Example 16 with AbstractSecuredEntity
use of com.epam.pipeline.entity.AbstractSecuredEntity in project cloud-pipeline by epam.
the class DockerRegistryManager method parseAndValidateScope.
// expected format: repository:group/image:push
private List<DockerRegistryClaim> parseAndValidateScope(String userName, DockerRegistry registry, String scope) {
if (StringUtils.isBlank(scope)) {
// read permission for at least one child in the registry is required
if (!permissionManager.isActionAllowedForUser(registry, userName, AclPermission.READ)) {
DockerRegistry fullTree = getDockerRegistryTree(registry.getId());
permissionManager.filterTree(userName, fullTree, AclPermission.READ);
if (CollectionUtils.isEmpty(fullTree.getChildren())) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_IS_NOT_ALLOWED, userName, registry.getPath()));
}
}
return Collections.emptyList();
}
List<DockerRegistryClaim> claims = DockerRegistryClaim.parseClaims(scope);
claims.forEach(claim -> {
AbstractSecuredEntity entity = registry;
List<Permission> permissions = claim.getRequestedPermissions();
boolean toolRequired = !permissions.contains(AclPermission.WRITE);
try {
ToolGroup toolGroup = toolGroupManager.loadToolGroupByImage(registry.getPath(), claim.getImageName());
entity = toolGroup;
Optional<Tool> tool = toolManager.loadToolInGroup(claim.getImageName(), toolGroup.getId());
entity = tool.orElseThrow(() -> new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName())));
} catch (IllegalArgumentException e) {
LOGGER.trace(e.getMessage(), e);
if (toolRequired) {
throw new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName()));
}
}
if (!permissionManager.isActionAllowedForUser(entity, userName, permissions)) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_ACTION_IS_NOT_ALLOWED, scope, userName, registry.getPath()));
}
});
return claims;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
ToolGroup(com.epam.pipeline.entity.pipeline.ToolGroup)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
AclPermission(com.epam.pipeline.security.acl.AclPermission)
Permission(org.springframework.security.acls.model.Permission)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
Tool(com.epam.pipeline.entity.pipeline.Tool)
Example 17 with AbstractSecuredEntity
use of com.epam.pipeline.entity.AbstractSecuredEntity in project cloud-pipeline by epam.
the class NotificationManager method notifyIssueComment.
@Transactional(propagation = Propagation.REQUIRED)
public void notifyIssueComment(IssueComment comment, Issue issue, String htmlText) {
NotificationSettings newIssueCommentSettings = notificationSettingsManager.load(NotificationType.NEW_ISSUE_COMMENT);
if (newIssueCommentSettings == null || !newIssueCommentSettings.isEnabled()) {
LOGGER.info(messageHelper.getMessage(MessageConstants.INFO_NOTIFICATION_TEMPLATE_NOT_CONFIGURED, "new issue"));
return;
}
NotificationMessage message = new NotificationMessage();
message.setTemplate(new NotificationTemplate(newIssueCommentSettings.getTemplateId()));
AbstractSecuredEntity entity = entityManager.load(issue.getEntity().getEntityClass(), issue.getEntity().getEntityId());
List<PipelineUser> referencedUsers = userManager.loadUsersByNames(Arrays.asList(entity.getOwner(), issue.getAuthor()));
List<Long> ccUserIds = getMentionedUsers(comment.getText());
referencedUsers.stream().filter(u -> u.getUserName().equals(entity.getOwner())).findFirst().ifPresent(owner -> ccUserIds.add(owner.getId()));
message.setCopyUserIds(ccUserIds);
if (newIssueCommentSettings.isKeepInformedOwner()) {
PipelineUser author = referencedUsers.stream().filter(u -> u.getUserName().equals(issue.getAuthor())).findFirst().orElseThrow(() -> new IllegalArgumentException("No issue author was found"));
message.setToUserId(author.getId());
}
IssueComment copyWithHtml = comment.toBuilder().text(htmlText).build();
Map<String, Object> commentParams = jsonMapper.convertValue(copyWithHtml, new TypeReference<Map<String, Object>>() {
});
commentParams.put("issue", jsonMapper.convertValue(issue, new TypeReference<Map<String, Object>>() {
}));
message.setTemplateParameters(commentParams);
monitoringNotificationDao.createMonitoringNotification(message);
}
Also used :
PipelineUser(com.epam.pipeline.entity.user.PipelineUser)
NotificationSettings(com.epam.pipeline.entity.notification.NotificationSettings)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
NotificationMessage(com.epam.pipeline.entity.notification.NotificationMessage)
IssueComment(com.epam.pipeline.entity.issue.IssueComment)
NotificationTemplate(com.epam.pipeline.entity.notification.NotificationTemplate)
TypeReference(com.fasterxml.jackson.core.type.TypeReference)
Map(java.util.Map)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 18 with AbstractSecuredEntity
use of com.epam.pipeline.entity.AbstractSecuredEntity in project cloud-pipeline by epam.
