Example 26 with StorageOSUser
use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.
the class TenantsService method listSubTenants.
/**
* List subtenants
*
* @param id the URN of a ViPR Tenant
* @prereq none
* @brief List subtenants
* @return List of subtenants
*/
@GET
@Path("/{id}/subtenants")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public TenantOrgList listSubTenants(@PathParam("id") URI id) {
StorageOSUser user = getUserFromContext();
TenantOrg tenant = getTenantById(id, false);
TenantOrgList list = new TenantOrgList();
if (!TenantOrg.isRootTenant(tenant)) {
// no subtenants if not root tenant
throw APIException.methodNotAllowed.notSupportedForSubtenants();
}
NamedElementQueryResultList subtenants = new NamedElementQueryResultList();
if (_permissionsHelper.userHasGivenRole(user, tenant.getId(), Role.SYSTEM_MONITOR, Role.TENANT_ADMIN, Role.SECURITY_ADMIN, Role.SYSTEM_ADMIN)) {
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getTenantOrgSubTenantConstraint(tenant.getId()), subtenants);
} else {
// we will most likely not need indexing for tenants
// given the number of tenants is not going to be that many
Set<String> roles = new HashSet<String>();
roles.add(Role.TENANT_ADMIN.toString());
Map<URI, Set<String>> allTenantPermissions = _permissionsHelper.getAllPermissionsForUser(user, tenant.getId(), roles, true);
if (!allTenantPermissions.keySet().isEmpty()) {
List<TenantOrg> tenants = _dbClient.queryObjectField(TenantOrg.class, "label", new ArrayList<URI>(allTenantPermissions.keySet()));
List<NamedElementQueryResultList.NamedElement> elements = new ArrayList<NamedElementQueryResultList.NamedElement>(tenants.size());
for (TenantOrg t : tenants) {
elements.add(NamedElementQueryResultList.NamedElement.createElement(t.getId(), t.getLabel()));
}
subtenants.setResult(elements.iterator());
} else {
throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
}
}
for (NamedElementQueryResultList.NamedElement el : subtenants) {
list.getSubtenants().add(toNamedRelatedResource(ResourceTypeEnum.TENANT, el.getId(), el.getName()));
}
return list;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AbstractChangeTrackingSet(com.emc.storageos.db.client.model.AbstractChangeTrackingSet)
StringSet(com.emc.storageos.db.client.model.StringSet)
ArrayList(java.util.ArrayList)
NamedURI(com.emc.storageos.db.client.model.NamedURI)
URI(java.net.URI)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
TenantOrg(com.emc.storageos.db.client.model.TenantOrg)
TenantOrgList(com.emc.storageos.model.tenant.TenantOrgList)
NamedElementQueryResultList(com.emc.storageos.db.client.constraint.NamedElementQueryResultList)
HashSet(java.util.HashSet)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 27 with StorageOSUser
use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.
the class TenantsService method getSchedulePolicies.
/**
* Gets the policyIds, policyNames and self links for all schedule policies.
*
* @param id the URN of a CoprHD Tenant/Subtenant
* @brief List schedule policies
* @return policyList - A SchedulePolicyList reference specifying the policyIds, name and self links for
* the schedule policies.
