use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class CmisServiceImpl method uploadContent.
@Override
@HasPermission(type = DefaultPermission.class, action = "upload_content_cmis")
public CmisUploadItem uploadContent(@ProtectedResourceId(SITE_ID_RESOURCE_ID) String siteId, String cmisRepoId, String cmisPath, String filename, InputStream content) throws CmisUnavailableException, CmisTimeoutException, CmisRepositoryNotFoundException, CmisPathNotFoundException, ConfigurationException {
DataSourceRepository repositoryConfig = getConfiguration(siteId, cmisRepoId);
CmisUploadItem cmisUploadItem = new CmisUploadItem();
logger.debug("Create new CMIS session");
Session session = createCMISSession(repositoryConfig);
if (session != null) {
String contentPath = Paths.get(repositoryConfig.getBasePath(), cmisPath).toString();
logger.debug("Find object for CMIS path: " + contentPath);
CmisObject cmisObject = session.getObjectByPath(contentPath);
if (cmisObject != null) {
if (BaseTypeId.CMIS_FOLDER.equals(cmisObject.getBaseTypeId())) {
CmisObject docObject = null;
try {
docObject = session.getObjectByPath(Paths.get(contentPath, filename).toString());
} catch (CmisBaseException e) {
// Content does not exist - no error
logger.debug("File " + filename + " does not exist at " + contentPath);
}
MimetypesFileTypeMap mimeTypesMap = new MimetypesFileTypeMap();
String mimeType = mimeTypesMap.getContentType(filename);
ContentStream contentStream = session.getObjectFactory().createContentStream(filename, -1, mimeType, content);
Folder folder = (Folder) cmisObject;
cmisUploadItem.setName(filename);
cmisUploadItem.setFolder(false);
cmisUploadItem.setFileExtension(FilenameUtils.getExtension(filename));
if (docObject != null) {
Document doc = (Document) docObject;
doc.setContentStream(contentStream, true);
String contentId = doc.getId();
StringTokenizer st = new StringTokenizer(contentId, ";");
if (st.hasMoreTokens()) {
cmisUploadItem.setUrl(repositoryConfig.getDownloadUrlRegex().replace(ITEM_ID, st.nextToken()));
}
session.removeObjectFromCache(doc.getId());
} else {
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(OBJECT_TYPE_ID, CMIS_DOCUMENT.value());
properties.put(NAME, filename);
Document newDoc = folder.createDocument(properties, contentStream, null);
session.removeObjectFromCache(newDoc.getId());
String contentId = newDoc.getId();
StringTokenizer st = new StringTokenizer(contentId, ";");
if (st.hasMoreTokens()) {
cmisUploadItem.setUrl(repositoryConfig.getDownloadUrlRegex().replace(ITEM_ID, st.nextToken()));
}
}
session.clear();
} else if (CMIS_DOCUMENT.equals(cmisObject.getBaseTypeId())) {
throw new CmisPathNotFoundException();
}
} else {
throw new CmisPathNotFoundException();
}
} else {
throw new CmisUnauthorizedException();
}
return cmisUploadItem;
}
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class UserServiceImpl method deleteUsers.
@Override
@HasPermission(type = DefaultPermission.class, action = "delete_users")
public void deleteUsers(List<Long> userIds, List<String> usernames) throws ServiceLayerException, AuthenticationException, UserNotFoundException {
User currentUser = getCurrentUser();
if (CollectionUtils.containsAny(userIds, Arrays.asList(currentUser.getId())) || CollectionUtils.containsAny(usernames, Arrays.asList(currentUser.getUsername()))) {
throw new ServiceLayerException("Cannot delete self.");
}
generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
try {
try {
Group g = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
List<User> members = groupServiceInternal.getGroupMembers(g.getId(), 0, Integer.MAX_VALUE, StringUtils.EMPTY);
if (CollectionUtils.isNotEmpty(members)) {
List<User> membersAfterRemove = new ArrayList<User>();
membersAfterRemove.addAll(members);
members.forEach(m -> {
if (CollectionUtils.isNotEmpty(userIds)) {
if (userIds.contains(m.getId())) {
membersAfterRemove.remove(m);
}
}
if (CollectionUtils.isNotEmpty(usernames)) {
if (usernames.contains(m.getUsername())) {
membersAfterRemove.remove(m);
}
}
});
if (CollectionUtils.isEmpty(membersAfterRemove)) {
throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
}
}
} catch (GroupNotFoundException e) {
throw new ServiceLayerException("The System Admin group is not found.", e);
}
List<User> toDelete = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
userServiceInternal.deleteUsers(userIds, usernames);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_DELETE);
auditLog.setActorId(getCurrentUser().getUsername());
auditLog.setPrimaryTargetId(siteFeed.getSiteId());
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(siteFeed.getName());
List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
for (User deletedUser : toDelete) {
AuditLogParameter paramter = new AuditLogParameter();
paramter.setTargetId(Long.toString(deletedUser.getId()));
paramter.setTargetType(TARGET_TYPE_USER);
paramter.setTargetValue(deletedUser.getUsername());
paramters.add(paramter);
}
auditLog.setParameters(paramters);
auditServiceInternal.insertAuditLog(auditLog);
} finally {
generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
}
}
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class UserServiceImpl method getUserSiteRoles.
