use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.
the class AbstractLocationResourcesSecurityController method grantAccessToGroups.
/**
*****************************************************************************************************************************
*
* SECURITY ON GROUPS
*
******************************************************************************************************************************
*/
/**
* Grant access to the location resource to the groups
*
* @param locationId The location's id.
* @param groupIds The authorized groups.
* @return A {@link Void} {@link RestResponse}.
*/
@ApiOperation(value = "Grant access to the location to the groups", notes = "Only user with ADMIN role can grant access to a group.")
@RequestMapping(value = "/groups", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> grantAccessToGroups(@PathVariable String orchestratorId, @PathVariable String locationId, @PathVariable String resourceId, @RequestBody String[] groupIds) {
Location location = locationService.getLocation(orchestratorId, locationId);
locationSecurityService.grantAuthorizationOnLocationIfNecessary(location, Subject.GROUP, groupIds);
AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
resourcePermissionService.grantPermission(resourceTemplate, (resource -> locationResourceService.saveResource(location, (AbstractLocationResourceTemplate) resource)), Subject.GROUP, groupIds);
List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(resourceTemplate));
return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.
the class LocationSecurityController method grantAccessToGroups.
/**
*****************************************************************************************************************************
*
* SECURITY ON GROUPS
*
******************************************************************************************************************************
*/
/**
* Grant access to the location to the groups (deploy on the location)
*
* @param locationId The location's id.
* @param groupIds The authorized groups.
* @return A {@link Void} {@link RestResponse}.
*/
@ApiOperation(value = "Grant access to the location to the groups", notes = "Only user with ADMIN role can grant access to a group.")
@RequestMapping(value = "/groups", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> grantAccessToGroups(@PathVariable String orchestratorId, @PathVariable String locationId, @RequestBody String[] groupIds) {
Location location = locationService.getLocation(orchestratorId, locationId);
resourcePermissionService.grantPermission(location, Subject.GROUP, groupIds);
List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(location));
return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.
the class LocationSecurityController method getAuthorizedEnvironmentsAndEnvTypesPerApplicationPaginated.
/**
* search applications,environments and environment types authorised to access the location.
*
* @return {@link RestResponse} that contains a {@link GetMultipleDataResult} of {@link GroupDTO}..
*/
@ApiOperation(value = "List all applications,environments and environment types authorized to access the location", notes = "Only user with ADMIN role can list authorized applications,environments and environment types to the location.")
@RequestMapping(value = "/applications/search", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
public RestResponse<GetMultipleDataResult<ApplicationEnvironmentAuthorizationDTO>> getAuthorizedEnvironmentsAndEnvTypesPerApplicationPaginated(@PathVariable String orchestratorId, @PathVariable String locationId, @ApiParam(value = "Text Query to search.") @RequestParam(required = false) String query, @ApiParam(value = "Query from the given index.") @RequestParam(required = false, defaultValue = "0") int from, @ApiParam(value = "Maximum number of results to retrieve.") @RequestParam(required = false, defaultValue = "20") int size) {
Location location = locationService.getLocation(orchestratorId, locationId);
List<Application> applicationsRelatedToEnvironment = Lists.newArrayList();
List<Application> applicationsRelatedToEnvironmentType = Lists.newArrayList();
List<ApplicationEnvironment> environments = Lists.newArrayList();
List<String> environmentTypes = Lists.newArrayList();
List<Application> applications = Lists.newArrayList();
// we get all authorized applications and environment to not favor the one of them
