Skip to content

Commit

Permalink
Make classes and calls private, add getters
Browse files Browse the repository at this point in the history 
Signed-off-by: Stephen Crawford <[email protected]>
  • Loading branch information
@stephen-crawford
stephen-crawford committed Jan 27, 2023
1 parent b729d9a commit 83316c2
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 21 deletions.
32 changes: 24 additions & 8 deletions sandbox/modules/identity/src/main/java/org/opensearch/identity/authz/Permission.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,18 @@
*/
public class Permission {

public final String PERMISSION_DELIMITER = "\\.";
private final String PERMISSION_DELIMITER = "\\.";

public final String ACTION_DELIMITER = "/";
private final String ACTION_DELIMITER = "/";

public String permissionString;
private String permissionString;

public String[] permissionSegments;
private String[] permissionSegments;

public String resource;
private String resource;

public String action;
public String permissionType;
private String action;
private String permissionType;

public Permission(String permission) {

Expand All @@ -39,11 +39,27 @@ public Permission(String permission) {
this.action = permissionSegments[1];
} catch (IndexOutOfBoundsException ex) {
throw new PermissionFactory.InvalidPermissionException(
"All permissions must contain a permission type and" + " action delimited by a \".\"."
"All permissions must contain a permission type and" + " action delimited by a " + PERMISSION_DELIMITER + "."
);
}
if (this.permissionSegments.length == 3) {
this.resource = permissionSegments[2];
}
}

public String getPermissionType() {
return this.permissionType;
}

public String getAction() {
return this.action;
}

public String getResource() {
return this.resource;
}

public String getPermissionString() {
return this.permissionString;
}
}
28 changes: 15 additions & 13 deletions sandbox/modules/identity/src/main/java/org/opensearch/identity/authz/PermissionFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
*/
public class PermissionFactory {

public final static String[] INVALID_CHARACTERS = new String[] { ":", "" }; // This is a placeholder for what may want to be banned
private final static String[] INVALID_CHARACTERS = new String[] { ":", "" }; // This is a placeholder for what may want to be banned

// A placeholder for the different resources which a permission may grant a permission based on
public static enum QUALIFIED_PERMISSION_TYPES {
private static enum QUALIFIED_PERMISSION_TYPES {
CLUSTER("cluster", false),
INDICES("indices", true),
PLUGIN("plugin", true),
Expand Down Expand Up @@ -71,13 +71,15 @@ public Permission createLegacyPermission(String permissionString) {
* Check that the permission does not contain any invalid characters
*/
public void checkForInvalidCharacters(Permission permission) {
for (String character : INVALID_CHARACTERS) {
if (permission.permissionType.contains(character) || permission.action.contains(character)) {
for (String invalidCharacter : INVALID_CHARACTERS) {
if (permission.getPermissionType().contains(invalidCharacter) || permission.getAction().contains(invalidCharacter)) {
throw new InvalidPermissionException(
"The provided permission string for '"
+ permission.permissionString
+ "' is not valid. The permission type and action may not include "
+ "the character ':' or be empty."
+ permission.getPermissionString()
+ "' is not valid. The permission type and action may not include "
+ "the character "
+ INVALID_CHARACTERS.toString()
+ " or be empty."
);
}
}
Expand All @@ -87,10 +89,10 @@ public void checkForInvalidCharacters(Permission permission) {
* Make sure the permission type is one of the qualified permission types
*/
public void checkForValidPermissionType(Permission permission) {
if (QUALIFIED_PERMISSION_TYPES.matchingType(permission.permissionType) == null) {
if (QUALIFIED_PERMISSION_TYPES.matchingType(permission.getPermissionType()) == null) {
throw new InvalidPermissionException(
"The permission type for '"
+ permission.permissionString
+ permission.getPermissionString()
+ "' is not valid. Valid permission types are: "
+ QUALIFIED_PERMISSION_TYPES.values()
);
Expand All @@ -101,11 +103,11 @@ public void checkForValidPermissionType(Permission permission) {
* Make sure a resource pattern is present for permission types that require one
*/
public void checkIfResourcePatternIsRequiredAndPresent(Permission permission) {
QUALIFIED_PERMISSION_TYPES permissionType = QUALIFIED_PERMISSION_TYPES.matchingType(permission.permissionType);
if (permissionType.patternRequired && permission.resource.isEmpty()) {
QUALIFIED_PERMISSION_TYPES permissionType = QUALIFIED_PERMISSION_TYPES.matchingType(permission.getPermissionType());
if (permissionType.patternRequired && permission.getResource().isEmpty()) {
throw new InvalidPermissionException(
"The provided resource pattern for '"
+ permission.permissionString
+ permission.getPermissionString()
+ "' is not valid. A resource pattern is required for all "
+ "permissions of type "
+ permissionType
Expand All @@ -115,7 +117,7 @@ public void checkIfResourcePatternIsRequiredAndPresent(Permission permission) {

/**
* Check that the permission does not contain any forbidden strings.
* Assumes that the permission is formatted as resource.action
* Assumes that the permission is formatted as permission.action
*/

public void permissionIsValidFormat(Permission permission) {
Expand Down

0 comments on commit 83316c2

Please sign in to comment.