@Override
@HasPermission(type = DefaultPermission.class, action = "read_users")
public List<String> getUserSiteRoles(long userId, String username, String site) throws ServiceLayerException, UserNotFoundException {
List<Group> groups = userServiceInternal.getUserGroups(userId, username);
if (CollectionUtils.isNotEmpty(groups)) {
Map<String, List<String>> roleMappings = configurationService.geRoleMappings(site);
Set<String> userRoles = new LinkedHashSet<>();
if (MapUtils.isNotEmpty(roleMappings)) {
for (Group group : groups) {
String groupName = group.getGroupName();
if (groupName.equals(SYSTEM_ADMIN_GROUP)) {
// If sysadmin, return all roles
Collection<List<String>> roleSets = roleMappings.values();
for (List<String> roleSet : roleSets) {
userRoles.addAll(roleSet);
}
break;
} else {
List<String> roles = roleMappings.get(groupName);
if (CollectionUtils.isNotEmpty(roles)) {
userRoles.addAll(roles);
}
}
}
}
return new ArrayList<>(userRoles);
} else {
return Collections.emptyList();
}
}
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class UserServiceImpl method createUser.
@Override
@HasPermission(type = DefaultPermission.class, action = "create_users")
public User createUser(User user) throws UserAlreadyExistsException, ServiceLayerException, AuthenticationException {
try {
entitlementValidator.validateEntitlement(EntitlementType.USER, 1);
} catch (EntitlementException e) {
throw new ServiceLayerException("Unable to complete request due to entitlement limits. Please contact " + "your system administrator.", e);
}
User toRet = userServiceInternal.createUser(user);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_CREATE);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(getCurrentUser().getUsername());
auditLog.setPrimaryTargetId(user.getUsername());
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
return toRet;
}
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class AwsMediaConvertServiceImpl method uploadVideo.
/**
* {@inheritDoc}
*/
@Override
@HasPermission(type = DefaultPermission.class, action = "s3 write")
public MediaConvertResult uploadVideo(@ValidateStringParam @ProtectedResourceId("siteId") final String site, @ValidateStringParam final String inputProfileId, @ValidateStringParam final String outputProfileId, @ValidateStringParam final String filename, final InputStream content) throws AwsException {
MediaConvertProfile profile = getProfile(site, inputProfileId);
AmazonS3 s3Client = getS3Client(profile);
AWSMediaConvert mediaConvertClient = getMediaConvertClient(profile);
logger.info("Starting upload of file {0} for site {1}", filename, site);
AwsUtils.uploadStream(profile.getInputPath(), filename, s3Client, partSize, filename, content);
logger.info("Upload of file {0} for site {1} complete", filename, site);
String originalName = FilenameUtils.getBaseName(filename);
JobTemplate jobTemplate = mediaConvertClient.getJobTemplate(new GetJobTemplateRequest().withName(profile.getTemplate())).getJobTemplate();
JobSettings jobSettings = new JobSettings().withInputs(new Input().withFileInput(AwsUtils.getS3Url(profile.getInputPath(), filename)));
CreateJobRequest createJobRequest = new CreateJobRequest().withJobTemplate(profile.getTemplate()).withSettings(jobSettings).withRole(profile.getRole()).withQueue(profile.getQueue());
logger.info("Starting transcode job of file {0} for site {1}", filename, site);
CreateJobResult createJobResult = mediaConvertClient.createJob(createJobRequest);
logger.debug("Job {0} started", createJobResult.getJob().getArn());
return buildResult(jobTemplate, createJobResult, outputProfileId, originalName);
}
Aggregations