Package com.orientechnologies.orient.core.metadata.security

Examples of com.orientechnologies.orient.core.metadata.security.ORole

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
        json.endObject(2, false);
      }
      json.endCollection(1, true);

      json.beginCollection(1, true, "roles");
      ORole role;
      for (ODocument doc : db.getMetadata().getSecurity().getRoles()) {
        role = new ORole(doc);
        json.beginObject(2, true, null);
        json.writeAttribute(3, false, "name", role.getName());
        json.writeAttribute(3, false, "mode", role.getMode().toString());

        json.beginCollection(3, true, "rules");
        for (Entry<String, Byte> rule : role.getRules().entrySet()) {
          json.beginObject(4);
          json.writeAttribute(4, true, "name", rule.getKey());
          json.writeAttribute(4, false, "create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
          json.writeAttribute(4, false, "read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
          json.writeAttribute(4, false, "update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
          json.writeAttribute(4, false, "delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
          json.endObject(4, true);
        }
        json.endCollection(3, false);

        json.endObject(2, true);
View Full Code Here
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
    userClass.createProperty("roles", OType.LINKSET, roleClass);

    metadata.getSchema().save();

    // CREATE ROLES AND USERS
    final ORole adminRole = metadata.getSecurity().createRole(ORole.ADMIN, ORole.ALLOW_MODES.ALLOW_ALL_BUT);
    user = metadata.getSecurity().createUser(OUser.ADMIN, OUser.ADMIN, new String[] { adminRole.getName() });

    final ORole readerRole = metadata.getSecurity().createRole("reader", ORole.ALLOW_MODES.DENY_ALL_BUT);
    readerRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.CLUSTER + "." + OStorage.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.QUERY, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
    readerRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);
    readerRole.save();
    metadata.getSecurity().createUser("reader", "reader", new String[] { readerRole.getName() });

    final ORole writerRole = metadata.getSecurity().createRole("writer", ORole.ALLOW_MODES.DENY_ALL_BUT);
    writerRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    writerRole
        .addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    writerRole.addRule(ODatabaseSecurityResources.CLUSTER + "." + OStorage.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ);
    writerRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    writerRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    writerRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    writerRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    writerRole.addRule(ODatabaseSecurityResources.QUERY, ORole.PERMISSION_READ);
    writerRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    writerRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
    writerRole.save();
    metadata.getSecurity().createUser("writer", "writer", new String[] { writerRole.getName() });
  }
View Full Code Here
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
        json.endObject(2, false);
      }
      json.endCollection(1, true);

      json.beginCollection(1, true, "roles");
      ORole role;
      for (ODocument doc : db.getMetadata().getSecurity().getRoles()) {
        role = new ORole(doc);
        json.beginObject(2, true, null);
        json.writeAttribute(3, false, "name", role.getName());
        json.writeAttribute(3, false, "mode", role.getMode().toString());

        json.beginCollection(3, true, "rules");
        for (Entry<String, Byte> rule : role.getRules().entrySet()) {
          json.beginObject(4);
          json.writeAttribute(4, true, "name", rule.getKey());
          json.writeAttribute(4, false, "create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
          json.writeAttribute(4, false, "read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
          json.writeAttribute(4, false, "update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
          json.writeAttribute(4, false, "delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
          json.endObject(4, true);
        }
        json.endCollection(3, false);

        json.endObject(2, true);
View Full Code Here
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
        json.endObject(2, false);
      }
      json.endCollection(1, true);

      json.beginCollection(1, true, "roles");
      ORole role;
      for (ODocument doc : db.getMetadata().getSecurity().getRoles()) {
        role = new ORole(doc);
        json.beginObject(2, true, null);
        json.writeAttribute(3, false, "name", role.getName());
        json.writeAttribute(3, false, "mode", role.getMode().toString());

        json.beginCollection(3, true, "rules");
        for (Entry<String, Byte> rule : role.getRules().entrySet()) {
          json.beginObject(4);
          json.writeAttribute(4, true, "name", rule.getKey());
          json.writeAttribute(4, false, "create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
          json.writeAttribute(4, false, "read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
          json.writeAttribute(4, false, "update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
          json.writeAttribute(4, false, "delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
          json.endObject(4, true);
        }
        json.endCollection(3, false);

        json.endObject(2, true);
View Full Code Here
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
      json.endObject(2, false);
    }
    json.endCollection(1, true);

    json.beginCollection(1, true, "roles");
    ORole role;
    for (ODocument doc : db.getMetadata().getSecurity().getAllRoles()) {
      role = new ORole(doc);
      json.beginObject(2, true, null);
      json.writeAttribute(3, false, "name", role.getName());
      json.writeAttribute(3, false, "mode", role.getMode().toString());

      json.beginCollection(3, true, "rules");
      for (Entry<String, Byte> rule : role.getRules().entrySet()) {
        json.beginObject(4);
        json.writeAttribute(4, true, "name", rule.getKey());
        json.writeAttribute(4, false, "create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
        json.writeAttribute(4, false, "read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
        json.writeAttribute(4, false, "update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
        json.writeAttribute(4, false, "delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
        json.endObject(4, true);
      }
      json.endCollection(3, false);

