Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 41 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class InitiatorService method updateInitiator.

/**
 * Update a host initiator.
 *
 * @param id the URN of a ViPR initiator
 * @param updateParam the parameter containing the new attributes
 * @prereq none
 * @brief Update initiator.
 * @return the details of the updated host initiator.
 * @throws DatabaseException when a DB error occurs
 */
@PUT
@Path("/{id}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
public InitiatorRestRep updateInitiator(@PathParam("id") URI id, InitiatorUpdateParam updateParam) throws DatabaseException {
    Initiator initiator = queryObject(Initiator.class, id, true);
    _hostService.validateInitiatorData(updateParam, initiator);
    _hostService.populateInitiator(initiator, updateParam);
    _dbClient.persistObject(initiator);
    auditOp(OperationTypeEnum.UPDATE_HOST_INITIATOR, true, null, initiator.auditParameters());
    return map(queryObject(Initiator.class, id, false));
}

Example 42 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class InitiatorService method deregisterInitiator.

/**
 * Allows the user to deregister a registered initiator so that it is no
 * longer used by the system. This simply sets the registration_status of
 * the initiator to UNREGISTERED.
 *
 * @param id the URN of a ViPR initiator
 *
 * @brief Unregister initiator
 * @return Status response indicating success or failure
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/deregister")
@CheckPermission(roles = { Role.TENANT_ADMIN })
public InitiatorRestRep deregisterInitiator(@PathParam("id") URI id) {
    Initiator initiator = queryResource(id);
    ArgValidator.checkEntity(initiator, id, isIdEmbeddedInURL(id));
    if (ComputeSystemHelper.isInitiatorInUse(_dbClient, id.toString())) {
        throw APIException.badRequests.resourceHasActiveReferencesWithType(Initiator.class.getSimpleName(), initiator.getId(), ExportGroup.class.getSimpleName());
    }
    if (RegistrationStatus.REGISTERED.toString().equalsIgnoreCase(initiator.getRegistrationStatus())) {
        initiator.setRegistrationStatus(RegistrationStatus.UNREGISTERED.toString());
        _dbClient.persistObject(initiator);
        auditOp(OperationTypeEnum.DEREGISTER_INITIATOR, true, null, initiator.getLabel(), initiator.getId().toString());
    }
    return map(initiator);
}

Example 43 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class IpInterfaceService method updateIpInterface.

/**
 * Update a host IP interface.
 *
 * @param id the URN of a ViPR IP interface
 * @param updateParam the parameter containing the new attributes
 * @prereq none
 * @brief Update IP interface
 * @return the details of the updated host interface.
 * @throws DatabaseException when a DB error occurs
 */
@PUT
@Path("/{id}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN })
public IpInterfaceRestRep updateIpInterface(@PathParam("id") URI id, IpInterfaceUpdateParam updateParam) throws DatabaseException {
    IpInterface ipInterface = queryObject(IpInterface.class, id, true);
    _hostService.validateIpInterfaceData(updateParam, ipInterface);
    _hostService.populateIpInterface(updateParam, ipInterface);
    _dbClient.persistObject(ipInterface);
    auditOp(OperationTypeEnum.UPDATE_HOST_IPINTERFACE, true, null, ipInterface.auditParameters());
    return map(queryObject(IpInterface.class, id, false));
}

Example 44 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class KeystoneService method updateOpenstackTenants.

