Issue #6 - support view resource

gondor · gondor · commit 94d509603ca1 · 2016-10-09T10:09:03.000-07:00
diff --git a/pom.xml b/pom.xml
@@ -39,7 +39,7 @@
         <dependency>
             <groupId>mesosphere.marathon</groupId>
             <artifactId>plugin-interface_2.11</artifactId>
-            <version>1.3.1</version>
+            <version>1.3.2</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/io/containx/marathon/plugin/auth/LDAPAuthorizor.java b/src/main/java/io/containx/marathon/plugin/auth/LDAPAuthorizor.java
@@ -24,20 +24,27 @@ public <Resource> boolean isAuthorized(Identity identity, AuthorizedAction<Resou
         if (identity instanceof UserIdentity) {
             UserIdentity user = (UserIdentity) identity;
             Action action = Action.byAction(authorizedAction);
+
             if (resource instanceof Group) {
                 return isAuthorized(user, action, ((Group) resource).id());
             }
             if (resource instanceof RunSpec) {
                 return isAuthorized(user, action, ((RunSpec) resource).id());
             }
+
+            // We don't get the PathID from View Resource but prior calls ensure the RunSpec is authorized
+            // in general
+            if (action == Action.VIEW_RESOURCE) {
+                return true;
+            }
             return resource instanceof PathId && isAuthorized(user, action, (PathId) resource);
         }
         return false;
     }
 
     private boolean isAuthorized(UserIdentity identity, Action action, PathId path) {
         boolean authorized = identity.isAuthorized(action, path.toString());
-        LOGGER.debug("IsAuthorized: Action :: {}, Path = {}, authorized :: {}" + action, path.toString(), authorized);
+        LOGGER.debug("IsAuthorized (private): Action :: {}, Path = {}, authorized = {}", action, path.toString(), authorized);
         return authorized;
     }
 
diff --git a/src/main/java/io/containx/marathon/plugin/auth/type/Action.java b/src/main/java/io/containx/marathon/plugin/auth/type/Action.java
@@ -1,6 +1,6 @@
 package io.containx.marathon.plugin.auth.type;
 
-import mesosphere.marathon.plugin.auth.AuthorizedAction;
+import com.google.common.base.MoreObjects;
 import mesosphere.marathon.plugin.auth.*;
 
 /**
@@ -47,4 +47,13 @@ public EntityType getEntityType() {
     public PermissionType getPermType() {
         return permType;
     }
+
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("action", action)
+                .add("entityType", entityType)
+                .add("permType", permType)
+                .toString();
+    }
 }
diff --git a/src/main/java/io/containx/marathon/plugin/auth/util/HTTPHelper.java b/src/main/java/io/containx/marathon/plugin/auth/util/HTTPHelper.java
@@ -20,7 +20,7 @@ public static AuthKey authKeyFromHeaders(HttpRequest request) throws Exception {
             String encoded = header.get().replaceFirst("Basic ", "");
             String decoded = new String(Base64.getDecoder().decode(encoded), "UTF-8");
             String[] userPass = decoded.split(":", 2);
-            LOGGER.error("Returning username {} from HTTP Request headers", userPass[0]);
+
             return AuthKey.with(userPass[0], userPass[1]);
         }
         return null;

Original file line number	Diff line number	Diff line change
`@@ -24,20 +24,27 @@ public <Resource> boolean isAuthorized(Identity identity, AuthorizedAction<Resou`
`24`	`24`	`if (identity instanceof UserIdentity) {`
`25`	`25`	`UserIdentity user = (UserIdentity) identity;`
`26`	`26`	`Action action = Action.byAction(authorizedAction);`
	`27`	`+`
`27`	`28`	`if (resource instanceof Group) {`
`28`	`29`	`return isAuthorized(user, action, ((Group) resource).id());`
`29`	`30`	`}`
`30`	`31`	`if (resource instanceof RunSpec) {`
`31`	`32`	`return isAuthorized(user, action, ((RunSpec) resource).id());`
`32`	`33`	`}`
	`34`	`+`
	`35`	`+ // We don't get the PathID from View Resource but prior calls ensure the RunSpec is authorized`
	`36`	`+ // in general`
	`37`	`+ if (action == Action.VIEW_RESOURCE) {`
	`38`	`+ return true;`
	`39`	`+ }`
`33`	`40`	`return resource instanceof PathId && isAuthorized(user, action, (PathId) resource);`
`34`	`41`	`}`
`35`	`42`	`return false;`
`36`	`43`	`}`
`37`	`44`
`38`	`45`	`private boolean isAuthorized(UserIdentity identity, Action action, PathId path) {`
`39`	`46`	`boolean authorized = identity.isAuthorized(action, path.toString());`
`40`		`- LOGGER.debug("IsAuthorized: Action :: {}, Path = {}, authorized :: {}" + action, path.toString(), authorized);`
	`47`	`+ LOGGER.debug("IsAuthorized (private): Action :: {}, Path = {}, authorized = {}", action, path.toString(), authorized);`
`41`	`48`	`return authorized;`
`42`	`49`	`}`
`43`	`50`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ public static AuthKey authKeyFromHeaders(HttpRequest request) throws Exception {`
`20`	`20`	`String encoded = header.get().replaceFirst("Basic ", "");`
`21`	`21`	`String decoded = new String(Base64.getDecoder().decode(encoded), "UTF-8");`
`22`	`22`	`String[] userPass = decoded.split(":", 2);`
`23`		`- LOGGER.error("Returning username {} from HTTP Request headers", userPass[0]);`
	`23`	`+`
`24`	`24`	`return AuthKey.with(userPass[0], userPass[1]);`
`25`	`25`	`}`
`26`	`26`	`return null;`