Examples with PermissionDeniedRequestException com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException used on opensource projects

Example 6 with PermissionDeniedRequestException

use of com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException in project Qualitis by WeBankFinTech.

the class RuleMetricServiceImpl method modifyRuleMetricReal.

private GeneralResponse<RuleMetricResponse> modifyRuleMetricReal(ModifyRuleMetricRequest request, String userName) throws UnExpectedRequestException, PermissionDeniedRequestException {
    if (request == null) {
        throw new UnExpectedRequestException("{&REQUEST_CAN_NOT_BE_NULL}");
    }
    // Check rule metric existence.
    RuleMetric ruleMetricInDb = ruleMetricDao.findById(request.getId());
    if (ruleMetricInDb == null) {
        throw new UnExpectedRequestException("Rule Metric [ID=" + request.getId() + "] {&DOES_NOT_EXIST}");
    }
    LOGGER.info("Start to modify rule metric, modify request: [{}], user: [{}]", request.toString(), userName);
    if (!ruleMetricInDb.getName().equals(request.getName())) {
        checkDuplicateName(request.getName());
    }
    if (!ruleMetricInDb.getEnCode().equals(request.getEnCode())) {
        checkDuplicateCode(request.getEnCode());
    }
    User loginUser = userDao.findByUsername(userName);
    List<UserRole> userRoles = userRoleDao.findByUser(loginUser);
    Integer roleType = roleService.getRoleType(userRoles);
    if (roleType.equals(RoleDefaultTypeEnum.ADMIN.getCode())) {
        LOGGER.info("First level(created by SYS_ADMIN) indicator will be modified soon.");
    } else if (roleType.equals(RoleDefaultTypeEnum.DEPARTMENT_ADMIN.getCode())) {
        LOGGER.info("Second level(created by DEPARTMENT_ADMIN) indicator will be modified soon.");
        if (ruleMetricInDb.getLevel().equals(RuleMetricLevelEnum.DEFAULT_METRIC.getCode())) {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
        List<Department> managedDepartment = new ArrayList<>();
        for (UserRole userRole : userRoles) {
            Department department = userRole.getRole().getDepartment();
            if (department != null) {
                managedDepartment.add(department);
            }
        }
        RuleMetricDepartmentUser ruleMetricDepartmentUser = ruleMetricDepartmentUserDao.findByRuleMetric(ruleMetricInDb);
        if (ruleMetricDepartmentUser != null && managedDepartment.contains(ruleMetricDepartmentUser.getDepartment())) {
            LOGGER.info("Rule metric[{}]", ruleMetricInDb.toString());
        } else {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
    } else {
        LOGGER.info("Third level(created by PROJECTOR) indicator will be modified soon.");
        if (!ruleMetricInDb.getLevel().equals(RuleMetricLevelEnum.PERSONAL_METRIC.getCode()) || !ruleMetricInDb.getCreateUser().equals(loginUser.getUserName())) {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
    }
    Integer bussCode = request.getBussCode();
    ruleMetricInDb.setName(request.getName());
    ruleMetricInDb.setCnName(request.getCnName());
    ruleMetricInDb.setMetricDesc(request.getDesc());
    ruleMetricInDb.setBussCode(bussCode);
    if (RuleMetricBussCodeEnum.SUBSYSTEM.getCode().equals(bussCode)) {
        ruleMetricInDb.setSubSystemName(request.getSubSystemName());
        ruleMetricInDb.setFullCnName(request.getFullCnName());
        // Empty them
        ruleMetricInDb.setBussCustom("");
        ruleMetricInDb.setProductName("");
    } else if (RuleMetricBussCodeEnum.PRODUCT.getCode().equals(bussCode)) {
        ruleMetricInDb.setProductName(request.getProductName());
        ruleMetricInDb.setSubSystemName("");
        ruleMetricInDb.setFullCnName("");
        ruleMetricInDb.setBussCustom("");
    } else if (RuleMetricBussCodeEnum.CUSTOM.getCode().equals(bussCode)) {
        ruleMetricInDb.setBussCustom(request.getBussCustom());
        ruleMetricInDb.setProductName("");
        ruleMetricInDb.setSubSystemName("");
        ruleMetricInDb.setFullCnName("");
    }
    ruleMetricInDb.setModifyUser(userName);
    ruleMetricInDb.setModifyTime(ExecutionManagerImpl.PRINT_TIME_FORMAT.format(new Date()));
    ruleMetricInDb.setType(request.getType());
    ruleMetricInDb.setEnCode(request.getEnCode());
    ruleMetricInDb.setFrequency(request.getFrequency());
    ruleMetricInDb.setDepartmentName(request.getDepartmentName());
    ruleMetricInDb.setDevDepartmentName(request.getDevDepartmentName());
    ruleMetricInDb.setOpsDepartmentName(request.getOpsDepartmentName());
    ruleMetricInDb.setAvailable(request.getAvailable());
    RuleMetricResponse response = new RuleMetricResponse(ruleMetricDao.add(ruleMetricInDb));
    return new GeneralResponse<>("200", "{&MODIFY_RULE_METRIC_SUCCESSFULLY}", response);
}