if (MapUtils.isNotEmpty(location.getEnvironmentPermissions())) {
environments = alienDAO.findByIds(ApplicationEnvironment.class, location.getEnvironmentPermissions().keySet().toArray(new String[location.getEnvironmentPermissions().size()]));
Set<String> environmentApplicationIds = environments.stream().map(ae -> new String(ae.getApplicationId())).collect(Collectors.toSet());
applicationsRelatedToEnvironment = alienDAO.findByIds(Application.class, environmentApplicationIds.toArray(new String[environmentApplicationIds.size()]));
}
if (MapUtils.isNotEmpty(location.getEnvironmentTypePermissions())) {
environmentTypes.addAll(location.getEnvironmentTypePermissions().keySet());
Set<String> environmentTypeApplicationIds = Sets.newHashSet();
for (String envType : safe(location.getEnvironmentTypePermissions()).keySet()) {
environmentTypeApplicationIds.add(envType.split(":")[0]);
}
applicationsRelatedToEnvironmentType = alienDAO.findByIds(Application.class, environmentTypeApplicationIds.toArray(new String[environmentTypeApplicationIds.size()]));
}
if (MapUtils.isNotEmpty(location.getApplicationPermissions())) {
applications = alienDAO.findByIds(Application.class, location.getApplicationPermissions().keySet().toArray(new String[location.getApplicationPermissions().size()]));
}
List<ApplicationEnvironmentAuthorizationDTO> allDTOs = ApplicationEnvironmentAuthorizationDTO.buildDTOs(applicationsRelatedToEnvironment, applicationsRelatedToEnvironmentType, environments, applications, environmentTypes);
int to = (from + size < allDTOs.size()) ? from + size : allDTOs.size();
allDTOs = IntStream.range(from, to).mapToObj(allDTOs::get).collect(Collectors.toList());
List<String> ids = allDTOs.stream().map(appEnvDTO -> appEnvDTO.getApplication().getId()).collect(Collectors.toList());
IdsFilterBuilder idFilters = FilterBuilders.idsFilter().ids(ids.toArray(new String[ids.size()]));
GetMultipleDataResult<Application> tempResult = alienDAO.search(Application.class, query, null, idFilters, null, from, to, "id", false);
return RestResponseBuilder.<GetMultipleDataResult<ApplicationEnvironmentAuthorizationDTO>>builder().data(ApplicationEnvironmentAuthorizationDTO.convert(tempResult, allDTOs)).build();
}
use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.
the class AbstractLocationResourcesSecurityController method revokeGroupAccess.
/**
* Revoke the group's authorisation to access the location resource
*
* @param locationId The id of the location.
* @param groupId The authorized group.
* @return A {@link Void} {@link RestResponse}.
*/
@ApiOperation(value = "Revoke the group's authorisation to access the location", notes = "Only user with ADMIN role can revoke access to the location.")
@RequestMapping(value = "/groups/{groupId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> revokeGroupAccess(@PathVariable String orchestratorId, @PathVariable String locationId, @PathVariable String resourceId, @PathVariable String groupId) {
AbstractLocationResourceTemplate resourceTemplate = locationResourceService.getOrFail(resourceId);
resourcePermissionService.revokePermission(resourceTemplate, (resource -> locationResourceService.saveResource((AbstractLocationResourceTemplate) resource)), Subject.GROUP, groupId);
List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(resourceTemplate));
return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
use of alien4cloud.rest.orchestrator.model.GroupDTO in project alien4cloud by alien4cloud.
the class ServiceSecurityController method revokeGroupAccess.
/**
* Revoke the group's authorisation to access the location
*
* @param serviceId The id of the location.
* @param groupId The authorized group.
* @return A {@link Void} {@link RestResponse}.
*/
@ApiOperation(value = "Revoke the group's authorisation to access the service resource", notes = "Only user with ADMIN role can revoke access to the location.")
@RequestMapping(value = "/groups/{groupId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public synchronized RestResponse<List<GroupDTO>> revokeGroupAccess(@PathVariable String serviceId, @PathVariable String groupId) {
ServiceResource service = serviceResourceService.getOrFail(serviceId);
resourcePermissionService.revokePermission(service, Subject.GROUP, groupId);
List<GroupDTO> groups = GroupDTO.convert(resourcePermissionService.getAuthorizedGroups(service));
return RestResponseBuilder.<List<GroupDTO>>builder().data(groups).build();
}
Aggregations