Examples with OrganizationEntry com.walmartlabs.concord.server.org.OrganizationEntry used on opensource projects

Example 16 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class TriggerResource method list.

/**
 * List process trigger definitions for the specified project and repository.
 *
 * @param projectName
 * @param repositoryName
 * @return
 */
@GET
@ApiOperation(value = "List trigger definitions", responseContainer = "list", response = TriggerEntry.class)
@javax.ws.rs.Path("/{orgName}/project/{projectName}/repo/{repositoryName}/trigger")
@Produces(MediaType.APPLICATION_JSON)
public List<TriggerEntry> list(@ApiParam @PathParam("orgName") @ConcordKey String orgName, @ApiParam @PathParam("projectName") @ConcordKey String projectName, @ApiParam @PathParam("repositoryName") @ConcordKey String repositoryName) {
    OrganizationEntry org = orgManager.assertAccess(orgName, true);
    ProjectEntry p = assertProject(org.getId(), projectName, ResourceAccessLevel.READER, true);
    RepositoryEntry r = assertRepository(p, repositoryName);
    return triggersDao.list(p.getId(), r.getId());
}

Example 17 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class TeamManager method assertAccess.

public TeamEntry assertAccess(UUID orgId, UUID teamId, String teamName, TeamRole requiredRole, boolean teamMembersOnly) {
    TeamEntry e = assertExisting(orgId, teamId, teamName);
    if (Roles.isAdmin()) {
        return e;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    OrganizationEntry org = orgManager.assertAccess(e.getOrgId(), false);
    if (ResourceAccessUtils.isSame(p, org.getOwner())) {
        // the org owner can do anything with the org's inventories
        return e;
    }
    if (requiredRole != null && teamMembersOnly) {
        if (!teamDao.hasUser(e.getId(), p.getId(), TeamRole.atLeast(requiredRole))) {
            throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
        }
    }
    return e;
}

Example 18 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class InventoryQueryResource method createOrUpdate.

/**
 * Creates or updates inventory query
 *
 * @param orgName       organization's name
 * @param inventoryName inventory's name
 * @param queryName     query's name
 * @param text          query text
 * @return
 */
@POST
@ApiOperation("Create or update inventory query")
@Consumes({ MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN })
@Produces(MediaType.APPLICATION_JSON)
@Path("/{orgName}/inventory/{inventoryName}/query/{queryName}")
public CreateInventoryQueryResponse createOrUpdate(@ApiParam @PathParam("orgName") @ConcordKey String orgName, @ApiParam @PathParam("inventoryName") @ConcordKey String inventoryName, @ApiParam @PathParam("queryName") @ConcordKey String queryName, @ApiParam String text) {
    GenericOperationResult res = storageQueryResource.createOrUpdate(orgName, inventoryName, JsonStoreQueryRequest.builder().name(queryName).text(text).build());
    OrganizationEntry org = organizationManager.assertExisting(null, orgName);
    JsonStoreEntry storage = storageDao.get(org.getId(), inventoryName);
    UUID id = storageQueryDao.getId(storage.id(), queryName);
    return new CreateInventoryQueryResponse(res.getResult(), id);
}

Example 19 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class InventoryResource method createOrUpdate.

/**
 * Create or update a inventory.
 *
 * @param orgName organization's name
 * @param entry   inventory's data
 * @return
 */
@POST
@ApiOperation("Create or update inventory")
@Path("/{orgName}/inventory")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Validate
public CreateInventoryResponse createOrUpdate(@ApiParam @PathParam("orgName") String orgName, @ApiParam @Valid InventoryEntry entry) {
    OrganizationEntry org = orgManager.assertAccess(orgName, true);
    OperationResult result = storageManager.createOrUpdate(orgName, JsonStoreRequest.builder().id(entry.getId()).name(entry.getName()).owner(toOwner(entry.getOwner())).visibility(entry.getVisibility() != null ? entry.getVisibility() : JsonStoreVisibility.PUBLIC).build());
    UUID id = storageDao.getId(org.getId(), entry.getName());
    return new CreateInventoryResponse(result, id);
}

Example 20 with OrganizationEntry

use of com.walmartlabs.concord.server.org.OrganizationEntry in project concord by walmartlabs.

the class JsonStoreAccessManager method hasAccess.

public boolean hasAccess(JsonStoreEntry store, ResourceAccessLevel accessLevel, boolean orgMembersOnly) {
    if (Roles.isAdmin()) {
        // an admin can access any store
        return true;
    }
    if (accessLevel == ResourceAccessLevel.READER && (Roles.isGlobalReader() || Roles.isGlobalWriter())) {
        return true;
    } else if (accessLevel == ResourceAccessLevel.WRITER && Roles.isGlobalWriter()) {
        return true;
    }
    UserPrincipal principal = UserPrincipal.assertCurrent();
    if (ResourceAccessUtils.isSame(principal, store.owner())) {
        // the owner can do anything with his store
        return true;
    }
    if (orgMembersOnly && store.visibility() == JsonStoreVisibility.PUBLIC && accessLevel == ResourceAccessLevel.READER && userManager.isInOrganization(store.orgId())) {
        // organization members can access any public store in the same organization
        return true;
    }
    OrganizationEntry org = orgManager.assertAccess(store.orgId(), false);
    if (ResourceAccessUtils.isSame(principal, org.getOwner())) {
        // the org owner can do anything with the org's store
        return true;
    }
    if (orgMembersOnly || store.visibility() != JsonStoreVisibility.PUBLIC) {
        if (!storeDao.hasAccessLevel(store.id(), principal.getId(), ResourceAccessLevel.atLeast(accessLevel))) {
            throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary access level (" + accessLevel + ") to the JSON store: " + store.name());
        }
    }
    return true;
}