Example 7 with PermissionDeniedRequestException

use of com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException in project Qualitis by WeBankFinTech.

the class RuleMetricServiceImpl method getRuleMetricDetail.

@Override
public GeneralResponse<RuleMetricResponse> getRuleMetricDetail(long id) throws UnExpectedRequestException, PermissionDeniedRequestException {
    if (id <= 0) {
        throw new UnExpectedRequestException("{&REQUEST_CAN_NOT_BE_NULL}");
    }
    // Check rule metric existence.
    RuleMetric ruleMetricInDb = ruleMetricDao.findById(id);
    if (ruleMetricInDb == null) {
        throw new UnExpectedRequestException("Rule Metric ID [" + id + "] {&DOES_NOT_EXIST}");
    }
    String userName = HttpUtils.getUserName(httpServletRequest);
    LOGGER.info("Start to get rule metric, rule metric ID: [{}], user: [{}]", id, userName);
    User loginUser = userDao.findByUsername(userName);
    List<UserRole> userRoles = userRoleDao.findByUser(loginUser);
    Integer roleType = roleService.getRoleType(userRoles);
    RuleMetricDepartmentUser ruleMetricDepartmentUser = ruleMetricDepartmentUserDao.findByRuleMetric(ruleMetricInDb);
    if (roleType.equals(RoleDefaultTypeEnum.ADMIN.getCode())) {
        LOGGER.info("SYS_ADMIN will get rule metric.");
    } else if (roleType.equals(RoleDefaultTypeEnum.DEPARTMENT_ADMIN.getCode())) {
        LOGGER.info("DEPARTMENT_ADMIN will get rule metric.");
        List<Department> managedDepartment = new ArrayList<>();
        for (UserRole userRole : userRoles) {
            Department department = userRole.getRole().getDepartment();
            if (department != null) {
                managedDepartment.add(department);
            }
        }
        if (ruleMetricDepartmentUser.getDepartment() != null) {
            List<Department> res = managedDepartment.stream().filter(department -> department.getId() == ruleMetricDepartmentUser.getDepartment().getId()).collect(Collectors.toList());
            if (res.size() > 0) {
                LOGGER.info("Rule metric[{}] comes from department: {}", ruleMetricInDb.toString(), ruleMetricDepartmentUser.getDepartment().getName());
            } else {
                throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
            }
        } else if (ruleMetricInDb.getLevel().equals(RuleMetricLevelEnum.DEFAULT_METRIC.getCode())) {
            LOGGER.info("DEPARTMENT_ADMIN will get first level rule metric.");
        } else {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
    } else {
        LOGGER.info("PROJECTOR will get rule metric.");
        Department department = loginUser.getDepartment();
        if (ruleMetricInDb.getLevel().equals(RuleMetricLevelEnum.DEPARTMENT_METRIC) && !department.equals(ruleMetricDepartmentUser.getDepartment())) {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
        if (ruleMetricInDb.getLevel().equals(RuleMetricLevelEnum.PERSONAL_METRIC) && !loginUser.equals(ruleMetricDepartmentUser.getUser())) {
            throw new PermissionDeniedRequestException("User {&HAS_NO_PERMISSION_TO_ACCESS}", 403);
        }
    }
    RuleMetricResponse ruleMetricResponse = new RuleMetricResponse(ruleMetricInDb);
    return new GeneralResponse<>("200", "{&GET_RULE_METRIC_SUCCESSFULLY}", ruleMetricResponse);
}

Example 8 with PermissionDeniedRequestException

use of com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException in project Qualitis by WeBankFinTech.

the class ProjectServiceImpl method modifyProjectDetail.