*/
@GET
@Path("/{id}/schedule-policies")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN, Role.PROJECT_ADMIN })
public SchedulePolicyList getSchedulePolicies(@PathParam("id") URI id) {
TenantOrg tenant = getTenantById(id, false);
StorageOSUser user = getUserFromContext();
NamedElementQueryResultList schedulePolicies = new NamedElementQueryResultList();
if (_permissionsHelper.userHasGivenRole(user, tenant.getId(), Role.SYSTEM_MONITOR, Role.TENANT_ADMIN, Role.SECURITY_ADMIN)) {
// list all schedule policies
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getTenantOrgSchedulePolicyConstraint(tenant.getId()), schedulePolicies);
} else {
// list only schedule policies that the user has access to
if (!id.equals(URI.create(user.getTenantId()))) {
throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
}
Map<URI, Set<String>> allMySchedulePolicies = _permissionsHelper.getAllPermissionsForUser(user, tenant.getId(), null, false);
if (!allMySchedulePolicies.keySet().isEmpty()) {
List<SchedulePolicy> policyList = _dbClient.queryObjectField(SchedulePolicy.class, "label", new ArrayList<URI>(allMySchedulePolicies.keySet()));
List<NamedElementQueryResultList.NamedElement> elements = new ArrayList<NamedElementQueryResultList.NamedElement>(policyList.size());
for (SchedulePolicy policy : policyList) {
elements.add(NamedElementQueryResultList.NamedElement.createElement(policy.getId(), policy.getLabel()));
}
schedulePolicies.setResult(elements.iterator());
} else {
// empty list
schedulePolicies.setResult(new ArrayList<NamedElementQueryResultList.NamedElement>().iterator());
}
}
SchedulePolicyList policyList = new SchedulePolicyList();
for (NamedElementQueryResultList.NamedElement el : schedulePolicies) {
policyList.getSchdulePolicies().add(toNamedRelatedResource(ResourceTypeEnum.SCHEDULE_POLICY, el.getId(), el.getName()));
}
return policyList;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AbstractChangeTrackingSet(com.emc.storageos.db.client.model.AbstractChangeTrackingSet)
StringSet(com.emc.storageos.db.client.model.StringSet)
ArrayList(java.util.ArrayList)
NamedURI(com.emc.storageos.db.client.model.NamedURI)
URI(java.net.URI)
SchedulePolicyList(com.emc.storageos.model.schedulepolicy.SchedulePolicyList)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
TenantOrg(com.emc.storageos.db.client.model.TenantOrg)
NamedElementQueryResultList(com.emc.storageos.db.client.constraint.NamedElementQueryResultList)
SchedulePolicy(com.emc.storageos.db.client.model.SchedulePolicy)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
CheckPermission(com.emc.storageos.security.authorization.CheckPermission)
Example 28 with StorageOSUser
use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.
the class TenantsService method listProjects.
/**
* List projects the user is authorized to see
*
* @param id the URN of a ViPR Tenant/Subtenant
* @prereq none
* @brief List projects
* @return List of projects
*/
@GET
@Path("/{id}/projects")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ProjectList listProjects(@PathParam("id") URI id) {
TenantOrg tenant = getTenantById(id, false);
StorageOSUser user = getUserFromContext();
NamedElementQueryResultList projects = new NamedElementQueryResultList();
if (_permissionsHelper.userHasGivenRole(user, tenant.getId(), Role.SYSTEM_MONITOR, Role.TENANT_ADMIN, Role.SECURITY_ADMIN)) {
// list all
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getTenantOrgProjectConstraint(tenant.getId()), projects);
} else {
// list only projects that the user has access to
if (!id.equals(URI.create(user.getTenantId()))) {
throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
}
Map<URI, Set<String>> allMyProjects = _permissionsHelper.getAllPermissionsForUser(user, tenant.getId(), null, false);
if (!allMyProjects.keySet().isEmpty()) {
List<Project> project_list = _dbClient.queryObjectField(Project.class, "label", new ArrayList<URI>(allMyProjects.keySet()));
List<NamedElementQueryResultList.NamedElement> elements = new ArrayList<NamedElementQueryResultList.NamedElement>(project_list.size());
for (Project p : project_list) {
elements.add(NamedElementQueryResultList.NamedElement.createElement(p.getId(), p.getLabel()));
}
projects.setResult(elements.iterator());
} else {
// empty list
projects.setResult(new ArrayList<NamedElementQueryResultList.NamedElement>().iterator());
}
}
ProjectList list = new ProjectList();
for (NamedElementQueryResultList.NamedElement el : projects) {
list.getProjects().add(toNamedRelatedResource(ResourceTypeEnum.PROJECT, el.getId(), el.getName()));
}
return list;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AbstractChangeTrackingSet(com.emc.storageos.db.client.model.AbstractChangeTrackingSet)
StringSet(com.emc.storageos.db.client.model.StringSet)
ArrayList(java.util.ArrayList)
NamedURI(com.emc.storageos.db.client.model.NamedURI)
URI(java.net.URI)
Project(com.emc.storageos.db.client.model.Project)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
ProjectList(com.emc.storageos.model.project.ProjectList)
TenantOrg(com.emc.storageos.db.client.model.TenantOrg)
NamedElementQueryResultList(com.emc.storageos.db.client.constraint.NamedElementQueryResultList)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 29 with StorageOSUser
use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.
the class UserInfoPage method getMyInfo.
/**
* This call returns the list of tenants that the user maps to including the details of the mappings.
* It also returns a list of the virtual data center roles and tenant roles assigned to this user.
*
* @brief Show my Tenant and assigned roles
* @prereq none
* @return List of tenants user mappings,VDC role and tenant role of the user.
