use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessManager method assertKillOrDisableRights.
private void assertKillOrDisableRights(ProcessEntry e) {
if (Roles.isAdmin()) {
return;
}
UserPrincipal p = UserPrincipal.assertCurrent();
if (p.getId().equals(e.initiatorId())) {
// process owners can kill or disable their own processes
return;
}
UUID projectId = e.projectId();
if (projectId != null) {
// only org members with WRITER rights can kill or disable the process
projectAccessManager.assertAccess(projectId, ResourceAccessLevel.WRITER, true);
return;
}
throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have permissions " + "to kill or disable the process: " + e.instanceId());
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessManager method assertUpdateRights.
private void assertUpdateRights(PartialProcessKey processKey) {
if (Roles.isAdmin() || Roles.isGlobalWriter()) {
return;
}
UserPrincipal p = UserPrincipal.assertCurrent();
SessionKeyPrincipal s = SessionKeyPrincipal.getCurrent();
if (s != null && processKey.partOf(s.getProcessKey())) {
// processes can update their own statuses
return;
}
throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have permissions " + "to update the process status: " + processKey);
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessResource method assertProcessAccess.
private void assertProcessAccess(ProcessEntry pe, String downloadEntity) {
UserPrincipal principal = UserPrincipal.assertCurrent();
UUID initiatorId = pe.initiatorId();
if (principal.getId().equals(initiatorId)) {
// process owners should be able to download the process' state
return;
}
if (Roles.isAdmin() || Roles.isGlobalReader()) {
return;
}
if (pe.projectId() != null) {
projectAccessManager.assertAccess(pe.projectId(), ResourceAccessLevel.OWNER, true);
return;
}
throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary permissions to the download " + downloadEntity + " : " + pe.instanceId());
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class TeamManager method assertAccess.
public void assertAccess(UUID orgId, TeamRole requiredRole) {
if (Roles.isAdmin()) {
return;
}
UserPrincipal p = UserPrincipal.assertCurrent();
OrganizationEntry org = orgManager.assertAccess(orgId, false);
if (ResourceAccessUtils.isSame(p, org.getOwner())) {
// the org owner can do anything with the org's teams
return;
}
if (!teamDao.isInAnyTeam(orgId, p.getId(), TeamRole.atLeast(requiredRole))) {
throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
}
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessEventResource method assertAccessRights.
private void assertAccessRights(PartialProcessKey processKey) {
if (Roles.isAdmin()) {
// an admin can access any project
return;
}
UserPrincipal p = UserPrincipal.getCurrent();
if (p == null) {
return;
}
ProjectIdAndInitiator ids = queueDao.getProjectIdAndInitiator(processKey);
if (ids.getProjectId() != null) {
// access extended event data
if (projectAccessManager.assertAccess(ids.getProjectId(), ResourceAccessLevel.WRITER, true) != null) {
return;
}
}
if (p.getId().equals(ids.getInitiatorId())) {
// if it is a standalone process, only the initator can access extended event data
return;
}
throw new UnauthorizedException("Only admins, process initiators and those who have READER access to " + "the process' projects can access the extended process event data");
}
Aggregations