use of jetbrains.buildServer.serverSide.auth.AuthorityHolder in project teamcity-rest by JetBrains.
the class PermissionAssignmentFinder method getPermissions.
@NotNull
private FinderDataBinding.ItemHolder<PermissionAssignmentData> getPermissions(@NotNull final TypedFinderBuilder.DimensionObjects dimensions, @NotNull final AuthorityHolder authorityHolder, @NotNull final ServiceLocator serviceLocator) {
/* The rest of the code in this method is mostly performance optimization producing the same results (with possibly changed sorting).
if (true) {
List<Permission> globalPermissions = authorityHolder.getGlobalPermissions().toList();
Set<Permission> globalPermissionsSet = new HashSet<>(globalPermissions); //TeamCity API issue: this set is used to exclude global permissions from project-level ones
return FinderDataBinding.getItemHolder(Stream.concat(
globalPermissions.stream().map(p -> new PermissionAssignmentData(p)),
authorityHolder.getProjectsPermissions().entrySet().stream().flatMap(
entry -> entry.getValue().toList().stream().filter(p -> !globalPermissionsSet.contains(p)).map(p -> new PermissionAssignmentData(p, entry.getKey())))));
}
*/
List<Permission> permissions_raw = dimensions.get(PERMISSION);
List<List<SProject>> projects_raw = dimensions.get(PROJECT);
if (projects_raw != null && !projects_raw.isEmpty() && projects_raw.size() > 1) {
throw new BadRequestException("Multiple projects dimensions are not supported");
}
@Nullable List<SProject> projects = projects_raw == null || projects_raw.isEmpty() ? null : projects_raw.get(0);
if (permissions_raw != null && !permissions_raw.isEmpty() && permissions_raw.size() > 1) {
throw new BadRequestException("Multiple permissions dimensions are not supported");
}
// permissions_raw is ANDed, permissions is ORed, but so far it is not supported: todo implement
List<Permission> permissions = permissions_raw;
Stream<PermissionAssignmentData> result = Stream.empty();
List<Boolean> global_raw = dimensions.get(GLOBAL);
if (global_raw != null && !global_raw.isEmpty() && global_raw.size() > 1) {
throw new BadRequestException("Multiple global dimensions are not supported");
}
Boolean global = global_raw == null ? null : global_raw.get(0);
if ((permissions == null || permissions.isEmpty())) {
if (projects == null) {
if (global == null || global) {
result = Stream.concat(result, authorityHolder.getGlobalPermissions().toList().stream().map(p -> new PermissionAssignmentData(p)));
}
if (global == null || !global) {
result = Stream.concat(result, authorityHolder.getProjectsPermissions().entrySet().stream().flatMap(entry -> entry.getValue().toList().stream().filter(p -> p.isProjectAssociationSupported()).map(p -> new PermissionAssignmentData(p, entry.getKey()))));
}
return FinderDataBinding.getItemHolder(result);
}
if (global == null || global) {
result = Stream.concat(result, authorityHolder.getGlobalPermissions().toList().stream().filter(p -> p.isProjectAssociationSupported()).map(p -> new PermissionAssignmentData(p)));
}
if (global == null || !global) {
result = Stream.concat(result, projects.stream().flatMap(project -> {
Permissions projectPermissions = authorityHolder.getProjectsPermissions().get(project.getProjectId());
return projectPermissions == null ? Stream.empty() : projectPermissions.toList().stream().filter(p -> p.isProjectAssociationSupported()).map(p -> new PermissionAssignmentData(p, project.getProjectId()));
}));
}
return FinderDataBinding.getItemHolder(result);
}
if (projects == null) {
if (global == null || global) {
result = Stream.concat(result, permissions.stream().filter(p -> authorityHolder.isPermissionGrantedGlobally(p)).map(p -> new PermissionAssignmentData(p)));
}
if (global == null || !global) {
List<SProject> allProjects = serviceLocator.getSingletonService(ProjectManager.class).getProjects();
result = Stream.concat(result, permissions.stream().filter(p -> p.isProjectAssociationSupported()).flatMap(p -> allProjects.stream().filter(project -> {
Permissions projectPermissions = authorityHolder.getProjectsPermissions().get(project.getProjectId());
return projectPermissions != null && projectPermissions.contains(p);
}).map(project -> new PermissionAssignmentData(p, project.getProjectId()))));
}
return FinderDataBinding.getItemHolder(result);
}
if (global == null || global) {
result = Stream.concat(result, permissions.stream().filter(p -> p.isProjectAssociationSupported()).filter(p -> authorityHolder.isPermissionGrantedGlobally(p)).map(p -> new PermissionAssignmentData(p)));
}
if (global == null || !global) {
result = Stream.concat(result, projects.stream().flatMap(project -> permissions.stream().filter(p -> p.isProjectAssociationSupported()).filter(p -> {
Permissions projectPermissions = authorityHolder.getProjectsPermissions().get(project.getProjectId());
return projectPermissions != null && projectPermissions.contains(p);
}).map(p -> new PermissionAssignmentData(p, project.getProjectId()))));
}
return FinderDataBinding.getItemHolder(result);
}
use of jetbrains.buildServer.serverSide.auth.AuthorityHolder in project teamcity-rest by JetBrains.
