Beispiel #1
0
  public static void createDefaultUsers() {
    try {
      // the baasbox default user used to connect to the DB like anonymous user
      String username = BBConfiguration.getBaasBoxUsername();
      String password = BBConfiguration.getBaasBoxPassword();
      UserService.signUp(
          username,
          password,
          new Date(),
          DefaultRoles.ANONYMOUS_USER.toString(),
          null,
          null,
          null,
          null,
          false);

      // the baasbox default user used to act internally as the administrator
      username = BBConfiguration.getBaasBoxAdminUsername();
      password = BBConfiguration.getBaasBoxAdminPassword();
      UserService.signUp(
          username,
          password,
          new Date(),
          DefaultRoles.ADMIN.toString(),
          null,
          null,
          null,
          null,
          false);

      moveUserToRole("admin", DefaultRoles.BASE_ADMIN.toString(), DefaultRoles.ADMIN.toString());
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
Beispiel #2
0
 public static void createDefaultUsers() throws Exception {
   Logger.trace("Method Start");
   // the baasbox default user used to connect to the DB like anonymous user
   String username = BBConfiguration.getBaasBoxUsername();
   String password = BBConfiguration.getBaasBoxPassword();
   UserService.signUp(
       username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null);
   OGraphDatabase db = DbHelper.getConnection();
   OUser admin = db.getMetadata().getSecurity().getUser("admin");
   admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD));
   admin.save();
   Logger.trace("Method End");
 }
Beispiel #3
0
  public static ODocument updateProfile(
      ODocument profile,
      JsonNode nonAppUserAttributes,
      JsonNode privateAttributes,
      JsonNode friendsAttributes,
      JsonNode appUsersAttributes)
      throws Exception {
    if (nonAppUserAttributes != null) {
      ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
      if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
      attrObj.fromJSON(nonAppUserAttributes.toString());
      PermissionsHelper.grantRead(
          attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
      PermissionsHelper.grantRead(attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
      PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
      profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj);
      attrObj.save();
    }
    if (privateAttributes != null) {
      ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
      if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
      attrObj.fromJSON(privateAttributes.toString());
      PermissionsHelper.grant(
          attrObj, Permissions.ALLOW, getOUserByUsername(getUsernameByProfile(profile)));
      profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj);
      attrObj.save();
    }
    if (friendsAttributes != null) {
      ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
      if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
      attrObj.fromJSON(friendsAttributes.toString());
      PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
      profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj);
      attrObj.save();
    }
    if (appUsersAttributes != null) {
      ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);
      if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
      attrObj.fromJSON(appUsersAttributes.toString());
      PermissionsHelper.grantRead(
          attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
      PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
      profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj);
      attrObj.save();
    }

    profile.save();
    return profile;
  }
Beispiel #4
0
  public static void createDefaultRoles() {
    Logger.trace("Method Start");
    OGraphDatabase db = DbHelper.getConnection();
    final ORole anonymousUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    anonymousUserRole.save();
    final ORole registeredUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    registeredUserRole.save();

    final ORole backOfficeRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    backOfficeRole.save();

    registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);

    backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.BYPASS_RESTRICTED,
        ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records

    anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7);
    anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);

    anonymousUserRole.save();
    registeredUserRole.save();
    Logger.trace("Method End");
  }
Beispiel #5
0
  public static ODocument signUp(
      String username,
      String password,
      Date signupDate,
      String role,
      JsonNode nonAppUserAttributes,
      JsonNode privateAttributes,
      JsonNode friendsAttributes,
      JsonNode appUsersAttributes,
      boolean generated)
      throws OSerializationException, Exception {

    ODatabaseRecordTx db = DbHelper.getConnection();
    ODocument profile = null;
    UserDao dao = UserDao.getInstance();
    try {
      // because we have to create an OUser record and a User Object, we need a transaction

      DbHelper.requestTransaction();

      if (role == null) profile = dao.create(username, password);
      else profile = dao.create(username, password, role);

      ORID userRid = ((ODocument) profile.field("user")).getIdentity();
      ORole friendRole = RoleDao.createFriendRole(username);
      friendRole.getDocument().field(RoleService.FIELD_ASSIGNABLE, true);
      friendRole.getDocument().field(RoleService.FIELD_MODIFIABLE, false);
      friendRole.getDocument().field(RoleService.FIELD_INTERNAL, true);
      friendRole
          .getDocument()
          .field(RoleService.FIELD_DESCRIPTION, "These are friends of " + username);

      /*    these attributes are visible by:
       *    Anonymous users
       *    Registered user
       *    Friends
       *    User
       */

      // anonymous
      {
        ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
        try {
          if (nonAppUserAttributes != null) attrObj.fromJSON(nonAppUserAttributes.toString());
          else attrObj.fromJSON("{}");
        } catch (OSerializationException e) {
          throw new OSerializationException(
              dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER + " is not a valid JSON object", e);
        }
        PermissionsHelper.grantRead(
            attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
        PermissionsHelper.grantRead(
            attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
        PermissionsHelper.grantRead(attrObj, friendRole);
        PermissionsHelper.changeOwner(attrObj, userRid);
        profile.field(dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj);
        attrObj.save();
      }

