private boolean allActionsAlloved(Authorization autz) { for (String autzAction: autz.getAction()) { if (!limitActions.contains(autzAction)) { return false; } } return true; }
private boolean isApplicableForActions(Authorization autz, String[] requiredActions) { List<String> autzActions = autz.getAction(); if (autzActions.contains(AuthorizationConstants.AUTZ_ALL_URL)) { return true; } for (String requiredAction : requiredActions) { if (autzActions.contains(requiredAction)) { return true; } } return false; }
private boolean hasAnyAuthorization(MidPointPrincipal principal) { Collection<Authorization> authorizations = principal.getAuthorities(); if (authorizations == null || authorizations.isEmpty()){ return false; } for (Authorization auth : authorizations){ if (auth.getAction() != null && !auth.getAction().isEmpty()){ return true; } } return false; }
protected void assertAuthorizationActions(String message, Collection<Authorization> autzs, String... expectedActions) { Collection<String> actualActions = autzs.stream() .map(a -> a.getAction()) .flatMap(List::stream) .collect(Collectors.toList()); PrismAsserts.assertEqualsCollectionUnordered(message, actualActions, expectedActions); }
protected void assertAuthorizations(MidPointPrincipal principal, String... expectedAuthorizations) { List<String> actualAuthorizations = new ArrayList<>(); for (Authorization authorization: principal.getAuthorities()) { actualAuthorizations.addAll(authorization.getAction()); } PrismAsserts.assertSets("Wrong authorizations in "+principal, actualAuthorizations, expectedAuthorizations); }
/** * Deciding whether authorization is acceptable * (based on a value parsed before) */ @Override public Collection<Authorization> transform(Authorization autz) { if (unlimited || allActionsAlloved(autz)) { return Arrays.asList(autz); } Authorization limitedAutz = autz.clone(); Iterator<String> actionIterator = limitedAutz.getAction().iterator(); while (actionIterator.hasNext()) { String autzAction = actionIterator.next(); if (!limitActions.contains(autzAction)) { actionIterator.remove(); } } if (limitedAutz.getAction().isEmpty()) { return Collections.EMPTY_LIST; } return Arrays.asList(limitedAutz); }
private boolean isApplicableOrderConstraints(Authorization autz, List<OrderConstraintsType> paramOrderConstraints) { if (autz.getAction().contains(AuthorizationConstants.AUTZ_ALL_URL)) { // #all is always applicable // Compatibility note: in fact, this not really correct. We should not make // any special case for #all action - except for the fact that it applies to // all actions. Even for #all, the object and target specification should // still be processed. But orderConstraint is a bit different. For all other // authorization clauses holds that empty clause means that everything is // applicable. But it is different for orderConstraints. Due to compatibility // with midPoint 3.8 empty orderConstraints means min=0,max=0, i.e. it applies // only to assignment (not inducements). Therefore we need this exception for // #all, otherwise #all won't be applicable to inducements. return true; } OrderConstraintsType autzOrderConstraints = autz.getOrderConstraints(); if (paramOrderConstraints == null || paramOrderConstraints.isEmpty()) { if (autzOrderConstraints == null) { return true; } else { return false; } } for (OrderConstraintsType paramOrderConstraint : paramOrderConstraints) { if (!isSubset(paramOrderConstraint, autzOrderConstraints)) { return false; } } return true; }
private void assertAuthorizations(EvaluatedAssignmentImpl<? extends FocusType> evaluatedAssignment, String text) { assertUnsortedListsEquals("Wrong authorizations", getList(text), evaluatedAssignment.getAuthorizations(), a -> a.getAction().get(0)); }
protected void assertHasAuthotizationAllow(Authorization authorization, String... action) { assertNotNull("Null authorization", authorization); assertEquals("Wrong decision in "+authorization, AuthorizationDecisionType.ALLOW, authorization.getDecision()); TestUtil.assertSetEquals("Wrong action in "+authorization, authorization.getAction(), action); }
public void applyAuthorization(Authorization autz) { List<String> actions = autz.getAction(); AuthorizationPhaseType phase = autz.getPhase(); AuthorizationDecisionType decision = autz.getDecision(); if (decision == null) { decision = AuthorizationDecisionType.ALLOW; } for (String action: actions) { if (phase == null) { getOrCreateItemConstraints(action, AuthorizationPhaseType.REQUEST).collectItems(autz); getOrCreateItemConstraints(action, AuthorizationPhaseType.EXECUTION).collectItems(autz); } else { getOrCreateItemConstraints(action, phase).collectItems(autz); } } }