@Test public void testUserAssignmentAddRole() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role adminRole = manager.saveRole( getAdminRole() ); assertEquals( 1, manager.getAllRoles().size() ); String adminPrincipal = "admin"; UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); assignment.addRoleName( adminRole ); manager.saveUserAssignment( assignment ); assertEquals( 1, manager.getAllUserAssignments().size() ); assertEquals( 1, manager.getAllRoles().size() ); UserAssignment ua = manager.getUserAssignment( adminPrincipal ); assertNotNull( ua ); Role fetched = manager.getRole( "ADMIN" ); assertNotNull( fetched ); /* Assert some event tracker stuff */ assertEventTracker( 1, 0, 1, 0, true, true ); }
public Operation getOperation( String operationName ) throws RbacManagerException { return this.rbacImpl.getOperation( operationName ); }
if ( !manager.operationExists( "add-repository" ) ) Operation operation = manager.createOperation( "add-repository" ); manager.saveOperation( operation ); if ( !manager.operationExists( "edit-repository" ) ) Operation operation = manager.createOperation( "edit-repository" ); manager.saveOperation( operation ); if ( !manager.operationExists( "delete-repository" ) ) Operation operation = manager.createOperation( "delete-repository" ); manager.saveOperation( operation ); if ( !manager.operationExists( "edit-configuration" ) ) Operation operation = manager.createOperation( "edit-configuration" ); manager.saveOperation( operation ); if ( !manager.operationExists( "run-indexer" ) ) Operation operation = manager.createOperation( "run-indexer" ); manager.saveOperation( operation ); if ( !manager.operationExists( "regenerate-index" ) ) Operation operation = manager.createOperation( "regenerate-index" ); manager.saveOperation( operation );
@Test public void testGlobalResourceOneLiner() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); manager.savePermission( manager.createPermission( "Edit Configuration", "edit-configuration", Resource.GLOBAL ) ); manager.savePermission( manager.createPermission( "Delete Configuration", "delete-configuration", Resource.GLOBAL ) ); /* Assert some event tracker stuff */ assertEventTracker( 0, 0, 2, 0, true, true ); }
public void assignRoleByName( String roleName, String principal ) throws RoleManagerException { try { UserAssignment userAssignment; if ( rbacManager.userAssignmentExists( principal ) ) { userAssignment = rbacManager.getUserAssignment( principal ); } else { userAssignment = rbacManager.createUserAssignment( principal ); } if ( !rbacManager.roleExists( roleName ) ) { throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." ); } userAssignment.addRoleName( roleName ); rbacManager.saveUserAssignment( userAssignment ); } catch ( RbacManagerException e ) { throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e ); } }
@Override public Permission savePermission( Permission permission ) throws RbacObjectInvalidException, RbacManagerException { boolean allFailed = true; Exception lastException = null; for ( RBACManager rbacManager : rbacManagersPerId.values() ) { try { if ( rbacManager.isReadOnly() ) { permission = rbacManager.savePermission( permission ); allFailed = false; } } catch ( Exception e ) { lastException = e; } } if ( lastException != null && allFailed ) { throw new RbacManagerException( lastException.getMessage(), lastException ); } return permission; }
@Test public void testGetAssignedPermissionsNoChildRoles() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role admin = getAdminRole(); admin = manager.saveRole( admin ); assertEquals( 1, manager.getAllRoles().size() ); String adminPrincipal = "admin"; UserAssignment ua = manager.createUserAssignment( adminPrincipal ); ua.addRoleName( admin ); manager.saveUserAssignment( ua ); assertEquals( 1, manager.getAllUserAssignments().size() ); Set<Permission> assignedPermissions = manager.getAssignedPermissions( adminPrincipal ); assertThat( assignedPermissions ).isNotNull().isNotEmpty().hasSize( 1 ); /* Assert some event tracker stuff */ assertEventTracker( 1, 0, 1, 0, true, true ); }
else if ( manager.permissionExists( permission ) ) permission = manager.getPermission( permission.getName() ); permissionMap.put( permission.getName(), permission ); else if ( manager.operationExists( operation ) ) operation = manager.getOperation( operation.getName() ); operations.put( operation.getName(), operation ); operation = manager.saveOperation( operation ); operations.put( operation.getName(), operation ); else if ( manager.resourceExists( resource ) ) resource = manager.getResource( resource.getIdentifier() ); resources.put( resource.getIdentifier(), resource ); resource = manager.saveResource( resource ); resources.put( resource.getIdentifier(), resource ); permission = manager.savePermission( permission ); permissionMap.put( permission.getName(), permission ); manager.saveRole( role ); manager.saveUserAssignment( userAssignment );
