nheron/kie-platform
nheron/kie-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow only users with a user group that gives access to the Workbench #96

Browse source
This commit is contained in:
nheron 2020-11-24 11:42:05 +01:00
commit ef34216947
5 changed files with 154 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

13
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-kie-wb-rest-pojo/src/main/java/org/chtijbug/guvnor/server/jaxrs/model/WorkspaceAuthData.java Normal file
View file

@ -0,0 +1,13 @@
package org.chtijbug.guvnor.server.jaxrs.model;
public class WorkspaceAuthData {
private String status;
public String getStatus() {
return status;
}
public void setStatus(String status) {
this.status = status;
}
}

122
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-drools-framework-rest-backend/src/main/java/org/chtijbug/kie/rest/backend/PackageResource.java
View file

@ -6,6 +6,7 @@ import org.chtijbug.guvnor.server.jaxrs.jaxb.Asset;
import org.chtijbug.guvnor.server.jaxrs.jaxb.Package;
import org.chtijbug.guvnor.server.jaxrs.model.DependencyData;
import org.chtijbug.guvnor.server.jaxrs.model.PlatformProjectData;
import org.chtijbug.guvnor.server.jaxrs.model.WorkspaceAuthData;
import org.chtijbug.kie.rest.backend.service.AssetService;
import org.guvnor.common.services.project.model.GAV;
import org.guvnor.common.services.project.model.POM;
@ -17,18 +18,24 @@ import org.guvnor.structure.organizationalunit.OrganizationalUnitService;
import org.guvnor.structure.repositories.Branch;
import org.guvnor.structure.repositories.Repository;
import org.guvnor.structure.repositories.RepositoryService;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.kie.workbench.common.screens.datamodeller.service.DataModelerService;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.authz.AuthorizationPolicyStorage;
import org.uberfire.backend.authz.AuthorizationService;
import org.uberfire.backend.events.AuthorizationPolicySavedEvent;
import org.uberfire.io.IOService;
import org.uberfire.java.nio.base.options.CommentedOption;
import org.uberfire.java.nio.file.DirectoryStream;
import org.uberfire.java.nio.file.Paths;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.impl.authz.AuthorizationPolicyBuilder;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.*;
@ -37,6 +44,7 @@ import java.io.File;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.FileAlreadyExistsException;
import java.security.Principal;
import java.util.*;
@Path("/chtijbug")
@ -76,6 +84,11 @@ public class PackageResource {
@Inject
private UserManagementResourceHelper userManagementResourceHelper;
@Inject
private AuthorizationPolicyStorage authorizationPolicyStorage;
@Inject
private Event<AuthorizationPolicySavedEvent> savedEvent;
public PackageResource() {
System.out.println("coucou");
}
@ -96,6 +109,7 @@ public class PackageResource {
return userLoginInformation;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/content")
@ -113,6 +127,7 @@ public class PackageResource {
return userLoginInformation;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/detailedSpaces")
@ -150,7 +165,6 @@ public class PackageResource {
}
@GET
@Path("{organizationalUnitName}/{projectName}/assets")
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@ -354,7 +368,7 @@ public class PackageResource {
}
} else {//
if (isCreate) {
String targetName = projectName.replace("-","_").replace(" ","_");
String targetName = projectName.replace("-", "_").replace(" ", "_");
org.uberfire.java.nio.file.Path ressourcesPath = nioPath.resolve("src/main/resources");
DirectoryStream<org.uberfire.java.nio.file.Path> directoryStreamBase = ioService.newDirectoryStream(ressourcesPath);
org.uberfire.java.nio.file.Path directoryWhereCreateAsset = assetService.getRuleDirectoryByName(directoryStreamBase, targetName);
@ -421,16 +435,16 @@ public class PackageResource {
org.uberfire.java.nio.file.Path nioPath = Paths.get(pomPath.toURI());
String pomContent = ioService.readAllString(nioPath);
int dependInt = pomContent.indexOf("/dependencies");
String newPomContent = pomContent.substring(0, dependInt - 1) + stringBuilder.toString() + pomContent.substring(dependInt-1, pomContent.length());
String newPomContent = pomContent.substring(0, dependInt - 1) + stringBuilder.toString() + pomContent.substring(dependInt - 1, pomContent.length());
CommentedOption commentedOption = new CommentedOption("Added from rest");
ioService.write(nioPath, newPomContent.getBytes(), commentedOption);
if (request.getkModule()!= null ) {
String kbase="kbase";
if (request.getkModule().getKbase()!=null
&& !request.getkModule().getKbase().isEmpty()){
kbase=request.getkModule().getKbase();
if (request.getkModule() != null) {
String kbase = "kbase";
if (request.getkModule().getKbase() != null
&& !request.getkModule().getKbase().isEmpty()) {
kbase = request.getkModule().getKbase();
}
String basePackage = pom.getGav().getGroupId() + "."+projectName.replace("-", "_");
String basePackage = pom.getGav().getGroupId() + "." + projectName.replace("-", "_");
org.uberfire.backend.vfs.Path rootPath = project.getRootPath();
org.uberfire.java.nio.file.Path nioRootPath = Paths.get(rootPath.toURI());
@ -451,8 +465,8 @@ public class PackageResource {
kModuleBuilder.append("\t").append("\t").append(" <ksession name=\"session-extension\" type=\"stateful\" default=\"false\" clockType=\"realtime\"/>").append("\n");
