Search in sources :

Example 6 with GroupDTO

use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.

the class AbstractLocationResourcesSecurityController method grantAccessToGroups.

/**
 *****************************************************************************************************************************
 *
 * SECURITY ON GROUPS
 *
 ******************************************************************************************************************************
 */
/**
 * Grant access to the location resource to the groups
 *
 * @param locationId The location's id.
 * @param groupIds The authorized groups.
 * @return A {@link Void} {@link RestResponse}.
 */
@ApiOperation(value = "Grant access to the location to the groups", notes = "Only user with ADMIN role can grant access to a group.")
@RequestMapping(value = "/groups", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> grantAccessToGroups(@PathVariable String orchestratorId, @PathVariable String locationId, @PathVariable String resourceId, @RequestBody String[] groupIds) {
    Location location = locationService.getLocation(orchestratorId, locationId);
    locationSecurityService.grantAuthorizationOnLocationIfNecessary(location, Subject.GROUP, groupIds);
    AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
    resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.GROUP, groupIds);
    List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(resourceTemplate));
    return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
Also used : PathVariable(org.springframework.web.bind.annotation.PathVariable) Lists(org.elasticsearch.common.collect.Lists) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) Subject(alien4cloud.security.Subject) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) LocationService(alien4cloud.orchestrators.locations.services.LocationService) ResourcePermissionService(alien4cloud.authorization.ResourcePermissionService) ApplicationEnvironmentAuthorizationDTO(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ArrayUtils(org.apache.commons.lang3.ArrayUtils) LocationSecurityService(alien4cloud.orchestrators.locations.services.LocationSecurityService) AlienUtils.safe(alien4cloud.utils.AlienUtils.safe) Location(alien4cloud.model.orchestrators.locations.Location) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiOperation(io.swagger.annotations.ApiOperation) Audit(alien4cloud.audit.annotation.Audit) RestResponseBuilder(alien4cloud.rest.model.RestResponseBuilder) RestResponse(alien4cloud.rest.model.RestResponse) Application(alien4cloud.model.application.Application) ILocationResourceService(alien4cloud.orchestrators.locations.services.ILocationResourceService) MapUtils(org.apache.commons.collections4.MapUtils) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) MediaType(org.springframework.http.MediaType) Resource(javax.annotation.Resource) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Set(java.util.Set) IGenericSearchDAO(alien4cloud.dao.IGenericSearchDAO) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) List(java.util.List) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) UserDTO(alien4cloud.rest.orchestrator.model.UserDTO) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironmentAuthorizationUpdateRequest(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) List(java.util.List) Location(alien4cloud.model.orchestrators.locations.Location) Audit(alien4cloud.audit.annotation.Audit) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 7 with GroupDTO

use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.

the class LocationSecurityController method grantAccessToGroups.

/**
 *****************************************************************************************************************************
 *
 * SECURITY ON GROUPS
 *
 ******************************************************************************************************************************
 */
/**
 * Grant access to the location to the groups (deploy on the location)
 *
 * @param locationId The location's id.
 * @param groupIds The authorized groups.
 * @return A {@link Void} {@link RestResponse}.
 */
@ApiOperation(value = "Grant access to the location to the groups", notes = "Only user with ADMIN role can grant access to a group.")
@RequestMapping(value = "/groups", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> grantAccessToGroups(@PathVariable String orchestratorId, @PathVariable String locationId, @RequestBody String[] groupIds) {
    Location location = locationService.getLocation(orchestratorId, locationId);
    resourcePermissionService.grantPermission(location, Subject.GROUP, groupIds);
    List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(location));
    return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
Also used : GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) List(java.util.List) Location(alien4cloud.model.orchestrators.locations.Location) Audit(alien4cloud.audit.annotation.Audit) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 8 with GroupDTO

use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.

the class LocationSecurityController method getAuthorizedEnvironmentsAndEnvTypesPerApplicationPaginated.

