@Test public void shouldReturnTrueIfASimilarButNotResourceTypePermissionRestrictedUserRestrictionExists() { // given UserRestrictionEntity userRestrictionEntity = new UserRestrictionEntity(); userRestrictionEntity.setName("tester"); PermissionEntity permission = new PermissionEntity(); permission.setValue(Permission.RESOURCE.name()); RestrictionEntity existingRestriction = new RestrictionEntity(); existingRestriction.setUser(userRestrictionEntity); existingRestriction.setAction(Action.ALL); existingRestriction.setResourceTypePermission(ResourceTypePermission.ANY); existingRestriction.setPermission(permission); RestrictionEntity anotherExistingRestriction = new RestrictionEntity(); anotherExistingRestriction.setUser(userRestrictionEntity); anotherExistingRestriction.setAction(Action.ALL); anotherExistingRestriction.setResourceTypePermission(ResourceTypePermission.DEFAULT_ONLY); anotherExistingRestriction.setPermission(permission); RestrictionEntity newRestriction = new RestrictionEntity(); newRestriction.setUser(userRestrictionEntity); newRestriction.setAction(Action.ALL); newRestriction.setResourceTypePermission(ResourceTypePermission.NON_DEFAULT_ONLY); newRestriction.setPermission(permission); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions("tester")).thenReturn(Arrays.asList(existingRestriction, anotherExistingRestriction)); // when boolean exists = permissionService.identicalOrMoreGeneralRestrictionExists(newRestriction); // then Assert.assertTrue(exists); }
private boolean hasSimilarUserRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restrictionEntity : getUserRestrictions(newRestriction.getUser().getName())) { if (restrictionEntity.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionEntity); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
/** * Checks if restrictionEntityOne is more specific (grants less rights) than restrictionEntityTwo * * @param restrictionEntityOne * @param restrictionEntityTwo */ private boolean isMoreSpecificRestriction(RestrictionEntity restrictionEntityOne, RestrictionEntity restrictionEntityTwo) { // allow update of existing - do not compare with itself if (restrictionEntityOne.getId() != null && restrictionEntityOne.getId().equals(restrictionEntityTwo.getId())) { return false; } if (restrictionEntityOne.getAction().equals(Action.ALL) && !restrictionEntityTwo.getAction().equals(Action.ALL)) { return false; } if (restrictionEntityOne.getResourceGroup() == null && restrictionEntityTwo.getResourceGroup() != null) { return false; } if (restrictionEntityOne.getResourceType() == null && restrictionEntityTwo.getResourceType() != null) { return false; } if (restrictionEntityOne.getResourceTypePermission().equals(ResourceTypePermission.ANY) && !restrictionEntityTwo.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return false; } return true; }
/** * Checks if a Restriction similar to the given Restriction already exists * Returns true if a similar, equal or less restrictive Restriction exists * Returns false if no similar or one that is more restrictive than the given one exists * * @param newRestriction */ public boolean identicalOrMoreGeneralRestrictionExists(RestrictionEntity newRestriction) { if (newRestriction.getRole() != null) { return hasSimilarRoleRestriction(newRestriction); } else if (newRestriction.getUser() != null) { return hasSimilarUserRestriction(newRestriction); } return false; }
@Test public void hasPermissionToAddResourceTypeTemplateWhenUserIsShakedownAdminAndIsTestingMode() { // given ResourceTypeEntity as = ResourceTypeEntityBuilder.APPLICATION_SERVER_TYPE; when(sessionContext.isCallerInRole(SHAKEDOWN_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); myRoles.put(SHAKEDOWN_ADMIN, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.SHAKEDOWN_TEST_MODE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToAddResourceTypeTemplate(as, true); // then Assert.assertTrue(result); }
