Search in sources :

Example 6 with HasPermission

use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.

the class GroupServiceImpl method updateGroup.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public Group updateGroup(long orgId, Group group) throws ServiceLayerException, GroupNotFoundException, AuthenticationException {
    Group toRet = groupServiceInternal.updateGroup(orgId, group);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_UPDATE);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(userService.getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(group.getGroupName());
    auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
    auditLog.setPrimaryTargetValue(group.getGroupName());
    auditServiceInternal.insertAuditLog(auditLog);
    return toRet;
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 7 with HasPermission

use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.

the class GroupServiceImpl method removeGroupMembers.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public void removeGroupMembers(long groupId, List<Long> userIds, List<String> usernames) throws ServiceLayerException, UserNotFoundException, GroupNotFoundException, AuthenticationException {
    Group group = getGroup(groupId);
    generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    try {
        if (group.getGroupName().equals(SYSTEM_ADMIN_GROUP)) {
            List<User> members = getGroupMembers(groupId, 0, Integer.MAX_VALUE, StringUtils.EMPTY);
            if (CollectionUtils.isNotEmpty(members)) {
                List<User> membersAfterRemove = new ArrayList<User>();
                membersAfterRemove.addAll(members);
                members.forEach(m -> {
                    if (CollectionUtils.isNotEmpty(userIds)) {
                        if (userIds.contains(m.getId())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                    if (CollectionUtils.isNotEmpty(usernames)) {
                        if (usernames.contains(m.getUsername())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                });
                if (CollectionUtils.isEmpty(membersAfterRemove)) {
                    throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
                }
            }
        }
        List<User> users = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
        groupServiceInternal.removeGroupMembers(groupId, userIds, usernames);
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_REMOVE_MEMBERS);
        auditLog.setActorId(userService.getCurrentUser().getUsername());
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(Long.toString(group.getId()));
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(group.getGroupName());
        List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
        for (User user : users) {
            AuditLogParameter paramter = new AuditLogParameter();
            paramter.setTargetId(Long.toString(user.getId()));
            paramter.setTargetType(TARGET_TYPE_USER);
            paramter.setTargetValue(user.getUsername());
            paramters.add(paramter);
        }
        auditLog.setParameters(paramters);
        auditServiceInternal.insertAuditLog(auditLog);
    } finally {
        generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    }
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 8 with HasPermission

use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.

the class AwsS3ServiceImpl method listItems.

/**
 * {@inheritDoc}
 */
@Override
@HasPermission(type = DefaultPermission.class, action = "s3 read")
public List<S3Item> listItems(@ValidateStringParam(name = "siteId") @ProtectedResourceId("siteId") String siteId, @ValidateStringParam(name = "profileId") String profileId, @ValidateStringParam(name = "path") String path, @ValidateStringParam(name = "type") String type) throws AwsException {
    S3Profile profile = getProfile(siteId, profileId);
    AmazonS3 client = getS3Client(profile);
    List<S3Item> items = new LinkedList<>();
    Mimetypes mimetypes = Mimetypes.getInstance();
    MimeType filerType = StringUtils.isEmpty(type) || StringUtils.equals(type, ITEM_FILTER) ? MimeTypeUtils.ALL : new MimeType(type);
    String prefix = StringUtils.isEmpty(path) ? path : normalizePrefix(path);
    ListObjectsV2Request request = new ListObjectsV2Request().withBucketName(profile.getBucketName()).withPrefix(prefix).withDelimiter(delimiter);
    ListObjectsV2Result result;
    do {
        result = client.listObjectsV2(request);
        result.getCommonPrefixes().stream().map(p -> new S3Item(StringUtils.removeEnd(StringUtils.removeStart(p, prefix), delimiter), p, true)).forEach(items::add);
        result.getObjectSummaries().stream().filter(o -> !StringUtils.equals(o.getKey(), prefix) && MimeType.valueOf(mimetypes.getMimetype(o.getKey())).isCompatibleWith(filerType)).map(o -> new S3Item(StringUtils.removeStart(o.getKey(), prefix), createUrl(profileId, o.getKey()), false)).forEach(items::add);
        request.setContinuationToken(result.getNextContinuationToken());
    } while (result.isTruncated());
    return items;
}
Also used : S3Item(org.craftercms.studio.model.aws.s3.S3Item) AwsUtils(org.craftercms.studio.impl.v1.service.aws.AwsUtils) S3Item(org.craftercms.studio.model.aws.s3.S3Item) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission) AbstractAwsService(org.craftercms.studio.api.v1.service.aws.AbstractAwsService) AwsS3Service(org.craftercms.studio.api.v2.service.aws.s3.AwsS3Service) S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile) StringUtils.stripStart(org.apache.commons.lang3.StringUtils.stripStart) ProtectedResourceId(org.craftercms.commons.security.permissions.annotations.ProtectedResourceId) MimeTypeUtils(org.springframework.util.MimeTypeUtils) StringUtils.appendIfMissing(org.apache.commons.lang3.StringUtils.appendIfMissing) StringUtils(org.apache.commons.lang3.StringUtils) ListObjectsV2Result(com.amazonaws.services.s3.model.ListObjectsV2Result) MimeType(org.springframework.util.MimeType) ListObjectsV2Request(com.amazonaws.services.s3.model.ListObjectsV2Request) AwsException(org.craftercms.studio.api.v1.exception.AwsException) List(java.util.List) Mimetypes(com.amazonaws.services.s3.internal.Mimetypes) S3ClientCachingFactory(org.craftercms.commons.aws.S3ClientCachingFactory) AmazonS3(com.amazonaws.services.s3.AmazonS3) DefaultPermission(org.craftercms.commons.security.permissions.DefaultPermission) Required(org.springframework.beans.factory.annotation.Required) ValidateStringParam(org.craftercms.commons.validation.annotations.param.ValidateStringParam) LinkedList(java.util.LinkedList) InputStream(java.io.InputStream) AmazonS3(com.amazonaws.services.s3.AmazonS3) ListObjectsV2Request(com.amazonaws.services.s3.model.ListObjectsV2Request) ListObjectsV2Result(com.amazonaws.services.s3.model.ListObjectsV2Result) Mimetypes(com.amazonaws.services.s3.internal.Mimetypes) S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile) LinkedList(java.util.LinkedList) MimeType(org.springframework.util.MimeType) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 9 with HasPermission