@Override
@Transactional(propagation = Propagation.REQUIRED, rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<?> modifyProjectDetail(ModifyProjectDetailRequest request, boolean workflow) throws UnExpectedRequestException, PermissionDeniedRequestException, RoleNotFoundException {
    // Check Arguments
    ModifyProjectDetailRequest.checkRequest(request);
    // Check existence of project
    Project projectInDb = projectDao.findById(request.getProjectId());
    if (projectInDb == null) {
        throw new UnExpectedRequestException("project id {&DOES_NOT_EXIST}");
    }
    LOGGER.info("Succeed to get project. project: {}", projectInDb);
    // Get userId
    Long userId = HttpUtils.getUserId(httpServletRequest);
    User user;
    if (userId == null) {
        user = userDao.findByUsername(request.getUsername());
        if (user == null) {
            throw new UnExpectedRequestException(String.format("{&FAILED_TO_FIND_USER} %s", request.getUsername()));
        }
    } else {
        user = userDao.findById(userId);
        if (user == null) {
            throw new UnExpectedRequestException(String.format("{&FAILED_TO_FIND_USER} %s", userId));
        }
    }
    // Check if user has permission modifying project
    List<Integer> permissions = new ArrayList<>();
    permissions.add(ProjectUserPermissionEnum.BUSSMAN.getCode());
    permissions.add(ProjectUserPermissionEnum.DEVELOPER.getCode());
    checkProjectPermission(projectInDb, user.getUserName(), permissions);
    // Check project name
    Project otherProject = projectDao.findByNameAndCreateUser(request.getProjectName(), user.getUserName());
    if (otherProject != null && !otherProject.getId().equals(projectInDb.getId())) {
        throw new UnExpectedRequestException(String.format("Project name: %s already exist", request.getProjectName()));
    }
    // Save project.
    String oldLabels = "";
    String newLabels = "";
    if (CollectionUtils.isNotEmpty(projectInDb.getProjectLabels())) {
        oldLabels = projectInDb.getProjectLabels().stream().map(ProjectLabel::getLabelName).collect(Collectors.joining());
    }
    if (CollectionUtils.isNotEmpty(request.getProjectLabelStrs())) {
        newLabels = request.getProjectLabelStrs().stream().collect(Collectors.joining());
    }
    if (!oldLabels.equals(newLabels)) {
        projectEventService.recordModifyProject(projectInDb, user.getUserName(), "Project labels", oldLabels, newLabels, EventTypeEnum.MODIFY_PROJECT.getCode());
    }
    if (StringUtils.isNotEmpty(projectInDb.getCnName()) && !projectInDb.getCnName().equals(request.getCnName())) {
        projectEventService.recordModifyProject(projectInDb, user.getUserName(), "Chinese Name", projectInDb.getCnName(), request.getCnName(), EventTypeEnum.MODIFY_PROJECT.getCode());
    }
    if (!projectInDb.getName().equals(request.getProjectName())) {
        projectEventService.recordModifyProject(projectInDb, user.getUserName(), "English Name", projectInDb.getName(), request.getProjectName(), EventTypeEnum.MODIFY_PROJECT.getCode());
    }
    if (!projectInDb.getDescription().equals(request.getDescription())) {
        projectEventService.recordModifyProject(projectInDb, user.getUserName(), "Describe", projectInDb.getDescription(), request.getDescription(), EventTypeEnum.MODIFY_PROJECT.getCode());
    }
    projectInDb.setCnName(request.getCnName());
    projectInDb.setName(request.getProjectName());
    projectInDb.setDescription(request.getDescription());
    // Delete old projectLabel.
    projectLabelDao.deleteByProject(projectInDb);
    LOGGER.info("Succeed to delete all project_label, project_id: {}", request.getProjectId());
    // Create new project labels.
    addProjectLabels(request.getProjectLabelStrs(), projectInDb);
    // Record modify user
    projectInDb.setModifyUser(user.getUserName());
    projectInDb.setModifyTime(ExecutionManagerImpl.PRINT_TIME_FORMAT.format(new Date()));
    Project savedProject = projectDao.saveProject(projectInDb);
    LOGGER.info("Succeed to modify project. project: {}", savedProject);
    if (workflow) {
        // Clear old project user.
        List<ProjectUser> projectUsers = projectUserDao.findByProject(projectInDb);
        Role role = roleDao.findByRoleName(ADMIN);
        List<String> admins = userRoleDao.findByRole(role).stream().map(UserRole::getUser).map(User::getUserName).collect(Collectors.toList());
        projectUsers = projectUsers.stream().filter(projectUser -> !admins.contains(projectUser.getUserName())).filter(projectUser -> !projectUser.getUserName().equals(request.getUsername())).collect(Collectors.toList());
        for (ProjectUser projectUser : projectUsers) {
            projectUserDao.deleteByProjectAndUserName(projectInDb, projectUser.getUserName());
        }
    }
    authorizeUsers(projectInDb, user, request.getAuthorizeProjectUserRequests(), true);
    return new GeneralResponse<>("200", "{&MODIFY_PROJECT_DETAIL_SUCCESSFULLY}", new ProjectDetailResponse(savedProject, null));
}

Example 9 with PermissionDeniedRequestException

use of com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException in project Qualitis by WeBankFinTech.

the class ProjectUserServiceImpl method authorizePermission.

