private void setPolicyEntry(final PolicyEntry entry) { putAllSubjects(entry); final Label label = entry.getLabel(); grantedPermissions.put(label, new LinkedHashMap<>()); revokedPermissions.put(label, new LinkedHashMap<>()); setResourcesFor(entry.getLabel(), entry.getResources()); }
@Override public Optional<EffectedPermissions> getEffectedPermissionsFor(final CharSequence label, final SubjectId subjectId, final ResourceKey resourceKey) { final Label lbl = Label.of(label); Optional<EffectedPermissions> result = Optional.empty(); final PolicyEntry policyEntry = entries.get(lbl); if (null != policyEntry) { final Subjects subjects = policyEntry.getSubjects(); final Optional<Subject> subjectOptional = subjects.getSubject(subjectId); if (subjectOptional.isPresent()) { final Resources resources = policyEntry.getResources(); result = resources.getResource(resourceKey).map(Resource::getEffectedPermissions); } } return result; }
private boolean hasPermissionGranted(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsGrantedPermissions = resource.getEffectedPermissions() .getGrantedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsGrantedPermissions; }); }
private boolean hasPermissionGranted(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsGrantedPermissions = resource.getEffectedPermissions() .getGrantedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsGrantedPermissions; }); }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
static PolicyEntry substitutePolicyEntry(final PolicyEntry existingPolicyEntry, final HeaderBasedPlaceholderSubstitutionAlgorithm substitutionAlgorithm, final DittoHeaders dittoHeaders) { final Subjects existingSubjects = existingPolicyEntry.getSubjects(); final Subjects substitutedSubjects = substituteSubjects(existingSubjects, substitutionAlgorithm, dittoHeaders); final PolicyEntry resultEntry; if (existingSubjects.equals(substitutedSubjects)) { resultEntry = existingPolicyEntry; } else { resultEntry = PolicyEntry.newInstance(existingPolicyEntry.getLabel(), substitutedSubjects, existingPolicyEntry.getResources()); } return resultEntry; }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
@Override public Policy removeSubjectFor(final CharSequence label, final SubjectId subjectId) { final Label lbl = Label.of(label); Policy result = this; final PolicyEntry existingPolicyEntry = entries.get(lbl); if (null != existingPolicyEntry) { final Subjects existingSubjects = existingPolicyEntry.getSubjects(); final Subjects newSubjects = existingSubjects.removeSubject(subjectId); if (!Objects.equals(existingSubjects, newSubjects)) { final Map<Label, PolicyEntry> entriesCopy = copyEntries(); entriesCopy.put(lbl, newPolicyEntry(lbl, newSubjects, existingPolicyEntry.getResources())); result = new ImmutablePolicy(policyId, entriesCopy, lifecycle, revision, modified); } } return result; }
@Override public Policy removeResourceFor(final CharSequence label, final ResourceKey resourceKey) { final Label lbl = Label.of(label); Policy result = this; final PolicyEntry existingEntry = entries.get(lbl); if (null != existingEntry) { final Resources existingResources = existingEntry.getResources(); final Resources newResources = existingResources.removeResource(resourceKey); if (!Objects.equals(existingResources, newResources)) { final Map<Label, PolicyEntry> entriesCopy = copyEntries(); entriesCopy.put(lbl, newPolicyEntry(lbl, existingEntry.getSubjects(), newResources)); result = new ImmutablePolicy(policyId, entriesCopy, lifecycle, revision, modified); } } return result; }
@Override public Policy setSubjectsFor(final CharSequence label, final Subjects subjects) { final Label lbl = Label.of(label); checkNotNull(subjects, "subjects to set to the Policy entry"); final Map<Label, PolicyEntry> entriesCopy = copyEntries(); final PolicyEntry modifiedEntry; if (!entriesCopy.containsKey(lbl)) { modifiedEntry = newPolicyEntry(lbl, subjects, emptyResources()); } else { final PolicyEntry policyEntry = entriesCopy.get(lbl); modifiedEntry = newPolicyEntry(lbl, subjects, policyEntry.getResources()); } entriesCopy.put(lbl, modifiedEntry); return new ImmutablePolicy(policyId, entriesCopy, lifecycle, revision, modified); }
@Override protected void doApply(final RetrieveResources command) { final Optional<PolicyEntry> optionalEntry = policy.getEntryFor(command.getLabel()); if (optionalEntry.isPresent()) { final RetrieveResourcesResponse response = RetrieveResourcesResponse.of(policyId, command.getLabel(), optionalEntry.get().getResources(), command.getDittoHeaders()); sendSuccessResponse(command, response); } else { policyEntryNotFound(command.getLabel(), command.getDittoHeaders()); } }
@Override protected void doApply(final RetrieveResources command) { final Optional<PolicyEntry> optionalEntry = policy.getEntryFor(command.getLabel()); if (optionalEntry.isPresent()) { final RetrieveResourcesResponse response = RetrieveResourcesResponse.of(policyId, command.getLabel(), optionalEntry.get().getResources(), command.getDittoHeaders()); sendSuccessResponse(command, response); } else { policyEntryNotFound(command.getLabel(), command.getDittoHeaders()); } }