use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.

the class AwsS3ServiceImpl method uploadItem.

/**
 * {@inheritDoc}
 */
@Override
@HasPermission(type = DefaultPermission.class, action = "s3 write")
public S3Item uploadItem(@ValidateStringParam(name = "siteId") @ProtectedResourceId("siteId") String siteId, @ValidateStringParam(name = "profileId") String profileId, @ValidateStringParam(name = "path") String path, @ValidateStringParam(name = "filename") String filename, InputStream content) throws AwsException {
    S3Profile profile = getProfile(siteId, profileId);
    AmazonS3 s3Client = getS3Client(profile);
    String inputBucket = profile.getBucketName();
    String key = StringUtils.isNotEmpty(path) ? normalizePrefix(path) + filename : filename;
    AwsUtils.uploadStream(inputBucket, key, s3Client, partSize, filename, content);
    return new S3Item(filename, createUrl(profileId, key), false);
}
Also used : S3Item(org.craftercms.studio.model.aws.s3.S3Item) AmazonS3(com.amazonaws.services.s3.AmazonS3) S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 10 with HasPermission

use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.

the class ClusterManagementServiceImpl method removeMembers.

@Override
@HasPermission(type = DefaultPermission.class, action = "delete_cluster")
public boolean removeMembers(List<Long> memberIds) throws SiteNotFoundException {
    List<ClusterMember> members = getAllMemebers();
    boolean toRet = clusterManagementServiceInternal.removeMembers(memberIds);
    if (toRet) {
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setOperation(OPERATION_REMOVE_CLUSTER_NODE);
        auditLog.setActorId(securityService.getCurrentUser());
        auditLog.setPrimaryTargetId(siteFeed.getSiteId());
        auditLog.setPrimaryTargetType(TARGET_TYPE_CLUSTER_NODE);
        auditLog.setPrimaryTargetValue(siteFeed.getName());
        List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
        for (ClusterMember m : members) {
            AuditLogParameter paramter = new AuditLogParameter();
            paramter.setTargetId(Long.toString(m.getId()));
            paramter.setTargetType(TARGET_TYPE_CLUSTER_NODE);
            paramter.setTargetValue(m.getLocalAddress());
            paramters.add(paramter);
        }
        auditLog.setParameters(paramters);
        auditServiceInternal.insertAuditLog(auditLog);
    }
    return toRet;
}
Also used : ClusterMember(org.craftercms.studio.api.v2.dal.ClusterMember) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Aggregations

HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)25 ArrayList (java.util.ArrayList)13 SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)11 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)11 AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)8 Group (org.craftercms.studio.api.v2.dal.Group)8 User (org.craftercms.studio.api.v2.dal.User)6 AuthenticatedUser (org.craftercms.studio.model.AuthenticatedUser)6 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)5 List (java.util.List)4 StringTokenizer (java.util.StringTokenizer)4 CmisObject (org.apache.chemistry.opencmis.client.api.CmisObject)4 Document (org.apache.chemistry.opencmis.client.api.Document)4 Session (org.apache.chemistry.opencmis.client.api.Session)4 AmazonS3 (com.amazonaws.services.s3.AmazonS3)3 StringUtils (org.apache.commons.lang3.StringUtils)3 DataSourceRepository (org.craftercms.studio.api.v2.dal.DataSourceRepository)3 Sardine (com.github.sardine.Sardine)2 InputStream (java.io.InputStream)2 Collections (java.util.Collections)2