Esempio n. 1
0
 public boolean execute(Object... objects) throws Exception {
   Map<String, Object> inputMap = (Map<String, Object>) objects[0];
   Map<String, Object> data = (Map<String, Object>) inputMap.get("data");
   String host = (String) data.get("host");
   String source = (String) data.get("source");
   String dest = (String) data.get("desc");
   String error = null;
   Map<String, Object> payload = (Map<String, Object>) inputMap.get("payload");
   Map<String, Object> user = (Map<String, Object>) payload.get("user");
   String userHost = (String) user.get("host");
   OrientGraph graph = ServiceLocator.getInstance().getGraph();
   try {
     Vertex sourceRule = DbService.getVertexByRid(graph, source);
     Vertex destRule = DbService.getVertexByRid(graph, dest);
     if (sourceRule == null || destRule == null) {
       error = "source rule or destination rule doesn't exist";
       inputMap.put("responseCode", 400);
     } else {
       String sourceRuleClass = sourceRule.getProperty("ruleClass");
       String destRuleClass = destRule.getProperty("ruleClass");
       if (userHost != null) {
         if (!userHost.equals(host)) {
           error = "You can only add dependency from host: " + host;
           inputMap.put("responseCode", 403);
         } else {
           // make sure dest ruleClass contains host.
           if (!destRuleClass.contains(host)) {
             error = "Destination rule doesn't belong to the host " + host;
             inputMap.put("responseCode", 403);
           } else {
             // check if there is an depend edge from source to dest
             boolean hasEdge = false;
             for (Edge edge : (Iterable<Edge>) sourceRule.getEdges(Direction.OUT, "Own")) {
               if (edge.getVertex(Direction.IN) == destRule) hasEdge = true;
             }
             if (hasEdge) {
               error = "There is depend edge between source rule and dest rule";
               inputMap.put("responseCode", 400);
             } else {
               Map eventMap = getEventMap(inputMap);
               Map<String, Object> eventData = (Map<String, Object>) eventMap.get("data");
               inputMap.put("eventMap", eventMap);
               eventData.put("sourceRuleClass", sourceRuleClass);
               eventData.put("destRuleClass", destRuleClass);
               eventData.put("content", data.get("content"));
               eventData.put("createDate", new java.util.Date());
               eventData.put("createUserId", user.get("userId"));
             }
           }
         }
       }
     }
   } catch (Exception e) {
     logger.error("Exception:", e);
     throw e;
   } finally {
     graph.shutdown();
   }
   if (error != null) {
     inputMap.put("result", error);
     return false;
   } else {
     return true;
   }
 }
Esempio n. 2
0
  public boolean execute(Object... objects) throws Exception {
    Map<String, Object> inputMap = (Map<String, Object>) objects[0];
    Map<String, Object> data = (Map<String, Object>) inputMap.get("data");
    Map<String, Object> payload = (Map<String, Object>) inputMap.get("payload");
    int inputVersion = (int) data.get("@version");
    String rid = (String) data.get("@rid");
    String ruleClass = (String) data.get("ruleClass");
    String error = null;
    if (payload == null) {
      error = "Login is required";
      inputMap.put("responseCode", 401);
    } else {
      Map<String, Object> user = (Map<String, Object>) payload.get("user");
      List roles = (List) user.get("roles");
      if (!roles.contains("owner") && !roles.contains("admin") && !roles.contains("ruleAdmin")) {
        error = "Role owner or admin or ruleAdmin is required to update access control";
        inputMap.put("responseCode", 403);
      } else {
        String host = (String) user.get("host");
        if (host != null) {
          if (!host.equals(data.get("host"))) {
            error = "You can only update access control for host: " + host;
            inputMap.put("responseCode", 403);
          } else {
            // make sure the ruleClass contains the host.
            if (!ruleClass.contains(host)) {
              // you are not allowed to update access control to the rule as it is not owned by the
              // host.
              error = "ruleClass is not owned by the host: " + host;
              inputMap.put("responseCode", 403);
            }
          }
        } else {
          OrientGraph graph = ServiceLocator.getInstance().getGraph();
          try {
            Vertex access = DbService.getVertexByRid(graph, rid);
            if (access == null) {
              error = "Access control with @rid " + rid + " cannot be found";
              inputMap.put("responseCode", 404);
            } else {
              int storedVersion = access.getProperty("@version");
              if (inputVersion != storedVersion) {
                error =
                    "Updating version "
                        + inputVersion
                        + " doesn't match stored version "
                        + storedVersion;
                inputMap.put("responseCode", 400);
              } else {
                Map eventMap = getEventMap(inputMap);
                Map<String, Object> eventData = (Map<String, Object>) eventMap.get("data");
                inputMap.put("eventMap", eventMap);
                eventData.put("ruleClass", ruleClass);
                String accessLevel = (String) data.get("accessLevel");
                eventData.put("accessLevel", accessLevel);
                List clients = (List) data.get("clients");
                roles = (List) data.get("roles");
                List users = (List) data.get("users");
                switch (accessLevel) {
                  case "A":
                    // Access by anyone, ignore clients, roles and users
                    break;
                  case "N":
                    // Not accessible, ignore clients, roles and users.
                    break;
                  case "C":
                    // client id is in the jwt token like userId and roles.
                    if (clients == null || clients.size() == 0) {
                      error = "Clients are empty for client based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("clients", clients);
                    }
                    break;
                  case "R":
                    // role only
                    if (roles == null || roles.size() == 0) {
                      error = "Roles are empty for role based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("roles", roles);
                    }
                    break;
                  case "U":
                    // user only
                    if (users == null || users.size() == 0) {
                      error = "Users are empty for user based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("users", users);
                    }
                    break;
                  case "CR":
                    // client and role
                    if (clients == null
                        || clients.size() == 0
                        || roles == null
                        || roles.size() == 0) {
                      error = "Clients or roles are empty for client and role based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("clients", clients);
                      eventData.put("roles", roles);
                    }
                    break;
                  case "CU":
                    // client and user
                    if (clients == null
                        || clients.size() == 0
                        || users == null
                        || users.size() == 0) {
                      error = "Clients or users are empty for client and user based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("clients", clients);
                      eventData.put("users", users);
                    }
                    break;
                  case "RU":
                    // role and user
                    if (roles == null || roles.size() == 0 || users == null || users.size() == 0) {
                      error = "Roles or users are empty for role and user based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("roles", roles);
                      eventData.put("users", users);
                    }
                    break;
                  case "CRU":
                    // client, role and user
                    if (clients == null
                        || clients.size() == 0
                        || roles == null
                        || roles.size() == 0
                        || users == null
                        || users.size() == 0) {
                      error =
                          "Clients, roles or users are empty for client, role and user based access control";
                      inputMap.put("responseCode", 400);
                    } else {
                      eventData.put("clients", clients);
                      eventData.put("roles", roles);
                      eventData.put("users", users);
                    }
                    break;
                  default:
                    logger.error("Invalid Access Level: " + accessLevel);
                }
                eventData.put("updateDate", new java.util.Date());
                eventData.put("updateUserId", user.get("userId"));
              }
            }

          } catch (Exception e) {
            logger.error("Exception:", e);
            throw e;
          } finally {
            graph.shutdown();
          }
        }
      }
    }
    if (error != null) {
      inputMap.put("result", error);
      return false;
    } else {
      return true;
    }
  }