private void addPermission(Map<String, List<RestrictionDTO>> tmpRolesWithRestrictions, RoleEntity role) { String roleName = role.getName(); if (!tmpRolesWithRestrictions.containsKey(roleName)) { tmpRolesWithRestrictions.put(roleName, new ArrayList<RestrictionDTO>()); } for (RestrictionEntity res : role.getRestrictions()) { // add restriction tmpRolesWithRestrictions.get(roleName).add(new RestrictionDTO(res)); } }
/** * Checks whether a Role has the Permission perform a certain Action with a specific ResourceGroup on a specific Context (or on its parent) * If so, it adds the role to the list of the allowed roles * * @param permissionName * @param action * @param context * @param resourceGroup * @param allowedRoles * @param entry */ private void matchPermissionsAndContext(String permissionName, Action action, ContextEntity context, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType, List<String> allowedRoles, Map.Entry<String, List<RestrictionDTO>> entry) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(permissionName)) { checkContextAndActionAndResource(context, action, resourceGroup, resourceType, allowedRoles, entry, restrictionDTO.getRestriction()); } } }
@Test public void constructedWithRestrictionItShouldHaveRightAction(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.READ); res.setPermission(per); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(per.getValue(), resDTO.getPermissionName()); Assert.assertEquals(res.getAction(), resDTO.getRestriction().getAction()); }
@Test public void constructedWithRestrictionItShouldHaveRightContext(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.CREATE); res.setContext(new ContextEntityBuilder().buildContextEntity("TEST", null, Collections.EMPTY_SET,false)); res.setPermission(per); res.setRole(rol); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(rol.getName(), resDTO.getRestriction().getRole().getName()); Assert.assertEquals(res.getContext().getName(), resDTO.getRestriction().getContext().getName()); } }
/** * Returns a list of ALL Restrictions of the caller (both, Restrictions by User and Role) */ public List<RestrictionEntity> getAllCallerRestrictions() { List<RestrictionEntity> restrictions = new ArrayList<>(); Map<String, List<RestrictionDTO>> roleWithRestrictions = getPermissions(); for (String roleName : roleWithRestrictions.keySet()) { if (sessionContext.isCallerInRole(roleName)) { for (RestrictionDTO restrictionDTO : roleWithRestrictions.get(roleName)) { restrictions.add(restrictionDTO.getRestriction()); } } } List<RestrictionEntity> userRestrictions = getUserRestrictions(getCurrentUserName()); restrictions.addAll(userRestrictions); return restrictions; }
/** * Checks if the caller is allowed to create (re-)Deployments */ public boolean hasPermissionToCreateDeployment() { for (Map.Entry<String, List<RestrictionDTO>> entry : getDeployableRoles().entrySet()) { if (sessionContext.isCallerInRole(entry.getKey())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getRestriction().getAction().equals(Action.CREATE) || restrictionDTO.getRestriction().getAction().equals(Action.ALL)) { return true; } } } } return hasUserRestriction(Permission.DEPLOYMENT.name(), null, Action.CREATE, null, null); }
/** * Checks whether a Role has the Permission perform a certain Action * If so, it adds the role to the list of the allowed roles * * @param permissionName * @param action * @param resourceGroup * @param resourceType * @param allowedRoles * @param entry */ private void matchPermissions(String permissionName, Action action, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType, List<String> allowedRoles, Map.Entry<String, List<RestrictionDTO>> entry) { String roleName = entry.getKey(); for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(permissionName) && hasPermissionForAction(restrictionDTO.getRestriction(), action) && hasPermissionForResource(restrictionDTO.getRestriction(), resourceGroup) && hasPermissionForResourceType(restrictionDTO.getRestriction(), resourceType) && hasPermissionForDefaultResourceType(restrictionDTO.getRestriction(), resourceType)) { allowedRoles.add(roleName); } } }
public RestrictionDTO buildRestrictionDTO(Permission permission, RestrictionEntity restrictionEntity) { PermissionEntity pe = new PermissionEntity(); pe.setValue(permission.name()); restrictionEntity.setPermission(pe); RestrictionDTO dto = new RestrictionDTO(restrictionEntity); return dto; } }
/** * Checks if the caller is allowed to edit Deployments */ public boolean hasPermissionToEditDeployment() { for (Map.Entry<String, List<RestrictionDTO>> entry : getDeployableRoles().entrySet()) { if (sessionContext.isCallerInRole(entry.getKey())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getRestriction().getAction().equals(Action.UPDATE) || restrictionDTO.getRestriction().getAction().equals(Action.ALL)) { return true; } } } } return hasUserRestriction(Permission.DEPLOYMENT.name(), null, Action.UPDATE, null, null); }
public RestrictionDTO mockRestrictionDTO(Permission permission, RestrictionEntity restrictionEntity) { RestrictionDTO mock = mock(RestrictionDTO.class); when(mock.getPermissionName()).thenReturn(permission.name()); when(mock.getRestriction()).thenReturn(restrictionEntity); return mock; }
@Test public void shouldNotAllowToRemoveInstanceOfNonDefaultResTypeIfHasPermissionToDeleteInstancesOfDefaultResourceTypeOnly(){ // given ResourceTypeEntity nonDefaultResType = new ResourceTypeEntity(); when(sessionContext.isCallerInRole(SERVER_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.DELETE); res.setResourceTypePermission(ResourceTypePermission.DEFAULT_ONLY); res.setPermission(permission); myRoles.put(SERVER_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(nonDefaultResType); // then Assert.assertFalse(result); }
private boolean hasSimilarRoleRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); Set<Map.Entry<String, List<RestrictionDTO>>> entries = getPermissions().entrySet(); for (Map.Entry<String, List<RestrictionDTO>> entry : entries) { if (entry.getKey().equals(newRestriction.getRole().getName())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionDTO.getRestriction()); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); } } return false; }
@Test public void shouldNotAllowToRemoveDefaultInstanceOfResTypeIfHasPermissionForResourcesOnly(){ // given ResourceTypeEntity applicationResTypeEntity = new ResourceTypeEntity(); applicationResTypeEntity.setName(DefaultResourceTypeDefinition.APPLICATION.name()); when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.DELETE); res.setResourceTypePermission(ResourceTypePermission.NON_DEFAULT_ONLY); res.setPermission(permission); myRoles.put(CONFIG_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(applicationResTypeEntity); // then Assert.assertFalse(result); }
@Test public void shouldAllowToRemoveDefaultInstanceOfResTypeIfHasPermissionToDeleteInstancesOfDefaultResourceType(){ // given ResourceTypeEntity applicationResTypeEntity = new ResourceTypeEntity(); applicationResTypeEntity.setName(DefaultResourceTypeDefinition.APPLICATION.name()); when(sessionContext.isCallerInRole(SERVER_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); res.setResourceTypePermission(ResourceTypePermission.DEFAULT_ONLY); res.setPermission(permission); myRoles.put(SERVER_ADMIN, Arrays.asList(new RestrictionDTO(res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToRemoveInstanceOfResType(applicationResTypeEntity); // then Assert.assertTrue(result); }