@Test public void testAddGetChildRole() throws RbacManagerException { if ( !supportChildRole() ) { log.info( "child role feature not supported by the RBACManager impl: {}", rbacManager.getClass().getName() ); return; } RBACManager manager = rbacManager; assertNotNull( manager ); rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role adminRole = manager.saveRole( getAdminRole() ); Role develRole = manager.saveRole( getDeveloperRole() ); assertEquals( 2, manager.getAllRoles().size() ); Role actualAdmin = manager.getRole( adminRole.getName() ); Role actualDevel = manager.getRole( develRole.getName() ); assertEquals( adminRole.getName(), actualAdmin.getName() ); assertEquals( adminRole.getChildRoleNames(), actualAdmin.getChildRoleNames() ); assertEquals( develRole, actualDevel ); // Now add a child role. manager.addChildRole( develRole, getProjectAdminRole() ); manager.saveRole( develRole ); assertEquals( 3, manager.getAllRoles().size() ); /* Assert some event tracker stuff */ assertEventTracker( 3, 0, 3, 0, true, true ); }
@Test public void testAddGetPermission() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role adminRole = rbacManager.saveRole( getAdminRole() ); rbacManager.saveRole( getDeveloperRole() ); assertEquals( 2, rbacManager.getAllRoles().size() ); assertEquals( 2, rbacManager.getAllPermissions().size() ); Permission createUserPerm = rbacManager.createPermission( "CREATE_USER", "CREATE", "User" ); // perm shouldn't exist in manager (yet) assertEquals( 2, rbacManager.getAllPermissions().size() ); adminRole.addPermission( createUserPerm ); rbacManager.saveRole( adminRole ); // perm should exist in manager now. assertEquals( 3, rbacManager.getAllPermissions().size() ); Permission fetched = rbacManager.getPermission( "CREATE_USER" ); assertNotNull( fetched ); /* Assert some event tracker stuff */ assertEventTracker( 2, 0, 3, 0, true, true ); }
rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); assertNotNull( rbacManager ); Role adminRole = rbacManager.saveRole( getAdminRole() ); rbacManager.saveRole( getDeveloperRole() ); assertEquals( 2, rbacManager.getAllRoles().size() ); assertEquals( 2, rbacManager.getAllPermissions().size() ); Permission createUserPerm = rbacManager.createPermission( "CREATE_USER", "CREATE", "User" ); createUserPerm.getOperation().setPermanent( true ); assertEquals( 2, rbacManager.getAllPermissions().size() ); assertEquals( 1, rbacManager.getAllOperations().size() ); rbacManager.saveRole( adminRole ); assertEquals( 2, rbacManager.getAllOperations().size() ); Operation fetched = rbacManager.getOperation( "CREATE" ); assertNotNull( fetched ); rbacManager.removeOperation( "CREATE" ); rbacManager.removeOperation( fetched );
@Test public void testGlobalResource() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Permission editConfiguration = manager.createPermission( "Edit Configuration" ); editConfiguration.setOperation( manager.createOperation( "edit-configuration" ) ); editConfiguration.setResource( manager.getGlobalResource() ); manager.savePermission( editConfiguration ); assertEquals( 1, manager.getAllPermissions().size() ); assertEquals( 1, manager.getAllOperations().size() ); assertEquals( 1, manager.getAllResources().size() ); Permission deleteConfiguration = manager.createPermission( "Delete Configuration" ); deleteConfiguration.setOperation( manager.createOperation( "delete-configuration" ) ); deleteConfiguration.setResource( manager.getGlobalResource() ); manager.savePermission( deleteConfiguration ); assertEquals( 2, manager.getAllPermissions().size() ); assertEquals( 2, manager.getAllOperations().size() ); assertEquals( 1, manager.getAllResources().size() ); /* Assert some event tracker stuff */ assertEventTracker( 0, 0, 2, 0, true, true ); }
@Test public void testGetRolesDeep() throws RbacManagerException { rbacManager.eraseDatabase(); rbacDefaults.createDefaults(); // Setup User / Assignment with 1 role. String username = "bob"; UserAssignment assignment = rbacManager.createUserAssignment( username ); assignment.addRoleName( "Developer" ); rbacManager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() ); assertEquals( 4, rbacManager.getAllRoles().size() ); assertEquals( 6, rbacManager.getAllPermissions().size() ); // Get the List of Assigned Roles for user bob. Role devel = rbacManager.getRole( "Developer" ); assertNotNull( devel ); // First Depth. Role trusted = getChildRole( rbacManager, devel, "Trusted Developer", 1 ); // Second Depth. Role sysAdmin = getChildRole( rbacManager, trusted, "System Administrator", 1 ); // Third Depth. getChildRole( rbacManager, sysAdmin, "User Administrator", 1 ); }
