Skip to content

Commit

Permalink
Merge pull request #2781 from zlamalp/rights
Browse files Browse the repository at this point in the history 
CORE: Allow SELF role to read/write on Resource attributes
  • Loading branch information
@zlamalp
zlamalp committed Jul 9, 2020
1 parent 75c6d7d commit fdd07a7
Showing 1 changed file with 27 additions and 9 deletions.
36 changes: 27 additions & 9 deletions perun-core/src/main/java/cz/metacentrum/perun/core/blImpl/AuthzResolverBlImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;

Expand Down Expand Up @@ -307,7 +308,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
if (sess.getPerunPrincipal().getUser() != null) {
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());
for (Member userMember : principalUserMembers) {
if (userMember.getVoId() == attributeMemberVo.getId() && userMember.getStatus() == Status.VALID) {
if (userMember.getVoId() == attributeMemberVo.getId() && Objects.equals(userMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -387,7 +388,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act

for (Member attributeUserMember : attributeUserMembers) {
for (Member principalUserMember : principalUserMembers) {
if (attributeUserMember.getVoId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (attributeUserMember.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -469,7 +470,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
if (sess.getPerunPrincipal().getUser() != null) {
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());
for (Member principalUserMember : principalUserMembers) {
if (member.getVoId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (member.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -508,7 +509,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act

for (Member attributeUserMember : attributeUserMembers) {
for (Member principalUserMember : principalUserMembers) {
if (attributeUserMember.getVoId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (attributeUserMember.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -572,7 +573,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());

for (Member principalUserMember : principalUserMembers) {
if (member.getVoId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (member.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -638,7 +639,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
if (sess.getPerunPrincipal().getUser() != null) {
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());
for (Member principalUserMember : principalUserMembers) {
if (vo.getId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (vo.getId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -688,7 +689,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
if (sess.getPerunPrincipal().getUser() != null) {
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());
for (Member principalUserMember : principalUserMembers) {
if (group.getVoId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (group.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down Expand Up @@ -738,7 +739,24 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act
if (isAuthorized(sess, Role.GROUPADMIN, g)) return true;
}
}
// if (roles.containsKey(Role.SELF)) ; //Not allowed
if (roles.containsKey(Role.SELF)) {
if (roles.get(Role.SELF).contains(ActionType.READ_PUBLIC) || roles.get(Role.SELF).contains(ActionType.WRITE_PUBLIC)) return true;
if (roles.get(Role.SELF).contains(ActionType.READ_VO) || roles.get(Role.SELF).contains(ActionType.WRITE_VO)) {
if (sess.getPerunPrincipal().getUser() != null) {
List<Member> principalUserMembers = getPerunBl().getMembersManagerBl().getMembersByUser(sess, sess.getPerunPrincipal().getUser());
for (Member principalUserMember : principalUserMembers) {
if (resource.getVoId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
}
}
if (roles.get(Role.SELF).contains(ActionType.READ) || roles.get(Role.SELF).contains(ActionType.WRITE)) {
if (sess.getPerunPrincipal().getUser() != null) {
return getPerunBl().getResourcesManagerBl().isUserAssigned(sess, sess.getPerunPrincipal().getUser(), resource);
}
}
}

return false;
}
Expand Down Expand Up @@ -792,7 +810,7 @@ public static boolean isAuthorizedForAttribute(PerunSession sess, ActionType act

for (Vo attributeFacilityVo : attributeFacilityVos) {
for (Member principalUserMember : principalUserMembers) {
if (attributeFacilityVo.getId() == principalUserMember.getVoId() && principalUserMember.getStatus() == Status.VALID) {
if (attributeFacilityVo.getId() == principalUserMember.getVoId() && Objects.equals(principalUserMember.getStatus(), Status.VALID)) {
return true;
}
}
Expand Down

0 comments on commit fdd07a7

Please sign in to comment.