Search in sources :

Example 1 with Subject

use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.

the class QueryProcessor method postQuery.

/**
 * Creates a query for all datasets, then submits it for execution on the
 * intended dataset.
 */
public ManagedExecution<?> postQuery(Dataset dataset, QueryDescription query, Subject subject) {
    log.info("Query posted on Dataset[{}] by User[{{}].", dataset.getId(), subject.getId());
    // This maps works as long as we have query visitors that are not configured in anyway.
    // So adding a visitor twice would replace the previous one but both would have yielded the same result.
    // For the future a better data structure might be desired that also regards similar QueryVisitors of different configuration
    ClassToInstanceMap<QueryVisitor> visitors = MutableClassToInstanceMap.create();
    query.addVisitors(visitors);
    // Initialize checks that need to traverse the query tree
    visitors.putInstance(QueryUtils.OnlyReusingChecker.class, new QueryUtils.OnlyReusingChecker());
    visitors.putInstance(NamespacedIdentifiableCollector.class, new NamespacedIdentifiableCollector());
    final String primaryGroupName = AuthorizationHelper.getPrimaryGroup(subject, storage).map(Group::getName).orElse("none");
    visitors.putInstance(ExecutionMetrics.QueryMetricsReporter.class, new ExecutionMetrics.QueryMetricsReporter(primaryGroupName));
    // Chain all Consumers
    Consumer<Visitable> consumerChain = QueryUtils.getNoOpEntryPoint();
    for (QueryVisitor visitor : visitors.values()) {
        consumerChain = consumerChain.andThen(visitor);
    }
    // Apply consumers to the query tree
    query.visit(consumerChain);
    query.authorize(subject, dataset, visitors);
    // After all authorization checks we can now use the actual subject to invoke the query and do not to bubble down the Userish in methods
    ExecutionMetrics.reportNamespacedIds(visitors.getInstance(NamespacedIdentifiableCollector.class).getIdentifiables(), primaryGroupName);
    ExecutionMetrics.reportQueryClassUsage(query.getClass(), primaryGroupName);
    final Namespace namespace = datasetRegistry.get(dataset.getId());
    final ExecutionManager executionManager = namespace.getExecutionManager();
    // If this is only a re-executing query, try to execute the underlying query instead.
    {
        final Optional<ManagedExecutionId> executionId = visitors.getInstance(QueryUtils.OnlyReusingChecker.class).getOnlyReused();
        final Optional<ManagedExecution<?>> execution = executionId.map(id -> tryReuse(query, id, datasetRegistry, config, executionManager, subject.getUser()));
        if (execution.isPresent()) {
            return execution.get();
        }
    }
    // Execute the query
    return executionManager.runQuery(datasetRegistry, query, subject.getUser(), dataset, config);
}
