public static void createDefaultUsers() { try { // the baasbox default user used to connect to the DB like anonymous user String username = BBConfiguration.getBaasBoxUsername(); String password = BBConfiguration.getBaasBoxPassword(); UserService.signUp( username, password, new Date(), DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null, false); // the baasbox default user used to act internally as the administrator username = BBConfiguration.getBaasBoxAdminUsername(); password = BBConfiguration.getBaasBoxAdminPassword(); UserService.signUp( username, password, new Date(), DefaultRoles.ADMIN.toString(), null, null, null, null, false); moveUserToRole("admin", DefaultRoles.BASE_ADMIN.toString(), DefaultRoles.ADMIN.toString()); } catch (Exception e) { throw new RuntimeException(e); } }
public static void createDefaultUsers() throws Exception { Logger.trace("Method Start"); // the baasbox default user used to connect to the DB like anonymous user String username = BBConfiguration.getBaasBoxUsername(); String password = BBConfiguration.getBaasBoxPassword(); UserService.signUp( username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null); OGraphDatabase db = DbHelper.getConnection(); OUser admin = db.getMetadata().getSecurity().getUser("admin"); admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD)); admin.save(); Logger.trace("Method End"); }
public static ODocument updateProfile( ODocument profile, JsonNode nonAppUserAttributes, JsonNode privateAttributes, JsonNode friendsAttributes, JsonNode appUsersAttributes) throws Exception { if (nonAppUserAttributes != null) { ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER); if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS); attrObj.fromJSON(nonAppUserAttributes.toString()); PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.grantRead(attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString())); PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole()); profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj); attrObj.save(); } if (privateAttributes != null) { ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER); if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS); attrObj.fromJSON(privateAttributes.toString()); PermissionsHelper.grant( attrObj, Permissions.ALLOW, getOUserByUsername(getUsernameByProfile(profile))); profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj); attrObj.save(); } if (friendsAttributes != null) { ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER); if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS); attrObj.fromJSON(friendsAttributes.toString()); PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole()); profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj); attrObj.save(); } if (appUsersAttributes != null) { ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER); if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS); attrObj.fromJSON(appUsersAttributes.toString()); PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole()); profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj); attrObj.save(); } profile.save(); return profile; }
public static void createDefaultRoles() { Logger.trace("Method Start"); OGraphDatabase db = DbHelper.getConnection(); final ORole anonymousUserRole = db.getMetadata() .getSecurity() .createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT); anonymousUserRole.save(); final ORole registeredUserRole = db.getMetadata() .getSecurity() .createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT); registeredUserRole.save(); final ORole backOfficeRole = db.getMetadata() .getSecurity() .createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT); backOfficeRole.save(); registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ); registeredUserRole.addRule( ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE); registeredUserRole.addRule( ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); registeredUserRole.addRule( ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ); registeredUserRole.addRule( ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ); registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL); registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL); registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL); registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL); backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ); backOfficeRole.addRule( ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE); backOfficeRole.addRule( ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ); backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ); backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL); backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL); backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL); backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL); backOfficeRole.addRule( ODatabaseSecurityResources.BYPASS_RESTRICTED, ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ); anonymousUserRole.addRule( ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7); anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ); anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ); anonymousUserRole.save(); registeredUserRole.save(); Logger.trace("Method End"); }
public static ODocument signUp( String username, String password, Date signupDate, String role, JsonNode nonAppUserAttributes, JsonNode privateAttributes, JsonNode friendsAttributes, JsonNode appUsersAttributes, boolean generated) throws OSerializationException, Exception { ODatabaseRecordTx db = DbHelper.getConnection(); ODocument profile = null; UserDao dao = UserDao.getInstance(); try { // because we have to create an OUser record and a User Object, we need a transaction DbHelper.requestTransaction(); if (role == null) profile = dao.create(username, password); else profile = dao.create(username, password, role); ORID userRid = ((ODocument) profile.field("user")).getIdentity(); ORole friendRole = RoleDao.createFriendRole(username); friendRole.getDocument().field(RoleService.FIELD_ASSIGNABLE, true); friendRole.getDocument().field(RoleService.FIELD_MODIFIABLE, false); friendRole.getDocument().field(RoleService.FIELD_INTERNAL, true); friendRole .getDocument() .field(RoleService.FIELD_DESCRIPTION, "These are friends of " + username); /* these attributes are visible by: * Anonymous users * Registered user * Friends * User */ // anonymous { ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS); try { if (nonAppUserAttributes != null) attrObj.fromJSON(nonAppUserAttributes.toString()); else attrObj.fromJSON("{}"); } catch (OSerializationException e) { throw new OSerializationException( dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER + " is not a valid JSON object", e); } PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString())); PermissionsHelper.grantRead(attrObj, friendRole); PermissionsHelper.changeOwner(attrObj, userRid); profile.field(dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj); attrObj.save(); } /* these attributes are visible by: * User */ { ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS); try { if (privateAttributes != null) attrObj.fromJSON(privateAttributes.toString()); else attrObj.fromJSON("{}"); } catch (OSerializationException e) { throw new OSerializationException( dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER + " is not a valid JSON object", e); } profile.field(dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj); PermissionsHelper.changeOwner(attrObj, userRid); attrObj.save(); } /* these attributes are visible by: * Friends * User */ { ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS); try { if (friendsAttributes != null) attrObj.fromJSON(friendsAttributes.toString()); else attrObj.fromJSON("{}"); } catch (OSerializationException e) { throw new OSerializationException( dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER + " is not a valid JSON object", e); } PermissionsHelper.grantRead(attrObj, friendRole); PermissionsHelper.changeOwner(attrObj, userRid); profile.field(dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj); attrObj.save(); } /* these attributes are visible by: * Registered user * Friends * User */ { ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS); try { if (appUsersAttributes != null) attrObj.fromJSON(appUsersAttributes.toString()); else attrObj.fromJSON("{}"); } catch (OSerializationException e) { throw new OSerializationException( dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER + " is not a valid JSON object", e); } PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.changeOwner(attrObj, userRid); profile.field(dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj); attrObj.save(); } ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS); attrObj.field(dao.USER_LOGIN_INFO, new ArrayList()); attrObj.field(UserDao.GENERATED_USERNAME, generated); PermissionsHelper.grantRead( attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.changeOwner(attrObj, userRid); profile.field(dao.ATTRIBUTES_SYSTEM, attrObj); PermissionsHelper.grantRead( profile, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString())); PermissionsHelper.grantRead(profile, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString())); PermissionsHelper.changeOwner(profile, userRid); profile.field(dao.USER_SIGNUP_DATE, signupDate == null ? new Date() : signupDate); profile.save(); DbHelper.commitTransaction(); } catch (OSerializationException e) { DbHelper.rollbackTransaction(); throw e; } catch (Exception e) { DbHelper.rollbackTransaction(); throw e; } return profile; } // signUp
/** * * Creates an entry into the ODocument-Collection and create a new Class named "collectionName" * * @param collectionName * @return an ODocument instance representing the collection * @throws CollectionAlreadyExistsException * @throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException, * InvalidModelException, Throwable */ public ODocument create(String collectionName) throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException, InvalidModelException, Throwable { if (DbHelper.isInTransaction()) throw new OpenTransactionException("Cannot create a collection within an open transaction"); if (Logger.isTraceEnabled()) Logger.trace("Method Start"); if (Character.isDigit(collectionName.charAt(0))) { throw new InvalidCollectionException("Collection names cannot start by a digit"); } if (collectionName.contains(";")) { throw new InvalidCollectionException("Collection cannot contain ;"); } if (collectionName.contains(":")) { throw new InvalidCollectionException("Collection cannot contain :"); } if (collectionName.contains(".")) { throw new InvalidCollectionException("Collection cannot contain ."); } if (collectionName.contains("@")) { throw new InvalidCollectionException("Collection cannot contain @"); } if (collectionName.startsWith("_")) { throw new InvalidCollectionException("Collection cannot start with _"); } if (!collectionName.matches(COLLECTION_NAME_REGEX)) { throw new InvalidCollectionException( "Collection name must be complaint with the regular expression: " + COLLECTION_NAME_REGEX); } if (collectionName.toUpperCase().startsWith("_BB_")) { throw new InvalidCollectionException( "Collection name is not valid: it can't be prefixed with _BB_"); } try { if (existsCollection(collectionName)) throw new CollectionAlreadyExistsException( "Collection " + collectionName + " already exists"); } catch (SqlInjectionException e) { throw new InvalidCollectionException(e); } ODocument doc = super.create(); doc.field("name", collectionName); save(doc); // create new class OClass documentClass = db.getMetadata().getSchema().getClass(CLASS_NODE_NAME); db.getMetadata().getSchema().createClass(collectionName, documentClass); // grants to the new class ORole registeredRole = RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()); ORole anonymousRole = RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()); registeredRole.addRule( ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_ALL); registeredRole.addRule( ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_ALL); anonymousRole.addRule( ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_READ); anonymousRole.addRule( ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_READ); PermissionsHelper.grantRead(doc, registeredRole); PermissionsHelper.grantRead(doc, anonymousRole); if (Logger.isTraceEnabled()) Logger.trace("Method End"); return doc; } // getNewModelInstance(String collectionName)