restriction.setRole(role); } else { restriction.setRole(permissionRepository.createRole(roleName)); restriction.setUser(userRestriction); } else { restriction.setUser(permissionRepository.createUserRestriciton(userName)); restriction.setPermission(permission); if (Permission.valueOf(permission.getValue()).isOld()) { resourceTypePermission = null; restriction.setResourceGroup(resourceGroup); restriction.setResourceType(resourceType); restriction.setResourceTypePermission(resourceTypePermission); restriction.setContext(contextLocator.getContextByName(contextName)); } catch (Exception e) { throw new AMWException("Context " + contextName + " not found."); restriction.setContext(null); restriction.setAction(action); } else { restriction.setAction(Action.ALL);
@Test public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWException { // given PermissionEntity globalPerm = new PermissionEntity(); globalPerm.setValue("APP_TAB"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(globalPerm); // when permissionBoundary.validateRestriction("existing", null, "good", 1, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.ANY)); assertThat(restriction.getAction(), is(ALL)); assertNull(restriction.getContext()); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
@Test public void constructedWithRestrictionItShouldHaveRightContext(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.CREATE); res.setContext(new ContextEntityBuilder().buildContextEntity("TEST", null, Collections.EMPTY_SET,false)); res.setPermission(per); res.setRole(rol); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(rol.getName(), resDTO.getRestriction().getRole().getName()); Assert.assertEquals(res.getContext().getName(), resDTO.getRestriction().getContext().getName()); } }
@Test public void hasPermissionToDeleteResourceRelationWhenUserHasPermissionToEditAllResourcesOnSpecificEnvironment(){ // given ResourceEntity app = resourceEntityBuilder.mockApplicationEntity("app", appResourceGroup, null); when(sessionContext.isCallerInRole(APP_DEVELOPER)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.UPDATE); res.setContext(envC); myRoles.put(APP_DEVELOPER, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToDeleteRelation(app, envC); // then Assert.assertTrue(result); }
@Test public void hasNoPermissionToAddResourceTypeTemplateWhenUserHasPermissionToUpdateResourceTypeAndIsApplicationResTypeAndIsNotTestingMode() { // given ResourceTypeEntity app = ResourceTypeEntityBuilder.APPLICATION_TYPE; when(sessionContext.isCallerInRole(APP_DEVELOPER)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); res.setResourceTypePermission(ResourceTypePermission.ANY); myRoles.put(APP_DEVELOPER, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCETYPE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToAddResourceTypeTemplate(app, false); // then Assert.assertFalse(result); }
@Test public void shouldReturnFalseIfCallerHasNoDelegationPermission() { // given when(sessionContext.isCallerInRole(CONFIG_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); PermissionEntity perm = new PermissionEntity(); perm.setValue(Permission.RESOURCE_PROPERTY_DECRYPT.name()); res.setPermission(perm); myRoles = new HashMap<>(); permissionService.rolesWithRestrictions = myRoles; when(permissionRepository.getUserWithRestrictions(anyString())).thenReturn(Arrays.asList(res)); // when boolean result = permissionService.hasPermissionToDelegatePermission(Permission.RESOURCE_PROPERTY_DECRYPT, null, null, null, Action.CREATE); // then Assert.assertFalse(result); }
@Test public void constructedWithRestrictionItShouldHaveRightAction(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.READ); res.setPermission(per); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(per.getValue(), resDTO.getPermissionName()); Assert.assertEquals(res.getAction(), resDTO.getRestriction().getAction()); }
@Test public void hasPermissionToAddResourceRelationWhenUserHasResourceUpdatePermissionForApplicationServerResTypeAndResourceIsInstanceOfApplicationServerResType() { // given ResourceEntity as = resourceEntityBuilder.mockAppServerEntity("as", asResourceGroup, null, null); when(sessionContext.isCallerInRole(SERVER_ADMIN)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.ALL); res.setResourceType(ResourceTypeEntityBuilder.APPLICATION_SERVER_TYPE); myRoles.put(SERVER_ADMIN, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean canAdd= permissionService.hasPermissionToAddRelation(as, new ContextEntity()); // then Assert.assertTrue(canAdd); }
