/** * Checks the access for the given user/group such that the <em>all</em> of the permissions in * <em>checkPermissions</em> are allowed in the <em>cloudAclEntrySet</em> * * @param cloudAclEntrySet Asset ACL permissions * @param userOrGroup A {@link UserPrincipal} or {@link GroupPrincipal}, which can be null for * anonymous * @param checkPermissions Permissions to check for * @return true if access is allowed with the given permissions, false otherwise */ @Override public boolean checkAccessAllowed(CloudAclEntrySet assetPermissions, UserPrincipal userOrGroup, Set<AclEntryPermission> checkPermissions) { boolean isGroup = userOrGroup != null ? GroupPrincipal.class.isAssignableFrom(userOrGroup.getClass()) : false; // Get a user's groups if required Set<GroupPrincipal> userGroups; if (!isGroup && userPrincipalLookupService != null && userOrGroup != null) { userGroups = userPrincipalLookupService.getUserPrincipalGroups(userOrGroup); } else { userGroups = null; } return doesUserHaveAccess(assetPermissions, userOrGroup, userGroups, checkPermissions); }
boolean hasNextInternal(boolean advance) { while (advance && (hasNext = currentIterator.hasNext())) { nextEntry = currentIterator.next(); // When no principal class then iterate across the whole set if (principalClass == null) { return hasNext; } // GroupPrincipal inherits from UserPrincipal so we would like to constrain the // Class.isAssignableFrom call when we are looking for UserPrincipal to exclude GroupPrincipal boolean lookingForUserPrincipal = UserPrincipal.class.isAssignableFrom(principalClass) && !GroupPrincipal.class.isAssignableFrom(principalClass); // Check if this is the class type we are looking for if (principalClass.isAssignableFrom(nextEntry.getPrincipalClass()) && (!lookingForUserPrincipal || !GroupPrincipal.class.isAssignableFrom(nextEntry.getPrincipalClass()))) { return hasNext; } } return hasNext; }
@Test public void testDoesUserHaveAccessFailsForAUserWithAnAnonymousGroupAllowRuleButAnonymousUserDenyRule() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(AnonymousGroupPrincipal.INSTANCE) .build(); CloudAclEntry<UserPrincipal> entry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(new AnonymousUserPrincipal()) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessFailsForAUserGroupWithAnAllowRuleAndAUserWithADenyRule() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(user) .build(); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForUsersGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() { UserPrincipal user = new TestUserImpl("user1"); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL) .setType(AclEntryType.ALLOW) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); }
@Test public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAGroupConflicts() { GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group1"); CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentGroupsDoesNotConflict() { GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnFalseForAUserNotInAGroup() { UserPrincipal user1 = new TestUserImpl("user1"); GroupPrincipal group2 = new TestGroupImpl("group1"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnFalseByDefaultForAUserInAGroupWithConflictingPermissions() { UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group2 = new TestGroupImpl("group1"); group2.addMember(user1); Assert.assertTrue(group2.isMember(user1)); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnTrueIfTheGroupMembershipCheckIsEnabledForAUserInAGroupWithConflictingPermissions() { checker = new DefaultCloudAclEntryConflictChecker(true); UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group2 = new TestGroupImpl("group1"); group2.addMember(user1); Assert.assertTrue(group2.isMember(user1)); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testCloneProducesACloneEqualsToTheOriginalSet() throws NotOwnerException { UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group1 = new TestGroupImpl("group1"); CloudAclEntrySet acls = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group1) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(acls.addAllEntries(AnonymousUserPrincipal.INSTANCE, Arrays.asList(new CloudAclEntry<?>[] {cloudAclEntry1, cloudAclEntry2}))); CloudAclEntrySet clone = acls.clone(); Assert.assertEquals(acls, clone); }
/** * creates and grants permission to daemon files directory */ private static void setupEnvironment() { final File daemonFilePath = new File("/var/run/iofabric"); if (!daemonFilePath.exists()) { try { daemonFilePath.mkdirs(); UserPrincipalLookupService lookupservice = FileSystems.getDefault().getUserPrincipalLookupService(); final GroupPrincipal group = lookupservice.lookupPrincipalByGroupName("iofabric"); Files.getFileAttributeView(daemonFilePath.toPath(), PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS).setGroup(group); Set<PosixFilePermission> perms = PosixFilePermissions.fromString("rwxrwx---"); Files.setPosixFilePermissions(daemonFilePath.toPath(), perms); } catch (Exception e) { } } }