Also used : ManagedQuery(com.bakdata.conquery.models.query.ManagedQuery) ConqueryConfig(com.bakdata.conquery.models.config.ConqueryConfig) URL(java.net.URL) ExternalUpload(com.bakdata.conquery.apiv1.query.ExternalUpload) RequiredArgsConstructor(lombok.RequiredArgsConstructor) ManagedExecution(com.bakdata.conquery.models.execution.ManagedExecution) Map(java.util.Map) DatasetId(com.bakdata.conquery.models.identifiable.ids.specific.DatasetId) BadRequestException(javax.ws.rs.BadRequestException) UriBuilder(javax.ws.rs.core.UriBuilder) QueryDescription(com.bakdata.conquery.apiv1.query.QueryDescription) CQAnd(com.bakdata.conquery.apiv1.query.concept.specific.CQAnd) ExecutionMetrics(com.bakdata.conquery.metrics.ExecutionMetrics) Collection(java.util.Collection) SecondaryIdQuery(com.bakdata.conquery.apiv1.query.SecondaryIdQuery) Visitable(com.bakdata.conquery.models.query.Visitable) Set(java.util.Set) User(com.bakdata.conquery.models.auth.entities.User) Collectors(java.util.stream.Collectors) Dataset(com.bakdata.conquery.models.datasets.Dataset) ConceptQuery(com.bakdata.conquery.apiv1.query.ConceptQuery) ExternalUploadResult(com.bakdata.conquery.apiv1.query.ExternalUploadResult) SecondaryIdDescription(com.bakdata.conquery.models.datasets.SecondaryIdDescription) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) CancelQuery(com.bakdata.conquery.models.messages.namespaces.specific.CancelQuery) Ability(com.bakdata.conquery.models.auth.permissions.Ability) QueryUtils(com.bakdata.conquery.util.QueryUtils) Optional(java.util.Optional) MetaStorage(com.bakdata.conquery.io.storage.MetaStorage) Namespace(com.bakdata.conquery.models.worker.Namespace) ExecutionManager(com.bakdata.conquery.models.query.ExecutionManager) ResultRendererProvider(com.bakdata.conquery.io.result.ResultRender.ResultRendererProvider) Getter(lombok.Getter) ExecutionState(com.bakdata.conquery.models.execution.ExecutionState) Subject(com.bakdata.conquery.models.auth.entities.Subject) ClassToInstanceMap(com.google.common.collect.ClassToInstanceMap) HttpServletRequest(javax.servlet.http.HttpServletRequest) ManagedExecutionId(com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId) QueryVisitor(com.bakdata.conquery.models.query.visitor.QueryVisitor) NamespacedIdentifiableCollector(com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector) Group(com.bakdata.conquery.models.auth.entities.Group) CQExternal(com.bakdata.conquery.apiv1.query.concept.specific.external.CQExternal) AuthorizationHelper(com.bakdata.conquery.models.auth.AuthorizationHelper) Consumer(java.util.function.Consumer) MutableClassToInstanceMap(com.google.common.collect.MutableClassToInstanceMap) AuthorizationHelper.buildDatasetAbilityMap(com.bakdata.conquery.models.auth.AuthorizationHelper.buildDatasetAbilityMap) DatasetRegistry(com.bakdata.conquery.models.worker.DatasetRegistry) CQElement(com.bakdata.conquery.apiv1.query.CQElement) Query(com.bakdata.conquery.apiv1.query.Query) QueryVisitor(com.bakdata.conquery.models.query.visitor.QueryVisitor) ExecutionManager(com.bakdata.conquery.models.query.ExecutionManager) NamespacedIdentifiableCollector(com.bakdata.conquery.util.QueryUtils.NamespacedIdentifiableCollector) Optional(java.util.Optional) Visitable(com.bakdata.conquery.models.query.Visitable) ExecutionMetrics(com.bakdata.conquery.metrics.ExecutionMetrics) Namespace(com.bakdata.conquery.models.worker.Namespace) QueryUtils(com.bakdata.conquery.util.QueryUtils)