/**
 * search applications,environments and environment types authorised to access the location.
 *
 * @return {@link RestResponse} that contains a {@link GetMultipleDataResult} of {@link GroupDTO}..
 */
@ApiOperation(value = "List all applications,environments and environment types authorized to access the location", notes = "Only user with ADMIN role can list authorized applications,environments and environment types to the location.")
@RequestMapping(value = "/applications/search", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
public RestResponse<GetMultipleDataResult<ApplicationEnvironmentAuthorizationDTO>> getAuthorizedEnvironmentsAndEnvTypesPerApplicationPaginated(@PathVariable String orchestratorId, @PathVariable String locationId, @ApiParam(value = "Text Query to search.") @RequestParam(required = false) String query, @ApiParam(value = "Query from the given index.") @RequestParam(required = false, defaultValue = "0") int from, @ApiParam(value = "Maximum number of results to retrieve.") @RequestParam(required = false, defaultValue = "20") int size) {
    Location location = locationService.getLocation(orchestratorId, locationId);
    List<Application> applicationsRelatedToEnvironment = Lists.newArrayList();
    List<Application> applicationsRelatedToEnvironmentType = Lists.newArrayList();
    List<ApplicationEnvironment> environments = Lists.newArrayList();
    List<String> environmentTypes = Lists.newArrayList();
    List<Application> applications = Lists.newArrayList();
    // we get all authorized applications and environment to not favor the one of them
    if (MapUtils.isNotEmpty(location.getEnvironmentPermissions())) {
        environments = alienDAO.findByIds(ApplicationEnvironment.class, location.getEnvironmentPermissions().keySet().toArray(new String[location.getEnvironmentPermissions().size()]));
        Set<String> environmentApplicationIds = environments.stream().map(ae -> new String(ae.getApplicationId())).collect(Collectors.toSet());
        applicationsRelatedToEnvironment = alienDAO.findByIds(Application.class, environmentApplicationIds.toArray(new String[environmentApplicationIds.size()]));
    }
    if (MapUtils.isNotEmpty(location.getEnvironmentTypePermissions())) {
        environmentTypes.addAll(location.getEnvironmentTypePermissions().keySet());
        Set<String> environmentTypeApplicationIds = Sets.newHashSet();
        for (String envType : safe(location.getEnvironmentTypePermissions()).keySet()) {
            environmentTypeApplicationIds.add(envType.split(":")[0]);
        }
        applicationsRelatedToEnvironmentType = alienDAO.findByIds(Application.class, environmentTypeApplicationIds.toArray(new String[environmentTypeApplicationIds.size()]));
    }
    if (MapUtils.isNotEmpty(location.getApplicationPermissions())) {
        applications = alienDAO.findByIds(Application.class, location.getApplicationPermissions().keySet().toArray(new String[location.getApplicationPermissions().size()]));
    }
    List<ApplicationEnvironmentAuthorizationDTO> allDTOs = ApplicationEnvironmentAuthorizationDTO.buildDTOs(applicationsRelatedToEnvironment, applicationsRelatedToEnvironmentType, environments, applications, environmentTypes);
    int to = (from + size < allDTOs.size()) ? from + size : allDTOs.size();
    allDTOs = IntStream.range(from, to).mapToObj(allDTOs::get).collect(Collectors.toList());
    List<String> ids = allDTOs.stream().map(appEnvDTO -> appEnvDTO.getApplication().getId()).collect(Collectors.toList());
    IdsFilterBuilder idFilters = FilterBuilders.idsFilter().ids(ids.toArray(new String[ids.size()]));
    GetMultipleDataResult<Application> tempResult = alienDAO.search(Application.class, query, null, idFilters, null, from, to, "id", false);
    return RestResponseBuilder.<GetMultipleDataResult<ApplicationEnvironmentAuthorizationDTO>>builder().data(ApplicationEnvironmentAuthorizationDTO.convert(tempResult, allDTOs)).build();
}
Also used : IntStream(java.util.stream.IntStream) PathVariable(org.springframework.web.bind.annotation.PathVariable) Lists(org.elasticsearch.common.collect.Lists) RequestParam(org.springframework.web.bind.annotation.RequestParam) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) Subject(alien4cloud.security.Subject) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) LocationService(alien4cloud.orchestrators.locations.services.LocationService) ResourcePermissionService(alien4cloud.authorization.ResourcePermissionService) ApplicationEnvironmentAuthorizationDTO(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO) ApiParam(io.swagger.annotations.ApiParam) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) IdsFilterBuilder(org.elasticsearch.index.query.IdsFilterBuilder) User(alien4cloud.security.model.User) AlienUtils.safe(alien4cloud.utils.AlienUtils.safe) Location(alien4cloud.model.orchestrators.locations.Location) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiOperation(io.swagger.annotations.ApiOperation) Audit(alien4cloud.audit.annotation.Audit) RestResponseBuilder(alien4cloud.rest.model.RestResponseBuilder) RestResponse(alien4cloud.rest.model.RestResponse) Application(alien4cloud.model.application.Application) Api(io.swagger.annotations.Api) MapUtils(org.apache.commons.collections4.MapUtils) GetMultipleDataResult(alien4cloud.dao.model.GetMultipleDataResult) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) FilterBuilders(org.elasticsearch.index.query.FilterBuilders) MediaType(org.springframework.http.MediaType) Resource(javax.annotation.Resource) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Set(java.util.Set) IGenericSearchDAO(alien4cloud.dao.IGenericSearchDAO) RestController(org.springframework.web.bind.annotation.RestController) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) IAlienGroupDao(alien4cloud.security.groups.IAlienGroupDao) IAlienUserDao(alien4cloud.security.users.IAlienUserDao) List(java.util.List) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) Group(alien4cloud.security.model.Group) UserDTO(alien4cloud.rest.orchestrator.model.UserDTO) ApplicationEnvironmentAuthorizationUpdateRequest(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) IdsFilterBuilder(org.elasticsearch.index.query.IdsFilterBuilder) ApplicationEnvironmentAuthorizationDTO(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO) GetMultipleDataResult(alien4cloud.dao.model.GetMultipleDataResult) Application(alien4cloud.model.application.Application) Location(alien4cloud.model.orchestrators.locations.Location) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 9 with GroupDTO

use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.

the class AbstractLocationResourcesSecurityController method revokeGroupAccess.