@Test(expected = UnsupportedOperationException.class) public void setGroupOfFile_shouldThrowUnsupportedOperationException() throws IOException { writeToCache("/file.txt"); commitToMaster(); initGitFileSystem(); GfsFileAttributeView.Posix view = provider.getFileAttributeView(gfs.getPath("/file.txt"), GfsFileAttributeView.Posix.class); assertNotNull(view); view.setGroup(new GroupPrincipal() { @Nonnull @Override public String getName() { return "some_group"; } }); }
/** * Cleans off the user principal and group principal from the subject. * * @param messageInfo * message info * @param subject * subject */ @Override public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws AuthException { final Iterator<Principal> i = subject.getPrincipals().iterator(); while (i.hasNext()) { final Principal principal = i.next(); if (principal instanceof UserPrincipal) { i.remove(); } if (principal instanceof GroupPrincipal) { i.remove(); } } }
private RsyncFileAttributes fullStat(Path path) throws IOException { String toStat = "unix:mode,lastModifiedTime,size,uid,gid,owner,group"; Map<String, Object> attrs = Files.readAttributes(path, toStat, LinkOption.NOFOLLOW_LINKS); int mode = (int) attrs.get("mode"); long mtime = ((FileTime) attrs.get("lastModifiedTime")).to(TimeUnit.SECONDS); long size = (long) attrs.get("size"); int uid = (int) attrs.get("uid"); int gid = (int) attrs.get("gid"); String userName = ((UserPrincipal ) attrs.get("owner")).getName(); String groupName = ((GroupPrincipal) attrs.get("group")).getName(); User user = new User(userName, uid); Group group = new Group(groupName, gid); return new RsyncFileAttributes(mode, size, mtime, user, group); }
@Override public RsyncFileAttributes stat(Path path) throws IOException { PosixFileAttributes attrs = Files.readAttributes(path, PosixFileAttributes.class, LinkOption.NOFOLLOW_LINKS); UserPrincipal userPrincipal = attrs.owner(); String userName = userPrincipal.getName(); GroupPrincipal groupPrincipal = attrs.group(); String groupName = groupPrincipal.getName(); _nameToUserPrincipal.putIfAbsent(userName, userPrincipal); _nameToGroupPrincipal.putIfAbsent(groupName, groupPrincipal); return new RsyncFileAttributes(toMode(attrs), attrs.size(), attrs.lastModifiedTime().to(TimeUnit.SECONDS), new User(userName, _defaultUserId), new Group(groupName, _defaultGroupId)); }
@Override public void set(File file, String view, String attribute, Object value, boolean create) { switch (attribute) { case "group": checkNotCreate(view, attribute, create); GroupPrincipal group = checkType(view, attribute, value, GroupPrincipal.class); if (!(group instanceof UserLookupService.JimfsGroupPrincipal)) { group = createGroupPrincipal(group.getName()); } file.setAttribute("posix", "group", group); break; case "permissions": file.setAttribute( "posix", "permissions", toPermissions(checkType(view, attribute, value, Set.class))); break; default: } }
@Test public void testUserLookupService() throws IOException { UserPrincipalLookupService service = new UserLookupService(true); UserPrincipal bob1 = service.lookupPrincipalByName("bob"); UserPrincipal bob2 = service.lookupPrincipalByName("bob"); UserPrincipal alice = service.lookupPrincipalByName("alice"); assertThat(bob1).isEqualTo(bob2); assertThat(bob1).isNotEqualTo(alice); GroupPrincipal group1 = service.lookupPrincipalByGroupName("group"); GroupPrincipal group2 = service.lookupPrincipalByGroupName("group"); GroupPrincipal foo = service.lookupPrincipalByGroupName("foo"); assertThat(group1).isEqualTo(group2); assertThat(group1).isNotEqualTo(foo); }
/** * * @param filename the file name * @return the file group name * @throws FileSystemOperationException */ private String getGroup( String filename ) { try { GroupPrincipal group = Files.readAttributes( new File( filename ).toPath(), PosixFileAttributes.class, LinkOption.NOFOLLOW_LINKS ) .group(); return group.getName(); } catch( Exception e ) { throw new FileSystemOperationException( "Could not get group for '" + filename + "'", e ); } }
@Override public void setUnixGroup(final Path file, final String group) throws BackgroundException { try { final GroupPrincipal principal = session.getClient().getUserPrincipalLookupService().lookupPrincipalByGroupName(group); Files.getFileAttributeView(session.toPath(file), PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS).setGroup(principal); } catch(IOException e) { throw new LocalExceptionMappingService().map("Failure to write attributes of {0}", e, file); } }
@Override public GroupPrincipal lookupPrincipalByGroupId(String identifier) { if (AnonymousGroupPrincipal.INSTANCE.getName().equals(identifier.toString())) { return AnonymousGroupPrincipal.INSTANCE; } return null; }
@SuppressWarnings("unchecked") @Override public Map<UserPrincipal, Set<GroupPrincipal>> getUserPrincipalsGroups(UserPrincipal... userPrincipals) { if (Arrays.stream(userPrincipals).anyMatch(p -> AnonymousUserPrincipal.INSTANCE.equals(p))) { Map<UserPrincipal, Set<GroupPrincipal>> map = new HashMap<>(); map.put(AnonymousUserPrincipal.INSTANCE, allGroups); } return Collections.EMPTY_MAP; }
