Example 6 with HasPermission
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class GroupServiceImpl method updateGroup.
@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public Group updateGroup(long orgId, Group group) throws ServiceLayerException, GroupNotFoundException, AuthenticationException {
Group toRet = groupServiceInternal.updateGroup(orgId, group);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_UPDATE);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(userService.getCurrentUser().getUsername());
auditLog.setPrimaryTargetId(group.getGroupName());
auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
auditLog.setPrimaryTargetValue(group.getGroupName());
auditServiceInternal.insertAuditLog(auditLog);
return toRet;
}
Also used :
Group(org.craftercms.studio.api.v2.dal.Group)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 7 with HasPermission
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class GroupServiceImpl method removeGroupMembers.
@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public void removeGroupMembers(long groupId, List<Long> userIds, List<String> usernames) throws ServiceLayerException, UserNotFoundException, GroupNotFoundException, AuthenticationException {
Group group = getGroup(groupId);
generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
try {
if (group.getGroupName().equals(SYSTEM_ADMIN_GROUP)) {
List<User> members = getGroupMembers(groupId, 0, Integer.MAX_VALUE, StringUtils.EMPTY);
if (CollectionUtils.isNotEmpty(members)) {
List<User> membersAfterRemove = new ArrayList<User>();
membersAfterRemove.addAll(members);
members.forEach(m -> {
if (CollectionUtils.isNotEmpty(userIds)) {
if (userIds.contains(m.getId())) {
membersAfterRemove.remove(m);
}
}
if (CollectionUtils.isNotEmpty(usernames)) {
if (usernames.contains(m.getUsername())) {
membersAfterRemove.remove(m);
}
}
});
if (CollectionUtils.isEmpty(membersAfterRemove)) {
throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
}
}
}
List<User> users = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
groupServiceInternal.removeGroupMembers(groupId, userIds, usernames);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_REMOVE_MEMBERS);
auditLog.setActorId(userService.getCurrentUser().getUsername());
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(Long.toString(group.getId()));
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(group.getGroupName());
List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
for (User user : users) {
AuditLogParameter paramter = new AuditLogParameter();
paramter.setTargetId(Long.toString(user.getId()));
paramter.setTargetType(TARGET_TYPE_USER);
paramter.setTargetValue(user.getUsername());
paramters.add(paramter);
}
auditLog.setParameters(paramters);
auditServiceInternal.insertAuditLog(auditLog);
} finally {
generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
}
}
Also used :
Group(org.craftercms.studio.api.v2.dal.Group)
User(org.craftercms.studio.api.v2.dal.User)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
ArrayList(java.util.ArrayList)
ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException)
AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 8 with HasPermission
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class AwsS3ServiceImpl method listItems.
/**
* {@inheritDoc}
*/
@Override
@HasPermission(type = DefaultPermission.class, action = "s3 read")
public List<S3Item> listItems(@ValidateStringParam(name = "siteId") @ProtectedResourceId("siteId") String siteId, @ValidateStringParam(name = "profileId") String profileId, @ValidateStringParam(name = "path") String path, @ValidateStringParam(name = "type") String type) throws AwsException {
S3Profile profile = getProfile(siteId, profileId);
AmazonS3 client = getS3Client(profile);
List<S3Item> items = new LinkedList<>();
Mimetypes mimetypes = Mimetypes.getInstance();
MimeType filerType = StringUtils.isEmpty(type) || StringUtils.equals(type, ITEM_FILTER) ? MimeTypeUtils.ALL : new MimeType(type);
String prefix = StringUtils.isEmpty(path) ? path : normalizePrefix(path);
ListObjectsV2Request request = new ListObjectsV2Request().withBucketName(profile.getBucketName()).withPrefix(prefix).withDelimiter(delimiter);
ListObjectsV2Result result;
do {
result = client.listObjectsV2(request);
result.getCommonPrefixes().stream().map(p -> new S3Item(StringUtils.removeEnd(StringUtils.removeStart(p, prefix), delimiter), p, true)).forEach(items::add);
result.getObjectSummaries().stream().filter(o -> !StringUtils.equals(o.getKey(), prefix) && MimeType.valueOf(mimetypes.getMimetype(o.getKey())).isCompatibleWith(filerType)).map(o -> new S3Item(StringUtils.removeStart(o.getKey(), prefix), createUrl(profileId, o.getKey()), false)).forEach(items::add);
request.setContinuationToken(result.getNextContinuationToken());
} while (result.isTruncated());
return items;
}
Also used :
S3Item(org.craftercms.studio.model.aws.s3.S3Item)
AwsUtils(org.craftercms.studio.impl.v1.service.aws.AwsUtils)
S3Item(org.craftercms.studio.model.aws.s3.S3Item)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
AbstractAwsService(org.craftercms.studio.api.v1.service.aws.AbstractAwsService)
AwsS3Service(org.craftercms.studio.api.v2.service.aws.s3.AwsS3Service)
