use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class UserCommentRestController method deleteUserComment.
@ApiOperation(value = "Delete A User Comment by XID")
@RequestMapping(method = RequestMethod.DELETE, produces = { "application/json" }, value = "/{xid}")
public ResponseEntity<UserCommentModel> deleteUserComment(@ApiParam(value = "xid", required = true, allowMultiple = false) @PathVariable String xid, HttpServletRequest request) throws RestValidationFailedException {
RestProcessResult<UserCommentModel> result = new RestProcessResult<UserCommentModel>(HttpStatus.OK);
User user = this.checkUser(request, result);
if (result.isOk()) {
UserCommentVO u = UserCommentDao.instance.getByXid(xid);
if (u == null) {
result.addRestMessage(getDoesNotExistMessage());
return result.createResponseEntity();
}
// Check permissions
if (hasEditPermission(u, user)) {
// Delete it
String initiatorId = request.getHeader("initiatorId");
UserCommentDao.instance.delete(u.getId(), initiatorId);
} else {
LOG.warn("Non admin user: " + user.getUsername() + " attempted to delete user comment : " + u.getUsername());
result.addRestMessage(this.getUnauthorizedMessage());
}
}
return result.createResponseEntity();
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class AuditRestController method queryRQL.
@ApiOperation(value = "Query Audit Events", notes = "Admin access only", response = AuditEventInstanceModel.class, responseContainer = "Array")
@RequestMapping(method = RequestMethod.GET)
public ResponseEntity<PageQueryStream<AuditEventInstanceVO, AuditEventInstanceModel, AuditEventDao>> queryRQL(HttpServletRequest request) {
RestProcessResult<PageQueryStream<AuditEventInstanceVO, AuditEventInstanceModel, AuditEventDao>> result = new RestProcessResult<PageQueryStream<AuditEventInstanceVO, AuditEventInstanceModel, AuditEventDao>>(HttpStatus.OK);
User user = this.checkUser(request, result);
if (result.isOk()) {
try {
if (!user.isAdmin()) {
result.addRestMessage(getUnauthorizedMessage());
return result.createResponseEntity();
} else {
// Limit our results based on the fact that our permissions should be in the permissions strings
ASTNode root = parseRQLtoAST(request.getQueryString());
return result.createResponseEntity(getPageStream(root));
}
} catch (InvalidRQLRestException e) {
result.addRestMessage(getInternalServerErrorMessage(e.getMessage()));
return result.createResponseEntity();
}
}
return result.createResponseEntity();
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class ScriptUtilRestController method testScript.
@PreAuthorize("isAdmin()")
@ApiOperation(value = "Test a script")
@ApiResponses({ @ApiResponse(code = 401, message = "Unauthorized user access", response = ResponseEntity.class), @ApiResponse(code = 500, message = "Error processing request", response = ResponseEntity.class) })
@RequestMapping(method = RequestMethod.POST, value = { "/test" }, consumes = { "application/json" }, produces = { "application/json" })
public ResponseEntity<ScriptRestResult> testScript(@AuthenticationPrincipal User user, @RequestBody ScriptRestModel scriptModel) {
if (LOG.isDebugEnabled())
LOG.debug("Testing script for: " + user.getName());
Map<String, IDataPointValueSource> context = convertContextModel(scriptModel.getContext(), true);
try {
CompiledScript script = CompiledScriptExecutor.compile(scriptModel.getScript());
final StringWriter scriptOut = new StringWriter();
final PrintWriter scriptWriter = new PrintWriter(scriptOut);
int logLevel = ScriptLog.LogLevel.FATAL;
if (StringUtils.isEmpty(scriptModel.getLogLevel())) {
int levelId = ScriptLog.LOG_LEVEL_CODES.getId(scriptModel.getLogLevel());
if (levelId == -1)
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("rest.script.error.unknownLogLevel", scriptModel.getLogLevel()));
else
logLevel = levelId;
}
ScriptLog scriptLog = new ScriptLog(scriptWriter, logLevel);
final ScriptPermissions permissions = scriptModel.getPermissions().toPermissions();
final SimpleDateFormat sdf = new SimpleDateFormat("dd/MM/YYY HH:mm:ss");
ScriptPointValueSetter loggingSetter = new ScriptPointValueSetter(permissions) {
@Override
public void set(IDataPointValueSource point, Object value, long timestamp, String annotation) {
DataPointRT dprt = (DataPointRT) point;
if (!dprt.getVO().getPointLocator().isSettable()) {
scriptOut.append("Point " + dprt.getVO().getExtendedName() + " not settable.");
return;
}
if (!Permissions.hasPermission(dprt.getVO().getSetPermission(), permissions.getDataPointSetPermissions())) {
scriptOut.write(new TranslatableMessage("pointLinks.setTest.permissionDenied", dprt.getVO().getXid()).translate(Common.getTranslations()));
return;
}
scriptOut.append("Setting point " + dprt.getVO().getName() + " to " + value + " @" + sdf.format(new Date(timestamp)) + "\r\n");
}
@Override
protected void setImpl(IDataPointValueSource point, Object value, long timestamp, String annotation) {
// not really setting
}
};
try {
PointValueTime pvt = CompiledScriptExecutor.execute(script, context, new HashMap<String, Object>(), Common.timer.currentTimeMillis(), DataTypes.ALPHANUMERIC, Common.timer.currentTimeMillis(), permissions, scriptWriter, scriptLog, loggingSetter, null, true);
if (LOG.isDebugEnabled())
LOG.debug("Script output: " + scriptOut.toString());
return new ResponseEntity<>(new ScriptRestResult(scriptOut.toString(), new PointValueTimeModel(pvt)), HttpStatus.OK);
} catch (ResultTypeException e) {
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, e);
}
} catch (ScriptException e) {
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, e);
}
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class ScriptUtilRestController method runScript.
