Search in sources :

Example 6 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class OrganizationManager method assertAccess.

@WithTimer
public OrganizationEntry assertAccess(DSLContext tx, UUID orgId, String orgName, boolean orgMembersOnly) {
    OrganizationEntry e = assertExisting(tx, orgId, orgName);
    if (Roles.isAdmin()) {
        // an admin can access any organization
        return e;
    }
    if (Roles.isGlobalReader() || Roles.isGlobalWriter()) {
        return e;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    EntityOwner owner = e.getOwner();
    if (ResourceAccessUtils.isSame(p, owner)) {
        // the owner can do anything with his organization
        return e;
    }
    if (orgMembersOnly) {
        if (!userManager.isInOrganization(tx, e.getId())) {
            throw new UnauthorizedException("The current user (" + p.getUsername() + ") doesn't belong to the specified organization: " + e.getName());
        }
    }
    return e;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Example 7 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class OrganizationManager method assertUpdateAccess.

private OrganizationEntry assertUpdateAccess(UUID orgId) {
    OrganizationEntry entry = assertExisting(orgId, null);
    UserEntry owner = getOwner(entry.getOwner(), null);
    UUID ownerId = owner != null ? owner.getId() : null;
    UserPrincipal p = UserPrincipal.assertCurrent();
    if (p.getId().equals(ownerId)) {
        return entry;
    }
    assertPermission(Permission.UPDATE_ORG);
    return entry;
}
Also used : UserEntry(com.walmartlabs.concord.server.user.UserEntry) UUID(java.util.UUID) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 8 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ProjectProcessResource method doStartProcess.

private Response doStartProcess(UUID orgId, UUID projectId, UUID repoId, String branchOrTag, String commitId, String entryPoint, String activeProfiles, HttpServletRequest request) {
    Map<String, Object> cfg = new HashMap<>();
    if (branchOrTag != null) {
        cfg.put(Constants.Request.REPO_BRANCH_OR_TAG, branchOrTag);
    }
    if (commitId != null) {
        cfg.put(Constants.Request.REPO_COMMIT_ID, commitId);
    }
    if (activeProfiles != null) {
        String[] as = activeProfiles.split(",");
        cfg.put(Constants.Request.ACTIVE_PROFILES_KEY, Arrays.asList(as));
    }
    PartialProcessKey processKey = PartialProcessKey.create();
    try {
        UserPrincipal initiator = UserPrincipal.assertCurrent();
        Payload payload = PayloadBuilder.start(processKey).organization(orgId).project(projectId).repository(repoId).entryPoint(entryPoint).initiator(initiator.getId(), initiator.getUsername()).configuration(cfg).request(request).build();
        processManager.start(payload);
    } catch (Exception e) {
        return processError(processKey, e.getMessage(), e);
    }
    return proceed(processKey);
}
Also used : PartialProcessKey(com.walmartlabs.concord.server.sdk.PartialProcessKey) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) ValidationErrorsException(org.sonatype.siesta.ValidationErrorsException) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException)

Example 9 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ConsoleService method whoami.

@GET
@Path("/whoami")
@Produces(MediaType.APPLICATION_JSON)
public UserResponse whoami() {
    UserPrincipal p = UserPrincipal.getCurrent();
    if (p == null) {
        throw new ConcordApplicationException("Can't determine current user: pricipal not found", Status.INTERNAL_SERVER_ERROR);
    }
    UserEntry u = p.getUser();
    if (u == null) {
        throw new ConcordApplicationException("Can't determine current user: user entry not found", Status.INTERNAL_SERVER_ERROR);
    }
    String displayName = u.getDisplayName();
    if (displayName == null) {
        LdapPrincipal l = LdapPrincipal.getCurrent();
        if (l != null) {
            displayName = l.getDisplayName();
        }
    }
    if (displayName == null) {
        displayName = p.getUsername();
    }
    UserEntry user = userManager.get(p.getId()).orElseThrow(() -> new ConcordApplicationException("Unknown user: " + p.getId()));
    return new UserResponse(p.getRealm(), user.getName(), user.getDomain(), displayName, user.getOrgs());
}
Also used : LdapPrincipal(com.walmartlabs.concord.server.security.ldap.LdapPrincipal) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) UserEntry(com.walmartlabs.concord.server.user.UserEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 10 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ConsoleService method isApiTokenExists.

@GET
@Path("/apikey/{name}/exists")
@Produces(MediaType.APPLICATION_JSON)
@WithTimer
public boolean isApiTokenExists(@PathParam("name") @ConcordKey String tokenName) {
    UserPrincipal currentUser = UserPrincipal.getCurrent();
    if (currentUser == null) {
        return false;
    }
    UUID userId = currentUser.getId();
    return apiKeyDao.getId(userId, tokenName) != null;
}
Also used : UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Aggregations

UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)37 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)15 WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)14 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)9 UserEntry (com.walmartlabs.concord.server.user.UserEntry)8 UUID (java.util.UUID)8 PartialProcessKey (com.walmartlabs.concord.server.sdk.PartialProcessKey)7 ApiOperation (io.swagger.annotations.ApiOperation)6 OrganizationEntry (com.walmartlabs.concord.server.org.OrganizationEntry)3 EntryPoint (com.walmartlabs.concord.server.process.PayloadManager.EntryPoint)3 ProcessEntry (com.walmartlabs.concord.server.process.ProcessEntry)3 SessionKeyPrincipal (com.walmartlabs.concord.server.security.sessionkey.SessionKeyPrincipal)3 SimpleAccount (org.apache.shiro.authc.SimpleAccount)3 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)3 ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)2 LdapPrincipal (com.walmartlabs.concord.server.security.ldap.LdapPrincipal)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 Subject (org.apache.shiro.subject.Subject)2 CacheBuilder (com.google.common.cache.CacheBuilder)1 Imports (com.walmartlabs.concord.imports.Imports)1