Example 6 with SecurityHole
use of org.candlepin.common.auth.SecurityHole in project candlepin by candlepin.
the class EnvironmentResource method create.
@ApiOperation(notes = "Creates an Environment", value = "create")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@SecurityHole(noAuth = true)
@Path("/{env_id}/consumers")
public ConsumerDTO create(@PathParam("env_id") String envId, @ApiParam(name = "consumer", required = true) ConsumerDTO consumer, @Context Principal principal, @QueryParam("username") String userName, @QueryParam("owner") String ownerKey, @QueryParam("activation_keys") String activationKeys) throws BadRequestException {
Environment e = lookupEnvironment(envId);
consumer.setEnvironment(translator.translate(e, EnvironmentDTO.class));
return this.consumerResource.create(consumer, principal, userName, e.getOwner().getKey(), activationKeys, true);
}
Also used :
EnvironmentDTO(org.candlepin.dto.api.v1.EnvironmentDTO)
Environment(org.candlepin.model.Environment)
Path(javax.ws.rs.Path)
SecurityHole(org.candlepin.common.auth.SecurityHole)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 7 with SecurityHole
use of org.candlepin.common.auth.SecurityHole in project candlepin by candlepin.
the class OwnerProductResource method getProductCertificate.
@ApiOperation(notes = "Retrieves a Certificate for a Product", value = "getProductCertificate")
@ApiResponses({ @ApiResponse(code = 404, message = "") })
@GET
@Path("/{product_id}/certificate")
@Produces(MediaType.APPLICATION_JSON)
@SecurityHole
@Transactional
public ProductCertificateDTO getProductCertificate(@PathParam("owner_key") String ownerKey, @ApiParam(name = "productId", required = true, value = "Numeric product identifier") @PathParam("product_id") String productId) {
if (!productId.matches("\\d+")) {
throw new BadRequestException(i18n.tr("Only numeric product IDs are allowed."));
}
Owner owner = this.getOwnerByKey(ownerKey);
Product product = this.fetchProduct(owner, productId);
ProductCertificate productCertificate = this.productCertCurator.getCertForProduct(product);
return this.translator.translate(productCertificate, ProductCertificateDTO.class);
}
Also used :
Owner(org.candlepin.model.Owner)
ProductCertificate(org.candlepin.model.ProductCertificate)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
Product(org.candlepin.model.Product)
Path(javax.ws.rs.Path)
SecurityHole(org.candlepin.common.auth.SecurityHole)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Transactional(com.google.inject.persist.Transactional)
Example 8 with SecurityHole
use of org.candlepin.common.auth.SecurityHole in project candlepin by candlepin.
the class OwnerProductResource method getProduct.
@ApiOperation(notes = "Retrieves a single Product", value = "getProduct")
@ApiResponses({ @ApiResponse(code = 404, message = "") })
@GET
@Path("/{product_id}")
@Produces(MediaType.APPLICATION_JSON)
@SecurityHole
public ProductDTO getProduct(@Verify(Owner.class) @PathParam("owner_key") String ownerKey, @PathParam("product_id") String productId) {
Owner owner = this.getOwnerByKey(ownerKey);
Product product = this.fetchProduct(owner, productId);
return this.translator.translate(product, ProductDTO.class);
}
Also used :
Owner(org.candlepin.model.Owner)
Product(org.candlepin.model.Product)
Path(javax.ws.rs.Path)
SecurityHole(org.candlepin.common.auth.SecurityHole)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 9 with SecurityHole
use of org.candlepin.common.auth.SecurityHole in project candlepin by candlepin.
the class ProductResource method getProductCertificate.
@ApiOperation(notes = "Retreives a Certificate for a Product", value = "getProductCertificate")
@ApiResponses({ @ApiResponse(code = 404, message = "") })
@GET
@Path("/{product_uuid}/certificate")
@Produces(MediaType.APPLICATION_JSON)
@SecurityHole
public ProductCertificateDTO getProductCertificate(@PathParam("product_uuid") String productUuid) {
// TODO:
// Should this be enabled globally? This will create a cert if it hasn't yet been created.
Product product = this.fetchProduct(productUuid);
ProductCertificate productCertificate = this.productCertCurator.getCertForProduct(product);
return this.translator.translate(productCertificate, ProductCertificateDTO.class);
}
Also used :
ProductCertificate(org.candlepin.model.ProductCertificate)
Product(org.candlepin.model.Product)
Path(javax.ws.rs.Path)
SecurityHole(org.candlepin.common.auth.SecurityHole)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 10 with SecurityHole
use of org.candlepin.common.auth.SecurityHole in project candlepin by candlepin.
the class PoolResource method list.
