Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 66 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class ObjectVirtualPoolService method getMatchingPoolsForVirtualPoolAttributes.

/**
 * Return the matching pools for a given set of VirtualPool attributes.
 * This API is useful for user to find the matching pools before creating a VirtualPool.
 *
 * @param param : VirtualPoolAttributeParam
 * @brief List pools matching specified properties in Object store VirtualPool
 * @return : matching pools.
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/matching-pools")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public StoragePoolList getMatchingPoolsForVirtualPoolAttributes(ObjectVirtualPoolParam param) {
    StoragePoolList poolList = new StoragePoolList();
    VirtualPool vpool = prepareVirtualPool(param);
    List<URI> poolURIs = _dbClient.queryByType(StoragePool.class, true);
    List<StoragePool> allPools = _dbClient.queryObject(StoragePool.class, poolURIs);
    StringBuffer errorMessage = new StringBuffer();
    List<StoragePool> matchedPools = ImplicitPoolMatcher.getMatchedPoolWithStoragePools(vpool, allPools, null, null, null, _dbClient, _coordinator, AttributeMatcher.VPOOL_MATCHERS, errorMessage);
    for (StoragePool pool : matchedPools) {
        poolList.getPools().add(toNamedRelatedResource(pool, pool.getNativeGuid()));
    }
    return poolList;
}

Example 67 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class ProjectService method updateProject.

/**
 * Update info for project including project name and owner
 *
 * @param projectUpdate Project update parameters
 * @param id the URN of a ViPR Project
 * @prereq none
 * @brief Update project
 * @return No data returned in response body
 */
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN })
public Response updateProject(@PathParam("id") URI id, ProjectUpdateParam projectUpdate) {
    Project project = getProjectById(id, true);
    if (null != projectUpdate.getName() && !projectUpdate.getName().isEmpty() && !project.getLabel().equalsIgnoreCase(projectUpdate.getName())) {
        // check if any filepolicies are assigned to project
        if ((project.getFilePolicies() != null) && !(project.getFilePolicies().isEmpty())) {
            _log.error(String.format("Failed to update the name of project %s as a policy is assigned", project.getLabel()));
            throw APIException.badRequests.cannotUpdateProjectNameAssignedFilePolicy(project.getLabel());
        }
        checkForDuplicateName(projectUpdate.getName(), Project.class, project.getTenantOrg().getURI(), "tenantOrg", _dbClient);
        project.setLabel(projectUpdate.getName());
        NamedURI tenant = project.getTenantOrg();
        if (tenant != null) {
            tenant.setName(projectUpdate.getName());
            project.setTenantOrg(tenant);
        }
    }
    if (null != projectUpdate.getOwner() && !projectUpdate.getOwner().isEmpty() && !projectUpdate.getOwner().equalsIgnoreCase(project.getOwner())) {
        StringBuilder error = new StringBuilder();
        if (!Validator.isValidPrincipal(new StorageOSPrincipal(projectUpdate.getOwner(), StorageOSPrincipal.Type.User), project.getTenantOrg().getURI(), error)) {
            throw APIException.forbidden.specifiedOwnerIsNotValidForProjectTenant(error.toString());
        }
        // in GEO scenario, root can't be assigned as project owner
        boolean isRootInGeo = (projectUpdate.getOwner().equalsIgnoreCase("root") && !VdcUtil.isLocalVdcSingleSite());
        if (isRootInGeo) {
            throw APIException.forbidden.specifiedOwnerIsNotValidForProjectTenant("in GEO scenario, root can't be assigned as project owner");
        }
        // set owner acl
        project.removeAcl(new PermissionsKey(PermissionsKey.Type.SID, project.getOwner(), project.getTenantOrg().getURI()).toString(), ACL.OWN.toString());
        project.setOwner(projectUpdate.getOwner());
        // set owner acl
        project.addAcl(new PermissionsKey(PermissionsKey.Type.SID, project.getOwner(), project.getTenantOrg().getURI()).toString(), ACL.OWN.toString());
    }
    _dbClient.updateAndReindexObject(project);
    recordOperation(OperationTypeEnum.UPDATE_PROJECT, true, project);
    return Response.ok().build();
}

Example 68 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class ProjectService method updateQuota.

