Search in sources :

Example 1 with OPERATION_DELETE

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_DELETE in project studio by craftercms.

the class UserServiceImpl method deleteUsers.

@Override
@HasPermission(type = DefaultPermission.class, action = "delete_users")
public void deleteUsers(List<Long> userIds, List<String> usernames) throws ServiceLayerException, AuthenticationException, UserNotFoundException {
    User currentUser = getCurrentUser();
    if (CollectionUtils.containsAny(userIds, Arrays.asList(currentUser.getId())) || CollectionUtils.containsAny(usernames, Arrays.asList(currentUser.getUsername()))) {
        throw new ServiceLayerException("Cannot delete self.");
    }
    generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    try {
        try {
            Group g = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
            List<User> members = groupServiceInternal.getGroupMembers(g.getId(), 0, Integer.MAX_VALUE, StringUtils.EMPTY);
            if (CollectionUtils.isNotEmpty(members)) {
                List<User> membersAfterRemove = new ArrayList<User>();
                membersAfterRemove.addAll(members);
                members.forEach(m -> {
                    if (CollectionUtils.isNotEmpty(userIds)) {
                        if (userIds.contains(m.getId())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                    if (CollectionUtils.isNotEmpty(usernames)) {
                        if (usernames.contains(m.getUsername())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                });
                if (CollectionUtils.isEmpty(membersAfterRemove)) {
                    throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
                }
            }
        } catch (GroupNotFoundException e) {
            throw new ServiceLayerException("The System Admin group is not found.", e);
        }
        List<User> toDelete = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
        userServiceInternal.deleteUsers(userIds, usernames);
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_DELETE);
        auditLog.setActorId(getCurrentUser().getUsername());
        auditLog.setPrimaryTargetId(siteFeed.getSiteId());
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(siteFeed.getName());
        List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
        for (User deletedUser : toDelete) {
            AuditLogParameter paramter = new AuditLogParameter();
            paramter.setTargetId(Long.toString(deletedUser.getId()));
            paramter.setTargetType(TARGET_TYPE_USER);
            paramter.setTargetValue(deletedUser.getUsername());
            paramters.add(paramter);
        }
        auditLog.setParameters(paramters);
        auditServiceInternal.insertAuditLog(auditLog);
    } finally {
        generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    }
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) GroupNotFoundException(org.craftercms.studio.api.v1.exception.security.GroupNotFoundException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 2 with OPERATION_DELETE

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_DELETE in project studio by craftercms.

the class StudioAuditLogProcessingTask method processAuditLogFromRepo.

