Search in sources :

Example 46 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class EventDetectorRestV2Controller method getForDataSource.

@ApiOperation(value = "Get all Event Detectors for a given data source", notes = "Must have permission for all data points", response = AbstractEventDetectorModel.class, responseContainer = "List")
@RequestMapping(method = RequestMethod.GET, value = "/data-source/{xid}")
public ResponseEntity<List<AbstractEventDetectorModel<?>>> getForDataSource(@AuthenticationPrincipal User user, @ApiParam(value = "Valid Data Source XID", required = true, allowMultiple = false) @PathVariable String xid, HttpServletRequest request) {
    DataSourceVO<?> ds = DataSourceDao.instance.getByXid(xid);
    if (ds == null)
        throw new NotFoundRestException();
    List<DataPointVO> points = DataPointDao.instance.getDataPoints(ds.getId(), null, false);
    List<AbstractEventDetectorModel<?>> models = new ArrayList<AbstractEventDetectorModel<?>>();
    for (DataPointVO dp : points) {
        // Check permissions
        if (!user.isAdmin())
            Permissions.ensureDataPointReadPermission(user, dp);
        DataPointDao.instance.setEventDetectors(dp);
        for (AbstractPointEventDetectorVO<?> ped : dp.getEventDetectors()) models.add(ped.asModel());
    }
    return new ResponseEntity<>(models, HttpStatus.OK);
}
Also used : DataPointVO(com.serotonin.m2m2.vo.DataPointVO) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) ResponseEntity(org.springframework.http.ResponseEntity) ArrayList(java.util.ArrayList) AbstractEventDetectorModel(com.serotonin.m2m2.web.mvc.rest.v1.model.events.detectors.AbstractEventDetectorModel) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 47 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class EventDetectorRestV2Controller method get.

@ApiOperation(value = "Get an Event Detector", notes = "", response = AbstractEventDetectorModel.class, responseContainer = "List")
@RequestMapping(method = RequestMethod.GET, value = "/{xid}")
public ResponseEntity<AbstractEventDetectorModel<?>> get(@AuthenticationPrincipal User user, @ApiParam(value = "Valid Event Detector XID", required = true, allowMultiple = false) @PathVariable String xid, HttpServletRequest request) {
    AbstractEventDetectorVO<?> vo = this.dao.getByXid(xid);
    if (vo == null)
        throw new NotFoundRestException();
    // Check permissions
    if (!user.isAdmin()) {
        DataPointVO dp = DataPointDao.instance.get(vo.getSourceId());
        Permissions.ensureDataPointReadPermission(user, dp);
    }
    return new ResponseEntity<>(vo.asModel(), HttpStatus.OK);
}
Also used : DataPointVO(com.serotonin.m2m2.vo.DataPointVO) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) ResponseEntity(org.springframework.http.ResponseEntity) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 48 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class FileStoreRestV2Controller method createNewFolder.

@ApiOperation(value = "Create a folder or copy/move/rename an existing file or folder", notes = "Must have write access to the store")
@RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE, value = "/{fileStoreName}/**")
public ResponseEntity<FileModel> createNewFolder(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("fileStoreName") String fileStoreName, @ApiParam(value = "Move file/folder to", required = false, allowMultiple = false) @RequestParam(required = false) String moveTo, @ApiParam(value = "Copy file/folder to", required = false, allowMultiple = false) @RequestParam(required = false) String copyTo, @AuthenticationPrincipal User user, HttpServletRequest request) throws IOException, URISyntaxException {
    FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(fileStoreName);
    if (def == null)
        throw new NotFoundRestException();
    // Check Permissions
    def.ensureStoreWritePermission(user);
    String pathInStore = parsePath(request);
    File root = def.getRoot().getCanonicalFile();
    File fileOrFolder = new File(root, pathInStore).getCanonicalFile();
    if (!fileOrFolder.toPath().startsWith(root.toPath())) {
        throw new GenericRestException(HttpStatus.FORBIDDEN, new TranslatableMessage("filestore.belowRoot", pathInStore));
    }
    if (copyTo != null) {
        return copyFileOrFolder(request, fileStoreName, root, fileOrFolder, copyTo);
    } else if (moveTo != null) {
        return moveFileOrFolder(request, fileStoreName, root, fileOrFolder, moveTo);
    } else {
        return createFolder(request, fileStoreName, root, fileOrFolder);
    }
}
Also used : NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) File(java.io.File) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) MultipartFile(org.springframework.web.multipart.MultipartFile) FileStoreDefinition(com.serotonin.m2m2.module.FileStoreDefinition) GenericRestException(com.infiniteautomation.mango.rest.v2.exception.GenericRestException) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 49 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class FileStoreRestV2Controller method uploadWithPath.