if ( !rbacManager.resourceExists( resource ) ) Resource newResource = rbacManager.createResource( resource ); rbacManager.saveResource( newResource ); if ( rbacManager.userAssignmentExists( principal ) ) userAssignment = rbacManager.getUserAssignment( principal ); userAssignment = rbacManager.createUserAssignment( principal ); rbacManager.saveUserAssignment( userAssignment );
@Test public void testAllowRoleWithoutPermissions() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); String rolename = "Test Role"; Role testRole = rbacManager.createRole( rolename ); testRole = rbacManager.saveRole( testRole ); assertNotNull( testRole ); assertEquals( 1, rbacManager.getAllRoles().size() ); assertEquals( 0, rbacManager.getAllPermissions().size() ); Role actualRole = rbacManager.getRole( rolename ); assertEquals( testRole.getName(), actualRole.getName() ); assertEquals( testRole.getChildRoleNames(), actualRole.getChildRoleNames() ); assertEquals( 1, rbacManager.getAllRoles().size() ); assertEquals( 0, rbacManager.getAllPermissions().size() ); /* Assert some event tracker stuff */ assertEventTracker( 1, 0, 0, 0, true, true ); }
resource ); if ( !rbacManager.permissionExists( permissionName ) ) Permission permission = rbacManager.createPermission( permissionName ); Operation rbacOperation = rbacManager.getOperation( modelOperation.getName() ); Resource rbacResource = rbacManager.getResource( permissionResource ); permission.setDescription( profilePermission.getDescription() ); permission = rbacManager.savePermission( permission ); rbacPermissions.add( rbacManager.getPermission( permissionName ) );
public void backupRBACDatabase( RBACManager manager, File backupDirectory ) throws RbacManagerException, IOException, XMLStreamException { RbacDatabase database = new RbacDatabase(); database.setRoles( manager.getAllRoles() ); database.setUserAssignments( manager.getAllUserAssignments() ); database.setPermissions( manager.getAllPermissions() ); database.setOperations( manager.getAllOperations() ); database.setResources( manager.getAllResources() ); RbacJdoModelStaxWriter writer = new RbacJdoModelStaxWriter(); Writer fileWriter = createWriter( backupDirectory, RBAC_XML_NAME, database.getModelEncoding() ); try { writer.write( fileWriter, database ); } finally { IOUtils.closeQuietly( fileWriter ); } }
@Test public void testUserAssignmentWithChildRoles() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); Role developerRole = manager.saveRole( getDeveloperRole() ); Role adminRole = getAdminRole(); adminRole.addChildRoleName( developerRole.getName() ); adminRole = manager.saveRole( adminRole ); // don't use admin as ldap group need at least one member String adminPrincipal = "theadmin"; UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); assignment.addRoleName( adminRole ); assignment = manager.saveUserAssignment( assignment ); assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, manager.getAssignedRoles( adminPrincipal ).size() ); }
@Test public void testPerformanceResource() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); Resource resource = rbacManager.createResource( "foo" ); Resource resource2 = rbacManager.createResource( "bar" ); assertNotNull( resource ); Resource added = rbacManager.saveResource( resource ); assertNotNull( added ); Resource added2 = rbacManager.saveResource( resource2 ); assertNotNull( added2 ); assertEquals( 2, rbacManager.getAllResources().size() ); String resFooId = resource.getIdentifier(); String resBarId = resource2.getIdentifier(); long startTime = System.currentTimeMillis(); for ( int i = 0; i <= ITERATIONS; i++ ) { Resource resFoo = rbacManager.getResource( resFooId ); Resource resBar = rbacManager.getResource( resBarId ); assertNotNull( resFoo ); assertNotNull( resBar ); assertEquals( "foo", resFoo.getIdentifier() ); assertEquals( "bar", resBar.getIdentifier() ); } long endTime = System.currentTimeMillis(); assertPerformance( "Resource", startTime, endTime, ITERATIONS, 500.0 ); }
@Test public void testLargeApplicationInit() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); rbacDefaults.createDefaults(); assertEquals( 6, rbacManager.getAllPermissions().size() ); assertEquals( 11, rbacManager.getAllOperations().size() ); assertEquals( 4, rbacManager.getAllRoles().size() ); }