Search in sources :

Example 1 with Actions

use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.

the class PermissionFactoryImpl method parseString.

@Override
public Permission parseString(String stringPermission) throws KapuaException {
    StringTokenizer st = new StringTokenizer(stringPermission, ":");
    int iTokensCount = st.countTokens();
    if (iTokensCount < 1 || iTokensCount > 3) {
        throw new KapuaAuthorizationException(KapuaAuthorizationErrorCodes.INVALID_STRING_PERMISSION, null, stringPermission);
    }
    // 
    // Build the new Permission
    String domain = st.nextToken();
    Actions action = null;
    if (iTokensCount > 1) {
        action = Actions.valueOf(st.nextToken());
    }
    KapuaId scopeTargetId = null;
    if (iTokensCount > 2) {
        try {
            BigInteger kapuaId = new BigInteger(st.nextToken());
            scopeTargetId = new KapuaEid(kapuaId);
        } catch (IllegalArgumentException iae) {
            throw new KapuaAuthorizationException(KapuaAuthorizationErrorCodes.INVALID_STRING_PERMISSION, iae, stringPermission);
        }
    }
    return new PermissionImpl(domain, action, scopeTargetId);
}
Also used : StringTokenizer(java.util.StringTokenizer) KapuaAuthorizationException(org.eclipse.kapua.service.authorization.shiro.KapuaAuthorizationException) Actions(org.eclipse.kapua.service.authorization.permission.Actions) RolePermissionImpl(org.eclipse.kapua.service.authorization.role.shiro.RolePermissionImpl) BigInteger(java.math.BigInteger) KapuaId(org.eclipse.kapua.model.id.KapuaId) KapuaEid(org.eclipse.kapua.commons.model.id.KapuaEid)

Example 2 with Actions

use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.

the class GwtUserServiceImpl method update.

public GwtUser update(GwtXSRFToken xsrfToken, GwtUser gwtUser) throws GwtKapuaException {
    checkXSRFToken(xsrfToken);
    GwtUser gwtUserUpdated = null;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        UserService userService = locator.getService(UserService.class);
        KapuaId scopeId = KapuaEid.parseShortId(gwtUser.getScopeId());
        KapuaId userId = KapuaEid.parseShortId(gwtUser.getId());
        User user = userService.find(scopeId, userId);
        if (user != null) {
            // 
            // Update user
            user.setName(gwtUser.getUnescapedUsername());
            user.setDisplayName(gwtUser.getUnescapedDisplayName());
            user.setEmail(gwtUser.getUnescapedEmail());
            user.setPhoneNumber(gwtUser.getUnescapedPhoneNumber());
            // status
            user.setStatus(UserStatus.valueOf(gwtUser.getStatus()));
            // 
            // Update permissions
            Set<String> newPermissions = new HashSet<String>();
            if (gwtUser.getPermissions() != null) {
                // build the set of permissions
                newPermissions.addAll(Arrays.asList(gwtUser.getPermissions().split(",")));
            }
            UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
            UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
            PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
            Set<UserPermissionCreator> newUserPermissions = new HashSet<UserPermissionCreator>();
            for (String p : newPermissions) {
                UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
                userPermissionCreator.setUserId(scopeId);
                String[] tokens = p.split(":");
                String domain = null;
                Actions action = null;
                KapuaId targetScopeId = null;
                if (tokens.length > 0) {
                    domain = tokens[0];
                }
                if (tokens.length > 1) {
                    action = Actions.valueOf(tokens[1]);
                }
                if (tokens.length > 2) {
                    targetScopeId = KapuaEid.parseShortId(tokens[2]);
                }
                Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
                userPermissionCreator.setPermission(permission);
                userPermissionService.create(userPermissionCreator);
            }
            userPermissionService.merge(newUserPermissions);
            // Update credentials
            if (gwtUser.getPassword() != null) {
                CredentialService credentialService = locator.getService(CredentialService.class);
                CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
                CredentialListResult credentials = credentialService.findByUserId(scopeId, userId);
                if (!credentials.isEmpty()) {
                    // 
                    // Delete old PASSWORD credential
                    Credential oldCredential = null;
                    for (Credential c : credentials.getItems()) {
                        if (CredentialType.PASSWORD.equals(c.getCredentialType())) {
                            oldCredential = c;
                            break;
                        }
                    }
                    credentialService.delete(oldCredential.getScopeId(), oldCredential.getId());
                    // 
                    // Create new PASSWORD credential
                    CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUser.getPassword());
                    credentialService.create(credentialCreator);
                }
            }
            // optlock
            user.setOptlock(gwtUser.getOptlock());
            // update the user
            userService.update(user);
            // 
            // convert to GwtAccount and return
            // reload the user as we want to load all its permissions
            gwtUserUpdated = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
        }
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return gwtUserUpdated;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService) UserService(org.eclipse.kapua.service.user.UserService) Actions(org.eclipse.kapua.service.authorization.permission.Actions) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory) CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) Permission(org.eclipse.kapua.service.authorization.permission.Permission) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult) KapuaId(org.eclipse.kapua.model.id.KapuaId) HashSet(java.util.HashSet) UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)

