Skip to content

Commit

Permalink
Working on resource permissions serializatino
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Nied <[email protected]>
  • Loading branch information
peternied committed Dec 19, 2023
1 parent aa0915a commit 1fb29ad
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,7 @@ public static class Role implements ToXContentObject {
private List<String> clusterPermissions = new ArrayList<>();

private List<IndexPermission> indexPermissions = new ArrayList<>();
private List<String, User> resourcePermissions;

public Role(String name) {
this.name = name;
Expand Down Expand Up @@ -384,6 +385,10 @@ public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params
xContentBuilder.field("index_permissions", indexPermissions);
}

if (!resourcePermissions.isEmpty()) {
xContentBuilder.field("resource_permissions", resourcePermissions);
}

xContentBuilder.endObject();
return xContentBuilder;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ public SecurityRole call() throws Exception {

final Set<String> permittedClusterActions = agr.resolvedActions(securityRole.getValue().getCluster_permissions());
_securityRole.addClusterPerms(permittedClusterActions);
_securityRole.addResourcePermissions(null)

/*for(RoleV7.Tenant tenant: securityRole.getValue().getTenant_permissions()) {
Expand Down Expand Up @@ -566,7 +567,7 @@ private boolean containsDlsFlsConfig() {

@Override
public boolean hasResourcePermission(final String resourceType, final String resourceId) {
for (SecurityRole role : roles) {
for (final SecurityRole role : roles) {
final ResourcePermission resourcePermission = role.resourcePermissions.get(resourceType);
if (resourcePermission != null && resourcePermission.permmittedResourceIds.contains(resourceId)) {
return true;
Expand All @@ -586,6 +587,7 @@ public static final class Builder {
private final String name;
private final Set<String> clusterPerms = new HashSet<>();
private final Set<IndexPattern> ipatterns = new HashSet<>();
private final Set<ResourcePermission> resourcePermissions = new HashSet<>();

public Builder(String name) {
this.name = Objects.requireNonNull(name);
Expand All @@ -603,16 +605,24 @@ public Builder addClusterPerms(Collection<String> clusterPerms) {
return this;
}

public Builder addResourcePermissions(final Set<ResourcePermission> resourcePermissions) {
if (resourcePermissions != null) {
this.resourcePermissions.addAll(resourcePermissions);
}
return this;
}

public SecurityRole build() {
return new SecurityRole(name, ipatterns, WildcardMatcher.from(clusterPerms));
var resourcePermissionMap = this.resourcePermissions.stream().collect(Collectors.toMap(ResourcePermission::getResourceType, Function.identity()));
return new SecurityRole(name, ipatterns, WildcardMatcher.from(clusterPerms), resourcePermissionMap);
}
}

private SecurityRole(String name, Set<IndexPattern> ipatterns, WildcardMatcher clusterPerms) {
private SecurityRole(String name, Set<IndexPattern> ipatterns, WildcardMatcher clusterPerms, Map<String, ResourcePermission> resourcePermission) {
this.name = Objects.requireNonNull(name);
this.ipatterns = ipatterns;
this.clusterPerms = clusterPerms;
this.resourcePermissions = new HashMap<String, ResourcePermission>();
this.resourcePermissions = resourcePermission;
}

private boolean impliesClusterPermission(String action) {
Expand Down Expand Up @@ -741,6 +751,14 @@ public ResourcePermission(final String resourceType, final List<String> resource
this.resourceType = resourceType;
this.permmittedResourceIds = new HashSet<>(resourceIds);
}

public String getResourceType() {
return resourceType;
}

public Set<String> getPermittedResourceIds() {
return permmittedResourceIds;
}
}

// sg roles
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,5 @@ Set<String> getAllPermittedIndicesForDashboards(

SecurityRoles filter(Set<String> roles);

boolean hasResourcePermission(final String resourceType, final String resourceId)
boolean hasResourcePermission(final String resourceType, final String resourceId);
}
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public class RoleV7 implements Hideable, StaticDefinable {
private List<String> cluster_permissions = Collections.emptyList();
private List<Index> index_permissions = Collections.emptyList();
private List<Tenant> tenant_permissions = Collections.emptyList();
private List<ResourcePermission> resource_permissions = Collections.emptyList();

public RoleV7() {

Expand Down Expand Up @@ -225,6 +226,22 @@ public String toString() {

}

public static class ResourcePermission {
private String resourceType;
private List<String> resource_ids = Collections.emptyList();

public ResourcePermission() {
}

public List<String> getResource_ids() {
return resource_ids;
}

public void setResource_ids(List<String> resource_ids) {
this.resource_ids = resource_ids;
}
}

public boolean isHidden() {
return hidden;
}
Expand Down Expand Up @@ -299,6 +316,8 @@ public String toString() {
+ index_permissions
+ ", tenant_permissions="
+ tenant_permissions
+ ", resource_permissions="
+ resource_permissions
+ "]";
}

Expand Down

0 comments on commit 1fb29ad

Please sign in to comment.