Example 11 with ACLEntry
use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method getUsageURIsFromAclEntries.
/**
* Gets the USE URIs from the list of ACLEntry.
*
* @param aclEntries to be used to fetch the usage URIs.
* @return a set of URIs retrived from the acls.
*/
public static Set<URI> getUsageURIsFromAclEntries(List<ACLEntry> aclEntries) {
Set<URI> tenantUris = new HashSet<URI>();
if (CollectionUtils.isEmpty(aclEntries)) {
return tenantUris;
}
Iterator<ACLEntry> aclEntryIt = aclEntries.iterator();
while (aclEntryIt.hasNext()) {
ACLEntry aclEntry = aclEntryIt.next();
if (!CollectionUtils.isEmpty(aclEntry.getAces())) {
tenantUris.add(URI.create(aclEntry.getTenant()));
}
}
return tenantUris;
}Example 12 with ACLEntry
use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method convertToACLEntries.
/**
* Converts StringSetMap of acls into a list of ACLEntry as used by the API
*
* @param acls to be converted into the ACLEntry list.
* @return the converted ACLEntry list.
*/
public static List<ACLEntry> convertToACLEntries(StringSetMap acls) {
List<ACLEntry> assignments = new ArrayList<ACLEntry>();
if (CollectionUtils.isEmpty(acls)) {
return assignments;
}
for (Map.Entry<String, AbstractChangeTrackingSet<String>> ace : acls.entrySet()) {
PermissionsKey rowKey = new PermissionsKey();
rowKey.parseFromString(ace.getKey());
ACLEntry entry = new ACLEntry();
if (rowKey.getType().equals(PermissionsKey.Type.GROUP)) {
entry.setGroup(rowKey.getValue());
} else if (rowKey.getType().equals(PermissionsKey.Type.SID)) {
entry.setSubjectId(rowKey.getValue());
} else if (rowKey.getType().equals(PermissionsKey.Type.TENANT)) {
entry.setTenant(rowKey.getValue());
}
for (String priv : ace.getValue()) {
// skip owner
if (priv.equalsIgnoreCase(ACL.OWN.toString())) {
continue;
}
entry.getAces().add(priv);
}
if (!entry.getAces().isEmpty()) {
assignments.add(entry);
}
}
return assignments;
}
Also used :
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
StringSetMap(com.emc.storageos.db.client.model.StringSetMap)
AbstractChangeTrackingSet(com.emc.storageos.db.client.model.AbstractChangeTrackingSet)
Example 13 with ACLEntry
use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method getUseAclEntry.
/**
* Get the USE ACLEntry for the tenant.
*
* @param tenantId to be used in the USE ACLEntry.
* @return the ACLEntry.
*/
public ACLEntry getUseAclEntry(String tenantId) {
ACLEntry aclEntry = new ACLEntry();
aclEntry.setTenant(tenantId);
aclEntry.getAces().add(ACL.USE.name());
return aclEntry;
}
Also used :
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
Example 14 with ACLEntry
use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class CatalogCategoryService method hasAccess.
/**
* check if specified acls permission user to access
*
* @param storageOSUser
* @param acls
* @return
*/
private boolean hasAccess(StorageOSUser storageOSUser, StringSetMap acls) {
// no acl set
if (acls == null || acls.isEmpty()) {
log.debug("acls is empty, pass");
return true;
}
// acl is not empty, check if the user is allowed.
List<ACLEntry> aclEntries = _permissionsHelper.convertToACLEntries(acls);
String username = storageOSUser.getName();
for (ACLEntry entry : aclEntries) {
if (entry.getSubjectId() != null && entry.getSubjectId().equalsIgnoreCase(username)) {
log.debug("has acls contain subjectId for current user: " + username);
return true;
} else if (entry.getGroup() != null) {
for (String group : storageOSUser.getGroups()) {
if (group.equalsIgnoreCase(entry.getGroup())) {
log.debug("has acls contain group for current user: " + entry.getGroup());
return true;
}
}
} else {
continue;
}
}
// acl is set, but user
log.debug("has acls, but current user is not in them: " + username);
return false;
}
Also used :
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
Example 15 with ACLEntry
use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class ACLUtils method updateACLs.
public static void updateACLs(ACLResources aclResource, URI id, List<AclEntryForm> aclEntries) {
if (aclResource != null) {
List<ACLEntry> currentAcls = aclResource.getACLs(id);
List<ACLEntry> addACLs = AclEntryForm.getAddedAcls(currentAcls, aclEntries);
List<ACLEntry> removeACLs = AclEntryForm.getRemovedAcls(currentAcls, aclEntries);
ACLAssignmentChanges aclChanges = new ACLAssignmentChanges(addACLs, removeACLs);
aclResource.updateACLs(id, aclChanges);
}
}
Also used :
ACLAssignmentChanges(com.emc.storageos.model.auth.ACLAssignmentChanges)
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
Aggregations
ACLEntry (com.emc.storageos.model.auth.ACLEntry)21
ACLAssignmentChanges (com.emc.storageos.model.auth.ACLAssignmentChanges)6
ClientResponse (com.sun.jersey.api.client.ClientResponse)4
URI (java.net.URI)4
ArrayList (java.util.ArrayList)4
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)3
HashSet (java.util.HashSet)3
ACLAssignments (com.emc.storageos.model.auth.ACLAssignments)2
ProjectParam (com.emc.storageos.model.project.ProjectParam)2
BlockVirtualPoolParam (com.emc.storageos.model.vpool.BlockVirtualPoolParam)2
BlockVirtualPoolRestRep (com.emc.storageos.model.vpool.BlockVirtualPoolRestRep)2
FileVirtualPoolParam (com.emc.storageos.model.vpool.FileVirtualPoolParam)2
AbstractChangeTrackingSet (com.emc.storageos.db.client.model.AbstractChangeTrackingSet)1
NamedURI (com.emc.storageos.db.client.model.NamedURI)1
StringSet (com.emc.storageos.db.client.model.StringSet)1
StringSetMap (com.emc.storageos.db.client.model.StringSetMap)1
NamedRelatedResourceRep (com.emc.storageos.model.NamedRelatedResourceRep)1
TagAssignment (com.emc.storageos.model.TagAssignment)1
ProjectElement (com.emc.storageos.model.project.ProjectElement)1
ProjectUpdateParam (com.emc.storageos.model.project.ProjectUpdateParam)1