@Override
@Transactional(propagation = Propagation.REQUIRED, rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<ProjectUserResponse> authorizePermission(AuthorizeProjectUserRequest authorizeProjectUserRequest, Long loginUserId, boolean modify) throws UnExpectedRequestException, PermissionDeniedRequestException, RoleNotFoundException {
    List<ProjectUser> projectUsers = new ArrayList<>();
    AuthorizeProjectUserRequest.checkRequest(authorizeProjectUserRequest);
    Project projectInDb = projectDao.findById(authorizeProjectUserRequest.getProjectId());
    String projectUser = authorizeProjectUserRequest.getProjectUser();
    LOGGER.info("User[id={}] start to authorize user[name={}]", loginUserId, projectUser);
    if (projectInDb == null) {
        throw new UnExpectedRequestException("{&PROJECT}: [ID=" + authorizeProjectUserRequest.getProjectId() + "] {&DOES_NOT_EXIST}");
    }
    User projectUserInDb = userDao.findByUsername(projectUser);
    if (projectUserInDb == null) {
        LOGGER.warn("Project user is from outside, qualitis will auto add user. Name: " + projectUser);
        userService.autoAddUser(projectUser);
    }
    User loginUser = userDao.findById(loginUserId);
    if (!checkPermission(projectInDb, loginUser.getUserName(), ProjectUserPermissionEnum.CREATOR.getCode())) {
        throw new PermissionDeniedRequestException("{&NO_PERMISSION_MODIFYING_PROJECT}", 403);
    }
    if (loginUser.getUserName().equals(projectUser)) {
        return null;
    }
    List<Integer> permissions = new ArrayList<>();
    if (modify) {
        projectUserDao.deleteByProjectAndUserName(projectInDb, projectUser);
        LOGGER.info("Success to delete original project user permissions.");
    }
    for (Integer permission : authorizeProjectUserRequest.getProjectPermissions()) {
        ProjectUser tmp = new ProjectUser(permission, projectInDb, projectUser);
        LOGGER.info("User[name={}] get permission[ID={}].", projectUser, permission);
        projectUsers.add(tmp);
        permissions.add(permission);
    }
    projectUserDao.saveAll(projectUsers);
    // projectEventService.record(projectInDb.getId(), loginUser.getUserName(), "authorized", projectUser, EventTypeEnum.MODIFY_PROJECT.getCode());
    ProjectUserResponse projectUserResponse = new ProjectUserResponse(projectInDb.getName(), loginUser.getUserName(), projectUser);
    projectUserResponse.setPermissions(permissions);
    return new GeneralResponse<>("200", "{&SUCCESS_TO_ADD_PROJECT_USER}", projectUserResponse);
}

Example 10 with PermissionDeniedRequestException

use of com.webank.wedatasphere.qualitis.exception.PermissionDeniedRequestException in project Qualitis by WeBankFinTech.

the class ProjectUserServiceImpl method deletePermission.

@Override
@Transactional(propagation = Propagation.REQUIRED, rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse deletePermission(AuthorizeProjectUserRequest request, Long loginUserId) throws UnExpectedRequestException, PermissionDeniedRequestException {
    Long projectId = request.getProjectId();
    Project projectInDb = projectDao.findById(projectId);
    if (projectInDb == null) {
        throw new UnExpectedRequestException("{&PROJECT}: [ID=" + projectId + "] {&DOES_NOT_EXIST}");
    }
    User loginUser = userDao.findById(loginUserId);
    if (!checkPermission(projectInDb, loginUser.getUserName(), ProjectUserPermissionEnum.CREATOR.getCode())) {
        throw new PermissionDeniedRequestException("{&NO_PERMISSION_MODIFYING_PROJECT}", 403);
    }
    projectUserDao.deleteByProjectAndUserName(projectInDb, request.getProjectUser());
    // projectEventService.record(projectInDb.getId(), loginUser.getUserName(), "authorized", request.getProjectUser(), EventTypeEnum.MODIFY_PROJECT.getCode());
    return new GeneralResponse<>("200", "{&DELETE_USER_SUCCESSFULLY}", null);
}