private static void mergePermissions(final Resource resource, final ResourceNode existingChild) { final EffectedPermissions existingChildPermissions = existingChild.getPermissions(); final Collection<String> mergedGrantedPermissions = new HashSet<>(existingChildPermissions.getGrantedPermissions()); final Collection<String> mergedRevokedPermissions = new HashSet<>(existingChildPermissions.getRevokedPermissions()); if (!resource.getEffectedPermissions().getRevokedPermissions().isEmpty()) { mergedRevokedPermissions.addAll(resource.getEffectedPermissions().getRevokedPermissions()); } if (!resource.getEffectedPermissions().getGrantedPermissions().isEmpty()) { mergedGrantedPermissions.addAll(resource.getEffectedPermissions().getGrantedPermissions()); } existingChild.setPermissions( EffectedPermissions.newInstance(mergedGrantedPermissions, mergedRevokedPermissions)); }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
private boolean hasPermissionGranted(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsGrantedPermissions = resource.getEffectedPermissions() .getGrantedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsGrantedPermissions; }); }
private boolean hasPermissionGranted(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsGrantedPermissions = resource.getEffectedPermissions() .getGrantedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsGrantedPermissions; }); }
private boolean hasPermissionRevoked(final PolicyEntry policyEntry) { return policyEntry.getResources().stream() // .anyMatch(resource -> { final boolean isRootResource = ROOT_RESOURCE.equals(resource.getResourceKey()); final boolean containsRevokedPermissions = resource.getEffectedPermissions() .getRevokedPermissions() .contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS); return isRootResource && containsRevokedPermissions; }); }
@Override public ImmutablePolicyBuilder setResourcesFor(final CharSequence label, final Resources resources) { checkNotNull(resources, "Resources to be set"); final Map<ResourceKey, Permissions> grantedMap = retrieveGrantedPermissions(label); final Map<ResourceKey, Permissions> revokedMap = retrieveRevokedPermissions(label); resources.forEach(resource -> { final ResourceKey resourceKey = resource.getResourceKey(); final EffectedPermissions effectedPermissions = resource.getEffectedPermissions(); grantedMap.put(resourceKey, effectedPermissions.getGrantedPermissions()); revokedMap.put(resourceKey, effectedPermissions.getRevokedPermissions()); }); return this; }
public PolicyAssert hasResourceEffectedPermissionsFor(final Label label, final ResourceKey resourceKey, final EffectedPermissions expectedEffectedPermissions) { isNotNull(); hasResourceFor(label, resourceKey); final Resource resource = actual.getEntryFor(label).get().getResources().getResource(resourceKey).get(); assertThat(resource.getEffectedPermissions()).isEqualTo(expectedEffectedPermissions) // .overridingErrorMessage( "Expected Label <%s> to contain for Resource path <%s> EffectedPermissions " + "\n<%s> but did not: \n<%s>", label, resourceKey, expectedEffectedPermissions, resource.getEffectedPermissions()); return this; }
parentNode.getParent().ifPresent(p -> mergePermissions(resource, parentNode)); } else if (!parentNode.getChild(usedPath).isPresent()) { parentNode.addChild(ResourceNode.of(parentNode, usedPath, resource.getEffectedPermissions())); } else { final ResourceNode existingChild = parentNode.getChild(usedPath)
private void addPolicyEntry(final PolicyEntry policyEntry) { final Collection<String> subjectIds = getSubjectIds(policyEntry.getSubjects()); policyEntry.getResources().forEach(resource -> { final PolicyTrie target = seekOrCreate(getJsonKeyIterator(resource.getResourceKey())); final EffectedPermissions effectedPermissions = resource.getEffectedPermissions(); target.grant(subjectIds, effectedPermissions.getGrantedPermissions()); target.revoke(subjectIds, effectedPermissions.getRevokedPermissions()); }); }