public OUser getUser(final String iUserName) { return delegate.getUser(iUserName); }
public ORole getRole(final OIdentifiable iRole) { return delegate.getRole(iRole); }
public ORole createRole(final String iRoleName, final ORole iParent, final OSecurityRole.ALLOW_MODES iAllowMode) { return delegate.createRole(iRoleName, iParent, iAllowMode); }
restrictedRole = sm.createRole("foobar", OSecurityRole.ALLOW_MODES.DENY_ALL_BUT); restrictedRole.addRule(ORule.ResourceGeneric.CLASS, TABLE_NAME, ORole.PERMISSION_READ); restrictedRole.addRule(ORule.ResourceGeneric.DATABASE, TABLE_NAME, ORole.PERMISSION_READ); restrictedRole.reload(); admin = sm.getUser("admin"); user2 = sm.createUser("user2", "user2", "foobar");
public void internalOpen(final String iUserName, final String iUserPassword, boolean checkPassword) { try { OSecurity security = metadata.getSecurity(); if (user == null || user.getVersion() != security.getVersion() || !user.getName().equalsIgnoreCase(iUserName)) { final OUser usr; if (checkPassword) { usr = security.authenticate(iUserName, iUserPassword); } else { usr = security.getUser(iUserName); } if (usr != null) user = new OImmutableUser(security.getVersion(), usr); else user = null; checkSecurity(ORule.ResourceGeneric.DATABASE, ORole.PERMISSION_READ); } } catch (OException e) { ODatabaseRecordThreadLocal.instance().remove(); throw e; } catch (Exception e) { ODatabaseRecordThreadLocal.instance().remove(); throw OException.wrapException(new ODatabaseException("Cannot open database url=" + getURL()), e); } }
void createUser(final ODatabase<?> database) { database.getMetadata().getSecurity().createUser( userName, new String(password), database.getMetadata().getSecurity().getRole(ORole.ADMIN) ); } }
public void reloadUser() { if (user != null) { activateOnCurrentThread(); if (user.checkIfAllowed(ORule.ResourceGeneric.CLASS, OUser.CLASS_NAME, ORole.PERMISSION_READ) != null) { OMetadata metadata = getMetadata(); if (metadata != null) { final OSecurity security = metadata.getSecurity(); OUser secGetUser = security.getUser(user.getName()); if (secGetUser != null) user = new OImmutableUser(security.getVersion(), secGetUser); else user = new OImmutableUser(-1, new OUser()); } else user = new OImmutableUser(-1, new OUser()); } } }
private void updateOrienteerUserRoleDoc(ODatabaseDocument db, ODocument perspective) { OSecurity security = db.getMetadata().getSecurity(); ORole role = security.getRole(ORIENTEER_USER_ROLE); if (role == null) { ORole reader = security.getRole("reader"); role = security.createRole(ORIENTEER_USER_ROLE, reader, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT); } role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_WIDGET, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_DASHBOARD, READ.getPermissionFlag()); // TODO: remove this after release with fix for roles in OrientDB: https://github.com/orientechnologies/orientdb/issues/8338 role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag()); role.grant(ResourceGeneric.SCHEMA, null, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLUSTER, "internal", READ.getPermissionFlag()); role.grant(ResourceGeneric.RECORD_HOOK, "", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, null, READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "systemclusters", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "function", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "command", READ.getPermissionFlag()); role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, OrienteerUser.CLASS_NAME, OrientPermission.combinedPermission(READ, UPDATE)); role.grant(ResourceGeneric.DATABASE, "cluster", OrientPermission.combinedPermission(READ, UPDATE)); role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument())); role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective); role.save(); perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument())); perspective.save(); }
public OUser createUser(final String iUserName, final String iUserPassword, final String... iRoles) { return delegate.createUser(iUserName, iUserPassword, iRoles); }
public List<ODocument> getAllRoles() { return delegate.getAllRoles(); }
public List<ODocument> getAllUsers() { return delegate.getAllUsers(); }
public OUser createUser(final String iUserName, final String iUserPassword, final ORole... iRoles) { return delegate.createUser(iUserName, iUserPassword, iRoles); }
public List<ODocument> getAllRoles() { return delegate.getAllRoles(); }
public List<ODocument> getAllUsers() { return delegate.getAllUsers(); }
public OUser getUser(final ORID iUserId) { return delegate.getUser(iUserId); }
public ORole getRole(final OIdentifiable iRole) { return delegate.getRole(iRole); }
public ORole createRole(final String iRoleName, final OSecurityRole.ALLOW_MODES iAllowMode) { return delegate.createRole(iRoleName, iAllowMode); }
public OUser createUser(final String iUserName, final String iUserPassword, final ORole... iRoles) { return delegate.createUser(iUserName, iUserPassword, iRoles); }
private void assignSchemaFeature(OrienteerWebApplication app, ODatabaseDocument db) { for(ODocument oRoleDoc : db.getMetadata().getSecurity().getAllRoles()) { ORole oRole = new ORole(oRoleDoc); if(oRole.getParentRole()==null) { oRole.grant(OSecurityHelper.FEATURE_RESOURCE, SchemaPage.SCHEMA_FEATURE, OrientPermission.READ.getPermissionFlag()); oRole.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, OrientPermission.READ.getPermissionFlag()); oRole.save(); } } }
@Test public void testOQueryProvider() { OQueryDataProvider<OUser> provider = new OQueryDataProvider<OUser>("select from OUser where name <> :other", OUser.class); provider.setSort("name", SortOrder.ASCENDING); provider.setParameter("other", Model.of("blalba")); Iterator<OUser> it = provider.iterator(0, -1); List<ODocument> allUsers = wicket.getTester().getMetadata().getSecurity().getAllUsers(); assertTrue(provider.size()==allUsers.size()); while(it.hasNext()) { OUser oUser = it.next(); assertTrue(allUsers.contains(provider.model(oUser).getObject().getDocument())); } provider.detach(); assertTrue(provider.size()==allUsers.size()); }