Example 2 with Subject

use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.

the class ResultExcelProcessor method getExcelResult.

public <E extends ManagedExecution<?> & SingleTableResult> Response getExcelResult(Subject subject, E exec, DatasetId datasetId, boolean pretty) {
    ConqueryMDC.setLocation(subject.getName());
    final Namespace namespace = datasetRegistry.get(datasetId);
    Dataset dataset = namespace.getDataset();
    subject.authorize(dataset, Ability.READ);
    subject.authorize(dataset, Ability.DOWNLOAD);
    subject.authorize(exec, Ability.READ);
    IdPrinter idPrinter = config.getFrontend().getQueryUpload().getIdPrinter(subject, exec, namespace);
    final Locale locale = I18n.LOCALE.get();
    PrintSettings settings = new PrintSettings(pretty, locale, datasetRegistry, config, idPrinter::createId);
    ExcelRenderer excelRenderer = new ExcelRenderer(config.getExcel(), settings);
    StreamingOutput out = output -> excelRenderer.renderToStream(config.getFrontend().getQueryUpload().getIdResultInfos(), (ManagedExecution<?> & SingleTableResult) exec, output);
    return makeResponseWithFileName(out, exec.getLabelWithoutAutoLabelSuffix(), "xlsx", MEDIA_TYPE, ResultUtil.ContentDispositionOption.ATTACHMENT);
}
Also used : IdPrinter(com.bakdata.conquery.models.identifiable.mapping.IdPrinter) Locale(java.util.Locale) ResultUtil(com.bakdata.conquery.io.result.ResultUtil) ConqueryMDC(com.bakdata.conquery.util.io.ConqueryMDC) ConqueryConfig(com.bakdata.conquery.models.config.ConqueryConfig) ResultUtil.makeResponseWithFileName(com.bakdata.conquery.io.result.ResultUtil.makeResponseWithFileName) Subject(com.bakdata.conquery.models.auth.entities.Subject) RequiredArgsConstructor(lombok.RequiredArgsConstructor) StreamingOutput(javax.ws.rs.core.StreamingOutput) SingleTableResult(com.bakdata.conquery.models.query.SingleTableResult) ArrayList(java.util.ArrayList) Dataset(com.bakdata.conquery.models.datasets.Dataset) PrintSettings(com.bakdata.conquery.models.query.PrintSettings) List(java.util.List) MediaType(javax.ws.rs.core.MediaType) Response(javax.ws.rs.core.Response) ManagedExecution(com.bakdata.conquery.models.execution.ManagedExecution) Ability(com.bakdata.conquery.models.auth.permissions.Ability) Locale(java.util.Locale) DatasetId(com.bakdata.conquery.models.identifiable.ids.specific.DatasetId) I18n(com.bakdata.conquery.models.i18n.I18n) DatasetRegistry(com.bakdata.conquery.models.worker.DatasetRegistry) IdPrinter(com.bakdata.conquery.models.identifiable.mapping.IdPrinter) ResultInfo(com.bakdata.conquery.models.query.resultinfo.ResultInfo) Namespace(com.bakdata.conquery.models.worker.Namespace) Dataset(com.bakdata.conquery.models.datasets.Dataset) PrintSettings(com.bakdata.conquery.models.query.PrintSettings) StreamingOutput(javax.ws.rs.core.StreamingOutput) SingleTableResult(com.bakdata.conquery.models.query.SingleTableResult) ManagedExecution(com.bakdata.conquery.models.execution.ManagedExecution) Namespace(com.bakdata.conquery.models.worker.Namespace)

Example 3 with Subject

use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.

the class ConqueryAuthenticator method authenticate.

/**
 * The execeptions thrown by Shiro will be catched by {@link AuthenticationExceptionMapper}.
 */
@Override
public Optional<Subject> authenticate(AuthenticationToken token) {
    // Submit the token to Shiro (to all realms that were registered)
    ConqueryAuthenticationInfo info = (ConqueryAuthenticationInfo) SecurityUtils.getSecurityManager().authenticate(token);
    // Extract
    Subject subject = info.getPrincipals().oneByType(Subject.class);
    // If the subject was present, all further authorization can now be performed on the subject object
    log.trace("Using subject {} for further authorization", subject);
    ConqueryMDC.setLocation(subject.getId().toString());
    subject.setAuthenticationInfo(info);
    return Optional.of(subject);
}
Also used : Subject(com.bakdata.conquery.models.auth.entities.Subject)

Example 4 with Subject

use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.

the class ConqueryAuthorizationRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    Objects.requireNonNull(principals, "No principal info was provided");
    Subject subject = principals.oneByType(Subject.class);
    SimpleAuthorizationInfo info = new ConqueryAuthorizationInfo();
    info.addObjectPermissions(Collections.unmodifiableSet(subject.getUser().getEffectivePermissions()));
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) Subject(com.bakdata.conquery.models.auth.entities.Subject)

Example 5 with Subject

use of com.bakdata.conquery.models.auth.entities.Subject in project conquery by bakdata.

the class AdminResource method getQueries.