public PolicyAssert hasResourceFor(final Label label, final ResourceKey resourceKey) { isNotNull(); hasLabel(label); final PolicyEntry policyEntry = actual.getEntryFor(label).get(); assertThat(policyEntry.getResources().getResource(resourceKey)).isPresent() // .overridingErrorMessage( "Expected Label <%s> to contain Resource for path \n<%s> " + "but did not: \n<%s>", label, resourceKey, policyEntry.getResources()); return this; }
@Override public Policy setSubjectFor(final CharSequence label, final Subject subject) { final Label lbl = Label.of(label); checkNotNull(subject, "subject to set to the Policy entry"); final Policy result; final PolicyEntry existingPolicyEntry = entries.get(lbl); if (null != existingPolicyEntry) { final Subjects existingSubjects = existingPolicyEntry.getSubjects(); final Subjects newSubjects = existingSubjects.setSubject(subject); if (!Objects.equals(existingSubjects, newSubjects)) { final Map<Label, PolicyEntry> entriesCopy = copyEntries(); entriesCopy.put(lbl, newPolicyEntry(lbl, newSubjects, existingPolicyEntry.getResources())); result = new ImmutablePolicy(policyId, entriesCopy, lifecycle, revision, modified); } else { result = this; } } else { result = setSubjectsFor(label, Subjects.newInstance(subject)); } return result; }
@Override public Policy setResourceFor(final CharSequence label, final Resource resource) { final Label lbl = Label.of(label); checkNotNull(resource, "resource to set to the Policy entry"); final Map<Label, PolicyEntry> entriesCopy = copyEntries(); final PolicyEntry modifiedEntry; if (!entriesCopy.containsKey(lbl)) { modifiedEntry = newPolicyEntry(label, PoliciesModelFactory.emptySubjects(), newResources(resource)); } else { final PolicyEntry policyEntry = entriesCopy.get(lbl); final Resources modifiedResources = policyEntry.getResources().setResource(resource); modifiedEntry = newPolicyEntry(label, policyEntry.getSubjects(), modifiedResources); } entriesCopy.put(lbl, modifiedEntry); return new ImmutablePolicy(policyId, entriesCopy, lifecycle, revision, modified); }
public PolicyAssert doesNotHaveResourceFor(final Label label, final ResourceKey resourceKey) { isNotNull(); hasLabel(label); final PolicyEntry policyEntry = actual.getEntryFor(label).get(); assertThat(policyEntry.getResources().getResource(resourceKey)).isEmpty() // .overridingErrorMessage( "Expected Label <%s> to NOT contain Resource for path \n<%s> " + "but it did: \n<%s>", label, resourceKey, policyEntry.getResources()); return this; }
@Override protected void doApply(final RetrieveResource command) { final Optional<PolicyEntry> optionalEntry = policy.getEntryFor(command.getLabel()); if (optionalEntry.isPresent()) { final PolicyEntry policyEntry = optionalEntry.get(); final Optional<Resource> optionalResource = policyEntry.getResources().getResource(command.getResourceKey()); if (optionalResource.isPresent()) { final RetrieveResourceResponse response = RetrieveResourceResponse.of(policyId, command.getLabel(), optionalResource.get(), command.getDittoHeaders()); sendSuccessResponse(command, response); } else { resourceNotFound(command.getLabel(), command.getResourceKey(), command.getDittoHeaders()); } } else { policyEntryNotFound(command.getLabel(), command.getDittoHeaders()); } }
@Override protected void doApply(final RetrieveResource command) { final Optional<PolicyEntry> optionalEntry = policy.getEntryFor(command.getLabel()); if (optionalEntry.isPresent()) { final PolicyEntry policyEntry = optionalEntry.get(); final Optional<Resource> optionalResource = policyEntry.getResources().getResource(command.getResourceKey()); if (optionalResource.isPresent()) { final RetrieveResourceResponse response = RetrieveResourceResponse.of(policyId, command.getLabel(), optionalResource.get(), command.getDittoHeaders()); sendSuccessResponse(command, response); } else { resourceNotFound(command.getLabel(), command.getResourceKey(), command.getDittoHeaders()); } } else { policyEntryNotFound(command.getLabel(), command.getDittoHeaders()); } }
public PolicyAssert hasResourceEffectedPermissionsFor(final Label label, final ResourceKey resourceKey, final EffectedPermissions expectedEffectedPermissions) { isNotNull(); hasResourceFor(label, resourceKey); final Resource resource = actual.getEntryFor(label).get().getResources().getResource(resourceKey).get(); assertThat(resource.getEffectedPermissions()).isEqualTo(expectedEffectedPermissions) // .overridingErrorMessage( "Expected Label <%s> to contain for Resource path <%s> EffectedPermissions " + "\n<%s> but did not: \n<%s>", label, resourceKey, expectedEffectedPermissions, resource.getEffectedPermissions()); return this; }
private void addPolicyEntry(final PolicyEntry policyEntry) { final Collection<String> subjectIds = getSubjectIds(policyEntry.getSubjects()); policyEntry.getResources().forEach(resource -> { final PolicyTrie target = seekOrCreate(getJsonKeyIterator(resource.getResourceKey())); final EffectedPermissions effectedPermissions = resource.getEffectedPermissions(); target.grant(subjectIds, effectedPermissions.getGrantedPermissions()); target.revoke(subjectIds, effectedPermissions.getRevokedPermissions()); }); }