/** * Checks if a Restriction gives permission for a specific Context * No Context on Restriction means all Contexts are allowed * * @param restriction * @param context */ private boolean hasPermissionForContext(RestrictionEntity restriction, ContextEntity context) { return restriction.getContext() == null || (context != null && restriction.getContext().getId().equals(context.getId())); }
/** * Checks if a Restriction gives permission for a specific Context or its parent * No Context on Restriction means all Contexts are allowed * * @param restriction * @param context */ private boolean hasPermissionForContextOrForParent(RestrictionEntity restriction, ContextEntity context) { return restriction.getContext() == null || (context != null && (restriction.getContext().getId().equals(context.getId()) || (context.getParent() != null && restriction.getContext().getId().equals(context.getParent().getId())))); }
private boolean hasSimilarRoleRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); Set<Map.Entry<String, List<RestrictionDTO>>> entries = getPermissions().entrySet(); for (Map.Entry<String, List<RestrictionDTO>> entry : entries) { if (entry.getKey().equals(newRestriction.getRole().getName())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionDTO.getRestriction()); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); } } return false; }
/** * Checks if the caller already has a Restriction similar to the given Restriction * Returns true if he already has a similar, equal or less restrictive Restriction * Returns false if he does not have a similar or just one that is more restrictive than the given one * * @param newRestriction */ public boolean callerHasIdenticalOrMoreGeneralRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restriction : getAllCallerRestrictions()) { if (restriction.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restriction); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
private boolean hasSimilarUserRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restrictionEntity : getUserRestrictions(newRestriction.getUser().getName())) { if (restrictionEntity.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionEntity); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
@Test public void shouldPreserveRestrictionPropertiesIfPermissionIsNotOld() throws AMWException { // given ContextEntity envX = new ContextEntity(); envX.setName("X"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(contextLocator.getContextByName("X")).thenReturn(envX); // when permissionBoundary.validateRestriction("existing", null, "good", null, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.NON_DEFAULT_ONLY)); assertThat(restriction.getAction(), is(CREATE)); assertThat(restriction.getContext(), is(envX)); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
@Test public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWException { // given PermissionEntity globalPerm = new PermissionEntity(); globalPerm.setValue("APP_TAB"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(globalPerm); // when permissionBoundary.validateRestriction("existing", null, "good", 1, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.ANY)); assertThat(restriction.getAction(), is(ALL)); assertNull(restriction.getContext()); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
@Test public void constructedWithRestrictionItShouldHaveRightContext(){ //given RestrictionEntity res = new RestrictionEntity(); res.setAction(Action.CREATE); res.setContext(new ContextEntityBuilder().buildContextEntity("TEST", null, Collections.EMPTY_SET,false)); res.setPermission(per); res.setRole(rol); //when RestrictionDTO resDTO = new RestrictionDTO(res); //then Assert.assertEquals(rol.getName(), resDTO.getRestriction().getRole().getName()); Assert.assertEquals(res.getContext().getName(), resDTO.getRestriction().getContext().getName()); } }