Examples with StorageOSUser com.emc.storageos.security.authentication.StorageOSUser used on opensource projects

Search in sources :

Example 81 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class FilePolicyService method canAccessFilePolicy.

private boolean canAccessFilePolicy(FilePolicy filePolicy) {
    StringSet tenants = filePolicy.getTenantOrg();
    if (tenants == null || tenants.isEmpty()) {
        return true;
    }
    if (isSystemAdmin()) {
        return true;
    }
    StorageOSUser user = getUserFromContext();
    String userTenantId = user.getTenantId();
    return tenants.contains(userTenantId);
}
Also used : StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) StringSet(com.emc.storageos.db.client.model.StringSet)

Example 82 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class FilePolicyService method getFilePoliciesForGivenUser.

protected FilePolicyListRestRep getFilePoliciesForGivenUser() {
    FilePolicyListRestRep filePolicyList = new FilePolicyListRestRep();
    List<URI> ids = _dbClient.queryByType(FilePolicy.class, true);
    List<FilePolicy> filePolicies = _dbClient.queryObject(FilePolicy.class, ids);
    StorageOSUser user = getUserFromContext();
    // else only return the list, which input tenant has access.
    if (_permissionsHelper.userHasGivenRole(user, null, Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR)) {
        for (FilePolicy filePolicy : filePolicies) {
            filePolicyList.add(toNamedRelatedResource(filePolicy, filePolicy.getFilePolicyName()));
        }
    } else {
        // otherwise, filter by only authorized to use
        URI tenant = null;
        tenant = URI.create(user.getTenantId());
        Set<FilePolicy> policySet = new HashSet<FilePolicy>();
        for (FilePolicy filePolicy : filePolicies) {
            if (_permissionsHelper.tenantHasUsageACL(tenant, filePolicy)) {
                policySet.add(filePolicy);
            }
        }
        // Also adding vpools which sub-tenants of the user have access to.
        List<URI> subtenants = _permissionsHelper.getSubtenantsWithRoles(user);
        for (FilePolicy filePolicy : filePolicies) {
            if (_permissionsHelper.tenantHasUsageACL(subtenants, filePolicy)) {
                policySet.add(filePolicy);
            }
        }
        for (FilePolicy filePolicy : policySet) {
            filePolicyList.add(toNamedRelatedResource(filePolicy, filePolicy.getFilePolicyName()));
        }
    }
    return filePolicyList;
}
Also used : FilePolicy(com.emc.storageos.db.client.model.FilePolicy) MapFilePolicy(com.emc.storageos.api.mapper.functions.MapFilePolicy) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) FilePolicyListRestRep(com.emc.storageos.model.file.policy.FilePolicyListRestRep) URI(java.net.URI) HashSet(java.util.HashSet)

Example 83 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class FilePolicyService method unassignFilePolicy.