@PreAuthorize("isAdmin()")
@ApiOperation(value = "Run a script")
@ApiResponses({ @ApiResponse(code = 401, message = "Unauthorized user access", response = ResponseEntity.class), @ApiResponse(code = 500, message = "Error processing request", response = ResponseEntity.class) })
@RequestMapping(method = RequestMethod.POST, value = { "/run" }, consumes = { "application/json" }, produces = { "application/json" })
public ResponseEntity<ScriptRestResult> runScript(@AuthenticationPrincipal User user, @RequestBody ScriptRestModel scriptModel) {
if (LOG.isDebugEnabled())
LOG.debug("Running script for: " + user.getName());
Map<String, IDataPointValueSource> context = convertContextModel(scriptModel.getContext(), false);
try {
CompiledScript script = CompiledScriptExecutor.compile(scriptModel.getScript());
final StringWriter scriptOut = new StringWriter();
final PrintWriter scriptWriter = new PrintWriter(scriptOut);
int logLevel = ScriptLog.LogLevel.FATAL;
if (StringUtils.isEmpty(scriptModel.getLogLevel())) {
int levelId = ScriptLog.LOG_LEVEL_CODES.getId(scriptModel.getLogLevel());
if (levelId == -1)
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, new TranslatableMessage("rest.script.error.unknownLogLevel", scriptModel.getLogLevel()));
else
logLevel = levelId;
}
ScriptLog scriptLog = new ScriptLog(scriptWriter, logLevel);
ScriptPermissions permissions = scriptModel.getPermissions().toPermissions();
try {
PointValueTime pvt = CompiledScriptExecutor.execute(script, context, new HashMap<String, Object>(), Common.timer.currentTimeMillis(), DataTypes.ALPHANUMERIC, Common.timer.currentTimeMillis(), permissions, scriptWriter, scriptLog, new SetCallback(permissions, user), null, false);
if (LOG.isDebugEnabled())
LOG.debug("Script output: " + scriptOut.toString());
return new ResponseEntity<>(new ScriptRestResult(scriptOut.toString(), new PointValueTimeModel(pvt)), HttpStatus.OK);
} catch (ResultTypeException | ScriptPermissionsException e) {
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, e);
}
} catch (ScriptException e) {
throw new GenericRestException(HttpStatus.INTERNAL_SERVER_ERROR, e);
}
}
use of com.serotonin.m2m2.vo.permission.Permissions in project ma-modules-public by infiniteautomation.
the class DataPointRestController method doQuery.
private static StreamedArrayWithTotal doQuery(ASTNode rql, User user) {
if (user.isAdmin()) {
return new StreamedVOQueryWithTotal<>(DataPointDao.instance, rql, item -> {
DataPointDao.instance.loadPartialRelationalData(item);
return new DataPointModel(item);
});
} else {
// Add some conditions to restrict based on user permissions
ConditionSortLimitWithTagKeys conditions = DataPointDao.instance.rqlToCondition(rql);
conditions.addCondition(DataPointDao.instance.userHasPermission(user));
DataPointFilter dataPointFilter = new DataPointFilter(user);
return new StreamedVOQueryWithTotal<>(DataPointDao.instance, conditions, item -> {
boolean oldFilterMatches = dataPointFilter.hasDataPointReadPermission(item);
// this is just a double check, permissions should be accounted for via SQL restrictions added by DataPointDao.userHasPermission()
if (!oldFilterMatches) {
throw new RuntimeException("Data point does not match old permission filter");
}
return true;
}, item -> {
DataPointDao.instance.loadPartialRelationalData(item);
return new DataPointModel(item);
});
}
}
Aggregations