kModuleBuilder.append("\t").append("</kbase>").append("\n");
kModuleBuilder.append("</kmodule>").append("\n");
kmoduleContent=kModuleBuilder.toString();
CommentedOption commentedOption2= new CommentedOption("Added from rest");
kmoduleContent = kModuleBuilder.toString();
CommentedOption commentedOption2 = new CommentedOption("Added from rest");
ioService.write(kmodulePath, kmoduleContent.getBytes(), commentedOption2);
logger.info("Kmodule updated");
}
@ -466,21 +480,89 @@ public class PackageResource {
}
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/auth")
public AuthorizationPolicy getAuth() {
Principal Principam = sc.getUserPrincipal();
AuthorizationPolicy authorizationPolicy = this.permissionManager.getAuthorizationPolicy();
return authorizationPolicy;
return authorizationPolicy;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/auth2")
public AuthorizationPolicy getAuth2() {
AuthorizationPolicyBuilder tata = this.permissionManager.newAuthorizationPolicy();
AuthorizationPolicy authorizationPolicy = this.permissionManager.getAuthorizationPolicy();
return authorizationPolicy;
@POST
@Produces(MediaType.APPLICATION_JSON)
@Path("/auth/{groupName}/{organisationUnit}")
public Response createGroupAuthorization(@Context HttpHeaders headers,
@PathParam("groupName") String groupName,
@PathParam("organisationUnit") String organisationUnit) {
Group targetGroup = null;
AuthorizationPolicy storedPolicies = this.authorizationPolicyStorage.loadPolicy();
for (Group group : storedPolicies.getGroups()) {
if (group.getName().equals(groupName)) {
targetGroup = group;
}
}
if (targetGroup == null) {
targetGroup = new GroupImpl(groupName);
AuthorizationPolicyBuilder groupPermissionBuilder = permissionManager.newAuthorizationPolicy().group(groupName);
groupPermissionBuilder = groupPermissionBuilder.permission("editor.read", true);
// groupPermissionBuilder = groupPermissionBuilder.permission("dataobject.edit", true);
//groupPermissionBuilder = groupPermissionBuilder.permission("editor.read.BPMNDiagramEditor", true);
//groupPermissionBuilder = groupPermissionBuilder.permission("editor.read.CaseManagementDiagramEditor", true);
//groupPermissionBuilder = groupPermissionBuilder.permission("editor.read.GuidedDecisionTreeEditorPresenter", true);
//groupPermissionBuilder = groupPermissionBuilder.permission("editor.read.GuidedScoreCardEditor", true);
//groupPermissionBuilder = groupPermissionBuilder.permission("editor.read.ScoreCardXLSEditor", true);
groupPermissionBuilder = groupPermissionBuilder.permission("globalExperimentalFeatures.edit", true);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "globalpreferences.edit", false);
groupPermissionBuilder = groupPermissionBuilder.permission("guideddecisiontable.edit.columns", true);
groupPermissionBuilder = groupPermissionBuilder.permission("jar.download", true);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "orgunit.create", false);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "orgunit.delete", false);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "orgunit.read", false);
groupPermissionBuilder = groupPermissionBuilder.permission("orgunit.read." + organisationUnit, true);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "orgunit.update", false);
groupPermissionBuilder = groupPermissionBuilder.permission("orgunit.update." + organisationUnit, true);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "perspective.create", false);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "perspective.delete", false);
groupPermissionBuilder = groupPermissionBuilder.permission("perspective.read", true);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "perspective.update", false);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "planner.available", false);
// groupPermissionBuilder = groupPermissionBuilder.permission(groupPermissionbase + "profilepreferences.edit", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.build", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.create", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.delete", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.read", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.release", false);
groupPermissionBuilder = groupPermissionBuilder.permission("project.update", false);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.build", true);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.configure", true);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.create", true);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.delete", true);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.read", true);
groupPermissionBuilder = groupPermissionBuilder.permission("repository.update", true);
//groupPermissionBuilder = groupPermissionBuilder.priority(-10);
for (Permission p : groupPermissionBuilder.build().getPermissions(targetGroup).collection()) {
storedPolicies.addPermission(targetGroup, p);
}
storedPolicies.setHomePerspective(targetGroup,"AuthoringPerspective");
storedPolicies.setPriority(targetGroup,-10);
this.authorizationPolicyStorage.savePolicy(storedPolicies);
permissionManager.setAuthorizationPolicy(storedPolicies);
savedEvent.fire(new AuthorizationPolicySavedEvent(storedPolicies));
} else {
}
WorkspaceAuthData result=new WorkspaceAuthData();
return Response.status(Response.Status.OK).entity(result).build();
}
}