public void setConfigAttributes(Object attributes) { Map attributeMap = (Map) attributes; if (attributeMap.containsKey(NAME)) { String strName = (String) attributeMap.get(NAME); name = new CaseInsensitiveString(strName); } if (attributeMap.containsKey(AUTHORIZATION)) { this.authorization = new Authorization(); this.authorization.setConfigAttributes(attributeMap.get(AUTHORIZATION)); } else { this.authorization = new Authorization(); } if (attributeMap.containsKey(ALLOW_GROUP_ADMINS)) { this.authorization.setAllowGroupAdmins("true".equals(attributeMap.get(ALLOW_GROUP_ADMINS))); } }
public void validateTree(ValidationContext validationContext) { for (Admin admin : getAdminsConfig()) { admin.validate(validationContext); this.getAdminsConfig().errors().addAll(admin.errors()); } for (Admin admin : getViewConfig()) { admin.validate(validationContext); this.getViewConfig().errors().addAll(admin.errors()); } for (Admin admin : getOperationConfig()) { admin.validate(validationContext); this.getOperationConfig().errors().addAll(admin.errors()); } }
@Override public boolean isUserAnAdmin(final CaseInsensitiveString userName, List<Role> memberRoles) { return authorization.hasAdminsDefined() && authorization.isUserAnAdmin(userName, memberRoles); }
public boolean hasAdminOrViewPermissions(final CaseInsensitiveString userName, List<Role> memberRoles) { return isUserAnAdmin(userName, memberRoles) || isViewUser(userName, memberRoles); }
@Before public void setup() throws Exception { pipelines = new BasicPipelineConfigs("existing_group", new Authorization()); cruiseConfig = new BasicCruiseConfig(pipelines); goConfigMother = new GoConfigMother(); } @After
@Test public void shouldReturnAuthorizationMapForView() { Authorization authorization = new Authorization(); authorization.getAdminsConfig().add(new AdminRole(new CaseInsensitiveString("group_of_losers"))); authorization.getOperationConfig().addAll(a(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("group_of_losers")), new AdminRole( new CaseInsensitiveString("gang_of_boozers")))); authorization.getViewConfig().addAll(a(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("loser")))); List<Authorization.PresentationElement> userAuthMap = authorization.getUserAuthorizations(); assertThat(userAuthMap.size(), is(2)); assetEntry(userAuthMap.get(0), "boozer", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.OFF, Authorization.UserType.USER); assetEntry(userAuthMap.get(1), "loser", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.ON, Authorization.UserType.USER); List<Authorization.PresentationElement> roleAuthMap = authorization.getRoleAuthorizations(); assertThat(roleAuthMap.size(), is(2)); assetEntry(roleAuthMap.get(0), "gang_of_boozers", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.UserType.ROLE); assetEntry(roleAuthMap.get(1), "group_of_losers", Authorization.PrivilegeState.ON, Authorization.PrivilegeState.DISABLED, Authorization.PrivilegeState.DISABLED, Authorization.UserType.ROLE); }
@Override public AdminsConfig group(Authorization authorization) { return authorization.getOperationConfig(); } @Override public void set(PresentationElement el) {
@Test public void shouldLoadOperationAndViewPermissionForPipelinesNoMatterTheConfigOrder() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(OPERATION_PERMISSION + VIEW_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actualView = group.getAuthorization().getViewConfig(); AdminsConfig actualOperation = group.getAuthorization().getOperationConfig(); assertion(actualView); assertion(actualOperation); }
@Override public AdminsConfig group(Authorization authorization) { return authorization.getViewConfig(); } @Override public void set(PresentationElement el) {
@Test public void shouldSayThatAnAdmin_HasAdminOrViewPermissions() { CaseInsensitiveString adminUser = new CaseInsensitiveString("admin"); Authorization authorization = new Authorization(new AdminsConfig(new AdminUser(adminUser))); assertThat(authorization.hasAdminOrViewPermissions(adminUser, null), is(true)); }
@Override public AdminsConfig group(Authorization authorization) { return authorization.getAdminsConfig(); } @Override public void set(PresentationElement el) {
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidUserIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminUser invalidUser = new AdminUser(new CaseInsensitiveString("boo_user")); invalidUser.addError(AdminUser.NAME, "some error"); AdminUser validUser = new AdminUser(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidUser); authorization.getAdminsConfig().add(validUser); List<Authorization.PresentationElement> userAuthorizations = authorization.getUserAuthorizations(); assertThat(userAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(userAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(userAuthorizations.get(1).errors().isEmpty(), is(true)); }
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidRoleIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminRole invalidRole = new AdminRole(new CaseInsensitiveString("boo_user")); invalidRole.addError(AdminUser.NAME, "some error"); AdminRole validRole = new AdminRole(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidRole); authorization.getAdminsConfig().add(validRole); List<Authorization.PresentationElement> roleAuthorizations = authorization.getRoleAuthorizations(); assertThat(roleAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(roleAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(roleAuthorizations.get(1).errors().isEmpty(), is(true)); }
@Test public void shouldReturnTrueIfAnUserIsAdmin() { Authorization authorization = new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("foo")))); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo"), new ArrayList<>()), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("bar"), new ArrayList<>()), is(false)); }
public static PipelineConfigs groupWithOperatePermission(PipelineConfig pipelineConfig, String... users) { Authorization authorization = new Authorization(); for (String user : users) { authorization.getOperationConfig().add(new AdminUser(new CaseInsensitiveString(user))); } return new BasicPipelineConfigs("defaultGroup", authorization, pipelineConfig); }
@Test public void shouldReturnFalseIfViewPermissionNotDefined() { Authorization authorization = new Authorization(new ViewConfig()); assertThat(authorization.hasViewPermissionDefined(), is(false)); }
@Test public void shouldReturnFalseIfOperationPermissionNotDefined() { Authorization authorization = new Authorization(new OperationConfig()); assertThat(authorization.hasOperationPermissionDefined(), is(false)); }
@Test public void shouldDisplayTheFlagInXmlIfTemplateAuthorizationDoesNotAllowGroupAdmins() throws Exception { CruiseConfig cruiseConfig = new BasicCruiseConfig(); PipelineTemplateConfig template = com.thoughtworks.go.helper.PipelineTemplateConfigMother.createTemplate("template-name", new Authorization(new AdminsConfig()), com.thoughtworks.go.helper.StageConfigMother.manualStage("stage-name")); template.getAuthorization().setAllowGroupAdmins(false); cruiseConfig.addTemplate(template); xmlWriter.write(cruiseConfig, output, false); String writtenConfigXml = this.output.toString(); assertThat(writtenConfigXml, containsString("allGroupAdminsAreViewers")); }
@Test public void shouldReturnTrueIfAdminsAreDefined() { Authorization authorization = new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("foo")))); assertThat(authorization.hasAdminsDefined(), is(true)); }
public void visit(PipelineConfigs pipelineConfigs) { if (pipelineConfigs.getAuthorization().isUserAnAdmin(username, roles)) { isGroupAdmin = true; } } }