public ORole getRole(final OIdentifiable iRole) { return delegate.getRole(iRole); }
public ORole getRole(final OIdentifiable iRole) { return delegate.getRole(iRole); }
public ORole getRole(final String iRoleName) { return delegate.getRole(iRoleName); }
public ORole getRole(final String iRoleName) { return delegate.getRole(iRoleName); }
/** * @param name {@link String} role name * @return {@link Optional<ORole>} role */ public static Optional<ORole> getRoleByName(String name) { return DBClosure.sudo(db -> ofNullable(db.getMetadata().getSecurity().getRole(name))); }
@Override protected ORole load() { return getDatabase().getMetadata().getSecurity().getRole(ORoleSecurityWidget.this.getModelObject()); } };
for (int i = 0; i < this.roles.size(); ++i) { String roleName = this.roles.get(i).getStringValue(); ORole role = security.getRole(roleName); if (role == null) { throw new OCommandExecutionException("Cannot create user " + this.name + ": role " + roleName + " does not exist");
void createUser(final ODatabase<?> database) { database.getMetadata().getSecurity().createUser( userName, new String(password), database.getMetadata().getSecurity().getRole(ORole.ADMIN) ); } }
public OUser addRole(final String iRole) { if (iRole != null) addRole(document.getDatabase().getMetadata().getSecurity().getRole(iRole)); return this; }
role = getDatabase().getMetadata().getSecurity().getRole(roleName); if (role == null) throw new OCommandSQLParsingException("Invalid role: " + roleName);
role = database.getMetadata().getSecurity().getRole(roleName); if (role == null) throw new OCommandSQLParsingException("Invalid role: " + roleName);
/** * Required for explicit update of rights due to changes in OrientDB 2.2.23 * Related issue: https://github.com/orientechnologies/orientdb/issues/7549 * @param db - database to apply fix on */ public void fixOrientDBRights(ODatabase<?> db) { OSecurity security = db.getMetadata().getSecurity(); ORole readerRole = security.getRole("reader"); readerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ); readerRole.save(); ORole writerRole = security.getRole("writer"); writerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ); writerRole.save(); }
/** * Required for explicit update of rights due to changes in OrientDB 2.2.23 * Related issue: https://github.com/orientechnologies/orientdb/issues/7549 * @param db - database to apply fix on */ public void fixOrientDBRights(ODatabase<?> db) { OSecurity security = db.getMetadata().getSecurity(); ORole readerRole = security.getRole("reader"); readerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ); readerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ); readerRole.save(); ORole writerRole = security.getRole("writer"); writerRole.grant(ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLASS, "orole", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.CLASS, "ouser", ORole.PERMISSION_READ); writerRole.grant(ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ); writerRole.save(); }
parentRole = role != null ? document.getDatabase().getMetadata().getSecurity().getRole(role) : null;
private void updateReaderPermissions(ODatabaseDocument db, ODocument reader, ODocument perspective) { ORole role = db.getMetadata().getSecurity().getRole("reader"); role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, null, 0); role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag()); role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, 0); role.grant(OSecurityHelper.FEATURE_RESOURCE, SchemaPage.SCHEMA_FEATURE, 0); role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(reader)); role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective); role.save(); perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singleton(role.getDocument())); perspective.save(); }
@Override public OResultSet executeSimple(OCommandContext ctx) { ORole role = getDatabase().getMetadata().getSecurity().getRole(actor.getStringValue()); if (role == null) throw new OCommandExecutionException("Invalid role: " + actor.getStringValue()); String resourcePath = toResourcePath(resourceChain, ctx); role.revoke(resourcePath, toPrivilege(permission.permission)); role.save(); OInternalResultSet rs = new OInternalResultSet(); OResultInternal result = new OResultInternal(); result.setProperty("operation", "grant"); result.setProperty("role", actor.getStringValue()); result.setProperty("permission", permission.toString()); result.setProperty("resource", resourcePath); rs.add(result); return rs; }
private void updateOrienteerUserRoleDoc(ODatabaseDocument db, ODocument perspective) { OSecurity security = db.getMetadata().getSecurity(); ORole role = security.getRole(ORIENTEER_USER_ROLE); if (role == null) { ORole reader = security.getRole("reader"); role = security.createRole(ORIENTEER_USER_ROLE, reader, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT); } role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_WIDGET, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_DASHBOARD, READ.getPermissionFlag()); // TODO: remove this after release with fix for roles in OrientDB: https://github.com/orientechnologies/orientdb/issues/8338 role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag()); role.grant(ResourceGeneric.SCHEMA, null, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLUSTER, "internal", READ.getPermissionFlag()); role.grant(ResourceGeneric.RECORD_HOOK, "", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, null, READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "systemclusters", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "function", READ.getPermissionFlag()); role.grant(ResourceGeneric.DATABASE, "command", READ.getPermissionFlag()); role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, READ.getPermissionFlag()); role.grant(ResourceGeneric.CLASS, OrienteerUser.CLASS_NAME, OrientPermission.combinedPermission(READ, UPDATE)); role.grant(ResourceGeneric.DATABASE, "cluster", OrientPermission.combinedPermission(READ, UPDATE)); role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument())); role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective); role.save(); perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument())); perspective.save(); }
@Override public OResultSet executeSimple(OCommandContext ctx) { ORole role = getDatabase().getMetadata().getSecurity().getRole(actor.getStringValue()); if (role == null) throw new OCommandExecutionException("Invalid role: " + actor.getStringValue()); String resourcePath = toResourcePath(resourceChain, ctx); role.grant(resourcePath, toPrivilege(permission.permission)); role.save(); OInternalResultSet rs = new OInternalResultSet(); OResultInternal result = new OResultInternal(); result.setProperty("operation", "grant"); result.setProperty("role", actor.getStringValue()); result.setProperty("permission", permission.toString()); result.setProperty("resource", resourcePath); rs.add(result); return rs; }