Skip to content

Commit

Permalink
[PPP-5118] Revert "[PPP-5053] - Intercepting few Get request with Bur…
Browse files Browse the repository at this point in the history
…p Suite allows un-athorised user to access data (#5559)" (#5644)

This reverts commit b27effe.
  • Loading branch information
smmribeiro authored Jun 26, 2024
1 parent b4f99a5 commit 96f5931
Show file tree
Hide file tree
Showing 5 changed files with 2 additions and 69 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,7 @@

package org.pentaho.platform.engine.services.solution;

import org.pentaho.commons.util.repository.exception.PermissionDeniedException;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.repository.IContentItem;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.services.messages.Messages;
import org.pentaho.platform.util.UUIDUtil;

Expand All @@ -33,15 +30,9 @@
public abstract class SimpleContentGenerator extends BaseContentGenerator {

private static final long serialVersionUID = -8882315618256741737L;
private static final String REPOSITORY_CREATE_ACTION = "org.pentaho.repository.create";

@Override
public void createContent() throws Exception {

if ( !PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( REPOSITORY_CREATE_ACTION ) ) {
throw new PermissionDeniedException();
}

OutputStream out = null;
if ( outputHandler == null ) {
error( Messages.getInstance().getErrorString( "SimpleContentGenerator.ERROR_0001_NO_OUTPUT_HANDLER" ) ); //$NON-NLS-1$
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.commons.util.repository.exception.PermissionDeniedException;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.engine.IContentGenerator;
import org.pentaho.platform.api.engine.IOutputHandler;
import org.pentaho.platform.api.engine.IParameterProvider;
Expand Down Expand Up @@ -88,8 +86,6 @@ public class GeneratorStreamingOutput {

private static final boolean MIMETYPE_MUTABLE = true;

private static final String REPOSITORY_CREATE_ACTION = "org.pentaho.repository.create";

/**
* Invokes a content generator to produce some content either in the context of a repository file, or in the form of a
* direct service call (no repository file in view).
Expand Down Expand Up @@ -180,11 +176,6 @@ public void write( OutputStream output, MimeTypeCallback callback ) throws IOExc
}

protected void generateContent( OutputStream outputStream, final MimeTypeCallback callback ) throws Exception {

if ( !PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( REPOSITORY_CREATE_ACTION ) ) {
throw new PermissionDeniedException();
}

try {
httpServletResponse.setCharacterEncoding( LocaleHelper.getSystemEncoding() );
} catch ( Throwable t ) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,6 @@
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;

import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
Expand All @@ -39,14 +34,12 @@
import org.apache.axis2.description.TransportInDescription;
import org.apache.axis2.description.TransportOutDescription;
import org.apache.axis2.engine.AxisConfiguration;
import org.junit.*;
import org.mockito.MockedStatic;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.junit.Before;
import org.junit.Test;
import org.pentaho.platform.api.engine.IOutputHandler;
import org.pentaho.platform.api.engine.IParameterProvider;
import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
import org.pentaho.platform.util.web.SimpleUrlFactory;
Expand All @@ -67,8 +60,6 @@ public class AxisServiceExecutorTest {

private ByteArrayOutputStream out;
private AxisServiceExecutor contentGenerator;
private static MockedStatic<PentahoSystem> pentahoSystem;


@Before
public void setUp() throws Exception {
Expand Down Expand Up @@ -108,16 +99,6 @@ public void setUp() throws Exception {

assertNotNull( "contentGenerator is null", contentGenerator );
assertNotNull( "Logger is null", contentGenerator.getLogger() );

pentahoSystem = mockStatic( PentahoSystem.class );
IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
when( policy.isAllowed( anyString() ) ).thenReturn( true );
}

@After
public void cleanUp() {
pentahoSystem.close();
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,10 @@
package org.pentaho.test.platform.plugin.services.webservices;

import org.junit.Test;
import org.mockito.MockedStatic;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.engine.IOutputHandler;
import org.pentaho.platform.api.engine.IParameterProvider;
import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
import org.pentaho.platform.plugin.services.webservices.content.AxisServiceWsdlGenerator;
Expand All @@ -41,11 +38,6 @@
import java.util.Map;

import static org.junit.Assert.*;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;

public class AxisServiceWsdlGeneratorTest {

Expand All @@ -58,12 +50,6 @@ public void testBadInit2() throws Exception {

@Test
public void testBadInit3() throws Exception {

MockedStatic<PentahoSystem> pentahoSystem = mockStatic( PentahoSystem.class );
IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
when( policy.isAllowed( anyString() ) ).thenReturn( true );

StandaloneSession session = new StandaloneSession( "test" ); //$NON-NLS-1$

AxisServiceWsdlGenerator contentGenerator = new AxisServiceWsdlGenerator();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,10 @@
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.MockedStatic;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.engine.IOutputHandler;
import org.pentaho.platform.api.engine.IParameterProvider;
import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
import org.pentaho.platform.plugin.services.webservices.content.AxisServiceWsdlGenerator;
Expand All @@ -46,11 +43,6 @@

import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;

public class WsdlPageTest {

Expand All @@ -61,7 +53,6 @@ public class WsdlPageTest {

private ByteArrayOutputStream out;
private AxisServiceWsdlGenerator contentGenerator;
private static MockedStatic<PentahoSystem> pentahoSystem;

@Before
public void setUp() {
Expand All @@ -86,19 +77,12 @@ public void setUp() {
contentGenerator.setMessagesList( new ArrayList<String>() );
contentGenerator.setSession( session );
contentGenerator.setUrlFactory( new SimpleUrlFactory( BASE_URL + "?" ) );

pentahoSystem = mockStatic( PentahoSystem.class );
IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
when( policy.isAllowed( anyString() ) ).thenReturn( true );
}

@After
public void tearDown() {
AxisWebServiceManager.currentAxisConfiguration = beforeTestCfg;
AxisWebServiceManager.currentAxisConfigContext = beforeTestCtx;

pentahoSystem.close();
}


Expand Down

0 comments on commit 96f5931

Please sign in to comment.