use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class EventDetectorRestV2Controller method getForDataSource.
@ApiOperation(value = "Get all Event Detectors for a given data source", notes = "Must have permission for all data points", response = AbstractEventDetectorModel.class, responseContainer = "List")
@RequestMapping(method = RequestMethod.GET, value = "/data-source/{xid}")
public ResponseEntity<List<AbstractEventDetectorModel<?>>> getForDataSource(@AuthenticationPrincipal User user, @ApiParam(value = "Valid Data Source XID", required = true, allowMultiple = false) @PathVariable String xid, HttpServletRequest request) {
DataSourceVO<?> ds = DataSourceDao.instance.getByXid(xid);
if (ds == null)
throw new NotFoundRestException();
List<DataPointVO> points = DataPointDao.instance.getDataPoints(ds.getId(), null, false);
List<AbstractEventDetectorModel<?>> models = new ArrayList<AbstractEventDetectorModel<?>>();
for (DataPointVO dp : points) {
// Check permissions
if (!user.isAdmin())
Permissions.ensureDataPointReadPermission(user, dp);
DataPointDao.instance.setEventDetectors(dp);
for (AbstractPointEventDetectorVO<?> ped : dp.getEventDetectors()) models.add(ped.asModel());
}
return new ResponseEntity<>(models, HttpStatus.OK);
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class EventDetectorRestV2Controller method get.
@ApiOperation(value = "Get an Event Detector", notes = "", response = AbstractEventDetectorModel.class, responseContainer = "List")
@RequestMapping(method = RequestMethod.GET, value = "/{xid}")
public ResponseEntity<AbstractEventDetectorModel<?>> get(@AuthenticationPrincipal User user, @ApiParam(value = "Valid Event Detector XID", required = true, allowMultiple = false) @PathVariable String xid, HttpServletRequest request) {
AbstractEventDetectorVO<?> vo = this.dao.getByXid(xid);
if (vo == null)
throw new NotFoundRestException();
// Check permissions
if (!user.isAdmin()) {
DataPointVO dp = DataPointDao.instance.get(vo.getSourceId());
Permissions.ensureDataPointReadPermission(user, dp);
}
return new ResponseEntity<>(vo.asModel(), HttpStatus.OK);
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class FileStoreRestV2Controller method createNewFolder.
@ApiOperation(value = "Create a folder or copy/move/rename an existing file or folder", notes = "Must have write access to the store")
@RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE, value = "/{fileStoreName}/**")
public ResponseEntity<FileModel> createNewFolder(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("fileStoreName") String fileStoreName, @ApiParam(value = "Move file/folder to", required = false, allowMultiple = false) @RequestParam(required = false) String moveTo, @ApiParam(value = "Copy file/folder to", required = false, allowMultiple = false) @RequestParam(required = false) String copyTo, @AuthenticationPrincipal User user, HttpServletRequest request) throws IOException, URISyntaxException {
FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(fileStoreName);
if (def == null)
throw new NotFoundRestException();
// Check Permissions
def.ensureStoreWritePermission(user);
String pathInStore = parsePath(request);
File root = def.getRoot().getCanonicalFile();
File fileOrFolder = new File(root, pathInStore).getCanonicalFile();
if (!fileOrFolder.toPath().startsWith(root.toPath())) {
throw new GenericRestException(HttpStatus.FORBIDDEN, new TranslatableMessage("filestore.belowRoot", pathInStore));
}
if (copyTo != null) {
return copyFileOrFolder(request, fileStoreName, root, fileOrFolder, copyTo);
} else if (moveTo != null) {
return moveFileOrFolder(request, fileStoreName, root, fileOrFolder, moveTo);
} else {
return createFolder(request, fileStoreName, root, fileOrFolder);
}
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class FileStoreRestV2Controller method uploadWithPath.
@ApiOperation(value = "Upload a file to a store with a path", notes = "Must have write access to the store")
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.MULTIPART_FORM_DATA_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE, value = "/{name}/**")
public ResponseEntity<List<FileModel>> uploadWithPath(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("name") String name, @AuthenticationPrincipal User user, @RequestParam(required = false, defaultValue = "false") boolean overwrite, MultipartHttpServletRequest multipartRequest, HttpServletRequest request) throws IOException {
FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(name);
if (def == null)
throw new NotFoundRestException();
// Check Permissions
def.ensureStoreWritePermission(user);
String pathInStore = parsePath(request);
File root = def.getRoot().getCanonicalFile();
Path rootPath = root.toPath();
File outputDirectory = new File(root, pathInStore).getCanonicalFile();
if (!outputDirectory.toPath().startsWith(rootPath)) {
throw new GenericRestException(HttpStatus.FORBIDDEN, new TranslatableMessage("filestore.belowRoot", pathInStore));
}
if (outputDirectory.exists() && !outputDirectory.isDirectory()) {
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("filestore.cannotCreateDir", removeToRoot(root, outputDirectory), name));
}
if (!outputDirectory.exists()) {
if (!outputDirectory.mkdirs())
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("filestore.cannotCreateDir", removeToRoot(root, outputDirectory), name));
}
// Put the file where it belongs
List<FileModel> fileModels = new ArrayList<>();
MultiValueMap<String, MultipartFile> filemap = multipartRequest.getMultiFileMap();
for (String nameField : filemap.keySet()) {
for (MultipartFile file : filemap.get(nameField)) {
String filename;
if (file instanceof CommonsMultipartFile) {
FileItem fileItem = ((CommonsMultipartFile) file).getFileItem();
filename = fileItem.getName();
} else {
filename = file.getName();
}
File newFile = findUniqueFileName(outputDirectory, filename, overwrite);
File parent = newFile.getParentFile();
if (!parent.exists()) {
parent.mkdirs();
}
try (OutputStream output = new FileOutputStream(newFile, false)) {
try (InputStream input = file.getInputStream()) {
StreamUtils.copy(input, output);
}
}
fileModels.add(fileToModel(newFile, root, request.getServletContext()));
}
}
return new ResponseEntity<>(fileModels, HttpStatus.OK);
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class FileStoreRestV2Controller method download.
@ApiOperation(value = "List a directory or download a file from a store")
@RequestMapping(method = RequestMethod.GET, produces = {}, value = "/{name}/**")
public ResponseEntity<?> download(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("name") String name, @ApiParam(value = "Set content disposition to attachment", required = false, defaultValue = "true", allowMultiple = false) @RequestParam(required = false, defaultValue = "true") boolean download, @AuthenticationPrincipal User user, HttpServletRequest request, HttpServletResponse response) throws IOException, HttpMediaTypeNotAcceptableException {
FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(name);
if (def == null)
throw new ResourceNotFoundException("File store: " + name);
// Check permissions
def.ensureStoreReadPermission(user);
File root = def.getRoot().getCanonicalFile();
String path = parsePath(request);
File file = new File(root, path).getCanonicalFile();
if (!file.toPath().startsWith(root.toPath())) {
throw new AccessDeniedException("Path is below file store root");
}
// TODO Allow downloading directory as a zip
if (file.isFile()) {
return getFile(file, download, request, response);
} else {
return listStoreContents(file, root, request);
}
}
Aggregations