule for any GrantedAuthorities of tenants
        if(authSid instanceof GrantedAuthoritySid) {
            return (aclSid instanceof GrantedAuthoritySid) && Objects.equals(
              ((GrantedAuthoritySid) authSid).getGrantedAuthority(),
              ((GrantedAuthoritySid) aclSid).getGrantedAuthority()
            );
        }
        if(authSid instanceof PrincipalSid) {
            return (aclSid instanceof PrincipalSid) && Objects.equals(
              ((PrincipalSid) authSid).getPrincipal(),
              ((PrincipalSid) aclSid).getPrincipal()
            );
        }
    }
    // there a unsupported sids or its has tenant, compare its as usual objects
    return aclSid.equals(authSid);
}
 
Example #12
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSortSids() {
  Sid sid1 = new PrincipalSid("b");
  Sid sid2 = new PrincipalSid("a");
  Sid sid3 = new GrantedAuthoritySid("ROLE_b");
  Sid sid4 = new GrantedAuthoritySid("ROLE_a");
  LinkedList expected = new LinkedList<>();
  expected.addAll(Arrays.asList(sid2, sid4, sid1, sid3));
  assertEquals(expected, userRoleTools.sortSids(newHashSet(sid1, sid2, sid3, sid4)));
}
 
Example #13
Source File: WebAppPermissionRegistryTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
public void testGetPermissions() {
  Multimap<ObjectIdentity, Pair<PermissionSet, Sid>> permissions =
      new WebAppPermissionRegistry().getPermissions();
  assertFalse(permissions.isEmpty());
  Collection<Pair<PermissionSet, Sid>> pairs =
      permissions.get(new PluginIdentity(HomeController.ID));
  assertEquals(
      singleton(new Pair<>(READ, new GrantedAuthoritySid("ROLE_ANONYMOUS"))), copyOf(pairs));
}
 
Example #14
Source File: SidInfo.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    } else
        throw new IllegalStateException();
}
 
Example #15
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRolesForSid() {
  User molgenisUser = mock(User.class);
  when(molgenisUser.getId()).thenReturn("user");
  when(userService.getUser("user")).thenReturn(molgenisUser);

  PrincipalSid user = mock(PrincipalSid.class);
  when(user.getPrincipal()).thenReturn("user");
  Role role1 = mock(Role.class);
  when(role1.getName()).thenReturn("role1");
  Role role2 = mock(Role.class);
  when(role2.getName()).thenReturn("role2");

  RoleMembership roleMembership1 = mock(RoleMembership.class);
  RoleMembership roleMembership2 = mock(RoleMembership.class);

  when(roleMembership1.getRole()).thenReturn(role1);
  when(roleMembership2.getRole()).thenReturn(role2);

  Repository userRepository = mock(Repository.class);
  Query userQuery = mock(Query.class);
  when(userQuery.eq(RoleMembershipMetadata.USER, "user")).thenReturn(userQuery);
  when(userQuery.findAll()).thenReturn(Stream.of(roleMembership1, roleMembership2));
  when(userRepository.query()).thenReturn(userQuery);
  doReturn(userRepository)
      .when(dataService)
      .getRepository(RoleMembershipMetadata.ROLE_MEMBERSHIP, RoleMembership.class);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(
          new EntityTypeIdentity(RoleMembershipMetadata.ROLE_MEMBERSHIP),
          EntityTypePermission.READ_DATA);

  List<Sid> expected =
      Arrays.asList(new GrantedAuthoritySid("ROLE_role1"), new GrantedAuthoritySid("ROLE_role2"));
  UserRoleTools userRoleTools =
      new UserRoleTools(userService, dataService, userPermissionEvaluator);
  assertEquals(expected, userRoleTools.getRolesForSid(user));
}
 
Example #16
Source File: UserRoleToolsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRoles() {
  Sid sid1 = new GrantedAuthoritySid("ROLE_a");
  Sid sid2 = new GrantedAuthoritySid("ROLE_b");
  LinkedList expected = new LinkedList<>();
  expected.addAll(Arrays.asList(sid2, sid1));

  Role role = mock(Role.class);
  Role roleA = mock(Role.class);
  when(roleA.getName()).thenReturn("a");
  Role roleB = mock(Role.class);
  when(roleB.getName()).thenReturn("b");
  when(role.getIncludes()).thenReturn(Arrays.asList(roleA, roleB));

  Query query = mock(Query.class);
  Query query1 = mock(Query.class);
  Query query2 = mock(Query.class);

  when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query);
  doReturn(query).when(query).eq(RoleMetadata.NAME, "role1");
  doReturn(query1).when(query).eq(RoleMetadata.NAME, "a");
  doReturn(query2).when(query).eq(RoleMetadata.NAME, "b");
  when(query.findOne()).thenReturn(role);
  when(query1.findOne()).thenReturn(mock(Role.class));
  when(query2.findOne()).thenReturn(mock(Role.class));

  when(userPermissionEvaluator.hasPermission(
          new EntityTypeIdentity(RoleMetadata.ROLE), EntityTypePermission.READ_DATA))
      .thenReturn(true);

  assertTrue(
      userRoleTools
          .getRoles(
              Sets.newHashSet(
                  new GrantedAuthoritySid("ROLE_role1"),
                  new GrantedAuthoritySid("ROLE_a"),
                  new GrantedAuthoritySid("ROLE_b")))
          .containsAll(expected));
}
 
