public OUser addRole(final String iRole) { if (iRole != null) addRole(document.getDatabase().getMetadata().getSecurity().getRole(iRole)); return this; }
database.getMetadata().getSecurity().allowIdentity(iDocument, f, identity); return true;
role = getDatabase().getMetadata().getSecurity().getRole(roleName); if (role == null) throw new OCommandSQLParsingException("Invalid role: " + roleName);
parentRole = role != null ? document.getDatabase().getMetadata().getSecurity().getRole(role) : null;
return false; return database.getMetadata().getSecurity() .isAllowed((Set<OIdentifiable>) doc.field(ORestrictedOperation.ALLOW_ALL.getFieldName()), (Set<OIdentifiable>) doc.field(iAllowOperation.getFieldName()));
@Override public void start(RequestCycle cycle) { OrientDbWebSession session = OrientDbWebSession.get(); ODatabaseDocumentInternal db = session.getDatabase(); //It's required to have ability to check security rights locally OSecurityUser oUser = session.getUser(); OSecurityUser dbUser = db.getUser(); if(oUser!=null && oUser.getDocument()!=null && oUser.getDocument().getIdentity()!=null && (!oUser.getDocument().getIdentity().isValid() || dbUser==null || !Objects.equal(dbUser.getName(), oUser.getName()))) { db.setUser(db.getMetadata().getSecurity().getUser(oUser.getName())); } db.begin(); }
@Override public void start(RequestCycle cycle) { OrientDbWebSession session = OrientDbWebSession.get(); ODatabaseDocumentInternal db = session.getDatabase(); //It's required to have ability to check security rights locally OSecurityUser oUser = session.getUser(); OSecurityUser dbUser = db.getUser(); if(oUser!=null && oUser.getDocument()!=null && oUser.getDocument().getIdentity()!=null && (!oUser.getDocument().getIdentity().isValid() || dbUser==null || !Objects.equal(dbUser.getName(), oUser.getName()))) { db.setUser(db.getMetadata().getSecurity().getUser(oUser.getName())); } db.begin(); }
@Override public OResultSet executeSimple(OCommandContext ctx) { ORole role = getDatabase().getMetadata().getSecurity().getRole(actor.getStringValue()); if (role == null) throw new OCommandExecutionException("Invalid role: " + actor.getStringValue()); String resourcePath = toResourcePath(resourceChain, ctx); role.revoke(resourcePath, toPrivilege(permission.permission)); role.save(); OInternalResultSet rs = new OInternalResultSet(); OResultInternal result = new OResultInternal(); result.setProperty("operation", "grant"); result.setProperty("role", actor.getStringValue()); result.setProperty("permission", permission.toString()); result.setProperty("resource", resourcePath); rs.add(result); return rs; }
@Override public OResultSet executeSimple(OCommandContext ctx) { ORole role = getDatabase().getMetadata().getSecurity().getRole(actor.getStringValue()); if (role == null) throw new OCommandExecutionException("Invalid role: " + actor.getStringValue()); String resourcePath = toResourcePath(resourceChain, ctx); role.grant(resourcePath, toPrivilege(permission.permission)); role.save(); OInternalResultSet rs = new OInternalResultSet(); OResultInternal result = new OResultInternal(); result.setProperty("operation", "grant"); result.setProperty("role", actor.getStringValue()); result.setProperty("permission", permission.toString()); result.setProperty("resource", resourcePath); rs.add(result); return rs; }
protected void removeDefaultClusters() { listener.onMessage( "\nWARN: Exported database does not support manual index separation." + " Manual index cluster will be dropped."); // In v4 new cluster for manual indexes has been implemented. To keep database consistent we should shift back // all clusters and recreate cluster for manual indexes in the end. database.dropCluster(OMetadataDefault.CLUSTER_MANUAL_INDEX_NAME, true); final OSchema schema = database.getMetadata().getSchema(); if (schema.existsClass(OUser.CLASS_NAME)) schema.dropClass(OUser.CLASS_NAME); if (schema.existsClass(ORole.CLASS_NAME)) schema.dropClass(ORole.CLASS_NAME); if (schema.existsClass(OSecurityShared.RESTRICTED_CLASSNAME)) schema.dropClass(OSecurityShared.RESTRICTED_CLASSNAME); if (schema.existsClass(OFunction.CLASS_NAME)) schema.dropClass(OFunction.CLASS_NAME); if (schema.existsClass("ORIDs")) schema.dropClass("ORIDs"); if (schema.existsClass(OClassTrigger.CLASSNAME)) schema.dropClass(OClassTrigger.CLASSNAME); schema.save(); database.dropCluster(OStorage.CLUSTER_DEFAULT_NAME, true); database.getStorage().setDefaultClusterId(database.addCluster(OStorage.CLUSTER_DEFAULT_NAME)); // Starting from v4 schema has been moved to internal cluster. // Create a stub at #2:0 to prevent cluster position shifting. new ODocument().save(OStorage.CLUSTER_DEFAULT_NAME); database.getMetadata().getSecurity().create(); }