      json.endObject(2, true);
View Full Code Here
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
       json.endObject(2, false);
     }
     json.endCollection(1, true);

     json.beginCollection(1, true, "roles");
     ORole role;
     for (ODocument doc : db.getMetadata().getSecurity().getAllRoles()) {
       role = new ORole(doc);
       json.beginObject(2, true, null);
       json.writeAttribute(3, false, "name", role.getName());
       json.writeAttribute(3, false, "mode", role.getMode().toString());

       json.beginCollection(3, true, "rules");
       for (Entry<String, Byte> rule : role.getRules().entrySet()) {
         json.beginObject(4);
         json.writeAttribute(4, true, "name", rule.getKey());
         json.writeAttribute(4, false, "create", role.allow(rule.getKey(), ORole.PERMISSION_CREATE));
         json.writeAttribute(4, false, "read", role.allow(rule.getKey(), ORole.PERMISSION_READ));
         json.writeAttribute(4, false, "update", role.allow(rule.getKey(), ORole.PERMISSION_UPDATE));
         json.writeAttribute(4, false, "delete", role.allow(rule.getKey(), ORole.PERMISSION_DELETE));
         json.endObject(4, true);
       }
       json.endCollection(3, false);

       json.endObject(2, true);
View Full Code Here
208
209
210
211
212
213
214
215
216
  }

  @Test(dependsOnMethods = "testReaderCannotSeeWriterDocumentAgain")
  public void testReaderRoleInheritsFromWriterRole() throws IOException {
    database.open("admin", "admin");
    ORole reader = database.getMetadata().getSecurity().getRole("reader");
    reader.setParentRole(database.getMetadata().getSecurity().getRole("writer"));
    reader.save();
  }
View Full Code Here
229
230
231
232
233
234
235
236
237
  }

  @Test(dependsOnMethods = "testReaderRoleCanSeeInheritedDocument")
  public void testReaderRoleDesntInheritsFromWriterRole() throws IOException {
    database.open("admin", "admin");
    ORole reader = database.getMetadata().getSecurity().getRole("reader");
    reader.setParentRole(null);
    reader.save();
  }
View Full Code Here
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
           
            if (role==null) profile=dao.create(username, password);
            else profile=dao.create(username, password,role);
           
            ORID userRid = ((ORID)profile.field("user")).getIdentity();
            ORole friendRole=RoleDao.createFriendRole(username);
            friendRole.getDocument().field(RoleService.FIELD_ASSIGNABLE,true);
            friendRole.getDocument().field(RoleService.FIELD_MODIFIABLE,false);
            friendRole.getDocument().field(RoleService.FIELD_INTERNAL,true);
            friendRole.getDocument().field(RoleService.FIELD_DESCRIPTION,"These are friends of " + username);
           
            /*    these attributes are visible by:
             *    Anonymous users
             *    Registered user
             *    Friends
View Full Code Here
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
  public static ODocument updateProfile(String username,String role,JsonNode nonAppUserAttributes,
      JsonNode privateAttributes, JsonNode friendsAttributes,
      JsonNode appUsersAttributes) throws InvalidJsonException,Exception{
    try{
      ORole newORole=RoleDao.getRole(role);
      if (newORole==null) throw new InvalidParameterException(role + " is not a role");
      if (!RoleService.isAssignable(newORole)) throw new RoleIsNotAssignableException("Role " + role + " is not assignable");
      ORID newRole=newORole.getDocument().getIdentity();
      UserDao udao=UserDao.getInstance();
      ODocument profile=udao.getByUserName(username);
      if (profile==null) throw new InvalidParameterException(username + " is not a user");
      profile=updateProfile(profile, nonAppUserAttributes,
          privateAttributes,  friendsAttributes, appUsersAttributes);

      Set<OIdentifiable>roles=( Set<OIdentifiable>)((ODocument)profile.field("user")).field("roles");
      //extracts the role skipping the friends ones
      String oldRole=null;
      for(OIdentifiable r:roles){
        oldRole=((String)((ODocument)r.getRecord()).field("name"));
        if (! oldRole.startsWith(RoleDao.FRIENDS_OF_ROLE)) {
          break;
        }
      }
      ORole oldORole=RoleDao.getRole(oldRole);
      //TODO: update role
      OUser ouser=DbHelper.getConnection().getMetadata().getSecurity().getUser(username);
      ouser.getRoles().remove(oldORole);
      ouser.addRole(newORole);
      ouser.save();
View Full Code Here
TOP

Related Classes of com.orientechnologies.orient.core.metadata.security.ORole

  • com.baasbox.dao.CollectionDao
  • com.baasbox.dao.RoleDao
  • com.baasbox.dao.UserDao
  • com.baasbox.db.Evolution_0_7_0
  • com.baasbox.service.storage.DocumentService
  • com.baasbox.service.storage.FileService
  • com.baasbox.service.user.RoleService
  • com.baasbox.service.user.UserService
  • com.orientechnologies.orient.core.db.record.ODatabaseRecordAbstract
  • com.orientechnologies.orient.core.db.record.OIdentifiable
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.