Examples with PermissionsKey com.emc.storageos.security.authorization.PermissionsKey used on opensource projects

Example 1 with PermissionsKey

use of com.emc.storageos.security.authorization.PermissionsKey in project coprhd-controller by CoprHD.

the class InternalTenantService method createTenant.

@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public TenantOrgRestRep createTenant(TenantCreateParam param) {
    _log.debug("Create Tenant from internal call");
    URI rootId = _permissionsHelper.getRootTenant().getId();
    TenantOrg subtenant = new TenantOrg();
    subtenant.setId(URIUtil.createId(TenantOrg.class));
    subtenant.setParentTenant(new NamedURI(rootId, param.getLabel()));
    subtenant.setLabel(param.getLabel());
    subtenant.setDescription(param.getDescription());
    List<BasePermissionsHelper.UserMapping> userMappings = BasePermissionsHelper.UserMapping.fromParamList(param.getUserMappings());
    for (BasePermissionsHelper.UserMapping userMapping : userMappings) {
        userMapping.setDomain(userMapping.getDomain().trim());
        subtenant.addUserMapping(userMapping.getDomain(), userMapping.toString());
    }
    subtenant.addRole(new PermissionsKey(PermissionsKey.Type.SID, ROOT).toString(), Role.TENANT_ADMIN.toString());
    _dbClient.createObject(subtenant);
    auditOp(OperationTypeEnum.CREATE_TENANT, true, null, subtenant.getLabel(), rootId, subtenant.getId().toString());
    return map(subtenant);
}

Example 2 with PermissionsKey

use of com.emc.storageos.security.authorization.PermissionsKey in project coprhd-controller by CoprHD.

the class ResourceService method getDiscoveredComputeObjects.

/**
 * Retrieves the list of objects with acls based on the tenant information.
 *
 * @param tenantId to used to filter the objects.
 * @param clzz class of objects.
 * @return the filtered list of objects with acls.
 */
protected <T extends DiscoveredComputeSystemWithAcls> Iterator<T> getDiscoveredComputeObjects(URI tenantId, Class<T> clzz) {
    PermissionsKey permissionKey = new PermissionsKey(PermissionsKey.Type.TENANT, tenantId.toString());
    URIQueryResultList resultURIs = new URIQueryResultList();
    Constraint aclConstraint = ContainmentPermissionsConstraint.Factory.getDiscoveredObjsWithPermissionsConstraint(permissionKey.toString(), Vcenter.class);
    _dbClient.queryByConstraint(aclConstraint, resultURIs);
    List<URI> uris = new ArrayList<URI>();
    for (URI result : resultURIs) {
        uris.add(result);
    }
    Iterator<T> dataObjects = new ArrayList<T>().iterator();
    if (uris != null && !uris.isEmpty()) {
        dataObjects = _dbClient.queryIterativeObjectField(clzz, DATAOBJECT_NAME_FIELD, uris);
    }
    return dataObjects;
}

Example 3 with PermissionsKey

use of com.emc.storageos.security.authorization.PermissionsKey in project coprhd-controller by CoprHD.

the class ProjectService method updateProject.

