Search in sources :

Example 11 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ProcessManager method assertKillOrDisableRights.

private void assertKillOrDisableRights(ProcessEntry e) {
    if (Roles.isAdmin()) {
        return;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    if (p.getId().equals(e.initiatorId())) {
        // process owners can kill or disable their own processes
        return;
    }
    UUID projectId = e.projectId();
    if (projectId != null) {
        // only org members with WRITER rights can kill or disable the process
        projectAccessManager.assertAccess(projectId, ResourceAccessLevel.WRITER, true);
        return;
    }
    throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have permissions " + "to kill or disable the process: " + e.instanceId());
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 12 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ProcessManager method assertUpdateRights.

private void assertUpdateRights(PartialProcessKey processKey) {
    if (Roles.isAdmin() || Roles.isGlobalWriter()) {
        return;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    SessionKeyPrincipal s = SessionKeyPrincipal.getCurrent();
    if (s != null && processKey.partOf(s.getProcessKey())) {
        // processes can update their own statuses
        return;
    }
    throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have permissions " + "to update the process status: " + processKey);
}
Also used : SessionKeyPrincipal(com.walmartlabs.concord.server.security.sessionkey.SessionKeyPrincipal) UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 13 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ProcessResource method assertProcessAccess.

private void assertProcessAccess(ProcessEntry pe, String downloadEntity) {
    UserPrincipal principal = UserPrincipal.assertCurrent();
    UUID initiatorId = pe.initiatorId();
    if (principal.getId().equals(initiatorId)) {
        // process owners should be able to download the process' state
        return;
    }
    if (Roles.isAdmin() || Roles.isGlobalReader()) {
        return;
    }
    if (pe.projectId() != null) {
        projectAccessManager.assertAccess(pe.projectId(), ResourceAccessLevel.OWNER, true);
        return;
    }
    throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary permissions to the download " + downloadEntity + " : " + pe.instanceId());
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 14 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class TeamManager method assertAccess.

public void assertAccess(UUID orgId, TeamRole requiredRole) {
    if (Roles.isAdmin()) {
        return;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    OrganizationEntry org = orgManager.assertAccess(orgId, false);
    if (ResourceAccessUtils.isSame(p, org.getOwner())) {
        // the org owner can do anything with the org's teams
        return;
    }
    if (!teamDao.isInAnyTeam(orgId, p.getId(), TeamRole.atLeast(requiredRole))) {
        throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
    }
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 15 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class ProcessEventResource method assertAccessRights.

private void assertAccessRights(PartialProcessKey processKey) {
    if (Roles.isAdmin()) {
        // an admin can access any project
        return;
    }
    UserPrincipal p = UserPrincipal.getCurrent();
    if (p == null) {
        return;
    }
    ProjectIdAndInitiator ids = queueDao.getProjectIdAndInitiator(processKey);
    if (ids.getProjectId() != null) {
        // access extended event data
        if (projectAccessManager.assertAccess(ids.getProjectId(), ResourceAccessLevel.WRITER, true) != null) {
            return;
        }
    }
    if (p.getId().equals(ids.getInitiatorId())) {
        // if it is a standalone process, only the initator can access extended event data
        return;
    }
    throw new UnauthorizedException("Only admins, process initiators and those who have READER access to " + "the process' projects can access the extended process event data");
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) ProjectIdAndInitiator(com.walmartlabs.concord.server.process.queue.ProcessQueueDao.ProjectIdAndInitiator) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Aggregations

UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)37 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)15 WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)14 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)9 UserEntry (com.walmartlabs.concord.server.user.UserEntry)8 UUID (java.util.UUID)8 PartialProcessKey (com.walmartlabs.concord.server.sdk.PartialProcessKey)7 ApiOperation (io.swagger.annotations.ApiOperation)6 OrganizationEntry (com.walmartlabs.concord.server.org.OrganizationEntry)3 EntryPoint (com.walmartlabs.concord.server.process.PayloadManager.EntryPoint)3 ProcessEntry (com.walmartlabs.concord.server.process.ProcessEntry)3 SessionKeyPrincipal (com.walmartlabs.concord.server.security.sessionkey.SessionKeyPrincipal)3 SimpleAccount (org.apache.shiro.authc.SimpleAccount)3 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)3 ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)2 LdapPrincipal (com.walmartlabs.concord.server.security.ldap.LdapPrincipal)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 Subject (org.apache.shiro.subject.Subject)2 CacheBuilder (com.google.common.cache.CacheBuilder)1 Imports (com.walmartlabs.concord.imports.Imports)1