Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 36 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class TenantsService method createVcenter.

/**
 * Creates a new vCenter for the tenant organization. Discovery is initiated
 * after the vCenter is created.
 *
 * @param tid
 *            the tenant organization id
 * @param createParam
 *            the parameter that has the attributes of the vCenter to be created.
 * @prereq none
 * @brief Create tenant vCenter
 * @return the vCenter discovery async task.
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
@Path("/{id}/vcenters")
public TaskResourceRep createVcenter(@PathParam("id") URI tid, VcenterCreateParam createParam, @QueryParam("validate_connection") @DefaultValue("false") final Boolean validateConnection) {
    // This validates the tenant
    TenantOrg tenant = getTenantById(tid, true);
    VcenterService service = _vcenterService;
    // validates the create param and validation is successful then creates and persist the vcenter
    Vcenter vcenter = service.createNewTenantVcenter(tenant, createParam, validateConnection);
    vcenter.setRegistrationStatus(RegistrationStatus.REGISTERED.toString());
    _dbClient.createObject(vcenter);
    recordTenantResourceOperation(OperationTypeEnum.CREATE_VCENTER, tid, vcenter);
    return service.doDiscoverVcenter(vcenter);
}

Example 37 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class TenantsService method getSchedulePolicies.

/**
 * Gets the policyIds, policyNames and self links for all schedule policies.
 *
 * @param id the URN of a CoprHD Tenant/Subtenant
 * @brief List schedule policies
 * @return policyList - A SchedulePolicyList reference specifying the policyIds, name and self links for
 *         the schedule policies.
 */
@GET
@Path("/{id}/schedule-policies")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN, Role.PROJECT_ADMIN })
public SchedulePolicyList getSchedulePolicies(@PathParam("id") URI id) {
    TenantOrg tenant = getTenantById(id, false);
    StorageOSUser user = getUserFromContext();
    NamedElementQueryResultList schedulePolicies = new NamedElementQueryResultList();
    if (_permissionsHelper.userHasGivenRole(user, tenant.getId(), Role.SYSTEM_MONITOR, Role.TENANT_ADMIN, Role.SECURITY_ADMIN)) {
        // list all schedule policies
        _dbClient.queryByConstraint(ContainmentConstraint.Factory.getTenantOrgSchedulePolicyConstraint(tenant.getId()), schedulePolicies);
    } else {
        // list only schedule policies that the user has access to
        if (!id.equals(URI.create(user.getTenantId()))) {
            throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
        }
        Map<URI, Set<String>> allMySchedulePolicies = _permissionsHelper.getAllPermissionsForUser(user, tenant.getId(), null, false);
        if (!allMySchedulePolicies.keySet().isEmpty()) {
            List<SchedulePolicy> policyList = _dbClient.queryObjectField(SchedulePolicy.class, "label", new ArrayList<URI>(allMySchedulePolicies.keySet()));
            List<NamedElementQueryResultList.NamedElement> elements = new ArrayList<NamedElementQueryResultList.NamedElement>(policyList.size());
            for (SchedulePolicy policy : policyList) {
                elements.add(NamedElementQueryResultList.NamedElement.createElement(policy.getId(), policy.getLabel()));
            }
            schedulePolicies.setResult(elements.iterator());
        } else {
            // empty list
            schedulePolicies.setResult(new ArrayList<NamedElementQueryResultList.NamedElement>().iterator());
        }
    }
    SchedulePolicyList policyList = new SchedulePolicyList();
    for (NamedElementQueryResultList.NamedElement el : schedulePolicies) {
        policyList.getSchdulePolicies().add(toNamedRelatedResource(ResourceTypeEnum.SCHEDULE_POLICY, el.getId(), el.getName()));
    }
    return policyList;
}

Example 38 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class TenantsService method updateRoleAssignments.

/**
 * Add or remove individual role assignments
 *
 * @param changes Role Assignment changes
 * @param id the URN of a ViPR Tenant/Subtenant
 * @prereq none
 * @brief Add or remove role assignments
 * @return No data returned in response body
 */
@PUT
@Path("/{id}/role-assignments")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN, Role.TENANT_ADMIN }, blockProxies = true)
public RoleAssignments updateRoleAssignments(@PathParam("id") URI id, RoleAssignmentChanges changes) {
    TenantOrg tenant = getTenantById(id, true);
    _permissionsHelper.updateRoleAssignments(tenant, changes, new TenantRoleInputFilter(tenant));
    _dbClient.updateAndReindexObject(tenant);
    recordTenantEvent(OperationTypeEnum.MODIFY_TENANT_ROLES, tenant.getId(), tenant.getId());
    auditOp(OperationTypeEnum.MODIFY_TENANT_ROLES, true, null, tenant.getId().toString(), tenant.getLabel(), changes);
    return getRoleAssignmentsResponse(tenant);
}

Example 39 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class TenantsService method createSchedulePolicy.

/**
 * Create schedule policy and persist into CoprHD DB.
 *
 * @param id the URN of a CoprHD Tenant/Subtenant
 * @param param schedule policy parameters
 * @brief Create schedule policy
 * @return No data returned in response body
 * @throws BadRequestException
 */
@POST
@Path("/{id}/schedule-policies")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
public SchedulePolicyResp createSchedulePolicy(@PathParam("id") URI id, PolicyParam param) {
    SchedulePolicyResp schedulePolicyResp = createPolicy(id, param);
    auditOp(OperationTypeEnum.CREATE_SCHEDULE_POLICY, true, null, param.getPolicyName(), id.toString(), schedulePolicyResp.getId().toString());
    return schedulePolicyResp;
}

Example 40 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class InitiatorService method registerInitiator.

/**
 * Manually register the initiator with the passed id.
 *
 * @param id the URN of a ViPR initiator
 *
 * @brief Register initiator
 * @return A reference to an InitiatorRestRep specifying the data for the
 *         initiator.
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
@Path("/{id}/register")
public InitiatorRestRep registerInitiator(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Initiator.class, "id");
    Initiator initiator = _dbClient.queryObject(Initiator.class, id);
    ArgValidator.checkEntity(initiator, id, isIdEmbeddedInURL(id));
    if (RegistrationStatus.UNREGISTERED.toString().equalsIgnoreCase(initiator.getRegistrationStatus())) {
        initiator.setRegistrationStatus(RegistrationStatus.REGISTERED.toString());
        _dbClient.persistObject(initiator);
        auditOp(OperationTypeEnum.REGISTER_INITIATOR, true, null, initiator.getId().toString());
    }
    return map(initiator);
}