Beispiel #1
0
 public static void dropOrientDefault() {
   Logger.trace("Method Start");
   OGraphDatabase db = DbHelper.getConnection();
   db.getMetadata().getSecurity().dropUser("reader");
   db.getMetadata().getSecurity().dropUser("writer");
   db.getMetadata().getSecurity().dropRole("reader");
   db.getMetadata().getSecurity().dropRole("writer");
   Logger.trace("Method End");
 }
Beispiel #2
0
 public static void createDefaultUsers() throws Exception {
   Logger.trace("Method Start");
   // the baasbox default user used to connect to the DB like anonymous user
   String username = BBConfiguration.getBaasBoxUsername();
   String password = BBConfiguration.getBaasBoxPassword();
   UserService.signUp(
       username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null);
   OGraphDatabase db = DbHelper.getConnection();
   OUser admin = db.getMetadata().getSecurity().getUser("admin");
   admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD));
   admin.save();
   Logger.trace("Method End");
 }
Beispiel #3
0
  public static void createDefaultRoles() {
    Logger.trace("Method Start");
    OGraphDatabase db = DbHelper.getConnection();
    final ORole anonymousUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    anonymousUserRole.save();
    final ORole registeredUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    registeredUserRole.save();

    final ORole backOfficeRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    backOfficeRole.save();

    registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);

    backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.BYPASS_RESTRICTED,
        ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records

    anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7);
    anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);

    anonymousUserRole.save();
    registeredUserRole.save();
    Logger.trace("Method End");
  }