/**
 * Revoke the group's authorisation to access the location resource
 *
 * @param locationId The id of the location.
 * @param groupId The authorized group.
 * @return A {@link Void} {@link RestResponse}.
 */
@ApiOperation(value = "Revoke the group's authorisation to access the location", notes = "Only user with ADMIN role can revoke access to the location.")
@RequestMapping(value = "/groups/{groupId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> revokeGroupAccess(@PathVariable String orchestratorId, @PathVariable String locationId, @PathVariable String resourceId, @PathVariable String groupId) {
    AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
    resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource((AbstractLocationResourceTemplate) resource)), Subject.GROUP, groupId);
    List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(resourceTemplate));
    return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
Also used : PathVariable(org.springframework.web.bind.annotation.PathVariable) Lists(org.elasticsearch.common.collect.Lists) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) Subject(alien4cloud.security.Subject) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) LocationService(alien4cloud.orchestrators.locations.services.LocationService) ResourcePermissionService(alien4cloud.authorization.ResourcePermissionService) ApplicationEnvironmentAuthorizationDTO(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ArrayUtils(org.apache.commons.lang3.ArrayUtils) LocationSecurityService(alien4cloud.orchestrators.locations.services.LocationSecurityService) AlienUtils.safe(alien4cloud.utils.AlienUtils.safe) Location(alien4cloud.model.orchestrators.locations.Location) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiOperation(io.swagger.annotations.ApiOperation) Audit(alien4cloud.audit.annotation.Audit) RestResponseBuilder(alien4cloud.rest.model.RestResponseBuilder) RestResponse(alien4cloud.rest.model.RestResponse) Application(alien4cloud.model.application.Application) ILocationResourceService(alien4cloud.orchestrators.locations.services.ILocationResourceService) MapUtils(org.apache.commons.collections4.MapUtils) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) MediaType(org.springframework.http.MediaType) Resource(javax.annotation.Resource) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) Set(java.util.Set) IGenericSearchDAO(alien4cloud.dao.IGenericSearchDAO) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) List(java.util.List) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) UserDTO(alien4cloud.rest.orchestrator.model.UserDTO) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) ApplicationEnvironmentAuthorizationUpdateRequest(alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest) GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) AbstractLocationResourceTemplate(alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate) List(java.util.List) Audit(alien4cloud.audit.annotation.Audit) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 10 with GroupDTO

use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.

the class ServiceSecurityController method revokeGroupAccess.

/**
 * Revoke the group's authorisation to access the location
 *
 * @param serviceId The id of the location.
 * @param groupId The authorized group.
 * @return A {@link Void} {@link RestResponse}.
 */
@ApiOperation(value = "Revoke the group's authorisation to access the service resource", notes = "Only user with ADMIN role can revoke access to the location.")
@RequestMapping(value = "/groups/{groupId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> revokeGroupAccess(@PathVariable String serviceId, @PathVariable String groupId) {
    ServiceResource service = serviceResourceService.getOrFail(serviceId);
    resourcePermissionService.revokePermission(service, Subject.GROUP, groupId);
    List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(service));
    return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
Also used : GroupDTO(alien4cloud.rest.orchestrator.model.GroupDTO) ServiceResource(alien4cloud.model.service.ServiceResource) List(java.util.List) Audit(alien4cloud.audit.annotation.Audit) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

GroupDTO (alien4cloud.rest.orchestrator.model.GroupDTO)10 ApiOperation (io.swagger.annotations.ApiOperation)10 List (java.util.List)10 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)10 Audit (alien4cloud.audit.annotation.Audit)7 Location (alien4cloud.model.orchestrators.locations.Location)6 ApplicationEnvironmentService (alien4cloud.application.ApplicationEnvironmentService)3 ResourcePermissionService (alien4cloud.authorization.ResourcePermissionService)3 IGenericSearchDAO (alien4cloud.dao.IGenericSearchDAO)3 Application (alien4cloud.model.application.Application)3 ApplicationEnvironment (alien4cloud.model.application.ApplicationEnvironment)3 AbstractLocationResourceTemplate (alien4cloud.model.orchestrators.locations.AbstractLocationResourceTemplate)3 ServiceResource (alien4cloud.model.service.ServiceResource)3 LocationService (alien4cloud.orchestrators.locations.services.LocationService)3 RestResponse (alien4cloud.rest.model.RestResponse)3 RestResponseBuilder (alien4cloud.rest.model.RestResponseBuilder)3 ApplicationEnvironmentAuthorizationDTO (alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationDTO)3 ApplicationEnvironmentAuthorizationUpdateRequest (alien4cloud.rest.orchestrator.model.ApplicationEnvironmentAuthorizationUpdateRequest)3 UserDTO (alien4cloud.rest.orchestrator.model.UserDTO)3