@Override public UserPermissions checkSuperAdminPermissions(UserInfo.Username userID, Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRolesWithWildcardAppName(userID, applicationName); Optional<com.intuit.wasabi.repository.cassandra.pojo.UserRole> adminRole = resultList .stream() .filter(t -> SUPERADMIN.equalsIgnoreCase(t.getRole())) .findAny(); if (!adminRole.isPresent()) return null; else return UserPermissions.newInstance(applicationName, Role.SUPERADMIN.getRolePermissions()) .build(); } //UserRole related operations
@Override public UserPermissionsList getUserPermissionsList(UserInfo.Username userID) { UserPermissionsList userPermissionsList = new UserPermissionsList(); Optional<UserPermissions> superAdminUserPermissions = getSuperAdminUserPermissions(userID, WILDCARD); if (superAdminUserPermissions.isPresent()) { List<String> allAppNames = getAllApplicationNameFromApplicationList(); allAppNames.stream() .map(t -> UserPermissions.newInstance( Application.Name.valueOf(t), superAdminUserPermissions.get().getPermissions() ).build()) .forEach(userPermissionsList::addPermissions); } else { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRoleList(userID, Optional.empty()); resultList.stream() .filter(t -> t.getRole() != null) .map(t -> UserPermissions.newInstance( Application.Name.valueOf(t.getAppName()) , Role.valueOf(t.getRole()).getRolePermissions()).build() ) .forEach(userPermissionsList::addPermissions); } return userPermissionsList; }
@Override public void checkUserPermissions(UserInfo.Username userID, Application.Name applicationName, Permission permission) { //get the user's permissions for this applicationName UserPermissions userPermissions = getUserPermissions(userID, applicationName); //check that the user is permitted to perform the action if (userPermissions == null || !userPermissions.getPermissions().contains(permission)) { throw new AuthenticationException("error, user " + userID + " not authorized to " + permission .toString() + " on application " + applicationName.toString()); } }
allowed.add(perm.getApplicationName());
List<UserRoleList> userRoleList = new ArrayList<>(); for (UserPermissions userPermissions : userPermissionsList.getPermissionsList()) { UserRoleList list = authorization.getApplicationUsers(userPermissions.getApplicationName()); if (!list.getRoleList().isEmpty()) { userRoleList.add(list);
Optional<UserPermissions> getSuperAdminUserPermissions(@Nonnull UserInfo.Username username, @Nonnull Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRolesWithWildcardAppName( username, applicationName ); return resultList.stream() .filter(t -> SUPERADMIN.equalsIgnoreCase(t.getRole())) .map(m -> UserPermissions.newInstance(applicationName, Role.SUPERADMIN.getRolePermissions()) .build() ) .findAny(); }
authorization.checkUserPermissions(userName, userPermissions.getApplicationName(), ADMIN); authPermissionsList.addPermissions(userPermissions); } catch (AuthenticationException ignored) {
UserPermissions getAppSpecificPermission(UserInfo.Username username, Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> result = getUserRoleList(username, Optional.ofNullable(applicationName)); if (result.size() != 0) { assert result.size() <= 1 : "More than a single row returned"; com.intuit.wasabi.repository.cassandra.pojo.UserRole role = result.get(0); assert role.getRole() != null : "Role cannot be null"; return UserPermissions.newInstance(applicationName, Role.toRole(role.getRole()).getRolePermissions()) .build(); } return null; }