public static void dropOrientDefault() {
Logger.trace("Method Start");
OGraphDatabase db = DbHelper.getConnection();
db.getMetadata().getSecurity().dropUser("reader");
db.getMetadata().getSecurity().dropUser("writer");
db.getMetadata().getSecurity().dropRole("reader");
db.getMetadata().getSecurity().dropRole("writer");
Logger.trace("Method End");
}
public static void createDefaultUsers() throws Exception {
Logger.trace("Method Start");
// the baasbox default user used to connect to the DB like anonymous user
String username = BBConfiguration.getBaasBoxUsername();
String password = BBConfiguration.getBaasBoxPassword();
UserService.signUp(
username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null);
OGraphDatabase db = DbHelper.getConnection();
OUser admin = db.getMetadata().getSecurity().getUser("admin");
admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD));
admin.save();
Logger.trace("Method End");
}
public static void createDefaultRoles() {
Logger.trace("Method Start");
OGraphDatabase db = DbHelper.getConnection();
final ORole anonymousUserRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
anonymousUserRole.save();
final ORole registeredUserRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
registeredUserRole.save();
final ORole backOfficeRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
backOfficeRole.save();
registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.SCHEMA,
ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
backOfficeRole.addRule(
ODatabaseSecurityResources.SCHEMA,
ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
backOfficeRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
backOfficeRole.addRule(
ODatabaseSecurityResources.BYPASS_RESTRICTED,
ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records
anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
anonymousUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7);
anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);
anonymousUserRole.save();
registeredUserRole.save();
Logger.trace("Method End");
}
