Package org.rhq.core.domain.authz

Examples of org.rhq.core.domain.authz.Role

1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
    }

    @Test(enabled = TESTS_ENABLED)
    public void testAuthzBundleGroup() throws Exception {
        Subject subject = createNewSubject(TEST_USER_NAME);
        Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);

        subject = createSession(subject); // start a session so we can use this subject in SLSB calls

        BundleGroup bundleGroup = new BundleGroup(TEST_BUNDLE_GROUP_NAME);
        bundleGroup.setDescription("test");

        // deny bundle group create
        try {
            bundleManager.createBundleGroup(subject, bundleGroup);
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow bundle group create
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        bundleGroup = bundleManager.createBundleGroup(subject, bundleGroup);

        // deny bundle group delete
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        try {
            bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() });
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // deny global perm bundleGroup view
        BundleGroupCriteria bgCriteria = new BundleGroupCriteria();
        List<BundleGroup> bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assert bundleGroups.isEmpty() : "Should not be able to see unassociated bundle group";

        // allow global perm bundleGroup view
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assertEquals("Should be able to see unassociated bundle group", 1, bundleGroups.size());

        // allow bundle group delete
        bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() });
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        // deny unassigned bundle create (no global create or view)
        try {
            createBundle(subject, TEST_PREFIX + ".bundle");
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // deny unassigned bundle create (no global view)
        addRolePermissions(role, Permission.CREATE_BUNDLES);
        try {
            createBundle(subject, TEST_PREFIX + ".bundle");
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // deny unassigned bundle create (no global create)
        removeRolePermissions(role, Permission.CREATE_BUNDLES);
        addRolePermissions(role, Permission.VIEW_BUNDLES);
        try {
            createBundle(subject, TEST_PREFIX + ".bundle");
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow unassigned bundle create
        addRolePermissions(role, Permission.CREATE_BUNDLES);
        Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle");

        // deny unassigned bundle view
        removeRolePermissions(role, Permission.CREATE_BUNDLES, Permission.VIEW_BUNDLES);
        BundleCriteria bCriteria = new BundleCriteria();
        List<Bundle> bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assert bundles.isEmpty() : "Should not be able to see unassigned bundle";

        // allow unassigned bundle view
        addRolePermissions(role, Permission.VIEW_BUNDLES);
        bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assertEquals("Should be able to see unassigned bundle", 1, bundles.size());

        // deny global perm bundle assign
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        bundleGroup = new BundleGroup(TEST_BUNDLE_GROUP_NAME);
        bundleGroup.setDescription("test");

        bundleGroup = bundleManager.createBundleGroup(subject, bundleGroup);
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        try {
            bundleManager.assignBundlesToBundleGroups(subject, new int[] { bundleGroup.getId() },
                new int[] { bundle.getId() });
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow bundle assign via global manage_bundle_groups
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        bundleManager.assignBundlesToBundleGroups(subject, new int[] { bundleGroup.getId() },
            new int[] { bundle.getId() });

        // allow bundle unassign via global manage_bundle_groups
        bundleManager.unassignBundlesFromBundleGroups(subject, new int[] { bundleGroup.getId() },
            new int[] { bundle.getId() });

        // allow bundle assign via global create
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        addRolePermissions(role, Permission.CREATE_BUNDLES);
        bundleManager.assignBundlesToBundleGroups(subject, new int[] { bundleGroup.getId() },
            new int[] { bundle.getId() });

        // deny bundle unassign via global create
        try {
            bundleManager.unassignBundlesFromBundleGroups(subject, new int[] { bundleGroup.getId() },
                new int[] { bundle.getId() });
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow bundle unassign via global delete
        addRolePermissions(role, Permission.DELETE_BUNDLES);
        bundleManager.unassignBundlesFromBundleGroups(subject, new int[] { bundleGroup.getId() },
            new int[] { bundle.getId() });
        removeRolePermissions(role, Permission.DELETE_BUNDLES);

        // deny bundle assign with global create but no view
        removeRolePermissions(role, Permission.VIEW_BUNDLES);
        try {
            bundleManager.assignBundlesToBundleGroups(subject, new int[] { bundleGroup.getId() },
                new int[] { bundle.getId() });
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // go back and again assign via global create and view
        addRolePermissions(role, Permission.VIEW_BUNDLES);
        bundleManager.assignBundlesToBundleGroups(subject, new int[] { bundleGroup.getId() },
            new int[] { bundle.getId() });

        // deny assigned, unassociated-bundle-group bundle view
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        removeRolePermissions(role, Permission.VIEW_BUNDLES);
        bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assert bundles.isEmpty() : "Should not be able to see assigned bundle";

        // allow assigned, associated-bundle-group bundle view
        addRoleBundleGroup(role, bundleGroup);
        bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assertEquals("Should be able to see assigned bundle", 1, bundles.size());

        // check new bundle criteria options (no match)
        bCriteria.addFilterBundleGroupIds(87678);
        bCriteria.fetchBundleGroups(true);
        bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assert bundles.isEmpty() : "Should not have found anything";