@ApiOperation(value = "Upload a file to a store with a path", notes = "Must have write access to the store")
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.MULTIPART_FORM_DATA_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE, value = "/{name}/**")
public ResponseEntity<List<FileModel>> uploadWithPath(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("name") String name, @AuthenticationPrincipal User user, @RequestParam(required = false, defaultValue = "false") boolean overwrite, MultipartHttpServletRequest multipartRequest, HttpServletRequest request) throws IOException {
    FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(name);
    if (def == null)
        throw new NotFoundRestException();
    // Check Permissions
    def.ensureStoreWritePermission(user);
    String pathInStore = parsePath(request);
    File root = def.getRoot().getCanonicalFile();
    Path rootPath = root.toPath();
    File outputDirectory = new File(root, pathInStore).getCanonicalFile();
    if (!outputDirectory.toPath().startsWith(rootPath)) {
        throw new GenericRestException(HttpStatus.FORBIDDEN, new TranslatableMessage("filestore.belowRoot", pathInStore));
    }
    if (outputDirectory.exists() && !outputDirectory.isDirectory()) {
        throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("filestore.cannotCreateDir", removeToRoot(root, outputDirectory), name));
    }
    if (!outputDirectory.exists()) {
        if (!outputDirectory.mkdirs())
            throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("filestore.cannotCreateDir", removeToRoot(root, outputDirectory), name));
    }
    // Put the file where it belongs
    List<FileModel> fileModels = new ArrayList<>();
    MultiValueMap<String, MultipartFile> filemap = multipartRequest.getMultiFileMap();
    for (String nameField : filemap.keySet()) {
        for (MultipartFile file : filemap.get(nameField)) {
            String filename;
            if (file instanceof CommonsMultipartFile) {
                FileItem fileItem = ((CommonsMultipartFile) file).getFileItem();
                filename = fileItem.getName();
            } else {
                filename = file.getName();
            }
            File newFile = findUniqueFileName(outputDirectory, filename, overwrite);
            File parent = newFile.getParentFile();
            if (!parent.exists()) {
                parent.mkdirs();
            }
            try (OutputStream output = new FileOutputStream(newFile, false)) {
                try (InputStream input = file.getInputStream()) {
                    StreamUtils.copy(input, output);
                }
            }
            fileModels.add(fileToModel(newFile, root, request.getServletContext()));
        }
    }
    return new ResponseEntity<>(fileModels, HttpStatus.OK);
}
Also used : Path(java.nio.file.Path) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) ArrayList(java.util.ArrayList) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) FileModel(com.infiniteautomation.mango.rest.v2.model.filestore.FileModel) FileItem(org.apache.commons.fileupload.FileItem) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) MultipartFile(org.springframework.web.multipart.MultipartFile) ResponseEntity(org.springframework.http.ResponseEntity) FileOutputStream(java.io.FileOutputStream) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) File(java.io.File) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) MultipartFile(org.springframework.web.multipart.MultipartFile) FileStoreDefinition(com.serotonin.m2m2.module.FileStoreDefinition) GenericRestException(com.infiniteautomation.mango.rest.v2.exception.GenericRestException) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 50 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class FileStoreRestV2Controller method download.

@ApiOperation(value = "List a directory or download a file from a store")
@RequestMapping(method = RequestMethod.GET, produces = {}, value = "/{name}/**")
public ResponseEntity<?> download(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("name") String name, @ApiParam(value = "Set content disposition to attachment", required = false, defaultValue = "true", allowMultiple = false) @RequestParam(required = false, defaultValue = "true") boolean download, @AuthenticationPrincipal User user, HttpServletRequest request, HttpServletResponse response) throws IOException, HttpMediaTypeNotAcceptableException {
    FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(name);
    if (def == null)
        throw new ResourceNotFoundException("File store: " + name);
    // Check permissions
    def.ensureStoreReadPermission(user);
    File root = def.getRoot().getCanonicalFile();
    String path = parsePath(request);
    File file = new File(root, path).getCanonicalFile();
    if (!file.toPath().startsWith(root.toPath())) {
        throw new AccessDeniedException("Path is below file store root");
    }
    // TODO Allow downloading directory as a zip
    if (file.isFile()) {
        return getFile(file, download, request, response);
    } else {
        return listStoreContents(file, root, request);
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) ResourceNotFoundException(com.infiniteautomation.mango.rest.v2.exception.ResourceNotFoundException) File(java.io.File) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) MultipartFile(org.springframework.web.multipart.MultipartFile) FileStoreDefinition(com.serotonin.m2m2.module.FileStoreDefinition) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

User (com.serotonin.m2m2.vo.User)61 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)43 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)43 DataPointVO (com.serotonin.m2m2.vo.DataPointVO)40 RestProcessResult (com.serotonin.m2m2.web.mvc.rest.v1.message.RestProcessResult)36 ArrayList (java.util.ArrayList)27 TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)20 PermissionException (com.serotonin.m2m2.vo.permission.PermissionException)17 DwrPermission (com.serotonin.m2m2.web.dwr.util.DwrPermission)16 NotFoundRestException (com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException)15 HashMap (java.util.HashMap)15 List (java.util.List)14 ProcessResult (com.serotonin.m2m2.i18n.ProcessResult)10 ASTNode (net.jazdw.rql.parser.ASTNode)10 PointValueTime (com.serotonin.m2m2.rt.dataImage.PointValueTime)9 RestValidationFailedException (com.serotonin.m2m2.web.mvc.rest.v1.exception.RestValidationFailedException)8 DataPointModel (com.serotonin.m2m2.web.mvc.rest.v1.model.DataPointModel)8 URI (java.net.URI)8 Map (java.util.Map)8 ResponseEntity (org.springframework.http.ResponseEntity)7