*/
@GET
@Path("/whoami")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public UserInfo getMyInfo() {
Principal principal = sc.getUserPrincipal();
if (!(principal instanceof StorageOSUser)) {
throw APIException.forbidden.invalidSecurityContext();
}
StorageOSUser user = (StorageOSUser) principal;
UserInfo info = new UserInfo();
info.setCommonName(user.getName());
// To Do - fix Distinguished name - for now setting it to name
info.setDistinguishedName(user.getName());
info.setTenant(user.getTenantId());
info.setTenantName(_permissionsHelper.getTenantNameByID(user.getTenantId()));
info.setVdcRoles(new ArrayList<String>());
info.setHomeTenantRoles(new ArrayList<String>());
info.setSubTenantRoles(new ArrayList<SubTenantRoles>());
// special check: root in geo scenario
boolean isLocalVdcSingleSite = VdcUtil.isLocalVdcSingleSite();
boolean isRootInGeo = user.getName().equalsIgnoreCase("root") && (!isLocalVdcSingleSite);
// add Vdc Roles
if (user.getRoles() != null) {
for (String role : user.getRoles()) {
// geo scenario, return RESTRICTED_*_ADMIN for root, instead of *_ADMIN
if (isRootInGeo) {
if (role.equalsIgnoreCase(Role.SYSTEM_ADMIN.toString())) {
role = Role.RESTRICTED_SYSTEM_ADMIN.toString();
}
if (role.equalsIgnoreCase(Role.SECURITY_ADMIN.toString())) {
role = Role.RESTRICTED_SECURITY_ADMIN.toString();
}
}
info.getVdcRoles().add(role);
}
}
// geo scenario, skip adding tenant roles for root
if (isRootInGeo) {
return info;
}
try {
Set<String> tenantRoles = _permissionsHelper.getTenantRolesForUser(user, URI.create(user.getTenantId()), false);
if (tenantRoles != null) {
for (String role : tenantRoles) {
info.getHomeTenantRoles().add(role);
}
}
Map<String, Collection<String>> subTenantRoles = _permissionsHelper.getSubtenantRolesForUser(user);
if (subTenantRoles != null) {
for (Entry<String, Collection<String>> entry : subTenantRoles.entrySet()) {
SubTenantRoles subRoles = new SubTenantRoles();
subRoles.setTenant(entry.getKey());
subRoles.setTenantName(_permissionsHelper.getTenantNameByID(entry.getKey()));
subRoles.setRoles(new ArrayList<String>(entry.getValue()));
info.getSubTenantRoles().add(subRoles);
}
}
} catch (DatabaseException ex) {
throw SecurityException.fatals.failedReadingTenantRoles(ex);
}
return info;
}
Also used :
UserInfo(com.emc.storageos.model.user.UserInfo)
SubTenantRoles(com.emc.storageos.model.user.SubTenantRoles)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
Principal(java.security.Principal)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 30 with StorageOSUser
use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.
the class PasswordServiceTest method createLocalUsers.
private Map<String, StorageOSUser> createLocalUsers() {
Map<String, StorageOSUser> locals = new HashMap<String, StorageOSUser>();
locals.put(LOCAL_ROOT, new StorageOSUser(LOCAL_ROOT, ""));
locals.put(LOCAL_PROXYUSER, new StorageOSUser(LOCAL_PROXYUSER, ""));
return locals;
}
Also used :
HashMap(java.util.HashMap)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
Aggregations
StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)105
Produces (javax.ws.rs.Produces)59
Path (javax.ws.rs.Path)53
URI (java.net.URI)50
GET (javax.ws.rs.GET)36
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)31
Consumes (javax.ws.rs.Consumes)24
POST (javax.ws.rs.POST)15
ArrayList (java.util.ArrayList)13
Order (com.emc.storageos.db.client.model.uimodels.Order)12
APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)12
TenantOrg (com.emc.storageos.db.client.model.TenantOrg)11
NamedURI (com.emc.storageos.db.client.model.NamedURI)10
TaskResourceRep (com.emc.storageos.model.TaskResourceRep)10
PUT (javax.ws.rs.PUT)10
Operation (com.emc.storageos.db.client.model.Operation)9
VirtualPool (com.emc.storageos.db.client.model.VirtualPool)9
HashSet (java.util.HashSet)9
StringSet (com.emc.storageos.db.client.model.StringSet)8
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)8