@GET
@Path("/queries")
public FullExecutionStatus[] getQueries(@Auth Subject currentUser, @QueryParam("limit") OptionalLong limit, @QueryParam("since") Optional<String> since) {
    final MetaStorage storage = processor.getStorage();
    final DatasetRegistry datasetRegistry = processor.getDatasetRegistry();
    return storage.getAllExecutions().stream().map(t -> {
        try {
            return t.buildStatusFull(storage, currentUser, datasetRegistry, processor.getConfig());
        } catch (ConqueryError e) {
            // Initialization of execution probably failed, so we construct a status based on the overview status
            final FullExecutionStatus fullExecutionStatus = new FullExecutionStatus();
            t.setStatusBase(currentUser, fullExecutionStatus);
            fullExecutionStatus.setStatus(ExecutionState.FAILED);
            fullExecutionStatus.setError(e);
            return fullExecutionStatus;
        }
    }).filter(t -> t.getCreatedAt().toLocalDate().isEqual(since.map(LocalDate::parse).orElse(LocalDate.now()))).limit(limit.orElse(100)).toArray(FullExecutionStatus[]::new);
}
Also used : PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ExecutionState(com.bakdata.conquery.models.execution.ExecutionState) JobManagerStatus(com.bakdata.conquery.models.jobs.JobManagerStatus) Path(javax.ws.rs.Path) Subject(com.bakdata.conquery.models.auth.entities.Subject) JOB_ID(com.bakdata.conquery.resources.ResourceConstants.JOB_ID) Auth(io.dropwizard.auth.Auth) NewCookie(javax.ws.rs.core.NewCookie) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) Inject(javax.inject.Inject) OptionalLong(java.util.OptionalLong) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) UriBuilder(javax.ws.rs.core.UriBuilder) AdminUIResource(com.bakdata.conquery.resources.admin.ui.AdminUIResource) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) ImmutableMap(com.google.common.collect.ImmutableMap) AuthenticationConfig(com.bakdata.conquery.models.config.auth.AuthenticationConfig) UUID(java.util.UUID) ConqueryError(com.bakdata.conquery.models.error.ConqueryError) ExtraMimeTypes(com.bakdata.conquery.io.jersey.ExtraMimeTypes) Objects(java.util.Objects) CancelJobMessage(com.bakdata.conquery.models.messages.network.specific.CancelJobMessage) Response(javax.ws.rs.core.Response) LocalDate(java.time.LocalDate) FullExecutionStatus(com.bakdata.conquery.apiv1.FullExecutionStatus) ShardNodeInformation(com.bakdata.conquery.models.worker.ShardNodeInformation) Optional(java.util.Optional) DatasetRegistry(com.bakdata.conquery.models.worker.DatasetRegistry) MetaStorage(com.bakdata.conquery.io.storage.MetaStorage) ConqueryError(com.bakdata.conquery.models.error.ConqueryError) MetaStorage(com.bakdata.conquery.io.storage.MetaStorage) DatasetRegistry(com.bakdata.conquery.models.worker.DatasetRegistry) FullExecutionStatus(com.bakdata.conquery.apiv1.FullExecutionStatus) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

Subject (com.bakdata.conquery.models.auth.entities.Subject)7 DatasetRegistry (com.bakdata.conquery.models.worker.DatasetRegistry)5 Response (javax.ws.rs.core.Response)5 Ability (com.bakdata.conquery.models.auth.permissions.Ability)4 ConqueryConfig (com.bakdata.conquery.models.config.ConqueryConfig)4 Dataset (com.bakdata.conquery.models.datasets.Dataset)4 ManagedExecution (com.bakdata.conquery.models.execution.ManagedExecution)4 Namespace (com.bakdata.conquery.models.worker.Namespace)4 ResultUtil (com.bakdata.conquery.io.result.ResultUtil)3 ResultUtil.makeResponseWithFileName (com.bakdata.conquery.io.result.ResultUtil.makeResponseWithFileName)3 I18n (com.bakdata.conquery.models.i18n.I18n)3 IdPrinter (com.bakdata.conquery.models.identifiable.mapping.IdPrinter)3 PrintSettings (com.bakdata.conquery.models.query.PrintSettings)3 SingleTableResult (com.bakdata.conquery.models.query.SingleTableResult)3 MediaType (javax.ws.rs.core.MediaType)3 MetaStorage (com.bakdata.conquery.io.storage.MetaStorage)2 AuthorizationHelper.authorizeDownloadDatasets (com.bakdata.conquery.models.auth.AuthorizationHelper.authorizeDownloadDatasets)2 ExecutionState (com.bakdata.conquery.models.execution.ExecutionState)2 DatasetId (com.bakdata.conquery.models.identifiable.ids.specific.DatasetId)2 ManagedQuery (com.bakdata.conquery.models.query.ManagedQuery)2