Search in sources :

Example 51 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class FileStoreRestV2Controller method delete.

@ApiOperation(value = "Delete a file or directory")
@RequestMapping(method = RequestMethod.DELETE, produces = {}, value = "/{name}/**")
public ResponseEntity<Void> delete(@ApiParam(value = "Valid File Store name", required = true, allowMultiple = false) @PathVariable("name") String name, @ApiParam(value = "Recurisve delete of directory", required = false, defaultValue = "false", allowMultiple = false) @RequestParam(required = false, defaultValue = "false") boolean recursive, @AuthenticationPrincipal User user, HttpServletRequest request) throws IOException, HttpMediaTypeNotAcceptableException {
    FileStoreDefinition def = ModuleRegistry.getFileStoreDefinition(name);
    if (def == null)
        throw new ResourceNotFoundException("File store: " + name);
    // Check permissions
    def.ensureStoreWritePermission(user);
    File root = def.getRoot().getCanonicalFile();
    String path = parsePath(request);
    File file = new File(root, path).getCanonicalFile();
    if (!file.toPath().startsWith(root.toPath())) {
        throw new GenericRestException(HttpStatus.FORBIDDEN, new TranslatableMessage("filestore.belowRoot", path));
    }
    if (!file.exists())
        throw new NotFoundRestException();
    if (file.isDirectory() && recursive) {
        FileUtils.deleteDirectory(file);
    } else {
        if (!file.delete()) {
            throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("filestore.errorDeletingFile"));
        }
    }
    return new ResponseEntity<>(null, HttpStatus.OK);
}
Also used : NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) ResponseEntity(org.springframework.http.ResponseEntity) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) ResourceNotFoundException(com.infiniteautomation.mango.rest.v2.exception.ResourceNotFoundException) File(java.io.File) CommonsMultipartFile(org.springframework.web.multipart.commons.CommonsMultipartFile) MultipartFile(org.springframework.web.multipart.MultipartFile) FileStoreDefinition(com.serotonin.m2m2.module.FileStoreDefinition) GenericRestException(com.infiniteautomation.mango.rest.v2.exception.GenericRestException) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 52 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class PermissionsRestController method listPermissions.

@ApiOperation(value = "List permissions and their system setting keys")
@RequestMapping(method = RequestMethod.GET)
public ResponseEntity<List<PermissionDefinitionModel>> listPermissions() {
    List<PermissionDefinitionModel> permissions = new ArrayList<>();
    permissions.add(new PermissionDefinitionModel(SystemSettingsDao.PERMISSION_DATASOURCE, "systemSettings.permissions.datasourceManagement"));
    for (PermissionDefinition def : ModuleRegistry.getDefinitions(PermissionDefinition.class)) {
        permissions.add(new PermissionDefinitionModel(def));
    }
    return new ResponseEntity<>(permissions, HttpStatus.OK);
}
Also used : PermissionDefinitionModel(com.serotonin.m2m2.web.mvc.rest.v1.model.PermissionDefinitionModel) PermissionDefinition(com.serotonin.m2m2.module.PermissionDefinition) ResponseEntity(org.springframework.http.ResponseEntity) ArrayList(java.util.ArrayList) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 53 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class GraphicalView method validateUpdatedPermissions.

/**
 * Validate permissions by:
 *
 * 1. Removed permissions must be in the user's groups
 * 2. Added permissions must be in the user's groups
 *
 * @param existingPermissionsString - Previous permissions of object
 * @param newPermissionsString - New permissions of object
 * @param user - User who's permissions to compare to
 * @param response - ProcessResult to add messages
 * @param contextKey - context key for messages to be applied
 * @return
 */
private boolean validateUpdatedPermissions(String existingPermissionsString, String newPermissionsString, User user, ProcessResult response, String contextKey) {
    if (user == null) {
        response.addContextualMessage(contextKey, "validate.invalidPermission", "No User Found");
        return false;
    }
    // Track the result
    boolean success = true;
    // Explode the current permissions for comparison
    Set<String> newPermissions = Permissions.explodePermissionGroups(newPermissionsString);
    Set<String> existingPermissions = Permissions.explodePermissionGroups(existingPermissionsString);
    // TODO add trim to the explode method?
    for (String newPermission : newPermissions) {
        newPermission = newPermission.trim();
        if (StringUtils.isBlank(newPermission))
            response.addMessage(contextKey, new TranslatableMessage("validate.cannotContainEmptyString"));
    }
    // Check that we are not removing a permission we do not have
    for (String existingPermission : existingPermissions) {
        if (!Permissions.hasPermission(user, existingPermission)) {
            // Make sure it is in the new permissions
            if (!newPermissions.contains(existingPermission)) {
                success = false;
                response.addMessage(contextKey, new TranslatableMessage("viewEdit.validate.ungrantedPermissionRemoved", existingPermission));
            }
        }
    }
    // they are assumed to be valid.
    for (String newPermission : newPermissions) {
        if (!existingPermissions.contains(newPermission)) {
            // We didn't have this permission, validate it
            if (!Permissions.hasPermission(user, newPermission)) {
                success = false;
                response.addContextualMessage(contextKey, "validate.invalidPermission", newPermission);
            }
        }
    }
    return success;
}
Also used : TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage)

Example 54 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class GraphicalView method validate.

