public RestrictionDTO(RestrictionEntity res) { this.restriction = res; this.permissionName = res.getPermission().getValue(); }
public String getInfo() { try { Permission p = Permission.valueOf(getValue()); return p.getInfo(); } catch (Exception e) { return ""; } }
/** * Checks whether an existing Restriction is similar to the one which should be created * If so, it adds the existing Restriction to the list of the similar Restrictions * * @param permissionName of the Restriction to be created * @param action of the Restriction to be created * @param context of the Restriction to be created * @param resourceGroup allowed by the Restriction to be created * @param similarRestrictions a list containing similar RestrictionEntities * @param existingRestriction an existing RestrictionEntity to which the other will be compared to */ private void checkSimilarRestrictions(String permissionName, Action action, ContextEntity context, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType, List<RestrictionEntity> similarRestrictions, RestrictionEntity existingRestriction) { if (permissionName.equals(existingRestriction.getPermission().getValue())) { similarByContextAndActionAndResource(context, action, resourceGroup, resourceType, similarRestrictions, existingRestriction); } }
public List<ResourceGroupEntity> getAllUserAssignableResourceGroupsByName() { List<PermissionEntity> allUserAssignablePermissions = permissionBoundary.getAllUserAssignablePermissions(); List<String> assignablePermissions = new ArrayList<>(); for (PermissionEntity userAssignablePermission : allUserAssignablePermissions) { assignablePermissions.add(userAssignablePermission.getValue()); } List<RestrictionEntity> userRestrictions = permissionBoundary.getRestrictionsForLoggedInUser(); Set<Integer> resourceGroupIds = new HashSet<>(); for (RestrictionEntity userRestriction : userRestrictions) { if (userRestriction.getResourceGroup() != null && assignablePermissions.contains(userRestriction.getPermission().getValue())) { resourceGroupIds.add(userRestriction.getResourceGroup().getId()); } } return resourceGroupControl.getResourceGroupsOrderedByName(resourceGroupIds); }
private boolean hasSimilarUserRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restrictionEntity : getUserRestrictions(newRestriction.getUser().getName())) { if (restrictionEntity.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionEntity); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
/** * Checks if the caller already has a Restriction similar to the given Restriction * Returns true if he already has a similar, equal or less restrictive Restriction * Returns false if he does not have a similar or just one that is more restrictive than the given one * * @param newRestriction */ public boolean callerHasIdenticalOrMoreGeneralRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restriction : getAllCallerRestrictions()) { if (restriction.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restriction); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
private boolean hasSimilarRoleRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); Set<Map.Entry<String, List<RestrictionDTO>>> entries = getPermissions().entrySet(); for (Map.Entry<String, List<RestrictionDTO>> entry : entries) { if (entry.getKey().equals(newRestriction.getRole().getName())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionDTO.getRestriction()); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); } } return false; }
/** * Checks if the logged-in user has a Restriction with the required Permission for a specific Action, ResourceGroup * and/or ResourceType ON ALL context * => will return false if the user restriction is restricted to a specific context * * @param permissionName * @param action * @param resourceGroup * @param resourceType */ private boolean hasUserRestrictionOnAllContext(String permissionName, Action action, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType) { if (sessionContext == null) { return false; } getUserRestrictions(getCurrentUserName()); if (!userRestrictions.get(getCurrentUserName()).isEmpty()) { for (RestrictionEntity restrictionEntity : userRestrictions.get(getCurrentUserName())) { if (restrictionEntity.getPermission().getValue().equals(permissionName)) { return hasRequiredUserRestrictionOnAllContext(null, action, resourceGroup, resourceType, restrictionEntity); } } } return false; }
@Test(expected=AMWException.class) public void shouldThrowAnExceptionIfBothResourceTypeAndResourceGroupAreGiven() throws Exception { //given String roleName1 = "Role1"; String resourceTypeName1 = "APPLICATION"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when // then permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(resourcePermission.getValue()), Arrays.asList(1), Arrays.asList(resourceTypeName1), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); verify(permissionRepository, times(0)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAreButNoResourceGroupsOrResourceTypesAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, false); // then assertThat(total, is(12)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(0)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAndTwoContextsAreButNoResourceGroupsOrResourceTypesAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; String contextNameA = "A"; String contextNameB = "B"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(12)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAndTwoContextsAndTwoResourceGroupsAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; String contextNameA = "A"; String contextNameB = "B"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); when(resourceGroupRepository.find(anyInt())).thenReturn(new ResourceGroupEntity()); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1, 2), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(48)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAndTwoContextsAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; String contextNameA = "A"; String contextNameB = "B"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAndTwoResourceTypesAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; String resourceTypeName1 = "APPLICATION"; String resourceTypeName2 = "APPSERVER"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
@Test public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsAndTwoContextsAndTwoResourceTypesAreGiven() throws Exception { //given String roleName1 = "Role1"; String userName1 = "User1"; String userName2 = "User2"; String resourceTypeName1 = "APPLICATION"; String resourceTypeName2 = "APPSERVER"; String contextNameA = "A"; String contextNameB = "B"; when(permissionRepository.getPermissionByName(resourcePermission.getValue())).thenReturn(resourcePermission); when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(48)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); verify(permissionRepository, times(1)).forceReloadingOfLists(); }
/** * Checks if the logged-in user has a Restriction with the required Permission for a specific Context, Action, * ResourceGroup and/or ResourceType * => will skip context check if context is null * * @param permissionName * @param context * @param action * @param resourceGroup * @param resourceType */ private boolean hasUserRestriction(String permissionName, ContextEntity context, Action action, ResourceGroupEntity resourceGroup, ResourceTypeEntity resourceType) { if (sessionContext == null) { return false; } for (RestrictionEntity restrictionEntity : getUserRestrictions(getCurrentUserName())) { if (restrictionEntity.getPermission().getValue().equals(permissionName)) { // context null means no check on context required - so any context is ok if (context == null) { if(hasRequiredUserRestriction(action, resourceGroup, resourceType, restrictionEntity)) { return true; } } if(hasRequiredUserRestrictionOnAllContext(context, action, resourceGroup, resourceType, restrictionEntity)) { return true; } } } return false; }
List<RestrictionEntity> callerRestrictions = getAllCallerRestrictions(); for (RestrictionEntity restriction : callerRestrictions) { if (restriction.getPermission().getValue().equals(permission.name())) { int score = 0; if (hasPermissionForContextOrForParent(restriction, context)) {
@Test public void constructedWithRestrictionItShouldHaveRightAction(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.READ); res.setPermission(per); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(per.getValue(), resDTO.getPermissionName()); Assert.assertEquals(res.getAction(), resDTO.getRestriction().getAction()); }
if (Permission.valueOf(permission.getValue()).isOld()) { resourceTypePermission = null; resourceGroupId = null;