/**
 * Unassign File Policy
 *
 * @param id
 *            of the file policy.
 * @param FilePolicyUnAssignParam
 * @brief Unassign file policy from vpool, project, file system
 * @return TaskResourceRep
 */
@POST
@Path("/{id}/unassign-policy")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.TENANT_ADMIN })
public TaskResourceRep unassignFilePolicy(@PathParam("id") URI id, FilePolicyUnAssignParam param) {
    _log.info("Unassign File Policy :{}  request received.", id);
    String task = UUID.randomUUID().toString();
    ArgValidator.checkFieldUriType(id, FilePolicy.class, "id");
    FilePolicy filepolicy = this._dbClient.queryObject(FilePolicy.class, id);
    ArgValidator.checkEntity(filepolicy, id, true);
    StringBuilder errorMsg = new StringBuilder();
    Operation op = _dbClient.createTaskOpStatus(FilePolicy.class, filepolicy.getId(), task, ResourceOperationTypeEnum.UNASSIGN_FILE_POLICY);
    op.setDescription("unassign File Policy from resources ");
    // As the action done by tenant/system admin
    // Set corresponding tenant uri as task's tenant!!!
    Task taskObj = op.getTask(filepolicy.getId());
    StorageOSUser user = getUserFromContext();
    URI userTenantUri = URI.create(user.getTenantId());
    FilePolicyServiceUtils.updateTaskTenant(_dbClient, filepolicy, "unassign", taskObj, userTenantUri);
    if (filepolicy.getAssignedResources() == null || filepolicy.getAssignedResources().isEmpty()) {
        _log.info("File Policy: " + id + " doesn't have any assigned resources.");
        _dbClient.ready(FilePolicy.class, filepolicy.getId(), task);
        return toTask(filepolicy, task, op);
    }
    ArgValidator.checkFieldNotNull(param.getUnassignfrom(), "unassign_from");
    Set<URI> unassignFrom = param.getUnassignfrom();
    if (unassignFrom != null) {
        for (URI uri : unassignFrom) {
            canUserUnAssignPolicyAtGivenLevel(filepolicy, uri);
            if (!filepolicy.getAssignedResources().contains(uri.toString())) {
                errorMsg.append("Provided resource URI is either being not assigned to the file policy:" + filepolicy.getId() + " or it is a invalid URI");
                _log.error(errorMsg.toString());
                throw APIException.badRequests.invalidFilePolicyUnAssignParam(filepolicy.getFilePolicyName(), errorMsg.toString());
            }
        }
    }
    FileOrchestrationController controller = getController(FileOrchestrationController.class, FileOrchestrationController.FILE_ORCHESTRATION_DEVICE);
    try {
        controller.unassignFilePolicy(filepolicy.getId(), unassignFrom, task);
        auditOp(OperationTypeEnum.UNASSIGN_FILE_POLICY, true, "BEGIN", filepolicy.getId().toString(), filepolicy.getLabel());
    } catch (BadRequestException e) {
        op = _dbClient.error(FilePolicy.class, filepolicy.getId(), task, e);
        _log.error("Error Unassigning File policy {}, {}", e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        _log.error("Error Unassigning Files Policy {}, {}", e.getMessage(), e);
        throw APIException.badRequests.unableToProcessRequest(e.getMessage());
    }
    return toTask(filepolicy, task, op);
}
Also used : Task(com.emc.storageos.db.client.model.Task) TaskMapper.toTask(com.emc.storageos.api.mapper.TaskMapper.toTask) FilePolicy(com.emc.storageos.db.client.model.FilePolicy) MapFilePolicy(com.emc.storageos.api.mapper.functions.MapFilePolicy) FileOrchestrationController(com.emc.storageos.fileorchestrationcontroller.FileOrchestrationController) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException) Operation(com.emc.storageos.db.client.model.Operation) URI(java.net.URI) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 84 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class SnapshotService method querySnapshotResource.

protected BlockObject querySnapshotResource(URI id) {
    StorageOSUser user = getUserFromContext();
    URI vipr_tenantId = URI.create(user.getTenantId());
    URIQueryResultList uris = new URIQueryResultList();
    _dbClient.queryByConstraint(PrefixConstraint.Factory.getTagsPrefixConstraint(BlockSnapshot.class, id.toString(), vipr_tenantId), uris);
    for (URI snapUri : uris) {
        BlockSnapshot snap = _dbClient.queryObject(BlockSnapshot.class, snapUri);
        if (snap != null && isAuthorized(snapUri))
            return snap;
    }
    return null;
}
Also used : StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) BlockSnapshot(com.emc.storageos.db.client.model.BlockSnapshot) URI(java.net.URI) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList)

Example 85 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class VolumeService method verifyUserCanModifyVolume.

protected void verifyUserCanModifyVolume(Volume vol) {
    StorageOSUser user = getUserFromContext();
    URI projectId = vol.getProject().getURI();
    if (!(_permissionsHelper.userHasGivenRole(user, vol.getTenant().getURI(), Role.TENANT_ADMIN) || _permissionsHelper.userHasGivenACL(user, projectId, ACL.OWN, ACL.ALL))) {
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
}
Also used : StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) URI(java.net.URI)

Aggregations

StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)105 Produces (javax.ws.rs.Produces)59 Path (javax.ws.rs.Path)53 URI (java.net.URI)50 GET (javax.ws.rs.GET)36 CheckPermission (com.emc.storageos.security.authorization.CheckPermission)31 Consumes (javax.ws.rs.Consumes)24 POST (javax.ws.rs.POST)15 ArrayList (java.util.ArrayList)13 Order (com.emc.storageos.db.client.model.uimodels.Order)12 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)12 TenantOrg (com.emc.storageos.db.client.model.TenantOrg)11 NamedURI (com.emc.storageos.db.client.model.NamedURI)10 TaskResourceRep (com.emc.storageos.model.TaskResourceRep)10 PUT (javax.ws.rs.PUT)10 Operation (com.emc.storageos.db.client.model.Operation)9 VirtualPool (com.emc.storageos.db.client.model.VirtualPool)9 HashSet (java.util.HashSet)9 StringSet (com.emc.storageos.db.client.model.StringSet)8 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial