org.springframework.security.acls.model.MutableAcl Java Examples

The following examples show how to use org.springframework.security.acls.model.MutableAcl. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
@Transactional
public void createPermission(Permission permission) {
  ObjectIdentity objectIdentity = permission.getObjectIdentity();
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
  if (!getSuitablePermissionsForType(objectIdentity.getType())
      .contains(permission.getPermission())) {
    throw new PermissionNotSuitableException(
        permission.getPermission().name(), objectIdentity.getType());
  }
  Sid sid = permission.getSid();
  if (getPermissionResponses(acl, false, singleton(sid)).isEmpty()) {
    acl.insertAce(acl.getEntries().size(), permission.getPermission(), sid, true);
    mutableAclService.updateAcl(acl);
  } else {
    throw new DuplicatePermissionException(objectIdentity, sid);
  }
}
 
Example #2
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #3
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 
Example #4
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 
Example #5
Source File: PackageRepositorySecurityDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testAdd() {
  Package pack = mock(Package.class);
  Package parent = mock(Package.class);

  when(pack.getId()).thenReturn("1");
  when(parent.getId()).thenReturn("2");
  when(pack.getParent()).thenReturn(parent);

  MutableAcl acl = mock(MutableAcl.class);
  MutableAcl parentAcl = mock(MutableAcl.class);
  when(mutableAclService.createAcl(new PackageIdentity("1"))).thenReturn(acl);
  when(mutableAclService.readAclById(new PackageIdentity("2"))).thenReturn(parentAcl);

  when(userPermissionEvaluator.hasPermission(
          new PackageIdentity(parent.getId()), PackagePermission.ADD_PACKAGE))
      .thenReturn(true);

  repo.add(pack);

  verify(mutableAclService).createAcl(new PackageIdentity("1"));
  verify(mutableAclService).updateAcl(acl);
  verify(delegateRepository).add(pack);
}
 
Example #6
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #7
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 
Example #8
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #9
Source File: DefaultCalendarService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 
Example #10
Source File: PackageRepositorySecurityDecorator.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void createAcl(Package pack) {
  PackageIdentity packageIdentity = new PackageIdentity(pack);
  MutableAcl acl;
  try {
    acl = mutableAclService.createAcl(packageIdentity);
  } catch (AlreadyExistsException e) {
    throw new EntityAlreadyExistsException(pack, e);
  }
  if (pack.getParent() != null) {
    ObjectIdentity parentIdentity = new PackageIdentity(pack.getParent());
    Acl parentAcl = mutableAclService.readAclById(parentIdentity);
    acl.setParent(parentAcl);
    mutableAclService.updateAcl(acl);
  }
}
 
Example #11
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #12
Source File: EntityTypeRepositorySecurityDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@WithMockUser(username = USERNAME)
@Test
void updateFromNullToNullPackage() {
  String entityTypeId = "entityTypeId";

  EntityType entityType = mock(EntityType.class);
  EntityType oldEntityType = mock(EntityType.class);
  MutableAcl acl = mock(MutableAcl.class);

  when(entityType.getId()).thenReturn(entityTypeId).getMock();
  doReturn(acl).when(mutableAclService).readAclById(new EntityTypeIdentity(entityTypeId));

  when(dataService.findOneById(
          EntityTypeMetadata.ENTITY_TYPE_META_DATA, entityType.getId(), EntityType.class))
      .thenReturn(oldEntityType);

  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(entityTypeId), UPDATE_METADATA);

  repo.update(entityType);
  verify(delegateRepository).update(entityType);
}
 
Example #13
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #14
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 
Example #15
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
@Transactional
public void updatePermission(Permission permission) {
  ObjectIdentity objectIdentity = permission.getObjectIdentity();
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
  if (!getSuitablePermissionsForType(objectIdentity.getType())
      .contains(permission.getPermission())) {
    throw new PermissionNotSuitableException(
        permission.getPermission().name(), objectIdentity.getType());
  }
  Sid sid = permission.getSid();
  Set<LabelledPermission> current =
      getPermissionsForObject(objectIdentity, singleton(sid), false);
  if (current.isEmpty()) {
    throw new UnknownAceException(objectIdentity, sid, "update");
  }
  deleteAce(sid, acl);
  acl.insertAce(acl.getEntries().size(), permission.getPermission(), sid, true);
  mutableAclService.updateAcl(acl);
}
 