private void processAuditLogFromRepo(String siteId, int batchSize) throws SiteNotFoundException {
    List<GitLog> unauditedGitlogs = contentRepository.getUnauditedCommits(siteId, batchSize);
    if (unauditedGitlogs != null) {
        SiteFeed siteFeed = siteService.getSite(siteId);
        for (GitLog gl : unauditedGitlogs) {
            if (contentRepository.commitIdExists(siteId, gl.getCommitId())) {
                String prevCommitId = gl.getCommitId() + PREVIOUS_COMMIT_SUFFIX;
                List<RepoOperation> operations = contentRepository.getOperationsFromDelta(siteId, prevCommitId, gl.getCommitId());
                for (RepoOperation repoOperation : operations) {
                    Map<String, String> activityInfo = new HashMap<String, String>();
                    String contentClass;
                    AuditLog auditLog;
                    switch(repoOperation.getAction()) {
                        case CREATE:
                        case COPY:
                            contentClass = contentService.getContentTypeClass(siteId, repoOperation.getPath());
                            if (repoOperation.getPath().endsWith(DmConstants.XML_PATTERN)) {
                                activityInfo.put(DmConstants.KEY_CONTENT_TYPE, contentClass);
                            }
                            logger.debug("Insert audit log for site: " + siteId + " path: " + repoOperation.getPath());
                            auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_CREATE);
                            auditLog.setOperationTimestamp(repoOperation.getDateTime());
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setActorId(repoOperation.getAuthor());
                            auditLog.setActorDetails(repoOperation.getAuthor());
                            auditLog.setPrimaryTargetId(siteId + ":" + repoOperation.getPath());
                            auditLog.setPrimaryTargetType(TARGET_TYPE_CONTENT_ITEM);
                            auditLog.setPrimaryTargetValue(repoOperation.getPath());
                            auditLog.setPrimaryTargetSubtype(contentService.getContentTypeClass(siteId, repoOperation.getPath()));
                            auditLog.setOrigin(ORIGIN_GIT);
                            auditServiceInternal.insertAuditLog(auditLog);
                            break;
                        case UPDATE:
                            contentClass = contentService.getContentTypeClass(siteId, repoOperation.getPath());
                            if (repoOperation.getPath().endsWith(DmConstants.XML_PATTERN)) {
                                activityInfo.put(DmConstants.KEY_CONTENT_TYPE, contentClass);
                            }
                            logger.debug("Insert audit log for site: " + siteId + " path: " + repoOperation.getPath());
                            auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_UPDATE);
                            auditLog.setOperationTimestamp(repoOperation.getDateTime());
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setActorId(repoOperation.getAuthor());
                            auditLog.setActorDetails(repoOperation.getAuthor());
                            auditLog.setOrigin(ORIGIN_GIT);
                            auditLog.setPrimaryTargetId(siteId + ":" + repoOperation.getPath());
                            auditLog.setPrimaryTargetType(TARGET_TYPE_CONTENT_ITEM);
                            auditLog.setPrimaryTargetValue(repoOperation.getPath());
                            auditLog.setPrimaryTargetSubtype(contentService.getContentTypeClass(siteId, repoOperation.getPath()));
                            auditServiceInternal.insertAuditLog(auditLog);
                            break;
                        case DELETE:
                            contentClass = contentService.getContentTypeClass(siteId, repoOperation.getPath());
                            if (repoOperation.getPath().endsWith(DmConstants.XML_PATTERN)) {
                                activityInfo.put(DmConstants.KEY_CONTENT_TYPE, contentClass);
                            }
                            logger.debug("Insert audit log for site: " + siteId + " path: " + repoOperation.getPath());
                            auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_DELETE);
                            auditLog.setOperationTimestamp(repoOperation.getDateTime());
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setOrigin(ORIGIN_GIT);
                            auditLog.setActorId(repoOperation.getAuthor());
                            auditLog.setActorDetails(repoOperation.getAuthor());
                            auditLog.setPrimaryTargetId(siteId + ":" + repoOperation.getPath());
                            auditLog.setPrimaryTargetType(TARGET_TYPE_CONTENT_ITEM);
                            auditLog.setPrimaryTargetValue(repoOperation.getPath());
                            auditLog.setPrimaryTargetSubtype(contentService.getContentTypeClass(siteId, repoOperation.getPath()));
                            auditServiceInternal.insertAuditLog(auditLog);
                            break;
                        case MOVE:
                            contentClass = contentService.getContentTypeClass(siteId, repoOperation.getMoveToPath());
                            if (repoOperation.getMoveToPath().endsWith(DmConstants.XML_PATTERN)) {
                                activityInfo.put(DmConstants.KEY_CONTENT_TYPE, contentClass);
                            }
                            logger.debug("Insert audit log for site: " + siteId + " path: " + repoOperation.getMoveToPath());
                            auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_MOVE);
                            auditLog.setOperationTimestamp(repoOperation.getDateTime());
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setActorId(repoOperation.getAuthor());
                            auditLog.setActorDetails(repoOperation.getAuthor());
                            auditLog.setOrigin(ORIGIN_GIT);
                            auditLog.setPrimaryTargetId(siteId + ":" + repoOperation.getMoveToPath());
                            auditLog.setPrimaryTargetType(TARGET_TYPE_CONTENT_ITEM);
                            auditLog.setPrimaryTargetValue(repoOperation.getMoveToPath());
                            auditLog.setPrimaryTargetSubtype(contentService.getContentTypeClass(siteId, repoOperation.getMoveToPath()));
                            auditServiceInternal.insertAuditLog(auditLog);
                            break;
                        default:
                            logger.error("Error: Unknown repo operation for site " + siteId + " operation: " + repoOperation.getAction());
                            break;
                    }
                }
            }
            contentRepository.markGitLogAudited(siteId, gl.getCommitId());
        }
    }
}
Also used : RepoOperation(org.craftercms.studio.api.v2.dal.RepoOperation) HashMap(java.util.HashMap) GitLog(org.craftercms.studio.api.v2.dal.GitLog) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)

Example 3 with OPERATION_DELETE

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_DELETE in project studio by craftercms.

the class SiteServiceImpl method insertDeleteSiteAuditLog.

private void insertDeleteSiteAuditLog(String siteId, String siteName) throws SiteNotFoundException {
    SiteFeed siteFeed = getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    String user = securityService.getCurrentUser();
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_DELETE);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(user);
    auditLog.setPrimaryTargetId(siteId);
    auditLog.setPrimaryTargetType(TARGET_TYPE_SITE);
    auditLog.setPrimaryTargetValue(siteName);
    auditServiceInternal.insertAuditLog(auditLog);
}
Also used : SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)