        // check new bundle criteria options (match)
        bCriteria.addFilterBundleGroupIds(bundleGroup.getId());
        bCriteria.fetchBundleGroups(true);
        bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
        assertNotNull(bundles);
        assertEquals("Should be able to see assigned bundle", 1, bundles.size());
        assertNotNull(bundles.get(0).getBundleGroups());
        assertEquals("Should have fetched bundlegroup", 1, bundles.get(0).getBundleGroups().size());
        assertEquals("Should have fetched expected bundlegroup", bundleGroup, bundles.get(0).getBundleGroups()
            .iterator().next());

        // check new bundle group criteria options (no match)
        bgCriteria.addFilterId(87678);
        bgCriteria.addFilterBundleIds(87678);
        bgCriteria.addFilterRoleIds(87678);
        bgCriteria.fetchBundles(true);
        bgCriteria.fetchRoles(true);
        bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assert bundleGroups.isEmpty() : "Should not have found anything";

        // check new bundle group criteria options (no match)
        bgCriteria.addFilterId(bundleGroup.getId());
        bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assert bundleGroups.isEmpty() : "Should not have found anything";

        // check new bundle group criteria options (no match)
        bgCriteria.addFilterBundleIds(bundle.getId());
        bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assert bundleGroups.isEmpty() : "Should not have found anything";

        // check new bundle group criteria options (match)
        bgCriteria.addFilterRoleIds(role.getId());
        bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
        assertNotNull(bundleGroups);
        assertEquals("Should be able to see assigned bundle", 1, bundleGroups.size());
        assertNotNull(bundleGroups.get(0).getBundles());
        assertEquals("Should have fetched bundle in bundle group", 1, bundleGroups.get(0).getBundles().size());
View Full Code Here
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
    }

    @Test(enabled = TESTS_ENABLED)
    public void testAuthzCreateBundleVersion() throws Exception {
        Subject subject = createNewSubject(TEST_USER_NAME);
        Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);

        subject = createSession(subject); // start a session so we can use this subject in SLSB calls

        // create bundle group
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        BundleGroup bundleGroup1 = new BundleGroup(TEST_BUNDLE_GROUP_NAME + "_1");
        bundleGroup1.setDescription("bg-1");
        bundleGroup1 = bundleManager.createBundleGroup(subject, bundleGroup1);
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        // add bg1 to the role, but no perms
        addRoleBundleGroup(role, bundleGroup1);

        // deny bundle create in bg1 (no create perm)
        try {
            createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow bundle creation in bg1 (has create perm)
        addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
        Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());

        // deny bundle version creation (perm taken away)
        removeRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
        try {
            BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle);
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
            // expected
        }

        // allow bundle version creation (perm granted)
        addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
        BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle);
        assertNotNull(bv1);
        assertEquals("1.0", bv1.getVersion());
        assert 0 == bv1.getVersionOrder();

        // create second role
        Role role2 = createNewRoleForSubject(subject, TEST_ROLE_NAME + "_2");
        addRolePermissions(role2, Permission.CREATE_BUNDLES_IN_GROUP);

        // create second bundle group
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        BundleGroup bundleGroup2 = new BundleGroup(TEST_BUNDLE_GROUP_NAME + "_2");
View Full Code Here
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
    }

    @Test(enabled = TESTS_ENABLED)
    public void testAuthzDeleteBundleVersion() throws Exception {
        Subject subject = createNewSubject(TEST_USER_NAME);
        Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);

        subject = createSession(subject); // start a session so we can use this subject in SLSB calls

        // create bundle group
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
View Full Code Here
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
    }

    @Test(enabled = TESTS_ENABLED)
    public void testAuthzBundleDest() throws Exception {
        Subject subject = createNewSubject(TEST_USER_NAME);
        Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
        subject = createSession(subject); // start a session so we can use this subject in SLSB calls

        // create bundle group
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        BundleGroup bundleGroup = new BundleGroup(TEST_BUNDLE_GROUP_NAME);
        bundleGroup.setDescription("bg");
        bundleGroup = bundleManager.createBundleGroup(subject, bundleGroup);
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        // add bg to the role with group create
        addRoleBundleGroup(role, bundleGroup);
        addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);

        // allow bundle creation in bg (has create perm)
        Bundle b1 = createBundle(subject, "one", bundleGroup.getId());
        assertNotNull(b1);
        BundleVersion bv1 = createBundleVersion(subject, b1.getName() + "-1", null, b1);
        assertNotNull(bv1);
        ResourceGroup platformResourceGroup = createTestResourceGroup();
        assertNotNull(platformResourceGroup);

        // deny destination create (no view of resource group)
        try {
            BundleDestination dest1 = createDestination(subject, b1, "one", "/test", platformResourceGroup);
            fail("Should have thrown IllegalArgumentException");
        } catch (EJBException e) {
            assert e.getCause() instanceof IllegalArgumentException
                && e.getCause().getMessage().contains("Invalid groupId") : "Should have not had group visibility";
            // expected
        }

