private boolean hasAdminPrivileges(Admin admin) { return server().security().isAdmin(admin); }
@Test public void shouldKnowIfRoleIsAdmin() throws Exception { SecurityConfig security = security(passwordFileAuthConfig(), admins(role("role1"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(false)); }
@Test public void shouldKnowIfUserIsAdmin() throws Exception { SecurityConfig security = security(null, admins(user("chris"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(true)); security = security(passwordFileAuthConfig(), admins(user("chris"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(false)); }
@Test public void shouldNotCareIfValidUserInRoleOrUser() throws Exception { SecurityConfig security = security(passwordFileAuthConfig(), admins(role("role2"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(false)); security = security(passwordFileAuthConfig(), admins(role("role2"), user("jez"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(true)); }
private void validateOperatePermissions(ValidationContext validationContext) { if (validationContext.isWithinPipelines()) { PipelineConfigs group = validationContext.getPipelineGroup(); if (!group.hasOperationPermissionDefined()) { return; } AdminsConfig groupOperators = group.getAuthorization().getOperationConfig(); SecurityConfig serverSecurityConfig = validationContext.getServerSecurityConfig(); RolesConfig roles = serverSecurityConfig.getRoles(); for (Admin approver : authConfig) { boolean approverIsASuperAdmin = serverSecurityConfig.isAdmin(approver); boolean approverIsAGroupAdmin = group.isUserAnAdmin(approver.getName(), roles.memberRoles(approver)); boolean approverIsNotAnAdmin = !(approverIsASuperAdmin || approverIsAGroupAdmin); boolean approverIsNotAGroupOperator = !groupOperators.has(approver, roles.memberRoles(approver)); if (approverIsNotAnAdmin && approverIsNotAGroupOperator) { approver.addError(String.format("%s \"%s\" who is not authorized to operate pipeline group `%s` can not be authorized to approve stage", approver.describe(), approver, group.getGroup())); } } } }
@Test public void shouldValidateRoleAsAdmin() throws Exception { SecurityConfig security = security(passwordFileAuthConfig(), admins(role("role2"))); assertThat(security.isAdmin(new AdminRole(new CaseInsensitiveString("role2"))), is(true)); }