S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile)
StringUtils.stripStart(org.apache.commons.lang3.StringUtils.stripStart)
ProtectedResourceId(org.craftercms.commons.security.permissions.annotations.ProtectedResourceId)
MimeTypeUtils(org.springframework.util.MimeTypeUtils)
StringUtils.appendIfMissing(org.apache.commons.lang3.StringUtils.appendIfMissing)
StringUtils(org.apache.commons.lang3.StringUtils)
ListObjectsV2Result(com.amazonaws.services.s3.model.ListObjectsV2Result)
MimeType(org.springframework.util.MimeType)
ListObjectsV2Request(com.amazonaws.services.s3.model.ListObjectsV2Request)
AwsException(org.craftercms.studio.api.v1.exception.AwsException)
List(java.util.List)
Mimetypes(com.amazonaws.services.s3.internal.Mimetypes)
S3ClientCachingFactory(org.craftercms.commons.aws.S3ClientCachingFactory)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
DefaultPermission(org.craftercms.commons.security.permissions.DefaultPermission)
Required(org.springframework.beans.factory.annotation.Required)
ValidateStringParam(org.craftercms.commons.validation.annotations.param.ValidateStringParam)
LinkedList(java.util.LinkedList)
InputStream(java.io.InputStream)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
ListObjectsV2Request(com.amazonaws.services.s3.model.ListObjectsV2Request)
ListObjectsV2Result(com.amazonaws.services.s3.model.ListObjectsV2Result)
Mimetypes(com.amazonaws.services.s3.internal.Mimetypes)
S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile)
LinkedList(java.util.LinkedList)
MimeType(org.springframework.util.MimeType)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 9 with HasPermission
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class AwsS3ServiceImpl method uploadItem.
/**
* {@inheritDoc}
*/
@Override
@HasPermission(type = DefaultPermission.class, action = "s3 write")
public S3Item uploadItem(@ValidateStringParam(name = "siteId") @ProtectedResourceId("siteId") String siteId, @ValidateStringParam(name = "profileId") String profileId, @ValidateStringParam(name = "path") String path, @ValidateStringParam(name = "filename") String filename, InputStream content) throws AwsException {
S3Profile profile = getProfile(siteId, profileId);
AmazonS3 s3Client = getS3Client(profile);
String inputBucket = profile.getBucketName();
String key = StringUtils.isNotEmpty(path) ? normalizePrefix(path) + filename : filename;
AwsUtils.uploadStream(inputBucket, key, s3Client, partSize, filename, content);
return new S3Item(filename, createUrl(profileId, key), false);
}
Also used :
S3Item(org.craftercms.studio.model.aws.s3.S3Item)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
S3Profile(org.craftercms.commons.config.profiles.aws.S3Profile)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 10 with HasPermission
use of org.craftercms.commons.security.permissions.annotations.HasPermission in project studio by craftercms.
the class ClusterManagementServiceImpl method removeMembers.
@Override
@HasPermission(type = DefaultPermission.class, action = "delete_cluster")
public boolean removeMembers(List<Long> memberIds) throws SiteNotFoundException {
List<ClusterMember> members = getAllMemebers();
boolean toRet = clusterManagementServiceInternal.removeMembers(memberIds);
if (toRet) {
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setSiteId(siteFeed.getId());
auditLog.setOperation(OPERATION_REMOVE_CLUSTER_NODE);
auditLog.setActorId(securityService.getCurrentUser());
auditLog.setPrimaryTargetId(siteFeed.getSiteId());
auditLog.setPrimaryTargetType(TARGET_TYPE_CLUSTER_NODE);
auditLog.setPrimaryTargetValue(siteFeed.getName());
List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
for (ClusterMember m : members) {
AuditLogParameter paramter = new AuditLogParameter();
paramter.setTargetId(Long.toString(m.getId()));
paramter.setTargetType(TARGET_TYPE_CLUSTER_NODE);
paramter.setTargetValue(m.getLocalAddress());
paramters.add(paramter);
}
auditLog.setParameters(paramters);
auditServiceInternal.insertAuditLog(auditLog);
}
return toRet;
}
Also used :
ClusterMember(org.craftercms.studio.api.v2.dal.ClusterMember)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
ArrayList(java.util.ArrayList)
AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Aggregations
HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)25
ArrayList (java.util.ArrayList)13
SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)11
AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)11
AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)8
Group (org.craftercms.studio.api.v2.dal.Group)8
User (org.craftercms.studio.api.v2.dal.User)6
AuthenticatedUser (org.craftercms.studio.model.AuthenticatedUser)6
ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)5
List (java.util.List)4
StringTokenizer (java.util.StringTokenizer)4
CmisObject (org.apache.chemistry.opencmis.client.api.CmisObject)4
Document (org.apache.chemistry.opencmis.client.api.Document)4
Session (org.apache.chemistry.opencmis.client.api.Session)4
AmazonS3 (com.amazonaws.services.s3.AmazonS3)3
StringUtils (org.apache.commons.lang3.StringUtils)3
DataSourceRepository (org.craftercms.studio.api.v2.dal.DataSourceRepository)3
Sardine (com.github.sardine.Sardine)2
InputStream (java.io.InputStream)2
Collections (java.util.Collections)2