/**
 * Updates representation of OpenStack Tenants in CoprHD.
 * Creates Tenants and Projects for new Tenants and deletes them for excluded Tenants.
 *
 * @param param OpenStackTenantListParam OpenStack Tenants representation with all necessary elements for update.
 * @brief Updates representation of OpenStack Tenants in CoprHD.
 * @return Updated Tenants.
 * @see
 */
@PUT
@Path("/ostenants")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN })
public OSTenantListRestRep updateOpenstackTenants(OSTenantListRestRep param) {
    _log.debug("Keystone Service - updateOpenstackTenants");
    if (param.getOSTenantsRestRep() == null || param.getOSTenantsRestRep().isEmpty()) {
        throw APIException.internalServerErrors.targetIsNullOrEmpty("Tenant list param");
    }
    OSTenantListRestRep resp = new OSTenantListRestRep();
    List<OSTenant> tenantsToUpdate = new ArrayList<>();
    List<OSTenant> tenantsToDelete = new ArrayList<>();
    OSTenant osTenant;
    for (OSTenantRestRep tenant : param.getOSTenantsRestRep()) {
        osTenant = _dbClient.queryObject(OSTenant.class, tenant.getId());
        if (!osTenant.getExcluded().equals(tenant.getExcluded())) {
            // Tenant changed from included to excluded. Mark for deletion related Tenant and Project.
            if (!osTenant.getExcluded()) {
                tenantsToDelete.add(osTenant);
            } else {
                tenantsToUpdate.add(osTenant);
            }
            osTenant.setExcluded(tenant.getExcluded());
            resp.getOSTenantsRestRep().add(mapToCoprhdOsTenant(osTenant));
        }
    }
    if (!tenantsToUpdate.isEmpty()) {
        // Create Tenant and Project for included Tenants.
        for (OSTenant tenant : tenantsToUpdate) {
            if (_keystoneUtils.getCoprhdTenantWithOpenstackId(tenant.getOsId()) == null) {
                _authService.createTenantAndProjectForOpenstackTenant(tenant);
            }
        }
    }
    tenantsToUpdate.addAll(tenantsToDelete);
    if (!tenantsToUpdate.isEmpty()) {
        _dbClient.updateObject(tenantsToUpdate);
    }
    if (!tenantsToDelete.isEmpty()) {
        for (OSTenant tenant : tenantsToDelete) {
            TenantOrg tenantOrg = _keystoneUtils.getCoprhdTenantWithOpenstackId(tenant.getOsId());
            if (tenantOrg != null && !TenantOrg.isRootTenant(tenantOrg)) {
                URIQueryResultList uris = new URIQueryResultList();
                _dbClient.queryByConstraint(PrefixConstraint.Factory.getTagsPrefixConstraint(Project.class, tenant.getOsId(), tenantOrg.getId()), uris);
                for (URI projectUri : uris) {
                    Project project = _dbClient.queryObject(Project.class, projectUri);
                    ArgValidator.checkReference(Project.class, project.getId(), checkForDelete(project));
                    _dbClient.markForDeletion(project);
                }
                ArgValidator.checkReference(TenantOrg.class, tenantOrg.getId(), checkForDelete(tenantOrg));
                _dbClient.markForDeletion(tenantOrg);
            }
        }
    }
    return resp;
}

Example 45 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class KeystoneService method listOpenstackTenants.

/**
 * Get a list of OpenStack Tenants.
 * Uses data from Keystone Authentication Provider to connect Keystone and retrieve Tenants information.
 *
 * @brief Show OpenStack Tenants.
 * @return OpenStack Tenants details.
 * @see TenantListRestResp
 */
@GET
@Path("/tenants")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN })
public TenantListRestResp listOpenstackTenants() {
    _log.debug("Keystone Service - listOpenstackTenants");
    StorageOSUser user = getUserFromContext();
    if (!_permissionsHelper.userHasGivenRoleInAnyTenant(user, Role.SECURITY_ADMIN, Role.TENANT_ADMIN)) {
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    AuthnProvider keystoneProvider = _keystoneUtils.getKeystoneProvider();
    // Get OpenStack Tenants only when Keystone Provider exists.
    if (keystoneProvider != null) {
        KeystoneApiClient keystoneApiClient = _keystoneUtils.getKeystoneApi(keystoneProvider.getManagerDN(), keystoneProvider.getServerUrls(), keystoneProvider.getManagerPassword());
        List<KeystoneTenant> OSTenantList = new ArrayList<>(Arrays.asList(keystoneApiClient.getKeystoneTenants().getTenants()));
        TenantListRestResp response = new TenantListRestResp();
        response.setOpenstackTenants(OSTenantList);
        return response;
    }
    throw APIException.internalServerErrors.targetIsNullOrEmpty("Keystone Authentication Provider");
}