Search in sources :

Example 11 with ApplicationEnvironmentAuthorizationUpdateRequest

use of alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest in project alien4cloud by alien4cloud.

the class AbstractLocationResourcesBatchSecurityController method updateAuthorizedEnvironmentsPerApplication.

/**
 *****************************************************************************************************************************
 *
 * SECURITY ON APPLICATIONS
 *
 ******************************************************************************************************************************
 */
/**
 * Update applications, environments and environment types authorized to access the location resource.
 */
@ApiOperation(value = "Update applications, environments and environment type authorized to access the location resource", notes = "Only user with ADMIN role can update authorized applications/environments for the location.")
@RequestMapping(value = "/environmentsPerApplication", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
public synchronized RestResponse<Void> updateAuthorizedEnvironmentsPerApplication(@PathVariable String orchestratorId, @PathVariable String locationId, @RequestBody ApplicationEnvironmentAuthorizationUpdateRequest request) {
    if (ArrayUtils.isEmpty(request.getResources())) {
        return RestResponseBuilder.<Void>builder().build();
    }
    Location location = locationService.getLocation(orchestratorId, locationId);
    locationSecurityService.grantAuthorizationOnLocationIfNecessary(request.getApplicationsToAdd(), request.getEnvironmentsToAdd(), request.getEnvironmentTypesToAdd(), location);
    Arrays.stream(request.getResources()).forEach(resourceId -> {
        AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
        if (ArrayUtils.isNotEmpty(request.getApplicationsToDelete())) {
            resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.APPLICATION, request.getApplicationsToDelete());
        }
        if (ArrayUtils.isNotEmpty(request.getEnvironmentsToDelete())) {
            resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, request.getEnvironmentsToDelete());
        }
        if (ArrayUtils.isNotEmpty(request.getEnvironmentTypesToDelete())) {
            resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT_TYPE, request.getEnvironmentTypesToDelete());
        }
        Set<String> envIds = Sets.newHashSet();
        if (ArrayUtils.isNotEmpty(request.getApplicationsToAdd())) {
            resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.APPLICATION, request.getApplicationsToAdd());
            // when an app is added, all eventual existing env authorizations are removed
            for (String applicationToAddId : request.getApplicationsToAdd()) {
                ApplicationEnvironment[] aes = applicationEnvironmentService.getByApplicationId(applicationToAddId);
                for (ApplicationEnvironment ae : aes) {
                    envIds.add(ae.getId());
                }
            }
            if (!envIds.isEmpty()) {
                resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, envIds.toArray(new String[envIds.size()]));
            }
        }
        if (ArrayUtils.isNotEmpty(request.getEnvironmentsToAdd())) {
            List<String> envToAddSet = Arrays.stream(request.getEnvironmentsToAdd()).filter(env -> !envIds.contains(env)).collect(Collectors.toList());
            resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, envToAddSet.toArray(new String[envToAddSet.size()]));
        }
        if (ArrayUtils.isNotEmpty(request.getEnvironmentTypesToAdd())) {
            List<String> envToAddSet = Arrays.stream(request.getEnvironmentTypesToAdd()).filter(env -> !envIds.contains(env)).collect(Collectors.toList());
            resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT_TYPE, envToAddSet.toArray(new String[envToAddSet.size()]));
        }
    });
    return RestResponseBuilder.<Void>builder().build();
}
Also used : PathVariable(org.springframework.web.bind.annotation.PathVariable) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) Subject(alien4cloud.security.Subject) LocationService(alien4cloud.orchestrators.locations.services.LocationService) ResourcePermissionService(alien4cloud.authorization.ResourcePermissionService) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ArrayUtils(org.apache.commons.lang3.ArrayUtils) LocationSecurityService(alien4cloud.orchestrators.locations.services.LocationSecurityService) Location(alien4cloud.model.orchestrators.locations.Location) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiOperation(io.swagger.annotations.ApiOperation) Audit(alien4cloud.audit.annotation.Audit) RestResponseBuilder(alien4cloud.rest.model.RestResponseBuilder) RestResponse(alien4cloud.rest.model.RestResponse) ILocationResourceService(alien4cloud.orchestrators.locations.services.ILocationResourceService) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) MediaType(org.springframework.http.MediaType) Resource(javax.annotation.Resource) Set(java.util.Set) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) SubjectsAuthorizationRequest(alien4cloud.rest.orchestrator.model.SubjectsAuthorizationRequest) List(java.util.List) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironmentAuthorizationUpdateRequest(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) Location(alien4cloud.model.orchestrators.locations.Location) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 12 with ApplicationEnvironmentAuthorizationUpdateRequest

use of alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest in project alien4cloud by alien4cloud.

the class AbstractLocationResourcesSecurityController method updateAuthorizedEnvironmentsAndEnvTypePerApplication.