/** * Returns the ACL's with this class type * @param clazz One of {@link UserPrincipal}, {@link GroupPrincipal}, {@link PublicPrivateCloudPermissionsPrincipal} */ @SuppressWarnings({ "unchecked", "rawtypes" }) public <T extends Principal> Set<CloudAclEntry<T>> findAclsWithPrincipalType(Class<T> clazz) { boolean isUserPrincipal = UserPrincipal.class.isAssignableFrom(clazz) && !GroupPrincipal.class.isAssignableFrom(clazz); return (Set)findAcls( a -> clazz.isAssignableFrom(a.getPrincipalClass()) && (!isUserPrincipal || !GroupPrincipal.class.isAssignableFrom(a.getPrincipalClass()))); }
@Test public void testDoesUserHaveAccessFailsForAUserPrincipalWithNoRules() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE))); // Now try it with some groups as well GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessFailsForAnAnonymousUserWithNoRules() { CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE))); // Now try it with some groups as well to try and break it GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, null, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAUserWithAnAnonymousGroupAllowRule() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(AnonymousGroupPrincipal.INSTANCE) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAnAnonymousUserWithAnAnonymousGroupAllowRule() { CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(AnonymousGroupPrincipal.INSTANCE) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAUsersGroupWithAnAllowRule() { UserPrincipal user = new TestUserImpl("user1"); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAGroupWithAnAllowRule() { GroupPrincipal group = new TestGroupImpl("group1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(group) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAGroupWithAnAnonymousGroupAllowRule() { GroupPrincipal group = new TestGroupImpl("group1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(AnonymousGroupPrincipal.INSTANCE) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessFailsForAUsersGroupWithADenyRule() { UserPrincipal user = new TestUserImpl("user1"); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessFailsForAGroupWithADenyRule() { GroupPrincipal group = new TestGroupImpl("group1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(group) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() { GroupPrincipal group = new TestGroupImpl("group1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL) .setType(AclEntryType.ALLOW) .setPrincipal(group) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); }
CloudAclEntry<?> createCloudAclEntryMock(String name, Class<? extends Principal> principalClass) { CloudAclEntry<?> mock = context.mock(CloudAclEntry.class, name); Principal principal; if (principalClass.equals(UserPrincipal.class)) { principal = new TestUserImpl(name); } else if (principalClass.equals(GroupPrincipal.class)) { principal = new TestGroupImpl(name); } else { throw new IllegalArgumentException("Cannot create principal class of type " + principalClass); } context.checking(new Expectations() {{ allowing(mock).getPrincipalClass(); will(returnValue(principalClass)); allowing(mock).getPrincipal(); will(returnValue(principal)); allowing(mock).compareTo(with(any(CloudAclEntry.class))); will(returnValue(-1)); allowing(mock).clone(); will(returnValue(mock)); }}); return mock; }
public static void main(String[] args) { try { Path path = Paths.get("metadata.txt"); Files.deleteIfExists(path); Files.createFile(path); BasicFileAttributeView basicView = Files.getFileAttributeView(path, BasicFileAttributeView.class); BasicFileAttributes basicAttributes = basicView.readAttributes(); boolean isDirectory = basicAttributes.isDirectory(); FileTime lastModifiedTime = basicAttributes.lastModifiedTime(); System.out.println(isDirectory); System.out.println(lastModifiedTime); PosixFileAttributeView posixView = Files.getFileAttributeView(path, PosixFileAttributeView.class); PosixFileAttributes posixAttributes = posixView.readAttributes(); GroupPrincipal group = posixAttributes.group(); Set<PosixFilePermission> permissions = posixAttributes.permissions(); permissions.add(PosixFilePermission.OWNER_EXECUTE); posixView.setPermissions(permissions); System.out.println(group); } catch (IOException e) { // Log and Handle exception e.printStackTrace(); } }
@Override public GroupPrincipal lookupPrincipalByGroupName(String group) throws IOException { if(group.equals(groupPrincipal.getName())) { return groupPrincipal; } throw new UserPrincipalNotFoundException(group); }
@Override public void setGroup(GroupPrincipal group) throws IOException { if (group != readAttributes().group()) { throw new UnsupportedOperationException(); } }
@IgnoreIf(FsType.WINDOWS) @Test public void testGroup() throws Exception { Path file = Files.createFile(root.resolve("file")); GroupPrincipal group = (GroupPrincipal) Files.getAttribute(file, "posix:group"); assertNotNull(group); }
private GroupPrincipal getGroupPrincipalFrom(String groupName) throws IOException { try { if (_isCacheEnabled) { return _nameToGroupPrincipal.get(groupName); } UserPrincipalLookupService service = FileSystems.getDefault().getUserPrincipalLookupService(); return service.lookupPrincipalByGroupName(groupName); } catch (IOException | UnsupportedOperationException e) { return null; } }