public void validate(ProcessResult response) {
    if (StringUtils.isBlank(name))
        response.addMessage("name", new TranslatableMessage("validate.required"));
    else if (StringValidation.isLengthGreaterThan(name, 100))
        response.addMessage("name", new TranslatableMessage("validate.notLongerThan", 100));
    if (StringUtils.isBlank(xid))
        response.addMessage("xid", new TranslatableMessage("validate.required"));
    else if (StringValidation.isLengthGreaterThan(xid, 50))
        response.addMessage("xid", new TranslatableMessage("validate.notLongerThan", 50));
    else if (!new GraphicalViewDao().isXidUnique(xid, id))
        response.addMessage("xid", new TranslatableMessage("validate.xidUsed"));
    for (ViewComponent vc : viewComponents) vc.validate(response);
    // Validate the permissions
    User user = Common.getUser();
    GraphicalView existingView = null;
    if (this.id != Common.NEW_ID) {
        existingView = new GraphicalViewDao().getView(id);
    }
    if (existingView == null) {
        Permissions.validateAddedPermissions(this.readPermission, user, response, "readPermission");
        Permissions.validateAddedPermissions(this.setPermission, user, response, "setPermission");
        Permissions.validateAddedPermissions(this.editPermission, user, response, "editPermission");
    } else {
        // We are updating a view so only validate the new permissions, allow existing ones to remain and don't let
        // the user remove permissions they do not have
        this.readPermission = trimPermission(this.readPermission);
        validateUpdatedPermissions(existingView.readPermission, this.readPermission, user, response, "readPermission");
        this.setPermission = trimPermission(this.setPermission);
        validateUpdatedPermissions(existingView.setPermission, this.setPermission, user, response, "setPermission");
        this.editPermission = trimPermission(this.editPermission);
        validateUpdatedPermissions(existingView.editPermission, this.editPermission, user, response, "editPermission");
    }
}
Also used : ShareUser(com.serotonin.m2m2.view.ShareUser) User(com.serotonin.m2m2.vo.User) ViewComponent(com.serotonin.m2m2.gviews.component.ViewComponent) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage)

Example 55 with Permissions

use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.

the class ImageUploadServlet method doPost.

@SuppressWarnings("unchecked")
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
    if (ServletFileUpload.isMultipartContent(request)) {
        User user = Common.getUser(request);
        GraphicalView view = GraphicalViewsCommon.getUserEditView(user);
        ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory());
        // Fail if we don't have permissions for this
        if (!Permissions.hasPermission(user, SystemSettingsDao.getValue(GraphicalViewUploadPermissionDefinition.PERMISSION))) {
            // The GraphicalViewDwr.clearBackground() method will notify the user of a failure so we can ignore them here
            return;
        }
        List<FileItem> items;
        try {
            items = upload.parseRequest(request);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        for (FileItem item : items) {
            if ("backgroundImage".equals(item.getFieldName())) {
                final DiskFileItem diskItem = (DiskFileItem) item;
                try {
                    // will throw IOException if not supported or null if not an image
                    if (ImageIO.read(diskItem.getInputStream()) != null) {
                        // Create the path to the upload directory.
                        File dir = GraphicalViewsCommon.getUploadDir();
                        // Create the image file name.
                        String filename = GraphicalViewsCommon.getNextImageFilename(dir, diskItem.getName());
                        // Save the file.
                        FileOutputStream fos = new FileOutputStream(new File(dir, filename));
                        StreamUtils.transfer(diskItem.getInputStream(), fos);
                        fos.close();
                        view.setBackgroundFilename(ImageUploadServletDefinition.IMAGE_DIR + "/" + filename);
                    } else {
                    // Unsupported File Type
                    }
                } catch (Exception e) {
                // Unsupported Image Type
                }
            }
        }
    }
}
Also used : FileItem(org.apache.commons.fileupload.FileItem) DiskFileItem(org.apache.commons.fileupload.disk.DiskFileItem) User(com.serotonin.m2m2.vo.User) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) GraphicalView(com.serotonin.m2m2.gviews.GraphicalView) FileOutputStream(java.io.FileOutputStream) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) File(java.io.File) IOException(java.io.IOException) DiskFileItem(org.apache.commons.fileupload.disk.DiskFileItem)

Aggregations

User (com.serotonin.m2m2.vo.User)61 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)43 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)43 DataPointVO (com.serotonin.m2m2.vo.DataPointVO)40 RestProcessResult (com.serotonin.m2m2.web.mvc.rest.v1.message.RestProcessResult)36 ArrayList (java.util.ArrayList)27 TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)20 PermissionException (com.serotonin.m2m2.vo.permission.PermissionException)17 DwrPermission (com.serotonin.m2m2.web.dwr.util.DwrPermission)16 NotFoundRestException (com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException)15 HashMap (java.util.HashMap)15 List (java.util.List)14 ProcessResult (com.serotonin.m2m2.i18n.ProcessResult)10 ASTNode (net.jazdw.rql.parser.ASTNode)10 PointValueTime (com.serotonin.m2m2.rt.dataImage.PointValueTime)9 RestValidationFailedException (com.serotonin.m2m2.web.mvc.rest.v1.exception.RestValidationFailedException)8 DataPointModel (com.serotonin.m2m2.web.mvc.rest.v1.model.DataPointModel)8 URI (java.net.URI)8 Map (java.util.Map)8 ResponseEntity (org.springframework.http.ResponseEntity)7