Search in sources :

Example 16 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class TriggerResource method list.

/**
 * List process trigger definitions for the specified project and repository.
 *
 * @param projectName
 * @param repositoryName
 * @return
 */
@GET
@ApiOperation(value = "List trigger definitions", responseContainer = "list", response = TriggerEntry.class)
@javax.ws.rs.Path("/{orgName}/project/{projectName}/repo/{repositoryName}/trigger")
@Produces(MediaType.APPLICATION_JSON)
public List<TriggerEntry> list(@ApiParam @PathParam("orgName") @ConcordKey String orgName, @ApiParam @PathParam("projectName") @ConcordKey String projectName, @ApiParam @PathParam("repositoryName") @ConcordKey String repositoryName) {
    OrganizationEntry org = orgManager.assertAccess(orgName, true);
    ProjectEntry p = assertProject(org.getId(), projectName, ResourceAccessLevel.READER, true);
    RepositoryEntry r = assertRepository(p, repositoryName);
    return triggersDao.list(p.getId(), r.getId());
}
Also used : OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 17 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class TeamManager method assertAccess.

public TeamEntry assertAccess(UUID orgId, UUID teamId, String teamName, TeamRole requiredRole, boolean teamMembersOnly) {
    TeamEntry e = assertExisting(orgId, teamId, teamName);
    if (Roles.isAdmin()) {
        return e;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    OrganizationEntry org = orgManager.assertAccess(e.getOrgId(), false);
    if (ResourceAccessUtils.isSame(p, org.getOwner())) {
        // the org owner can do anything with the org's inventories
        return e;
    }
    if (requiredRole != null && teamMembersOnly) {
        if (!teamDao.hasUser(e.getId(), p.getId(), TeamRole.atLeast(requiredRole))) {
            throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
        }
    }
    return e;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 18 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class InventoryQueryResource method createOrUpdate.

/**
 * Creates or updates inventory query
 *
 * @param orgName       organization's name
 * @param inventoryName inventory's name
 * @param queryName     query's name
 * @param text          query text
 * @return
 */
@POST
@ApiOperation("Create or update inventory query")
@Consumes({ MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN })
@Produces(MediaType.APPLICATION_JSON)
@Path("/{orgName}/inventory/{inventoryName}/query/{queryName}")
public CreateInventoryQueryResponse createOrUpdate(@ApiParam @PathParam("orgName") @ConcordKey String orgName, @ApiParam @PathParam("inventoryName") @ConcordKey String inventoryName, @ApiParam @PathParam("queryName") @ConcordKey String queryName, @ApiParam String text) {
    GenericOperationResult res = storageQueryResource.createOrUpdate(orgName, inventoryName, JsonStoreQueryRequest.builder().name(queryName).text(text).build());
    OrganizationEntry org = organizationManager.assertExisting(null, orgName);
    JsonStoreEntry storage = storageDao.get(org.getId(), inventoryName);
    UUID id = storageQueryDao.getId(storage.id(), queryName);
    return new CreateInventoryQueryResponse(res.getResult(), id);
}
Also used : GenericOperationResult(com.walmartlabs.concord.server.GenericOperationResult) UUID(java.util.UUID) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) ApiOperation(io.swagger.annotations.ApiOperation)

Example 19 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class InventoryResource method createOrUpdate.

/**
 * Create or update a inventory.
 *
 * @param orgName organization's name
 * @param entry   inventory's data
 * @return
 */
@POST
@ApiOperation("Create or update inventory")
@Path("/{orgName}/inventory")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Validate
public CreateInventoryResponse createOrUpdate(@ApiParam @PathParam("orgName") String orgName, @ApiParam @Valid InventoryEntry entry) {
    OrganizationEntry org = orgManager.assertAccess(orgName, true);
    OperationResult result = storageManager.createOrUpdate(orgName, JsonStoreRequest.builder().id(entry.getId()).name(entry.getName()).owner(toOwner(entry.getOwner())).visibility(entry.getVisibility() != null ? entry.getVisibility() : JsonStoreVisibility.PUBLIC).build());
    UUID id = storageDao.getId(org.getId(), entry.getName());
    return new CreateInventoryResponse(result, id);
}
Also used : GenericOperationResult(com.walmartlabs.concord.server.GenericOperationResult) OperationResult(com.walmartlabs.concord.server.OperationResult) UUID(java.util.UUID) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) Validate(org.sonatype.siesta.Validate) ApiOperation(io.swagger.annotations.ApiOperation)

Example 20 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class JsonStoreAccessManager method hasAccess.

public boolean hasAccess(JsonStoreEntry store, ResourceAccessLevel accessLevel, boolean orgMembersOnly) {
    if (Roles.isAdmin()) {
        // an admin can access any store
        return true;
    }
    if (accessLevel == ResourceAccessLevel.READER && (Roles.isGlobalReader() || Roles.isGlobalWriter())) {
        return true;
    } else if (accessLevel == ResourceAccessLevel.WRITER && Roles.isGlobalWriter()) {
        return true;
    }
    UserPrincipal principal = UserPrincipal.assertCurrent();
    if (ResourceAccessUtils.isSame(principal, store.owner())) {
        // the owner can do anything with his store
        return true;
    }
    if (orgMembersOnly && store.visibility() == JsonStoreVisibility.PUBLIC && accessLevel == ResourceAccessLevel.READER && userManager.isInOrganization(store.orgId())) {
        // organization members can access any public store in the same organization
        return true;
    }
    OrganizationEntry org = orgManager.assertAccess(store.orgId(), false);
    if (ResourceAccessUtils.isSame(principal, org.getOwner())) {
        // the org owner can do anything with the org's store
        return true;
    }
    if (orgMembersOnly || store.visibility() != JsonStoreVisibility.PUBLIC) {
        if (!storeDao.hasAccessLevel(store.id(), principal.getId(), ResourceAccessLevel.atLeast(accessLevel))) {
            throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary access level (" + accessLevel + ") to the JSON store: " + store.name());
        }
    }
    return true;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Aggregations

OrganizationEntry (com.walmartlabs.concord.server.org.OrganizationEntry)36 ApiOperation (io.swagger.annotations.ApiOperation)12 UUID (java.util.UUID)12 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)8 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)6 GenericOperationResult (com.walmartlabs.concord.server.GenericOperationResult)5 JsonStoreEntry (com.walmartlabs.concord.server.org.jsonstore.JsonStoreEntry)5 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)5 WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)3 UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)3 Validate (org.sonatype.siesta.Validate)3 Map (java.util.Map)2 OperationResult (com.walmartlabs.concord.server.OperationResult)1 AuditObject (com.walmartlabs.concord.server.audit.AuditObject)1 RawPayloadMode (com.walmartlabs.concord.server.jooq.enums.RawPayloadMode)1 ResourceAccessLevel (com.walmartlabs.concord.server.org.ResourceAccessLevel)1 ProjectEntry (com.walmartlabs.concord.server.org.project.ProjectEntry)1 MetadataFilter (com.walmartlabs.concord.server.process.queue.ProcessFilter.MetadataFilter)1 InvalidRepositoryPathException (com.walmartlabs.concord.server.repository.InvalidRepositoryPathException)1 UserEntry (com.walmartlabs.concord.server.user.UserEntry)1