/**
 * Update applications,environments and environment types authorized to access the location resource.
 */
@ApiOperation(value = "Update applications,environments and environment types authorized to access the location resource", notes = "Only user with ADMIN role can update authorized applications,environments and environment types for the location.")
@RequestMapping(value = "/environmentsPerApplication", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
public synchronized RestResponse<Void> updateAuthorizedEnvironmentsAndEnvTypePerApplication(@PathVariable String orchestratorId, @PathVariable String locationId, @PathVariable String resourceId, @RequestBody ApplicationEnvironmentAuthorizationUpdateRequest request) {
    Location location = locationService.getLocation(orchestratorId, locationId);
    locationSecurityService.grantAuthorizationOnLocationIfNecessary(request.getApplicationsToAdd(), request.getEnvironmentsToAdd(), request.getEnvironmentTypesToAdd(), location);
    AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
    if (ArrayUtils.isNotEmpty(request.getApplicationsToDelete())) {
        resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.APPLICATION, request.getApplicationsToDelete());
    }
    if (ArrayUtils.isNotEmpty(request.getEnvironmentsToDelete())) {
        resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, request.getEnvironmentsToDelete());
    }
    if (ArrayUtils.isNotEmpty(request.getEnvironmentTypesToDelete())) {
        resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT_TYPE, request.getEnvironmentTypesToDelete());
    }
    Set<String> envIds = Sets.newHashSet();
    if (ArrayUtils.isNotEmpty(request.getApplicationsToAdd())) {
        resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.APPLICATION, request.getApplicationsToAdd());
        // when an app is added, all eventual existing env authorizations are removed
        for (String applicationToAddId : request.getApplicationsToAdd()) {
            ApplicationEnvironment[] aes = applicationEnvironmentService.getByApplicationId(applicationToAddId);
            for (ApplicationEnvironment ae : aes) {
                envIds.add(ae.getId());
            }
        }
        if (!envIds.isEmpty()) {
            resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, envIds.toArray(new String[envIds.size()]));
        }
    }
    if (ArrayUtils.isNotEmpty(request.getEnvironmentsToAdd())) {
        List<String> envToAddSet = Arrays.stream(request.getEnvironmentsToAdd()).filter(env -> !envIds.contains(env)).collect(Collectors.toList());
        resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT, envToAddSet.toArray(new String[envToAddSet.size()]));
    }
    if (ArrayUtils.isNotEmpty(request.getEnvironmentTypesToAdd())) {
        resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.ENVIRONMENT_TYPE, request.getEnvironmentTypesToAdd());
    }
    return RestResponseBuilder.<Void>builder().build();
}
Also used : PathVariable(org.springframework.web.bind.annotation.PathVariable) Lists(org.elasticsearch.common.collect.Lists) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) Subject(alien4cloud.security.Subject) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) LocationService(alien4cloud.orchestrators.locations.services.LocationService) ResourcePermissionService(alien4cloud.authorization.ResourcePermissionService) ApplicationEnvironmentAuthorizationDTO(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ArrayUtils(org.apache.commons.lang3.ArrayUtils) LocationSecurityService(alien4cloud.orchestrators.locations.services.LocationSecurityService) AlienUtils.safe(alien4cloud.utils.AlienUtils.safe) Location(alien4cloud.model.orchestrators.locations.Location) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiOperation(io.swagger.annotations.ApiOperation) Audit(alien4cloud.audit.annotation.Audit) RestResponseBuilder(alien4cloud.rest.model.RestResponseBuilder) RestResponse(alien4cloud.rest.model.RestResponse) Application(alien4cloud.model.application.Application) ILocationResourceService(alien4cloud.orchestrators.locations.services.ILocationResourceService) MapUtils(org.apache.commons.collections4.MapUtils) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) MediaType(org.springframework.http.MediaType) Resource(javax.annotation.Resource) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Set(java.util.Set) IGenericSearchDAO(alien4cloud.dao.IGenericSearchDAO) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) List(java.util.List) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) UserDTO(alien4cloud.rest.orchestrator.model.UserDTO) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironmentAuthorizationUpdateRequest(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) Location(alien4cloud.model.orchestrators.locations.Location) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

ApplicationEnvironmentAuthorizationUpdateRequest (alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest)12 Given (cucumber.api.java.en.Given)10 ApplicationEnvironmentService (alien4cloud.application.ApplicationEnvironmentService)2 Audit (alien4cloud.audit.annotation.Audit)2 ResourcePermissionService (alien4cloud.authorization.ResourcePermissionService)2 ApplicationEnvironment (alien4cloud.model.application.ApplicationEnvironment)2 AbstractLocationResourceTemplate (alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate)2 Location (alien4cloud.model.orchestrators.locations.Location)2 ILocationResourceService (alien4cloud.orchestrators.locations.services.ILocationResourceService)2 LocationSecurityService (alien4cloud.orchestrators.locations.services.LocationSecurityService)2 LocationService (alien4cloud.orchestrators.locations.services.LocationService)2 RestResponse (alien4cloud.rest.model.RestResponse)2 RestResponseBuilder (alien4cloud.rest.model.RestResponseBuilder)2 Subject (alien4cloud.security.Subject)2 Sets (com.google.common.collect.Sets)2 ApiOperation (io.swagger.annotations.ApiOperation)2 Arrays (java.util.Arrays)2 List (java.util.List)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2