Example #16
Source File: TransactionalJdbcMutableAclService.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Same as {@link JdbcMutableAclService#updateAcl(MutableAcl)} except that it clears all cache as
 * a workaround for https://github.com/spring-projects/spring-security/issues/3330.
 */
@Transactional
@Override
public MutableAcl updateAcl(MutableAcl acl) {
  Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

  // Delete this ACL's ACEs in the acl_entry table
  deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

  // Create this ACL's ACEs in the acl_entry table
  createEntries(acl);

  // Change the mutable columns in acl_object_identity
  updateObjectIdentity(acl);

  // Clear all cache
  aclCache.clearCache();

  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  return (MutableAcl) super.readAclById(acl.getObjectIdentity());
}
 
Example #17
Source File: TransactionalJdbcMutableAclService.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Same as {@link JdbcMutableAclService#createAcl(ObjectIdentity)} except for duplicate key
 * checking which is handled by by the database for performance reasons.
 */
@Transactional
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) {
  Assert.notNull(objectIdentity, "Object Identity required");

  // Need to retrieve the current principal, in order to know who "owns" this ACL
  // (can be changed later on)
  Sid sid = SidUtils.createSecurityContextSid();

  try {
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
  } catch (DuplicateKeyException e) {
    throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
  }
  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  Acl acl = readAclById(objectIdentity);
  Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

  return (MutableAcl) acl;
}
 
Example #18
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  permissionServiceDecorator.createPermission(permission);
  verify(permissionService).createPermission(permission);
  resetContext();
}
 
Example #19
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermissions() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.createPermissions(Collections.singleton(permission));
  verify(permissionService).createPermissions(Collections.singleton(permission));
  resetContext();
}
 
Example #20
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testUpdatePermission() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermission(permission);
  verify(permissionService).updatePermission(permission);
  resetContext();
}
 
Example #21
Source File: EntityTypeRepositorySecurityDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@WithMockUser(username = USERNAME)
@Test
void add() {
  String entityTypeId = "entityTypeId";
  EntityType entityType = mock(EntityType.class);
  Package pack = mock(Package.class);
  MutableAcl mutableAcl = mock(MutableAcl.class);
  Acl acl = mock(Acl.class);

  when(pack.getId()).thenReturn("test");
  when(entityType.getId()).thenReturn(entityTypeId);
  when(entityType.getPackage()).thenReturn(pack);
  when(userPermissionEvaluator.hasPermission(
          new PackageIdentity("test"), PackagePermission.ADD_ENTITY_TYPE))
      .thenReturn(true);
  when(mutableAclService.createAcl(new EntityTypeIdentity(entityType.getId())))
      .thenReturn(mutableAcl);
  when(mutableAclService.readAclById(new PackageIdentity("test"))).thenReturn(acl);

  repo.add(entityType);

  verify(delegateRepository).add(entityType);
  verify(mutableAclService).createAcl(new EntityTypeIdentity(entityTypeId));
}
 
Example #22
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 
Example #23
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetUserPluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(plugin1.getId(), "read"));
  assertEquals(expected, permissionManagerController.getUserPluginPermissions("Ipsum"));
}
 
Example #24
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetUserPackagePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(packageIdentity1, acl1);
  acls.put(packageIdentity2, acl2);
  acls.put(packageIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(package1.getId(), "writemeta", package2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserPackagePermissions("Ipsum"));
}
 
Example #25
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, role, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #26
Source File: RowLevelSecurityRepositoryDecorator.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void createAcl(Entity entity) {
  MutableAcl acl;
  try {
    acl = mutableAclService.createAcl(new EntityIdentity(entity));
  } catch (AlreadyExistsException e) {
    throw new EntityAlreadyExistsException(entity, e);
  }
  Sid sid = SidUtils.createSecurityContextSid();
  acl.insertAce(acl.getEntries().size(), PermissionSet.WRITE, sid, true);
  mutableAclService.updateAcl(acl);
}
 
Example #27
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetUserEntityClassPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "writemeta", entityType2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserEntityClassPermissions("Ipsum"));
}
 
Example #28
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testDeletePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));
  permissionServiceDecorator.deletePermission(sid, objectIdentity);
  verify(permissionService).deletePermission(sid, objectIdentity);
  resetContext();
}
 
Example #29
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRolePluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(entityType1.getId(), "read"));
  Permissions actual = permissionManagerController.getRolePluginPermissions("ONE");
  assertEquals(expected, actual);
}
 
Example #30
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRoleEntityTypePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);
  when(ace2.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWrite);
  when(ace2.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "write", entityType2.getId(), "read"));

  assertEquals(expected, permissionManagerController.getRoleEntityClassPermissions("ONE"));
}