the class FolderManager method getProject.
public FolderWithMetadata getProject(Long entityId, AclClass entityClass) {
validateAclClass(entityClass);
Set<Pair<String, String>> projectIndicators = parseProjectIndicator();
if (CollectionUtils.isEmpty(projectIndicators)) {
throw new IllegalArgumentException("Can not detect project: project indicator not found.");
}
AbstractSecuredEntity entity = entityManager.load(entityClass, entityId);
AbstractSecuredEntity folderToStartSearch = entity.getAclClass().equals(AclClass.FOLDER) ? entity : entity.getParent();
if (folderToStartSearch == null) {
LOGGER.debug("Current entity doesn't have a Folder parent");
return null;
}
if (!folderToStartSearch.getAclClass().equals(AclClass.FOLDER)) {
throw new IllegalArgumentException("Parent must be a FOLDER.");
}
Map<Long, FolderWithMetadata> folders = convertListToMap(folderDao.loadParentFolders(folderToStartSearch.getId()));
return getProjectFolder(folders, folderToStartSearch.getId(), projectIndicators);
}
Also used :
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
Pair(org.apache.commons.lang3.tuple.Pair)
ImmutablePair(org.apache.commons.lang3.tuple.ImmutablePair)
FolderWithMetadata(com.epam.pipeline.entity.metadata.FolderWithMetadata)
Example 19 with AbstractSecuredEntity
use of com.epam.pipeline.entity.AbstractSecuredEntity in project cloud-pipeline by epam.
the class GrantPermissionManager method getEntityPermission.
private EntityPermission getEntityPermission(Map<AbstractSecuredEntity, List<AclPermissionEntry>> allPermissions, AbstractSecuredEntity entity) {
AbstractSecuredEntity aclEntity = getAclEntity(entity);
Map<AclSid, Integer> mergedPermissions = getEntityPermissions(aclEntity, allPermissions);
mergeWithParentPermissions(mergedPermissions, entity.getParent(), allPermissions);
Set<AclPermissionEntry> merged = buildAclPermissionEntries(mergedPermissions);
// clear parent, not to return full hierarchy
entity.clearParent();
EntityPermission entityPermission = new EntityPermission();
entityPermission.setEntity(entity);
entityPermission.setPermissions(merged);
return entityPermission;
}
Also used :
AclSid(com.epam.pipeline.entity.security.acl.AclSid)
EntityPermission(com.epam.pipeline.entity.security.acl.EntityPermission)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry)
Example 20 with AbstractSecuredEntity
use of com.epam.pipeline.entity.AbstractSecuredEntity in project cloud-pipeline by epam.
the class GrantPermissionManager method getPermissions.
public Map<AbstractSecuredEntity, List<AclPermissionEntry>> getPermissions(Set<AbstractSecuredEntity> securedEntities) {
Map<ObjectIdentity, Acl> acls = aclService.getObjectIdentities(securedEntities);
Map<AbstractSecuredEntity, List<AclPermissionEntry>> result = new HashMap<>();
securedEntities.forEach(securedEntity -> {
Acl acl = acls.get(new ObjectIdentityImpl(securedEntity));
Assert.isInstanceOf(MutableAcl.class, acl, messageHelper.getMessage(MessageConstants.ERROR_MUTABLE_ACL_RETURN));
List<AclPermissionEntry> permissions = new ArrayList<>();
acl.getEntries().forEach(aclEntry -> permissions.add(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
result.put(securedEntity, permissions);
});
return result;
}
Also used :
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
HashMap(java.util.HashMap)
ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl)
ArrayList(java.util.ArrayList)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
AclPermissionEntry(com.epam.pipeline.entity.security.acl.AclPermissionEntry)
ArrayList(java.util.ArrayList)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Acl(org.springframework.security.acls.model.Acl)
Aggregations
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)21
Transactional (org.springframework.transaction.annotation.Transactional)8
MutableAcl (org.springframework.security.acls.model.MutableAcl)7
AclSid (com.epam.pipeline.entity.security.acl.AclSid)5
EntityPermission (com.epam.pipeline.entity.security.acl.EntityPermission)5
AclSecuredEntry (com.epam.pipeline.entity.security.acl.AclSecuredEntry)4
AclPermission (com.epam.pipeline.security.acl.AclPermission)4
ArrayList (java.util.ArrayList)4
List (java.util.List)4
Collectors.toList (java.util.stream.Collectors.toList)4
Permission (org.springframework.security.acls.model.Permission)4
EntityVO (com.epam.pipeline.controller.vo.EntityVO)3
Issue (com.epam.pipeline.entity.issue.Issue)3
IssueComment (com.epam.pipeline.entity.issue.IssueComment)3
MetadataEntity (com.epam.pipeline.entity.metadata.MetadataEntity)3
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)3
AclPermissionEntry (com.epam.pipeline.entity.security.acl.AclPermissionEntry)3
GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3
PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)3
Sid (org.springframework.security.acls.model.Sid)3
