コード例 #1
0
ファイル: SecurityTest.java プロジェクト: sara62/orientdb
  public void testParentRole() {
    database.open("admin", "admin");

    final OSecurity security = database.getMetadata().getSecurity();
    ORole writer = security.getRole("writer");

    ORole writerChild =
        security.createRole("writerChild", writer, OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
    writerChild.save();

    ORole writerGrandChild =
        security.createRole(
            "writerGrandChild", writerChild, OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
    writerGrandChild.save();

    OUser child = security.createUser("writerChild", "writerChild", writerGrandChild);
    child.save();

    Assert.assertTrue(child.hasRole("writer", true));
    Assert.assertFalse(child.hasRole("wrter", true));

    database.close();
    if (!(database.getStorage() instanceof OStorageProxy)) {
      database.open("writerChild", "writerChild");

      OSecurityUser user = database.getUser();
      Assert.assertTrue(user.hasRole("writer", true));
      Assert.assertFalse(user.hasRole("wrter", true));

      database.close();
    }
  }
コード例 #2
0
 public void createRole(String roleName) {
   OSecurity security = graph.getRawGraph().getMetadata().getSecurity();
   if (security.getRole(roleName) == null) {
     ORole role = security.createRole(roleName, ALLOW_MODES.ALLOW_ALL_BUT);
     //			role.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME,
     // ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_ALL);
     //			role.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_ALL);
     role.getDocument().field("type", "template");
     role.save();
   }
 }