Search in sources :

Example 26 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class TeamManager method assertAccess.

public TeamEntry assertAccess(UUID orgId, UUID teamId, String teamName, TeamRole requiredRole, boolean teamMembersOnly) {
    TeamEntry e = assertExisting(orgId, teamId, teamName);
    if (Roles.isAdmin()) {
        return e;
    }
    UserPrincipal p = UserPrincipal.assertCurrent();
    OrganizationEntry org = orgManager.assertAccess(e.getOrgId(), false);
    if (ResourceAccessUtils.isSame(p, org.getOwner())) {
        // the org owner can do anything with the org's inventories
        return e;
    }
    if (requiredRole != null && teamMembersOnly) {
        if (!teamDao.hasUser(e.getId(), p.getId(), TeamRole.atLeast(requiredRole))) {
            throw new UnauthorizedException("The current user (" + p.getUsername() + ") does not have the required role: " + requiredRole);
        }
    }
    return e;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 27 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class UserActivityResource method activity.

@GET
@Path("/activity")
@Produces(MediaType.APPLICATION_JSON)
@WithTimer
public UserActivityResponse activity(@QueryParam("maxProjectsPerOrg") @DefaultValue("5") int maxProjectsPerOrg, @QueryParam("maxOwnProcesses") @DefaultValue("5") int maxOwnProcesses) {
    UserPrincipal user = UserPrincipal.assertCurrent();
    Set<UUID> orgIds = userDao.getOrgIds(user.getId());
    OffsetDateTime t = startOfDay();
    Map<String, List<ProjectProcesses>> orgProcesses = processStatsDao.processByOrgs(maxProjectsPerOrg, orgIds, ORG_VISIBLE_STATUSES, t);
    Map<String, Integer> stats = processStatsDao.getCountByStatuses(orgIds, t, user.getId());
    ProcessFilter filter = ProcessFilter.builder().initiator(user.getUsername()).orgIds(orgIds).includeWithoutProject(true).limit(maxOwnProcesses).build();
    List<ProcessEntry> lastProcesses = processDao.list(filter);
    return new UserActivityResponse(stats, orgProcesses, lastProcesses);
}
Also used : ProcessEntry(com.walmartlabs.concord.server.process.ProcessEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) OffsetDateTime(java.time.OffsetDateTime) ProcessFilter(com.walmartlabs.concord.server.process.queue.ProcessFilter) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Example 28 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class JsonStoreAccessManager method hasAccess.

public boolean hasAccess(JsonStoreEntry store, ResourceAccessLevel accessLevel, boolean orgMembersOnly) {
    if (Roles.isAdmin()) {
        // an admin can access any store
        return true;
    }
    if (accessLevel == ResourceAccessLevel.READER && (Roles.isGlobalReader() || Roles.isGlobalWriter())) {
        return true;
    } else if (accessLevel == ResourceAccessLevel.WRITER && Roles.isGlobalWriter()) {
        return true;
    }
    UserPrincipal principal = UserPrincipal.assertCurrent();
    if (ResourceAccessUtils.isSame(principal, store.owner())) {
        // the owner can do anything with his store
        return true;
    }
    if (orgMembersOnly && store.visibility() == JsonStoreVisibility.PUBLIC && accessLevel == ResourceAccessLevel.READER && userManager.isInOrganization(store.orgId())) {
        // organization members can access any public store in the same organization
        return true;
    }
    OrganizationEntry org = orgManager.assertAccess(store.orgId(), false);
    if (ResourceAccessUtils.isSame(principal, org.getOwner())) {
        // the org owner can do anything with the org's store
        return true;
    }
    if (orgMembersOnly || store.visibility() != JsonStoreVisibility.PUBLIC) {
        if (!storeDao.hasAccessLevel(store.id(), principal.getId(), ResourceAccessLevel.atLeast(accessLevel))) {
            throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary access level (" + accessLevel + ") to the JSON store: " + store.name());
        }
    }
    return true;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) OrganizationEntry(com.walmartlabs.concord.server.org.OrganizationEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 29 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class OrganizationResource method find.

@GET
@ApiOperation(value = "List organizations", responseContainer = "list", response = OrganizationEntry.class)
@Produces(MediaType.APPLICATION_JSON)
public List<OrganizationEntry> find(@QueryParam("onlyCurrent") @DefaultValue("false") boolean onlyCurrent, @QueryParam("offset") int offset, @QueryParam("limit") int limit, @QueryParam("filter") String filter) {
    UserPrincipal p = UserPrincipal.assertCurrent();
    UUID userId = p.getId();
    if (Roles.isAdmin() || Roles.isGlobalReader() || Roles.isGlobalWriter()) {
        // admins and global readers/writers see all orgs regardless of the onlyCurrent value
        userId = null;
    }
    return orgDao.list(userId, onlyCurrent, offset, limit, filter);
}
Also used : UUID(java.util.UUID) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) ApiOperation(io.swagger.annotations.ApiOperation)

Example 30 with UserPrincipal

use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.

the class UserManager method isInOrganization.

public boolean isInOrganization(DSLContext tx, UUID orgId) {
    UserPrincipal p = UserPrincipal.assertCurrent();
    UUID userId = p.getId();
    return userDao.isInOrganization(tx, userId, orgId);
}
Also used : UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Aggregations

UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)37 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)15 WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)14 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)9 UserEntry (com.walmartlabs.concord.server.user.UserEntry)8 UUID (java.util.UUID)8 PartialProcessKey (com.walmartlabs.concord.server.sdk.PartialProcessKey)7 ApiOperation (io.swagger.annotations.ApiOperation)6 OrganizationEntry (com.walmartlabs.concord.server.org.OrganizationEntry)3 EntryPoint (com.walmartlabs.concord.server.process.PayloadManager.EntryPoint)3 ProcessEntry (com.walmartlabs.concord.server.process.ProcessEntry)3 SessionKeyPrincipal (com.walmartlabs.concord.server.security.sessionkey.SessionKeyPrincipal)3 SimpleAccount (org.apache.shiro.authc.SimpleAccount)3 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)3 ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)2 LdapPrincipal (com.walmartlabs.concord.server.security.ldap.LdapPrincipal)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 Subject (org.apache.shiro.subject.Subject)2 CacheBuilder (com.google.common.cache.CacheBuilder)1 Imports (com.walmartlabs.concord.imports.Imports)1