public boolean isViewUser(final CaseInsensitiveString username, List<Role> memberRoles) { return viewConfig.isAdmin(new AdminUser(username), memberRoles); }
private static List<String> userAsString(List<AdminUser> users) { return users.stream().map(user -> user.getName().toString()).collect(Collectors.toList()); } }
public void validate(ValidationContext validationContext) { if (name == null || name.isBlank()) addError("User cannot be blank."); }
@Test public void shouldFailValidateWhenUsersWithoutOperatePermissionOnGroupAreAuthorizedToApproveStage_WithPipelineConfigSaveValidationContext() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); AdminUser user = approval.getAuthConfig().getUsers().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("User \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidUserIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminUser invalidUser = new AdminUser(new CaseInsensitiveString("boo_user")); invalidUser.addError(AdminUser.NAME, "some error"); AdminUser validUser = new AdminUser(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidUser); authorization.getAdminsConfig().add(validUser); List<Authorization.PresentationElement> userAuthorizations = authorization.getUserAuthorizations(); assertThat(userAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(userAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(userAuthorizations.get(1).errors().isEmpty(), is(true)); }
@Test public void validate_shouldNotAllow_UserInApprovalListButNotInOperationList() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); AdminUser user = approval.getAuthConfig().getUsers().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("User \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
private Admin[] extractAdminUsers(List<Map<String, String>> map) { List<Admin> result = new ArrayList<>(map.size()); for (Map<String, String> usernameMap : map) { String value = usernameMap.get("name").trim(); if (!StringUtils.isBlank(value)) { result.add(new AdminUser(new CaseInsensitiveString(value))); } } return result.toArray(new Admin[result.size()]); }
private static List<String> userAsString(List<AdminUser> users) { return users.stream().map(user -> user.getName().toString()).collect(Collectors.toList()); } }
public boolean isUserAnAdmin(final CaseInsensitiveString userName, List<Role> memberRoles) { return adminsConfig.isAdmin(new AdminUser(userName), memberRoles); }
@Override public List<String> getOperateUserNames() { List<String> users = new ArrayList<>(); for (AdminUser user : getOperateUsers()) { users.add(CaseInsensitiveString.str(user.getName())); } return users; }
@Override public Admin makeUser(String name) { return new AdminUser(new CaseInsensitiveString(name)); }}, ROLE {
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
@Override public void update(CruiseConfig modifiedConfig) { if (securityService.isUserGroupAdmin(currentUser)) { templateConfig.setAuthorization(new Authorization(new AdminsConfig(new AdminUser(currentUser.getUsername())))); } modifiedConfig.addTemplate(templateConfig); }
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
@Override public boolean isAdministrator(String username) { return hasAdminPrivileges(new AdminUser(new CaseInsensitiveString(username))); }
/** * Compiles a list of users from an {@link AdminsConfig}, denormalizing roles to the underlying * members. * * @param adminsConfig the config fragment * @param rolesToUsers a {@link Map} of member users to their respective roles * @return a {@link Set} of user names from the config */ public static Set<String> namesOf(AdminsConfig adminsConfig, Map<String, Collection<String>> rolesToUsers) { List<AdminUser> admins = adminsConfig.getUsers(); Set<String> adminNames = new HashSet<>(); for (AdminUser admin : admins) { adminNames.add(admin.getName().toLower()); } for (AdminRole adminRole : adminsConfig.getRoles()) { adminNames.addAll(emptyIfNull(rolesToUsers.get(adminRole.getName().toLower()))); } return adminNames; }
public List<Role> rolesForUser(final CaseInsensitiveString user) { return security().getRoles().memberRoles(new AdminUser(user)); }