the class BuildTypeRequest method deleteBuildType.
@DELETE
@Path("/{btLocator}")
@ApiOperation(value = "Delete build configuration matching the locator.", nickname = "deleteBuildType")
public void deleteBuildType(@ApiParam(format = LocatorName.BUILD_TYPE) @PathParam("btLocator") String buildTypeLocator) {
BuildTypeOrTemplate buildType = myBuildTypeFinder.getBuildTypeOrTemplate(null, buildTypeLocator, false);
AuthorityHolder authorityHolder = myBeanContext.getSingletonService(SecurityContext.class).getAuthorityHolder();
buildType.remove((SUser) authorityHolder.getAssociatedUser(), buildType.isBuildType() ? "Build configuration removed" : "Template removed");
}
use of jetbrains.buildServer.serverSide.auth.AuthorityHolder in project teamcity-rest by JetBrains.
the class AbstractAgentPoolResolver method projects.
@NotNull
public AgentPoolProjectsConnection projects(@NotNull AbstractAgentPool pool, @NotNull ProjectsFilter filter, @NotNull DataFetchingEnvironment env) {
jetbrains.buildServer.serverSide.agentPools.AgentPool realPool = pool.getRealPool();
Collection<String> projectIds = realPool.getProjectIds();
Stream<SProject> projects = myProjectManager.findProjects(projectIds).stream();
if (filter.getArchived() != null) {
projects = projects.filter(p -> p.isArchived() == filter.getArchived());
}
Integer excludedProjectsCount = null;
if (env.getSelectionSet().contains("excludedCount")) {
AuthorityHolder authHolder = mySecurityContext.getAuthorityHolder();
excludedProjectsCount = (int) projectIds.stream().filter(projectId -> !authHolder.isPermissionGrantedForProject(projectId, Permission.VIEW_PROJECT)).count();
}
return new AgentPoolProjectsConnection(projects.collect(Collectors.toList()), excludedProjectsCount, PaginationArguments.everything());
}
use of jetbrains.buildServer.serverSide.auth.AuthorityHolder in project teamcity-rest by JetBrains.
the class AgentPoolMutation method bulkMoveAgentsToAgentPool.
@Used("graphql")
@NotNull
public DataFetcherResult<BulkMoveAgentToAgentsPoolPayload> bulkMoveAgentsToAgentPool(@NotNull BulkMoveAgentsToAgentPoolInput input) {
DataFetcherResult.Builder<BulkMoveAgentToAgentsPoolPayload> result = DataFetcherResult.newResult();
AgentPool targetPool = myAgentPoolManager.findAgentPoolById(input.getTargetAgentPoolRawId());
if (targetPool == null) {
return result.error(new EntityNotFoundGraphQLError("Target pool is not found.")).build();
}
if (targetPool.isProjectPool() || targetPool instanceof ReadOnlyAgentPool) {
return result.error(new OperationFailedGraphQLError("Can't move agents to target pool.")).build();
}
if (!myAgentPoolActionsAccessChecker.canManageAgentsInPool(targetPool)) {
return result.error(new OperationFailedGraphQLError("Can't move agents to target pool.")).build();
}
Set<String> projectsToCheck = new HashSet<>();
Set<Integer> agentTypes = new HashSet<>();
for (Integer agentId : input.getAgentRawIds()) {
SBuildAgent agent = myBuildAgentManager.findAgentById(agentId, true);
if (agent == null) {
return result.error(new OperationFailedGraphQLError("One of the agents with given ids is not found.")).build();
}
agentTypes.add(agent.getAgentTypeId());
projectsToCheck.addAll(agent.getAgentPool().getProjectIds());
}
AuthorityHolder authHolder = mySecurityContext.getAuthorityHolder();
if (!AuthUtil.hasPermissionToManageAgentPoolsWithProjects(authHolder, projectsToCheck)) {
return result.error(new OperationFailedGraphQLError("Not enough permissions on one of the agent pools.")).build();
}
try {
myAgentPoolManager.moveAgentTypesToPool(input.getTargetAgentPoolRawId(), agentTypes);
} catch (NoSuchAgentPoolException e) {
return result.error(new EntityNotFoundGraphQLError("Target pool does not exist.")).build();