        // deny destination create (no deploy perm)
        LookupUtil.getRoleManager().addResourceGroupsToRole(overlord, role.getId(),
            new int[] { platformResourceGroup.getId() });
        try {
            BundleDestination dest1 = createDestination(subject, b1, "one", "/test", platformResourceGroup);
            fail("Should have thrown PermissionException");
        } catch (PermissionException e) {
View Full Code Here
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
    }

    @Test(enabled = TESTS_ENABLED)
    public void testAuthzBundleDeploy() throws Exception {
        Subject subject = createNewSubject(TEST_USER_NAME);
        Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
        subject = createSession(subject); // start a session so we can use this subject in SLSB calls

        // create bundle group
        addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
        BundleGroup bundleGroup = new BundleGroup(TEST_BUNDLE_GROUP_NAME);
        bundleGroup.setDescription("bg");
        bundleGroup = bundleManager.createBundleGroup(subject, bundleGroup);
        removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);

        // add bg to the role with group create
        addRoleBundleGroup(role, bundleGroup);
        addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);

        // allow bundle creation in bg (has create perm)
        Bundle b1 = createBundle(subject, "one", bundleGroup.getId());
        assertNotNull(b1);
        BundleVersion bv1 = createBundleVersion(subject, b1.getName() + "-1", null, b1);
        assertNotNull(bv1);
        ResourceGroup platformResourceGroup = createTestResourceGroup();
        assertNotNull(platformResourceGroup);
        LookupUtil.getRoleManager().addResourceGroupsToRole(overlord, role.getId(),
            new int[] { platformResourceGroup.getId() });

        // allow dest/deploy create (global)
        addRolePermissions(role, Permission.DEPLOY_BUNDLES);
        BundleDestination dest1 = createDestination(subject, b1, "one", "/test", platformResourceGroup);
View Full Code Here
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
        return LookupUtil.getSubjectManager().createSubject(overlord, newSubject);
    }

    private Role createNewRoleForSubject(Subject subject, String roleName) throws Exception {
        Role newRole = new Role(roleName);
        newRole.setFsystem(false);
        newRole.addSubject(subject);

        return LookupUtil.getRoleManager().createRole(overlord, newRole);
    }
View Full Code Here
474
475
476
477
478
479
480
481
482
483
484
485
486
        executeInTransaction(new TransactionCallback() {
            public void execute() throws Exception {
                // Create the test group
                final Subject subject = SessionTestHelper.createNewSubject(em, "testSubject");
                final Role roleWithSubject = SessionTestHelper
                    .createNewRoleForSubject(em, subject, "role with subject");
                roleWithSubject.addPermission(Permission.VIEW_RESOURCE);
                ResourceGroup group = SessionTestHelper.createNewCompatibleGroupForRole(em, roleWithSubject,
                    "accessible group");

                // before adding resources check for EMPTY
                List<ResourceGroupAvailability> avails;
View Full Code Here
161
162
163
164
165
166
167
168
169
170
171
            @Override
            public void execute() throws Exception {

                Subject subject1 = SessionTestHelper.createNewSubject(em, "fake subject 1");
                Subject subject2 = SessionTestHelper.createNewSubject(em, "fake subject 2");
                Role inventoryManagerRole = SessionTestHelper.createNewRoleForSubject(em, subject2,
                    "inventory manager role", Permission.MANAGE_INVENTORY);

                for (int i = 0; i < 1000; i++) {
                    String iStr = String.valueOf(i);
                    savedSearchManager.createSavedSearch(subject1, new SavedSearch(SearchSubsystem.GROUP,
View Full Code Here
251
252
253
254
255
256
257
258
        return criteria;
    }

    private ResourceGroup createResourceGroup() {
        Subject subject = SessionTestHelper.createNewSubject(em, getRandomString());
        Role role = SessionTestHelper.createNewRoleForSubject(em, subject, getRandomString());
        return SessionTestHelper.createNewCompatibleGroupForRole(em, role, getRandomString());
    }
View Full Code Here
66
67
68
69
70
71
72
73
74
75
76
        try {
            EntityManager em = getEntityManager();

            // setup simple test structures
            Subject subject = SessionTestHelper.createNewSubject(em, "subject-ClusterManagerBeanTest");
            Role role = SessionTestHelper.createNewRoleForSubject(em, subject, "role-ClusterManagerBeanTest",
                Permission.MANAGE_INVENTORY);

            ResourceGroup clusterGroup = SessionTestHelper.createNewCompatibleGroupForRole(em, role,
                "clusterGroup-ClusterManagerBeanTest");
View Full Code Here
TOP

Related Classes of org.rhq.core.domain.authz.Role

  • org.rhq.core.domain.bundle.test.BundleGroupTest
  • org.rhq.coregui.client.admin.roles.RoleEditView
  • org.rhq.coregui.client.admin.roles.RolesDataSource
  • org.rhq.enterprise.gui.admin.role.AddLdapGroupsFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.AddResourceGroupsFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.AddUsersFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.ChangeOwnerFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.EditAction
  • org.rhq.enterprise.gui.admin.role.EditFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.NewAction
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.