private List<CaseInsensitiveString> getAuthorizedUsers(AdminsConfig authorizedAdmins) { ArrayList<CaseInsensitiveString> users = new ArrayList<>(); for (Admin admin : authorizedAdmins) { if (admin instanceof AdminRole) { addRoleUsers(users, admin.getName()); } else { users.add(admin.getName()); } } return users; }
public List<Role> memberRoles(Admin admin) { List<Role> memberRoles = new ArrayList<>(); for (Role role : this) { if (admin.belongsTo(role)) { memberRoles.add(role); } } return memberRoles; }
private void addPresentationPrivilege(Admin admin, ArrayList<PresentationElement> list, PrivilegeType privilegeType, final UserType type) { PresentationElement el = null; for (PresentationElement presentationElement : list) { if (presentationElement.getName().equals(CaseInsensitiveString.str(admin.getName()))) { el = presentationElement; } } if (el == null) { el = new PresentationElement(CaseInsensitiveString.str(admin.getName()), type); if (!admin.errors().isEmpty()) { el.addError(Admin.NAME, admin.errors().on(Admin.NAME)); } list.add(el); } privilegeType.set(el); }
private void validateOperatePermissions(ValidationContext validationContext) { if (validationContext.isWithinPipelines()) { PipelineConfigs group = validationContext.getPipelineGroup(); if (!group.hasOperationPermissionDefined()) { return; } AdminsConfig groupOperators = group.getAuthorization().getOperationConfig(); SecurityConfig serverSecurityConfig = validationContext.getServerSecurityConfig(); RolesConfig roles = serverSecurityConfig.getRoles(); for (Admin approver : authConfig) { boolean approverIsASuperAdmin = serverSecurityConfig.isAdmin(approver); boolean approverIsAGroupAdmin = group.isUserAnAdmin(approver.getName(), roles.memberRoles(approver)); boolean approverIsNotAnAdmin = !(approverIsASuperAdmin || approverIsAGroupAdmin); boolean approverIsNotAGroupOperator = !groupOperators.has(approver, roles.memberRoles(approver)); if (approverIsNotAnAdmin && approverIsNotAGroupOperator) { approver.addError(String.format("%s \"%s\" who is not authorized to operate pipeline group `%s` can not be authorized to approve stage", approver.describe(), approver, group.getGroup())); } } } }
public boolean has(Admin admin, List<Role> rolesConfig) { for (Admin configured : this) { if (configured.isSameAs(admin, rolesConfig)) { return true; } } return false; }
public boolean isAdmin(Admin username, List<Role> memberRoles) { for (Admin admin : this) { if (admin.isSameAs(username, memberRoles)) { return true; } } return false; }
public boolean hasUser(final CaseInsensitiveString username, UserRoleMatcher userRoleMatcher) { for (Admin admin : this) { if (admin instanceof AdminUser) { if (admin.getName().equals(username)) { return true; } } else { if (userRoleMatcher.match(username, admin.getName())) { return true; } } } return false; }
@Test public void shouldResolve_ConfigValue_MappedAsObject() { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("lo#{foo}"))); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("boo#{bar}"), new RoleUser(new CaseInsensitiveString("choo#{foo}")))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "ser"), param("bar", "zer"))), fieldCache).resolve(securityConfig); assertThat(CaseInsensitiveString.str(securityConfig.adminsConfig().get(0).getName()), is("loser")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getName()), is("boozer")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getUsers().get(0).getName()), is("chooser")); }
public void validateTree(ValidationContext validationContext) { for (Admin admin : getAdminsConfig()) { admin.validate(validationContext); this.getAdminsConfig().errors().addAll(admin.errors()); } for (Admin admin : getViewConfig()) { admin.validate(validationContext); this.getViewConfig().errors().addAll(admin.errors()); } for (Admin admin : getOperationConfig()) { admin.validate(validationContext); this.getOperationConfig().errors().addAll(admin.errors()); } }