} catch (PoolQuotaExceededException e) {
LOG.debug(e.getMessage());
return result.error(new OperationFailedGraphQLError("Target pool does not accept agents.")).build();
} catch (AgentTypeCannotBeMovedException e) {
LOG.debug(e.getMessage());
return result.error(new OperationFailedGraphQLError("One of the selected agents can not be moved.")).build();
}
List<Agent> agents = new ArrayList<>();
for (Integer agentId : input.getAgentRawIds()) {
SBuildAgent agent = myBuildAgentManager.findAgentById(agentId, true);
if (agent == null) {
continue;
}
agents.add(new Agent(agent));
}
// should not be null at this stage
AgentPool updatedTargetPool = myAgentPoolManager.findAgentPoolById(input.getTargetAgentPoolRawId());
BulkMoveAgentToAgentsPoolPayload payload = new BulkMoveAgentToAgentsPoolPayload(agents, new jetbrains.buildServer.server.graphql.model.agentPool.AgentPool(updatedTargetPool));
return result.data(payload).build();
}
use of jetbrains.buildServer.serverSide.auth.AuthorityHolder in project teamcity-rest by JetBrains.
the class AgentPoolMutation method unassignProjectFromAgentPool.
@Used("graphql")
@NotNull
public DataFetcherResult<UnassignProjectFromAgentPoolPayload> unassignProjectFromAgentPool(@NotNull UnassignProjectFromAgentPoolInput input) {
DataFetcherResult.Builder<UnassignProjectFromAgentPoolPayload> result = DataFetcherResult.newResult();
SProject project = myProjectManager.findProjectByExternalId(input.getProjectRawId());
if (project == null) {
return result.error(new EntityNotFoundGraphQLError("Project with given id does not exist.")).build();
}
AuthorityHolder authorityHolder = mySecurityContext.getAuthorityHolder();
boolean canRemoveThisProject = AuthUtil.hasPermissionToManageAgentPoolsWithProject(authorityHolder, project.getProjectId());
boolean thereAreOtherAssociatedPools = false;
if (canRemoveThisProject) {
// let's count other pools iff we are sure that we can potentially remove given project.
thereAreOtherAssociatedPools = myAgentPoolManager.getAgentPoolsWithProject(project.getProjectId()).stream().map(poolId -> myAgentPoolManager.findAgentPoolById(poolId)).filter(Objects::nonNull).filter(pool -> !pool.isProjectPool()).count() > 1;
}
if (!canRemoveThisProject || !thereAreOtherAssociatedPools) {
if (!canRemoveThisProject) {
return result.error(new OperationFailedGraphQLError("Can't unassign project, not enough permissions.")).build();
}
return result.error(new OperationFailedGraphQLError("Can't unassign project, there are no other pools associated with this project.")).build();
}
Set<String> projectsToDisassociate;
if (input.isRecursive()) {
projectsToDisassociate = new HashSet<>();
projectsToDisassociate.add(project.getProjectId());
project.getProjects().stream().map(p -> p.getProjectId()).forEach(projectsToDisassociate::add);
} else {
projectsToDisassociate = Collections.singleton(project.getProjectId());
}
try {
myAgentPoolManager.dissociateProjectsFromPool(input.getAgentPoolRawId(), projectsToDisassociate);
} catch (NoSuchAgentPoolException e) {
return result.error(new EntityNotFoundGraphQLError("Agent pool with given id does not exist.")).build();
}
AgentPool agentPool = myAgentPoolManager.findAgentPoolById(input.getAgentPoolRawId());
if (agentPool == null) {
LOG.warn(String.format("Agent pool with id=%d is missing after associating project id=%s", input.getAgentPoolRawId(), project.getProjectId()));
return result.error(new UnexpectedServerGraphQLError("Agent pool with given id could not be found after operation.")).build();
}
return result.data(new UnassignProjectFromAgentPoolPayload(new Project(project), new jetbrains.buildServer.server.graphql.model.agentPool.AgentPool(agentPool))).build();
}
Aggregations