/**
 * Updates quota and available capacity before quota is exhausted
 *
 * @param id the URN of a ViPR Project.
 * @param param new values for the quota
 * @prereq none
 * @brief Update quota and available capacity
 * @return QuotaInfo Quota metrics.
 */
@PUT
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
@Path("/{id}/quota")
public QuotaInfo updateQuota(@PathParam("id") URI id, QuotaUpdateParam param) throws DatabaseException {
    Project project = getProjectById(id, true);
    project.setQuotaEnabled(param.getEnable());
    if (param.getEnable()) {
        long quota_gb = (param.getQuotaInGb() != null) ? param.getQuotaInGb() : project.getQuota();
        ArgValidator.checkFieldMinimum(quota_gb, 0, "quota_gb", "GB");
        // Verify that the quota of this project does not exit quota for its tenant
        TenantOrg tenant = _dbClient.queryObject(TenantOrg.class, project.getTenantOrg().getURI());
        if (tenant.getQuotaEnabled()) {
            long totalProjects = CapacityUtils.totalProjectQuota(_dbClient, tenant.getId()) - project.getQuota() + quota_gb;
            if (totalProjects > tenant.getQuota()) {
                throw APIException.badRequests.invalidParameterProjectQuotaInvalidatesTenantQuota(tenant.getQuota());
            }
        }
        project.setQuota(quota_gb);
    }
    _dbClient.persistObject(project);
    return getQuota(project);
}

Example 69 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class ProjectService method unassignVNasServersFromProject.

/**
 * Unassigns VNAS server from project.
 *
 * @param id the URN of a ViPR Project
 * @param param Assign virtual NAS server parameters
 * @prereq none
 * @brief Unassign VNAS servers from project
 * @return No data returned in response body
 * @throws BadRequestException
 */
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/unassign-vnas-servers")
@CheckPermission(roles = { Role.SYSTEM_ADMIN }, acls = { ACL.ALL, ACL.OWN })
public Response unassignVNasServersFromProject(@PathParam("id") URI id, VirtualNasParam param) {
    checkCompatibleVersion();
    Project project = getProjectById(id, true);
    Set<String> vNasIds = param.getVnasServers();
    if (vNasIds != null && !vNasIds.isEmpty()) {
        StringSet vnasServers = project.getAssignedVNasServers();
        if (!vnasServers.containsAll(vNasIds)) {
            throw APIException.badRequests.vNasServersNotAssociatedToProject();
        }
        if (vnasServers != null && !vnasServers.isEmpty()) {
            for (String vId : vNasIds) {
                URI vnasURI = URI.create(vId);
                VirtualNAS vnas = _permissionsHelper.getObjectById(vnasURI, VirtualNAS.class);
                ArgValidator.checkEntity(vnas, vnasURI, isIdEmbeddedInURL(vnasURI));
                if (vnasServers.contains(vId)) {
                    vnas.dissociateProject(id.toString());
                    _dbClient.updateObject(vnas);
                    project.getAssignedVNasServers().remove(vId);
                }
            }
            _dbClient.updateObject(project);
            _log.info("Successfully unassigned the VNAS servers from project : {} ", project.getLabel());
        } else {
            throw APIException.badRequests.noVNasServersAssociatedToProject(project.getLabel());
        }
    } else {
        throw APIException.badRequests.invalidEntryForProjectVNAS();
    }
    return Response.ok().build();
}

Example 70 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class ProtectionSystemService method getProtectionSystems.

/**
 * Gets the id, name, and self link for all registered protection systems.
 *
 * @brief List protection systems
 * @return A reference to a ProtectionSystemList.
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public ProtectionSystemList getProtectionSystems() {
    ProtectionSystemList systemsList = new ProtectionSystemList();
    ProtectionSystem system = null;
    List<URI> ids = _dbClient.queryByType(ProtectionSystem.class, true);
    for (URI id : ids) {
        system = _dbClient.queryObject(ProtectionSystem.class, id);
        if (system != null && RegistrationStatus.REGISTERED.toString().equalsIgnoreCase(system.getRegistrationStatus())) {
            systemsList.getSystems().add(toNamedRelatedResource(system));
        }
    }
    return systemsList;
}