@Test public void hasPermissionToDeleteResourceRelationWhenUserHasPermissionToEditSpecificResourceGroupOnAllEnvironments(){ // given ResourceEntity app = resourceEntityBuilder.mockApplicationEntity("app", appResourceGroup, null); when(sessionContext.isCallerInRole(APP_DEVELOPER)).thenReturn(true); when(sessionContext.getCallerPrincipal()).thenReturn(principal); myRoles = new HashMap<>(); RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.UPDATE); res.setResourceGroup(appResourceGroup); myRoles.put(APP_DEVELOPER, Arrays.asList(new RestrictionDTOBuilder().mockRestrictionDTO(Permission.RESOURCE, res))); permissionService.rolesWithRestrictions = myRoles; // when boolean result = permissionService.hasPermissionToDeleteRelation(app, envC) && permissionService.hasPermissionToDeleteRelation(app, envZ); // then Assert.assertTrue(result); }
private int createRestrictionPerContext(String roleName, String userName, String permissionName, Integer resourceGroupId, String resourceTypeName, ResourceTypePermission resourceTypePermission, List<String> contextNames, Action action, boolean delegated) throws AMWException { int count = 0; for (String contextName : contextNames) { if (!delegated || canDelegateThisPermission(permissionName, resourceGroupId, resourceTypeName, contextName, action)) { RestrictionEntity restriction = new RestrictionEntity(); if (createRestriction(roleName, userName, permissionName, resourceGroupId, resourceTypeName, resourceTypePermission, contextName, action, restriction) != null) { count++; } } } return count; }
public List<ResourceGroupEntity> getAllUserAssignableResourceGroupsByName() { List<PermissionEntity> allUserAssignablePermissions = permissionBoundary.getAllUserAssignablePermissions(); List<String> assignablePermissions = new ArrayList<>(); for (PermissionEntity userAssignablePermission : allUserAssignablePermissions) { assignablePermissions.add(userAssignablePermission.getValue()); } List<RestrictionEntity> userRestrictions = permissionBoundary.getRestrictionsForLoggedInUser(); Set<Integer> resourceGroupIds = new HashSet<>(); for (RestrictionEntity userRestriction : userRestrictions) { if (userRestriction.getResourceGroup() != null && assignablePermissions.contains(userRestriction.getPermission().getValue())) { resourceGroupIds.add(userRestriction.getResourceGroup().getId()); } } return resourceGroupControl.getResourceGroupsOrderedByName(resourceGroupIds); }
/** * Checks if a Restriction gives permission for a specific Action * * @param restriction * @param action */ private boolean hasPermissionForAction(RestrictionEntity restriction, Action action) { return action == null || restriction.getAction().equals(action) || restriction.getAction().equals(ALL); }
/** * Checks if a Restriction gives permission for a specific Context * No Context on Restriction means all Contexts are allowed * * @param restriction * @param context */ private boolean hasPermissionForContext(RestrictionEntity restriction, ContextEntity context) { return restriction.getContext() == null || (context != null && restriction.getContext().getId().equals(context.getId())); }
/** * Checks if a Restriction gives permission for a specific ResourceGroup * No Resource on Restriction means all ResourceGroups are allowed * * @param restriction * @param resourceGroup */ private boolean hasPermissionForResource(RestrictionEntity restriction, ResourceGroupEntity resourceGroup) { return resourceGroup == null || restriction.getResourceGroup() == null || restriction.getResourceGroup().getId().equals(resourceGroup.getId()); }
/** * Checks if a Restriction gives permission for a specific ResourceType * No ResourceType on Restriction means all ResourceTypes are allowed * * @param restriction * @param resourceType */ private boolean hasPermissionForResourceType(RestrictionEntity restriction, ResourceTypeEntity resourceType) { if (resourceType == null || restriction.getResourceType() == null) { return true; } if (restriction.getResourceType().getId().equals(resourceType.getId())) { return true; } return resourceType.getParentResourceType() != null && restriction.getResourceType().getId().equals(resourceType.getParentResourceType().getId()); }