use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class TeamManager method assertAccess.
public TeamEntry assertAccess(UUID orgId, UUID teamId, String teamName, TeamRole requiredRole, boolean teamMembersOnly) {
TeamEntry e = assertExisting(orgId, teamId, teamName);
if (Roles.isAdmin()) {
return e;
}
UserPrincipal p = UserPrincipal.assertCurrent();
OrganizationEntry org = orgManager.assertAccess(e.getOrgId(), false);
if (ResourceAccessUtils.isSame(p, org.getOwner())) {
// the org owner can do anything with the org's inventories
return e;
}
if (requiredRole != null && teamMembersOnly) {
if (!teamDao.hasUser(e.getId(), p.getId(), TeamRole.atLeast(requiredRole))) {
throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
}
}
return e;
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class UserActivityResource method activity.
@GET
@Path("/activity")
@Produces(MediaType.APPLICATION_JSON)
@WithTimer
public UserActivityResponse activity(@QueryParam("maxProjectsPerOrg") @DefaultValue("5") int maxProjectsPerOrg, @QueryParam("maxOwnProcesses") @DefaultValue("5") int maxOwnProcesses) {
UserPrincipal user = UserPrincipal.assertCurrent();
Set<UUID> orgIds = userDao.getOrgIds(user.getId());
OffsetDateTime t = startOfDay();
Map<String, List<ProjectProcesses>> orgProcesses = processStatsDao.processByOrgs(maxProjectsPerOrg, orgIds, ORG_VISIBLE_STATUSES, t);
Map<String, Integer> stats = processStatsDao.getCountByStatuses(orgIds, t, user.getId());
ProcessFilter filter = ProcessFilter.builder().initiator(user.getUsername()).orgIds(orgIds).includeWithoutProject(true).limit(maxOwnProcesses).build();
List<ProcessEntry> lastProcesses = processDao.list(filter);
return new UserActivityResponse(stats, orgProcesses, lastProcesses);
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class JsonStoreAccessManager method hasAccess.
public boolean hasAccess(JsonStoreEntry store, ResourceAccessLevel accessLevel, boolean orgMembersOnly) {
if (Roles.isAdmin()) {
// an admin can access any store
return true;
}
if (accessLevel == ResourceAccessLevel.READER && (Roles.isGlobalReader() || Roles.isGlobalWriter())) {
return true;
} else if (accessLevel == ResourceAccessLevel.WRITER && Roles.isGlobalWriter()) {
return true;
}
UserPrincipal principal = UserPrincipal.assertCurrent();
if (ResourceAccessUtils.isSame(principal, store.owner())) {
// the owner can do anything with his store
return true;
}
if (orgMembersOnly && store.visibility() == JsonStoreVisibility.PUBLIC && accessLevel == ResourceAccessLevel.READER && userManager.isInOrganization(store.orgId())) {
// organization members can access any public store in the same organization
return true;
}
OrganizationEntry org = orgManager.assertAccess(store.orgId(), false);
if (ResourceAccessUtils.isSame(principal, org.getOwner())) {
// the org owner can do anything with the org's store
return true;
}
if (orgMembersOnly || store.visibility() != JsonStoreVisibility.PUBLIC) {
if (!storeDao.hasAccessLevel(store.id(), principal.getId(), ResourceAccessLevel.atLeast(accessLevel))) {
throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary access level (" + accessLevel + ") to the JSON store: " + store.name());
}
}
return true;
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class OrganizationResource method find.
@GET
@ApiOperation(value = "List organizations", responseContainer = "list", response = OrganizationEntry.class)
@Produces(MediaType.APPLICATION_JSON)
public List<OrganizationEntry> find(@QueryParam("onlyCurrent") @DefaultValue("false") boolean onlyCurrent, @QueryParam("offset") int offset, @QueryParam("limit") int limit, @QueryParam("filter") String filter) {
UserPrincipal p = UserPrincipal.assertCurrent();
UUID userId = p.getId();
if (Roles.isAdmin() || Roles.isGlobalReader() || Roles.isGlobalWriter()) {
// admins and global readers/writers see all orgs regardless of the onlyCurrent value
userId = null;
}
return orgDao.list(userId, onlyCurrent, offset, limit, filter);
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class UserManager method isInOrganization.
public boolean isInOrganization(DSLContext tx, UUID orgId) {
UserPrincipal p = UserPrincipal.assertCurrent();
UUID userId = p.getId();
return userDao.isInOrganization(tx, userId, orgId);
}
Aggregations