/**
 * Update info for project including project name and owner
 *
 * @param projectUpdate Project update parameters
 * @param id the URN of a ViPR Project
 * @prereq none
 * @brief Update project
 * @return No data returned in response body
 */
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN })
public Response updateProject(@PathParam("id") URI id, ProjectUpdateParam projectUpdate) {
    Project project = getProjectById(id, true);
    if (null != projectUpdate.getName() && !projectUpdate.getName().isEmpty() && !project.getLabel().equalsIgnoreCase(projectUpdate.getName())) {
        // check if any filepolicies are assigned to project
        if ((project.getFilePolicies() != null) && !(project.getFilePolicies().isEmpty())) {
            _log.error(String.format("Failed to update the name of project %s as a policy is assigned", project.getLabel()));
            throw APIException.badRequests.cannotUpdateProjectNameAssignedFilePolicy(project.getLabel());
        }
        checkForDuplicateName(projectUpdate.getName(), Project.class, project.getTenantOrg().getURI(), "tenantOrg", _dbClient);
        project.setLabel(projectUpdate.getName());
        NamedURI tenant = project.getTenantOrg();
        if (tenant != null) {
            tenant.setName(projectUpdate.getName());
            project.setTenantOrg(tenant);
        }
    }
    if (null != projectUpdate.getOwner() && !projectUpdate.getOwner().isEmpty() && !projectUpdate.getOwner().equalsIgnoreCase(project.getOwner())) {
        StringBuilder error = new StringBuilder();
        if (!Validator.isValidPrincipal(new StorageOSPrincipal(projectUpdate.getOwner(), StorageOSPrincipal.Type.User), project.getTenantOrg().getURI(), error)) {
            throw APIException.forbidden.specifiedOwnerIsNotValidForProjectTenant(error.toString());
        }
        // in GEO scenario, root can't be assigned as project owner
        boolean isRootInGeo = (projectUpdate.getOwner().equalsIgnoreCase("root") && !VdcUtil.isLocalVdcSingleSite());
        if (isRootInGeo) {
            throw APIException.forbidden.specifiedOwnerIsNotValidForProjectTenant("in GEO scenario, root can't be assigned as project owner");
        }
        // set owner acl
        project.removeAcl(new PermissionsKey(PermissionsKey.Type.SID, project.getOwner(), project.getTenantOrg().getURI()).toString(), ACL.OWN.toString());
        project.setOwner(projectUpdate.getOwner());
        // set owner acl
        project.addAcl(new PermissionsKey(PermissionsKey.Type.SID, project.getOwner(), project.getTenantOrg().getURI()).toString(), ACL.OWN.toString());
    }
    _dbClient.updateAndReindexObject(project);
    recordOperation(OperationTypeEnum.UPDATE_PROJECT, true, project);
    return Response.ok().build();
}

Example 4 with PermissionsKey

use of com.emc.storageos.security.authorization.PermissionsKey in project coprhd-controller by CoprHD.

the class TenantsService method createProject.

/**
 * Worker method for create project. Allows external requests (REST) as well as
 * internal requests that may not have a security context.
 *
 * @param id tenant id
 * @param param project params
 * @param owner name of owner of the request
 * @param ownerTenantId tenant id of the owner
 * @return project details
 */
public ProjectElement createProject(URI id, ProjectParam param, String owner, String ownerTenantId) {
    TenantOrg tenant = getTenantById(id, true);
    if (param.getName() != null && !param.getName().isEmpty()) {
        checkForDuplicateName(param.getName(), Project.class, id, "tenantOrg", _dbClient);
    }
    Project project = new Project();
    project.setId(URIUtil.createId(Project.class));
    project.setLabel(param.getName());
    project.setTenantOrg(new NamedURI(tenant.getId(), project.getLabel()));
    project.setOwner(owner);
    // set owner acl
    project.addAcl(new PermissionsKey(PermissionsKey.Type.SID, owner, ownerTenantId).toString(), ACL.OWN.toString());
    _dbClient.createObject(project);
    recordTenantEvent(OperationTypeEnum.CREATE_PROJECT, tenant.getId(), project.getId());
    return new ProjectElement(project.getId(), toLink(ResourceTypeEnum.PROJECT, project.getId()), project.getLabel());
}

Example 5 with PermissionsKey

use of com.emc.storageos.security.authorization.PermissionsKey in project coprhd-controller by CoprHD.

the class CatalogACLInputFilter method getPermissionKeyForEntry.

@Override
protected PermissionsKey getPermissionKeyForEntry(ACLEntry entry) throws InternalException {
    PermissionsKey key;
    StorageOSPrincipal principal = new StorageOSPrincipal();
    if (entry.getGroup() != null) {
        String group = entry.getGroup();
        key = new PermissionsKey(PermissionsKey.Type.GROUP, group, this.tenantId);
        principal.setName(group);
        principal.setType(StorageOSPrincipal.Type.Group);
    } else if (entry.getSubjectId() != null) {
        key = new PermissionsKey(PermissionsKey.Type.SID, entry.getSubjectId(), this.tenantId);
        principal.setName(entry.getSubjectId());
        principal.setType(StorageOSPrincipal.Type.User);
    } else {
        throw APIException.badRequests.invalidEntryForCatalogServiceACL();
    }
    return key;
}