Example #17
Source File: UnknownAceExceptionTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@ParameterizedTest
@MethodSource("languageMessageProvider")
@Override
protected void testGetLocalizedMessage(String lang, String message) {
  ExceptionMessageTest.assertExceptionMessageEquals(
      new UnknownAceException(objectIdentity, new GrantedAuthoritySid("ROLE_role1"), "delete"),
      lang,
      message);
}
 
Example #18
Source File: UnknownAceExceptionTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetMessage() {
  UnknownDataException ex =
      new UnknownAceException(objectIdentity, new GrantedAuthoritySid("ROLE_role1"), "delete");
  assertEquals(
      "typeId:type, identifier:id, sid:GrantedAuthoritySid[ROLE_role1], operation:delete",
      ex.getMessage());
}
 
Example #19
Source File: DuplicatePermissionExceptionTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@ParameterizedTest
@MethodSource("languageMessageProvider")
@Override
protected void testGetLocalizedMessage(String lang, String message) {
  ExceptionMessageTest.assertExceptionMessageEquals(
      new DuplicatePermissionException(objectIdentity, new GrantedAuthoritySid("ROLE_role1")),
      lang,
      message);
}
 
Example #20
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example #21
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example #22
Source File: ObjectIdentityServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
private String getSidString(Sid sid) {
  if (sid instanceof PrincipalSid) {
    return ((PrincipalSid) sid).getPrincipal();
  } else if (sid instanceof GrantedAuthoritySid) {
    return ((GrantedAuthoritySid) sid).getGrantedAuthority();
  }
  throw new IllegalArgumentException(
      "Sid type should always be either PrincipalSid or GrantedAuthoritySid");
}
 
Example #23
Source File: ObjectIdentityServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetNrOfObjectIdentities1() {
  Map<String, Object> paramMap = new HashMap<>();
  paramMap.put("classId", "classId");
  paramMap.put("sids", Collections.singletonList("ROLE_role1"));
  doReturn(new Integer(12))
      .when(jdbcTemplate)
      .queryForObject(
          "SELECT COUNT( DISTINCT acl_object_identity.object_id_identity) FROM acl_object_identity LEFT JOIN acl_class ON acl_object_identity.object_id_class = acl_class.id LEFT JOIN acl_entry ON acl_entry.acl_object_identity = acl_object_identity.id LEFT JOIN acl_sid ON acl_entry.sid = acl_sid.id WHERE acl_class.class = :classId AND acl_sid.sid IN (:sids)",
          paramMap,
          Integer.class);
  Sid sid = new GrantedAuthoritySid("ROLE_role1");
  assertEquals(
      12, objectIdentityService.getNrOfObjectIdentities("classId", singleton(sid)).intValue());
}
 
Example #24
Source File: UserRoleTools.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static Optional<String> getRolename(Sid sid) {
  if (sid instanceof GrantedAuthoritySid) {
    String role = ((GrantedAuthoritySid) sid).getGrantedAuthority();
    return Optional.of(SidUtils.getRoleName(role));
  }
  return Optional.empty();
}
 
Example #25
Source File: UserRoleTools.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public List<Sid> getRolesForSid(Sid sid) {
  List<Sid> roles = new ArrayList<>();
  if (sid instanceof PrincipalSid) {
    roles = getRolesForUser(sid);
  } else if (sid instanceof GrantedAuthoritySid) {
    String role = ((GrantedAuthoritySid) sid).getGrantedAuthority();
    roles = getParentRoles(getRoleName(role));
  }
  return roles;
}
 
Example #26
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermissions() {
  Sid sid = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier");
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl).when(mutableAclService).readAclById(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(sid);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(sid))).thenReturn(new LinkedList(singletonList(sid)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermissions(
      singleton(Permission.create(objectIdentity, sid, WRITE)));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, sid, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #27
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreatePermission() {
  MutableAcl acl = mock(MutableAcl.class);
  when(mutableAclService.readAclById(new ObjectIdentityImpl("entity-typeId", "identifier")))
      .thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));
  Sid role = new GrantedAuthoritySid("ROLE_role");

  permissionsApiService.createPermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).insertAce(0, WRITE, role, true);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #28
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreatePermissions() {
  MutableAcl acl = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  doReturn(acl2)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier2"));
  Permission permission1 =
      Permission.create(
          new ObjectIdentityImpl("entity-typeId", "identifier"),
          new GrantedAuthoritySid("ROLE_role"),
          WRITE);
  Permission permission2 =
      Permission.create(
          new ObjectIdentityImpl("entity-typeId", "identifier2"),
          new PrincipalSid("user1"),
          READ);

  Sid expectedSid = new GrantedAuthoritySid("ROLE_role");
  Sid expectedSid2 = new PrincipalSid("user1");
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.createPermissions(Sets.newHashSet(permission1, permission2));

  verify(acl).insertAce(0, WRITE, expectedSid, true);
  verify(acl2).insertAce(0, READ, expectedSid2, true);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #29
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, role, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #30
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreateDuplicatePermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  assertThrows(
      DuplicatePermissionException.class,
      () ->
          permissionsApiService.createPermission(
              Permission.create(
                  new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE)));
}