use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class OrganizationManager method assertAccess.
@WithTimer
public OrganizationEntry assertAccess(DSLContext tx, UUID orgId, String orgName, boolean orgMembersOnly) {
OrganizationEntry e = assertExisting(tx, orgId, orgName);
if (Roles.isAdmin()) {
// an admin can access any organization
return e;
}
if (Roles.isGlobalReader() || Roles.isGlobalWriter()) {
return e;
}
UserPrincipal p = UserPrincipal.assertCurrent();
EntityOwner owner = e.getOwner();
if (ResourceAccessUtils.isSame(p, owner)) {
// the owner can do anything with his organization
return e;
}
if (orgMembersOnly) {
if (!userManager.isInOrganization(tx, e.getId())) {
throw new UnauthorizedException("The current user (" + p.getUsername() + ") doesn't belong to the specified organization: " + e.getName());
}
}
return e;
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class OrganizationManager method assertUpdateAccess.
private OrganizationEntry assertUpdateAccess(UUID orgId) {
OrganizationEntry entry = assertExisting(orgId, null);
UserEntry owner = getOwner(entry.getOwner(), null);
UUID ownerId = owner != null ? owner.getId() : null;
UserPrincipal p = UserPrincipal.assertCurrent();
if (p.getId().equals(ownerId)) {
return entry;
}
assertPermission(Permission.UPDATE_ORG);
return entry;
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProjectProcessResource method doStartProcess.
private Response doStartProcess(UUID orgId, UUID projectId, UUID repoId, String branchOrTag, String commitId, String entryPoint, String activeProfiles, HttpServletRequest request) {
Map<String, Object> cfg = new HashMap<>();
if (branchOrTag != null) {
cfg.put(Constants.Request.REPO_BRANCH_OR_TAG, branchOrTag);
}
if (commitId != null) {
cfg.put(Constants.Request.REPO_COMMIT_ID, commitId);
}
if (activeProfiles != null) {
String[] as = activeProfiles.split(",");
cfg.put(Constants.Request.ACTIVE_PROFILES_KEY, Arrays.asList(as));
}
PartialProcessKey processKey = PartialProcessKey.create();
try {
UserPrincipal initiator = UserPrincipal.assertCurrent();
Payload payload = PayloadBuilder.start(processKey).organization(orgId).project(projectId).repository(repoId).entryPoint(entryPoint).initiator(initiator.getId(), initiator.getUsername()).configuration(cfg).request(request).build();
processManager.start(payload);
} catch (Exception e) {
return processError(processKey, e.getMessage(), e);
}
return proceed(processKey);
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ConsoleService method whoami.
@GET
@Path("/whoami")
@Produces(MediaType.APPLICATION_JSON)
public UserResponse whoami() {
UserPrincipal p = UserPrincipal.getCurrent();
if (p == null) {
throw new ConcordApplicationException("Can't determine current user: pricipal not found", Status.INTERNAL_SERVER_ERROR);
}
UserEntry u = p.getUser();
if (u == null) {
throw new ConcordApplicationException("Can't determine current user: user entry not found", Status.INTERNAL_SERVER_ERROR);
}
String displayName = u.getDisplayName();
if (displayName == null) {
LdapPrincipal l = LdapPrincipal.getCurrent();
if (l != null) {
displayName = l.getDisplayName();
}
}
if (displayName == null) {
displayName = p.getUsername();
}
UserEntry user = userManager.get(p.getId()).orElseThrow(() -> new ConcordApplicationException("Unknown user: " + p.getId()));
return new UserResponse(p.getRealm(), user.getName(), user.getDomain(), displayName, user.getOrgs());
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ConsoleService method isApiTokenExists.
@GET
@Path("/apikey/{name}/exists")
@Produces(MediaType.APPLICATION_JSON)
@WithTimer
public boolean isApiTokenExists(@PathParam("name") @ConcordKey String tokenName) {
UserPrincipal currentUser = UserPrincipal.getCurrent();
if (currentUser == null) {
return false;
}
UUID userId = currentUser.getId();
return apiKeyDao.getId(userId, tokenName) != null;
}
Aggregations