      /*    these attributes are visible by:
       *    User
       */
      {
        ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
        try {
          if (privateAttributes != null) attrObj.fromJSON(privateAttributes.toString());
          else attrObj.fromJSON("{}");
        } catch (OSerializationException e) {
          throw new OSerializationException(
              dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER + " is not a valid JSON object", e);
        }
        profile.field(dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj);
        PermissionsHelper.changeOwner(attrObj, userRid);
        attrObj.save();
      }

      /*    these attributes are visible by:
       *    Friends
       *    User
       */
      {
        ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
        try {
          if (friendsAttributes != null) attrObj.fromJSON(friendsAttributes.toString());
          else attrObj.fromJSON("{}");
        } catch (OSerializationException e) {
          throw new OSerializationException(
              dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER + " is not a valid JSON object", e);
        }
        PermissionsHelper.grantRead(attrObj, friendRole);
        PermissionsHelper.changeOwner(attrObj, userRid);
        profile.field(dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj);
        attrObj.save();
      }

      /*    these attributes are visible by:
       *    Registered user
       *    Friends
       *    User
       */
      {
        ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
        try {
          if (appUsersAttributes != null) attrObj.fromJSON(appUsersAttributes.toString());
          else attrObj.fromJSON("{}");
        } catch (OSerializationException e) {
          throw new OSerializationException(
              dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER + " is not a valid JSON object", e);
        }
        PermissionsHelper.grantRead(
            attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
        PermissionsHelper.changeOwner(attrObj, userRid);
        profile.field(dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj);
        attrObj.save();
      }

      ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
      attrObj.field(dao.USER_LOGIN_INFO, new ArrayList());
      attrObj.field(UserDao.GENERATED_USERNAME, generated);
      PermissionsHelper.grantRead(
          attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
      PermissionsHelper.changeOwner(attrObj, userRid);
      profile.field(dao.ATTRIBUTES_SYSTEM, attrObj);

      PermissionsHelper.grantRead(
          profile, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
      PermissionsHelper.grantRead(profile, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
      PermissionsHelper.changeOwner(profile, userRid);

      profile.field(dao.USER_SIGNUP_DATE, signupDate == null ? new Date() : signupDate);
      profile.save();

      DbHelper.commitTransaction();
    } catch (OSerializationException e) {
      DbHelper.rollbackTransaction();
      throw e;
    } catch (Exception e) {
      DbHelper.rollbackTransaction();
      throw e;
    }
    return profile;
  } // signUp
Beispiel #6
0
  /**
   * * Creates an entry into the ODocument-Collection and create a new Class named "collectionName"
   *
   * @param collectionName
   * @return an ODocument instance representing the collection
   * @throws CollectionAlreadyExistsException
   * @throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException,
   *     InvalidModelException, Throwable
   */
  public ODocument create(String collectionName)
      throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException,
          InvalidModelException, Throwable {
    if (DbHelper.isInTransaction())
      throw new OpenTransactionException("Cannot create a collection within an open transaction");
    if (Logger.isTraceEnabled()) Logger.trace("Method Start");

    if (Character.isDigit(collectionName.charAt(0))) {
      throw new InvalidCollectionException("Collection names cannot start by a digit");
    }
    if (collectionName.contains(";")) {
      throw new InvalidCollectionException("Collection cannot contain ;");
    }
    if (collectionName.contains(":")) {
      throw new InvalidCollectionException("Collection cannot contain :");
    }
    if (collectionName.contains(".")) {
      throw new InvalidCollectionException("Collection cannot contain .");
    }
    if (collectionName.contains("@")) {
      throw new InvalidCollectionException("Collection cannot contain @");
    }
    if (collectionName.startsWith("_")) {
      throw new InvalidCollectionException("Collection cannot start with _");
    }
    if (!collectionName.matches(COLLECTION_NAME_REGEX)) {
      throw new InvalidCollectionException(
          "Collection name must be complaint with the regular expression: "
              + COLLECTION_NAME_REGEX);
    }
    if (collectionName.toUpperCase().startsWith("_BB_")) {
      throw new InvalidCollectionException(
          "Collection name is not valid: it can't be prefixed with _BB_");
    }
    try {
      if (existsCollection(collectionName))
        throw new CollectionAlreadyExistsException(
            "Collection " + collectionName + " already exists");
    } catch (SqlInjectionException e) {
      throw new InvalidCollectionException(e);
    }
    ODocument doc = super.create();
    doc.field("name", collectionName);

    save(doc);

    // create new class
    OClass documentClass = db.getMetadata().getSchema().getClass(CLASS_NODE_NAME);
    db.getMetadata().getSchema().createClass(collectionName, documentClass);

    // grants to the new class
    ORole registeredRole = RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString());
    ORole anonymousRole = RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString());
    registeredRole.addRule(
        ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_ALL);
    registeredRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_ALL);
    anonymousRole.addRule(
        ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_READ);
    anonymousRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_READ);
    PermissionsHelper.grantRead(doc, registeredRole);
    PermissionsHelper.grantRead(doc, anonymousRole);
    if (Logger.isTraceEnabled()) Logger.trace("Method End");
    return doc;
  } // getNewModelInstance(String collectionName)