Example 4 with OPERATION_DELETE

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_DELETE in project studio by craftercms.

the class ContentServiceImpl method generateDeleteActivity.

protected void generateDeleteActivity(String site, String path, String approver) throws SiteNotFoundException {
    // TODO: SJ: activities. Fix in 3.1+ by introducing the audit service and refactoring accordingly
    if (StringUtils.isEmpty(approver)) {
        approver = securityService.getCurrentUser();
    }
    boolean exists = contentExists(site, path);
    if (exists) {
        ContentItemTO item = getContentItem(site, path, 0);
        ItemMetadata properties = objectMetadataManager.getProperties(site, path);
        String user = (properties != null && !StringUtils.isEmpty(properties.getSubmittedBy()) ? properties.getSubmittedBy() : approver);
        Map<String, String> extraInfo = new HashMap<String, String>();
        if (item.isFolder()) {
            extraInfo.put(DmConstants.KEY_CONTENT_TYPE, CONTENT_TYPE_FOLDER);
        } else {
            extraInfo.put(DmConstants.KEY_CONTENT_TYPE, getContentTypeClass(site, path));
        }
        logger.debug("[DELETE] posting delete activity on " + path + " by " + user + " in " + site);
        SiteFeed siteFeed = siteService.getSite(site);
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_DELETE);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setActorId(user);
        auditLog.setPrimaryTargetId(site + ":" + path);
        auditLog.setPrimaryTargetType(TARGET_TYPE_CONTENT_ITEM);
        auditLog.setPrimaryTargetValue(path);
        auditLog.setPrimaryTargetSubtype(getContentTypeClass(site, path));
        auditServiceInternal.insertAuditLog(auditLog);
        // process content life cycle
        if (path.endsWith(DmConstants.XML_PATTERN)) {
            String contentType = item.getContentType();
            dmContentLifeCycleService.process(site, user, path, contentType, DmContentLifeCycleService.ContentLifeCycleOperation.DELETE, null);
        }
    }
}
Also used : ContentItemTO(org.craftercms.studio.api.v1.to.ContentItemTO) HashMap(java.util.HashMap) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) ItemMetadata(org.craftercms.studio.api.v1.dal.ItemMetadata)

Example 5 with OPERATION_DELETE

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_DELETE in project studio by craftercms.

the class GroupServiceImpl method deleteGroup.

@Override
@HasPermission(type = DefaultPermission.class, action = "delete_groups")
public void deleteGroup(List<Long> groupIds) throws ServiceLayerException, GroupNotFoundException, AuthenticationException {
    Group sysAdminGroup;
    try {
        sysAdminGroup = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
    } catch (GroupNotFoundException e) {
        throw new ServiceLayerException("The System Admin group is not found", e);
    }
    if (CollectionUtils.isNotEmpty(groupIds)) {
        if (groupIds.contains(sysAdminGroup.getId())) {
            throw new ServiceLayerException("Deleting the System Admin group is not allowed.");
        }
    }
    List<Group> groups = groupServiceInternal.getGroups(groupIds);
    groupServiceInternal.deleteGroup(groupIds);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_DELETE);
    auditLog.setActorId(userService.getCurrentUser().getUsername());
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setPrimaryTargetId(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
    auditLog.setPrimaryTargetValue(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
    for (Group g : groups) {
        AuditLogParameter paramter = new AuditLogParameter();
        paramter.setTargetId(Long.toString(g.getId()));
        paramter.setTargetType(TARGET_TYPE_GROUP);
        paramter.setTargetValue(g.getGroupName());
        paramters.add(paramter);
    }
    auditLog.setParameters(paramters);
    auditServiceInternal.insertAuditLog(auditLog);
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) GroupNotFoundException(org.craftercms.studio.api.v1.exception.security.GroupNotFoundException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Aggregations

SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)5 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)5 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)2 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)2 GroupNotFoundException (org.craftercms.studio.api.v1.exception.security.GroupNotFoundException)2 AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)2 Group (org.craftercms.studio.api.v2.dal.Group)2 ItemMetadata (org.craftercms.studio.api.v1.dal.ItemMetadata)1 ContentItemTO (org.craftercms.studio.api.v1.to.ContentItemTO)1 GitLog (org.craftercms.studio.api.v2.dal.GitLog)1 RepoOperation (org.craftercms.studio.api.v2.dal.RepoOperation)1 User (org.craftercms.studio.api.v2.dal.User)1 AuthenticatedUser (org.craftercms.studio.model.AuthenticatedUser)1