BZ-1122594: improved restriction on external git access based on roles

kiegroup · Nov 28, 2014 · 8a53e65 · 8a53e65
1 parent 541594f
commit 8a53e65
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/...org/kie/workbench/common/services/backend/security/KieFileSystemAuthorizationManager.java b/...org/kie/workbench/common/services/backend/security/KieFileSystemAuthorizationManager.java
@@ -0,0 +1,34 @@
+package org.kie.workbench.common.services.backend.security;
+
+import javax.enterprise.context.ApplicationScoped;
+
+import org.jboss.errai.security.shared.api.RoleImpl;
+import org.jboss.errai.security.shared.api.identity.User;
+import org.jboss.errai.security.shared.exception.UnauthorizedException;
+import org.uberfire.backend.server.security.IOSecurityAuthz;
+import org.uberfire.security.Resource;
+
+import static org.kie.workbench.common.services.backend.security.KieRoles.*;
+
+@ApplicationScoped
+@IOSecurityAuthz
+public class KieFileSystemAuthorizationManager extends org.uberfire.backend.server.security.FileSystemAuthorizationManager {
+
+    @Override
+    public boolean authorize( final Resource resource,
+                              final User subject ) throws UnauthorizedException {
+        final boolean result = super.authorize( resource, subject );
+
+        return result && checkRole( subject );
+    }
+
+    private boolean checkRole( final User subject ) {
+        if ( subject.getRoles().contains( new RoleImpl( USER.toString() ) ) || subject.getRoles().contains( new RoleImpl( MANAGER.toString() ) ) ) {
+            if ( subject.getRoles().contains( new RoleImpl( ADMIN.toString() ) ) || subject.getRoles().contains( new RoleImpl( DEVELOPER.toString() ) ) ||
+                    subject.getRoles().contains( new RoleImpl( ANALYST.toString() ) ) ) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
diff --git a/...es-backend/src/main/java/org/kie/workbench/common/services/backend/security/KieRoles.java b/...es-backend/src/main/java/org/kie/workbench/common/services/backend/security/KieRoles.java
@@ -0,0 +1,18 @@
+package org.kie.workbench.common.services.backend.security;
+
+import org.jboss.errai.security.shared.api.Role;
+
+public enum KieRoles implements Role {
+    ADMIN, DEVELOPER, ANALYST, USER, MANAGER, KIEMGMT;
+
+    @Override
+    public String toString() {
+        return super.toString().toLowerCase();
+    }
+
+    @Override
+    public String getName() {
+        return toString();
+    }
+
+}