Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BZ-1122594: improved restriction on external git access based on roles
- Loading branch information
Showing
2 changed files
with
52 additions
and
0 deletions.
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
...org/kie/workbench/common/services/backend/security/KieFileSystemAuthorizationManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package org.kie.workbench.common.services.backend.security; | ||
|
||
import javax.enterprise.context.ApplicationScoped; | ||
|
||
import org.jboss.errai.security.shared.api.RoleImpl; | ||
import org.jboss.errai.security.shared.api.identity.User; | ||
import org.jboss.errai.security.shared.exception.UnauthorizedException; | ||
import org.uberfire.backend.server.security.IOSecurityAuthz; | ||
import org.uberfire.security.Resource; | ||
|
||
import static org.kie.workbench.common.services.backend.security.KieRoles.*; | ||
|
||
@ApplicationScoped | ||
@IOSecurityAuthz | ||
public class KieFileSystemAuthorizationManager extends org.uberfire.backend.server.security.FileSystemAuthorizationManager { | ||
|
||
@Override | ||
public boolean authorize( final Resource resource, | ||
final User subject ) throws UnauthorizedException { | ||
final boolean result = super.authorize( resource, subject ); | ||
|
||
return result && checkRole( subject ); | ||
} | ||
|
||
private boolean checkRole( final User subject ) { | ||
if ( subject.getRoles().contains( new RoleImpl( USER.toString() ) ) || subject.getRoles().contains( new RoleImpl( MANAGER.toString() ) ) ) { | ||
if ( subject.getRoles().contains( new RoleImpl( ADMIN.toString() ) ) || subject.getRoles().contains( new RoleImpl( DEVELOPER.toString() ) ) || | ||
subject.getRoles().contains( new RoleImpl( ANALYST.toString() ) ) ) { | ||
return true; | ||
} | ||
} | ||
return false; | ||
} | ||
} |
18 changes: 18 additions & 0 deletions
18
...es-backend/src/main/java/org/kie/workbench/common/services/backend/security/KieRoles.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package org.kie.workbench.common.services.backend.security; | ||
|
||
import org.jboss.errai.security.shared.api.Role; | ||
|
||
public enum KieRoles implements Role { | ||
ADMIN, DEVELOPER, ANALYST, USER, MANAGER, KIEMGMT; | ||
|
||
@Override | ||
public String toString() { | ||
return super.toString().toLowerCase(); | ||
} | ||
|
||
@Override | ||
public String getName() { | ||
return toString(); | ||
} | ||
|
||
} |