use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.
the class QueryProcessor method postQuery.
/**
* Creates a query for all datasets, then submits it for execution on the
* intended dataset.
*/
public ManagedExecution<?> postQuery(Dataset dataset, QueryDescription query, Subject subject) {
log.info("Query posted on Dataset[{}] by User[{{}].", dataset.getId(), subject.getId());
// This maps works as long as we have query visitors that are not configured in anyway.
// So adding a visitor twice would replace the previous one but both would have yielded the same result.
// For the future a better data structure might be desired that also regards similar QueryVisitors of different configuration
ClassToInstanceMap<QueryVisitor> visitors = MutableClassToInstanceMap.create();
query.addVisitors(visitors);
// Initialize checks that need to traverse the query tree
visitors.putInstance(QueryUtils.OnlyReusingChecker.class, new QueryUtils.OnlyReusingChecker());
visitors.putInstance(NamespacedIdentifiableCollector.class, new NamespacedIdentifiableCollector());
final String primaryGroupName = AuthorizationHelper.getPrimaryGroup(subject, storage).map(Group::getName).orElse("none");
visitors.putInstance(ExecutionMetrics.QueryMetricsReporter.class, new ExecutionMetrics.QueryMetricsReporter(primaryGroupName));
// Chain all Consumers
Consumer<Visitable> consumerChain = QueryUtils.getNoOpEntryPoint();
for (QueryVisitor visitor : visitors.values()) {
consumerChain = consumerChain.andThen(visitor);
}
// Apply consumers to the query tree
query.visit(consumerChain);
query.authorize(subject, dataset, visitors);
// After all authorization checks we can now use the actual subject to invoke the query and do not to bubble down the Userish in methods
ExecutionMetrics.reportNamespacedIds(visitors.getInstance(NamespacedIdentifiableCollector.class).getIdentifiables(), primaryGroupName);
ExecutionMetrics.reportQueryClassUsage(query.getClass(), primaryGroupName);
final Namespace namespace = datasetRegistry.get(dataset.getId());
final ExecutionManager executionManager = namespace.getExecutionManager();
// If this is only a re-executing query, try to execute the underlying query instead.
{
final Optional<ManagedExecutionId> executionId = visitors.getInstance(QueryUtils.OnlyReusingChecker.class).getOnlyReused();
final Optional<ManagedExecution<?>> execution = executionId.map(id -> tryReuse(query, id, datasetRegistry, config, executionManager, subject.getUser()));
if (execution.isPresent()) {
return execution.get();
}
}
// Execute the query
return executionManager.runQuery(datasetRegistry, query, subject.getUser(), dataset, config);
}
use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.
the class ResultExcelProcessor method getExcelResult.
public <E extends ManagedExecution<?> & SingleTableResult> Response getExcelResult(Subject subject, E exec, DatasetId datasetId, boolean pretty) {
ConqueryMDC.setLocation(subject.getName());
final Namespace namespace = datasetRegistry.get(datasetId);
Dataset dataset = namespace.getDataset();
subject.authorize(dataset, Ability.READ);
subject.authorize(dataset, Ability.DOWNLOAD);
subject.authorize(exec, Ability.READ);
IdPrinter idPrinter = config.getFrontend().getQueryUpload().getIdPrinter(subject, exec, namespace);
final Locale locale = I18n.LOCALE.get();
PrintSettings settings = new PrintSettings(pretty, locale, datasetRegistry, config, idPrinter::createId);
ExcelRenderer excelRenderer = new ExcelRenderer(config.getExcel(), settings);
StreamingOutput out = output -> excelRenderer.renderToStream(config.getFrontend().getQueryUpload().getIdResultInfos(), (ManagedExecution<?> & SingleTableResult) exec, output);
return makeResponseWithFileName(out, exec.getLabelWithoutAutoLabelSuffix(), "xlsx", MEDIA_TYPE, ResultUtil.ContentDispositionOption.ATTACHMENT);
}
use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.
the class ConqueryAuthenticator method authenticate.
/**
* The execeptions thrown by Shiro will be catched by {@link AuthenticationExceptionMapper}.
*/
@Override
public Optional<Subject> authenticate(AuthenticationToken token) {
// Submit the token to Shiro (to all realms that were registered)
ConqueryAuthenticationInfo info = (ConqueryAuthenticationInfo) SecurityUtils.getSecurityManager().authenticate(token);
// Extract
Subject subject = info.getPrincipals().oneByType(Subject.class);
// If the subject was present, all further authorization can now be performed on the subject object
log.trace("Using subject {} for further authorization", subject);
ConqueryMDC.setLocation(subject.getId().toString());
subject.setAuthenticationInfo(info);
return Optional.of(subject);
}
use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.
the class ConqueryAuthorizationRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Objects.requireNonNull(principals, "No principal info was provided");
Subject subject = principals.oneByType(Subject.class);
SimpleAuthorizationInfo info = new ConqueryAuthorizationInfo();
info.addObjectPermissions(Collections.unmodifiableSet(subject.getUser().getEffectivePermissions()));
return info;
}
use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.
the class AdminResource method getQueries.
@GET
@Path("/queries")
public FullExecutionStatus[] getQueries(@Auth Subject currentUser, @QueryParam("limit") OptionalLong limit, @QueryParam("since") Optional<String> since) {
final MetaStorage storage = processor.getStorage();
final DatasetRegistry datasetRegistry = processor.getDatasetRegistry();
return storage.getAllExecutions().stream().map(t -> {
try {
return t.buildStatusFull(storage, currentUser, datasetRegistry, processor.getConfig());
} catch (ConqueryError e) {
// Initialization of execution probably failed, so we construct a status based on the overview status
final FullExecutionStatus fullExecutionStatus = new FullExecutionStatus();
t.setStatusBase(currentUser, fullExecutionStatus);
fullExecutionStatus.setStatus(ExecutionState.FAILED);
fullExecutionStatus.setError(e);
return fullExecutionStatus;
}
}).filter(t -> t.getCreatedAt().toLocalDate().isEqual(since.map(LocalDate::parse).orElse(LocalDate.now()))).limit(limit.orElse(100)).toArray(FullExecutionStatus[]::new);
}
Aggregations