/** * Checks if a Restriction gives permission for a specific ResourceType * No ResourceType on Restriction means all ResourceTypes are allowed * * @param restriction * @param resourceType */ private boolean hasPermissionForResourceType(RestrictionEntity restriction, ResourceTypeEntity resourceType) { if (resourceType == null || restriction.getResourceType() == null) { return true; } if (restriction.getResourceType().getId().equals(resourceType.getId())) { return true; } return resourceType.getParentResourceType() != null && restriction.getResourceType().getId().equals(resourceType.getParentResourceType().getId()); }
/** * Checks if restrictionEntityOne is more specific (grants less rights) than restrictionEntityTwo * * @param restrictionEntityOne * @param restrictionEntityTwo */ private boolean isMoreSpecificRestriction(RestrictionEntity restrictionEntityOne, RestrictionEntity restrictionEntityTwo) { // allow update of existing - do not compare with itself if (restrictionEntityOne.getId() != null && restrictionEntityOne.getId().equals(restrictionEntityTwo.getId())) { return false; } if (restrictionEntityOne.getAction().equals(Action.ALL) && !restrictionEntityTwo.getAction().equals(Action.ALL)) { return false; } if (restrictionEntityOne.getResourceGroup() == null && restrictionEntityTwo.getResourceGroup() != null) { return false; } if (restrictionEntityOne.getResourceType() == null && restrictionEntityTwo.getResourceType() != null) { return false; } if (restrictionEntityOne.getResourceTypePermission().equals(ResourceTypePermission.ANY) && !restrictionEntityTwo.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return false; } return true; }
@Test public void shouldPreserveRestrictionPropertiesIfPermissionIsNotOld() throws AMWException { // given ContextEntity envX = new ContextEntity(); envX.setName("X"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(contextLocator.getContextByName("X")).thenReturn(envX); // when permissionBoundary.validateRestriction("existing", null, "good", null, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.NON_DEFAULT_ONLY)); assertThat(restriction.getAction(), is(CREATE)); assertThat(restriction.getContext(), is(envX)); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
private boolean hasSimilarRoleRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); Set<Map.Entry<String, List<RestrictionDTO>>> entries = getPermissions().entrySet(); for (Map.Entry<String, List<RestrictionDTO>> entry : entries) { if (entry.getKey().equals(newRestriction.getRole().getName())) { for (RestrictionDTO restrictionDTO : entry.getValue()) { if (restrictionDTO.getPermissionName().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionDTO.getRestriction()); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); } } return false; }
@Test public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWException { // given PermissionEntity globalPerm = new PermissionEntity(); globalPerm.setValue("APP_TAB"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(globalPerm); // when permissionBoundary.validateRestriction("existing", null, "good", 1, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.ANY)); assertThat(restriction.getAction(), is(ALL)); assertNull(restriction.getContext()); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
/** * Checks if the caller already has a Restriction similar to the given Restriction * Returns true if he already has a similar, equal or less restrictive Restriction * Returns false if he does not have a similar or just one that is more restrictive than the given one * * @param newRestriction */ public boolean callerHasIdenticalOrMoreGeneralRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restriction : getAllCallerRestrictions()) { if (restriction.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restriction); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
private boolean hasSimilarUserRestriction(RestrictionEntity newRestriction) { List<RestrictionEntity> similarRestrictions = new ArrayList<>(); for (RestrictionEntity restrictionEntity : getUserRestrictions(newRestriction.getUser().getName())) { if (restrictionEntity.getPermission().getValue().equals(newRestriction.getPermission().getValue())) { checkSimilarRestrictions(newRestriction.getPermission().getValue(), newRestriction.getAction(), newRestriction.getContext(), newRestriction.getResourceGroup(), newRestriction.getResourceType(), similarRestrictions, restrictionEntity); } } return aMoreGeneralRestrictionExists(newRestriction, similarRestrictions); }
++score; if (restriction.getResourceType() == null || restriction.getResourceType().equals(resourceType)) { ++score;