@Override public Set<Privilege> listPrivileges(Principal principal) throws Exception { return delegateAuthorizer.listPrivileges(principal); } }
@Path("{principal-type}/{principal-name}/privileges") @GET public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName) throws Exception { ensureSecurityEnabled(); Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())); httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(authorizer.listPrivileges(principal), PRIVILEGE_SET_TYPE)); createLogEntry(httpRequest, HttpResponseStatus.OK); }
@Path("{principal-type}/{principal-name}/privileges") @GET public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName) throws Exception { ensureSecurityEnabled(); Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())); httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(authorizer.listPrivileges(principal), PRIVILEGE_SET_TYPE)); createLogEntry(httpRequest, HttpResponseStatus.OK); }
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception { Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal); authorizer.grant(Authorizable.fromEntityId(entityId), principal, actions); ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder(); for (Action action : actions) { expectedPrivilegesAfterGrant.add(new Privilege(entityId, action)); } Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal)); }
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception { Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal); authorizer.grant(Authorizable.fromEntityId(entityId), principal, actions); ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder(); for (Action action : actions) { expectedPrivilegesAfterGrant.add(new Privilege(entityId, action)); } Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal)); }
private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception { Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal); authorizer.revoke(Authorizable.fromEntityId(entityId), principal, actions); Set<Privilege> revokedPrivileges = new HashSet<>(); for (Action action : actions) { revokedPrivileges.add(new Privilege(entityId, action)); } Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal)); } }
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception { Authorizer authorizer = getAuthorizer(); Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal); authorizer.grant(Authorizable.fromEntityId(entityId), principal, actions); ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder(); for (Action action : actions) { expectedPrivilegesAfterGrant.add(new Privilege(entityId, action)); } Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal)); }
private void assertNoAccess(Principal principal, final EntityId entityId) throws Exception { Authorizer authorizer = getAuthorizer(); Predicate<Privilege> entityFilter = new Predicate<Privilege>() { @Override public boolean apply(Privilege input) { return Authorizable.fromEntityId(entityId).equals(input.getAuthorizable()); } }; Assert.assertTrue(Sets.filter(authorizer.listPrivileges(principal), entityFilter).isEmpty()); } private void assertNoAccess(final EntityId entityId) throws Exception {
@Before public void setupTest() throws Exception { Assert.assertEquals(ImmutableSet.<Privilege>of(), getAuthorizer().listPrivileges(ALICE)); SecurityRequestContext.setUserId(ALICE.getName()); cleanUpEntities = new HashSet<>(); }
private void createAuthNamespace() throws Exception { Authorizer authorizer = getAuthorizer(); grantAndAssertSuccess(AUTH_NAMESPACE, ALICE, ImmutableSet.of(Action.ADMIN)); getNamespaceAdmin().create(AUTH_NAMESPACE_META); Assert.assertEquals(ImmutableSet.of(new Privilege(AUTH_NAMESPACE, Action.ADMIN)), authorizer.listPrivileges(ALICE)); }
@AfterClass public static void cleanup() throws Exception { authorizer.revoke(Authorizable.fromEntityId(NamespaceId.SYSTEM)); Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE)); SecurityRequestContext.setUserId(OLD_USER_ID); }
@Test public void testSimple() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); authorizer.enforce(namespace, user, Action.READ); Set<Privilege> expectedPrivileges = new HashSet<>(); expectedPrivileges.add(new Privilege(namespace, Action.READ)); Assert.assertEquals(expectedPrivileges, authorizer.listPrivileges(user)); authorizer.revoke(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); verifyAuthFailure(namespace, user, Action.READ); }
Assert.assertTrue("Bob should not have any privileges on alice's app", authorizer.listPrivileges(BOB).isEmpty()); Assert.assertEquals(3, authorizer.listPrivileges(BOB).size());
@After @Override public void afterTest() throws Exception { Authorizer authorizer = getAuthorizer(); SecurityRequestContext.setUserId(ALICE.getName()); grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.of(Action.ADMIN)); // clean up. remove the namespace if it exists if (getNamespaceAdmin().exists(AUTH_NAMESPACE)) { getNamespaceAdmin().delete(AUTH_NAMESPACE); Assert.assertFalse(getNamespaceAdmin().exists(AUTH_NAMESPACE)); } revokeAndAssertSuccess(AUTH_NAMESPACE); for (EntityId entityId : cleanUpEntities) { revokeAndAssertSuccess(entityId); } Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE)); }
authorizer.listPrivileges(spiderman)); Assert.assertEquals(Collections.EMPTY_SET, authorizer.listPrivileges(spiderman));
@Test public void testNamespaces() throws Exception { NamespaceAdmin namespaceAdmin = getNamespaceAdmin(); Authorizer authorizer = getAuthorizer(); try { namespaceAdmin.create(AUTH_NAMESPACE_META); Assert.fail("Namespace create should have failed because alice is not authorized on " + AUTH_NAMESPACE); } catch (UnauthorizedException expected) { // expected } createAuthNamespace(); Assert.assertTrue(namespaceAdmin.list().contains(AUTH_NAMESPACE_META)); namespaceAdmin.get(AUTH_NAMESPACE); // revoke privileges revokeAndAssertSuccess(AUTH_NAMESPACE); try { Assert.assertTrue(namespaceAdmin.list().isEmpty()); namespaceAdmin.exists(AUTH_NAMESPACE); Assert.fail("Namespace existence check should fail since the privilege of alice has been revoked"); } catch (UnauthorizedException expected) { // expected } // grant privileges again grantAndAssertSuccess(AUTH_NAMESPACE, ALICE, ImmutableSet.of(Action.ADMIN)); namespaceAdmin.exists(AUTH_NAMESPACE); Assert.assertEquals(ImmutableSet.of(new Privilege(AUTH_NAMESPACE, Action.ADMIN)), authorizer.listPrivileges(ALICE)); NamespaceMeta updated = new NamespaceMeta.Builder(AUTH_NAMESPACE_META).setDescription("new desc").build(); namespaceAdmin.updateProperties(AUTH_NAMESPACE, updated); Assert.assertEquals(updated, namespaceAdmin.get(AUTH_NAMESPACE)); }
Collections.singleton(new Privilege(NamespaceId.SYSTEM, Action.ADMIN)), authorizer.listPrivileges(ALICE));