/**
* @deprecated Use the method on /owners
* @return List of pools
*/
@ApiOperation(notes = "Retrieves a list of Pools @deprecated Use the method on /owners", value = "")
@ApiResponses({ @ApiResponse(code = 400, message = "if both consumer(unit) and owner are given, or if a" + " product id is specified without a consumer(unit) or owner"), @ApiResponse(code = 404, message = "if a specified consumer(unit) or owner is not found"), @ApiResponse(code = 403, message = "") })
@GET
@Produces(MediaType.APPLICATION_JSON)
@Wrapped(element = "pools")
@Deprecated
@SecurityHole
public List<PoolDTO> list(@QueryParam("owner") String ownerId, @QueryParam("consumer") String consumerUuid, @QueryParam("product") String productId, @ApiParam("Use with consumerUuid to list all pools available to the consumer. " + "This will include pools which would otherwise be omitted due to a rules" + " warning. (i.e. not recommended) Pools that trigger an error however will" + " still be omitted. (no entitlements available, consumer type mismatch, etc)") @QueryParam("listall") @DefaultValue("false") boolean listAll, @ApiParam("Uses ISO 8601 format") @QueryParam("activeon") String activeOn, @Context Principal principal, @Context PageRequest pageRequest) {
// Make sure we were given sane query parameters:
if (consumerUuid != null && ownerId != null) {
throw new BadRequestException(i18n.tr("Cannot filter on both owner and unit"));
}
if (consumerUuid == null && ownerId == null && productId != null) {
throw new BadRequestException(i18n.tr("A unit or owner is needed to filter on product"));
}
Date activeOnDate = activeOn != null ? ResourceDateParser.parseDateString(activeOn) : new Date();
Consumer c = null;
String oId = null;
if (consumerUuid != null) {
c = consumerCurator.findByUuid(consumerUuid);
if (c == null) {
throw new NotFoundException(i18n.tr("Unit: {0} not found", consumerUuid));
}
// Now that we have a consumer, check that this principal can access it:
if (!principal.canAccess(c, SubResource.NONE, Access.READ_ONLY)) {
throw new ForbiddenException(i18n.tr("User {0} cannot access unit {1}", principal.getPrincipalName(), consumerUuid));
}
if (listAll) {
oId = c.getOwnerId();
}
}
if (ownerId != null) {
Owner o = ownerCurator.secureFind(ownerId);
if (o == null) {
throw new NotFoundException(i18n.tr("owner: {0}", ownerId));
}
oId = o.getId();
// Now that we have an owner, check that this principal can access it:
if (!principal.canAccess(o, SubResource.POOLS, Access.READ_ONLY)) {
throw new ForbiddenException(i18n.tr("User {0} cannot access owner {1}", principal.getPrincipalName(), o.getKey()));
}
}
// the system).
if (consumerUuid == null && ownerId == null && !principal.hasFullAccess()) {
throw new ForbiddenException(i18n.tr("User {0} cannot access all pools.", principal.getPrincipalName()));
}
Page<List<Pool>> page = poolManager.listAvailableEntitlementPools(c, null, oId, productId, null, activeOnDate, listAll, new PoolFilterBuilder(), pageRequest, false, false, null);
List<Pool> poolList = page.getPageData();
calculatedAttributesUtil.setCalculatedAttributes(poolList, activeOnDate);
calculatedAttributesUtil.setQuantityAttributes(poolList, c, activeOnDate);
// Store the page for the LinkHeaderResponseFilter
ResteasyProviderFactory.pushContext(Page.class, page);
List<PoolDTO> poolDTOs = new ArrayList<>();
for (Pool pool : poolList) {
poolDTOs.add(translator.translate(pool, PoolDTO.class));
}
return poolDTOs;
}
Also used :
ForbiddenException(org.candlepin.common.exceptions.ForbiddenException)
Owner(org.candlepin.model.Owner)
ArrayList(java.util.ArrayList)
NotFoundException(org.candlepin.common.exceptions.NotFoundException)
PoolDTO(org.candlepin.dto.api.v1.PoolDTO)
Date(java.util.Date)
Consumer(org.candlepin.model.Consumer)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
PoolFilterBuilder(org.candlepin.model.PoolFilterBuilder)
List(java.util.List)
ArrayList(java.util.ArrayList)
Pool(org.candlepin.model.Pool)
SecurityHole(org.candlepin.common.auth.SecurityHole)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Wrapped(org.jboss.resteasy.annotations.providers.jaxb.Wrapped)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
SecurityHole (org.candlepin.common.auth.SecurityHole)12
Produces (javax.ws.rs.Produces)10
ApiOperation (io.swagger.annotations.ApiOperation)8
GET (javax.ws.rs.GET)6
ApiResponses (io.swagger.annotations.ApiResponses)5
Path (javax.ws.rs.Path)5
Transactional (com.google.inject.persist.Transactional)4
Consumes (javax.ws.rs.Consumes)4
BadRequestException (org.candlepin.common.exceptions.BadRequestException)4
Owner (org.candlepin.model.Owner)4
Product (org.candlepin.model.Product)3
ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)2
Method (java.lang.reflect.Method)2
POST (javax.ws.rs.POST)2
Consumer (org.candlepin.model.Consumer)2
ContentOverride (org.candlepin.model.ContentOverride)2
ProductCertificate (org.candlepin.model.ProductCertificate)2
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
List (java.util.List)1