Example 3 with Actions

use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.

the class GwtUserServiceImpl method create.

public GwtUser create(GwtXSRFToken xsrfToken, GwtUserCreator gwtUserCreator) throws GwtKapuaException {
    checkXSRFToken(xsrfToken);
    GwtUser gwtUser = null;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        UserFactory userFactory = locator.getFactory(UserFactory.class);
        KapuaId scopeId = KapuaEid.parseShortId(gwtUserCreator.getScopeId());
        UserCreator userCreator = userFactory.newCreator(scopeId, gwtUserCreator.getUsername());
        userCreator.setDisplayName(gwtUserCreator.getDisplayName());
        userCreator.setEmail(gwtUserCreator.getEmail());
        userCreator.setPhoneNumber(gwtUserCreator.getPhoneNumber());
        // 
        // Create the User
        UserService userService = locator.getService(UserService.class);
        User user = userService.create(userCreator);
        // 
        // Create permissions
        Set<String> permissions = new HashSet<String>();
        if (gwtUserCreator.getPermissions() != null) {
            // build the set of permissions
            permissions.addAll(Arrays.asList(gwtUserCreator.getPermissions().split(",")));
        }
        UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
        UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
        PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
        for (String p : permissions) {
            UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
            userPermissionCreator.setUserId(scopeId);
            String[] tokens = p.split(":");
            String domain = null;
            Actions action = null;
            KapuaId targetScopeId = null;
            if (tokens.length > 0) {
                domain = tokens[0];
            }
            if (tokens.length > 1) {
                action = Actions.valueOf(tokens[1]);
            }
            if (tokens.length > 2) {
                targetScopeId = KapuaEid.parseShortId(tokens[2]);
            }
            Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
            userPermissionCreator.setPermission(permission);
            userPermissionService.create(userPermissionCreator);
        }
        // 
        // Create credentials
        CredentialService credentialService = locator.getService(CredentialService.class);
        CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
        CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUserCreator.getPassword());
        credentialService.create(credentialCreator);
        // convert to GwtAccount and return
        // reload the user as we want to load all its permissions
        gwtUser = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return gwtUser;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService) UserService(org.eclipse.kapua.service.user.UserService) Actions(org.eclipse.kapua.service.authorization.permission.Actions) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory) UserFactory(org.eclipse.kapua.service.user.UserFactory) CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) Permission(org.eclipse.kapua.service.authorization.permission.Permission) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) KapuaId(org.eclipse.kapua.model.id.KapuaId) UserCreator(org.eclipse.kapua.service.user.UserCreator) GwtUserCreator(org.eclipse.kapua.app.console.shared.model.GwtUserCreator) HashSet(java.util.HashSet) UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)

Example 4 with Actions

use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.

the class AccountServiceImpl method delete.

@Override
public void delete(KapuaId scopeId, KapuaId accountId) throws KapuaException {
    // 
    // Validation of the fields
    ArgumentValidator.notNull(accountId, "id");
    ArgumentValidator.notNull(scopeId, "id.id");
    // 
    // Check Access
    Actions action = Actions.write;
    KapuaLocator locator = KapuaLocator.getInstance();
    AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    authorizationService.checkPermission(permissionFactory.newPermission(AccountDomain.ACCOUNT, action, scopeId));
    // Check if it has children
    if (this.findChildAccountsTrusted(accountId).size() > 0) {
        throw new KapuaAccountException(KapuaAccountErrorCodes.OPERATION_NOT_ALLOWED, null, "This account cannot be deleted. Delete its child first.");
    }
    // 
    // Delete the Account
    EntityManager em = AccountEntityManagerFactory.getInstance().createEntityManager();
    try {
        // Entity needs to be loaded in the context of the same EntityManger to be able to delete it afterwards
        Account accountx = AccountDAO.find(em, accountId);
        if (accountx == null) {
            throw new KapuaEntityNotFoundException(Account.TYPE, accountId);
        }
        // do not allow deletion of the kapua admin account
        SystemSetting settings = SystemSetting.getInstance();
        if (settings.getString(SystemSettingKey.SYS_PROVISION_ACCOUNT_NAME).equals(accountx.getName())) {
            throw new KapuaIllegalAccessException(action.name());
        }
        if (settings.getString(SystemSettingKey.SYS_ADMIN_ACCOUNT).equals(accountx.getName())) {
            throw new KapuaIllegalAccessException(action.name());
        }
        em.beginTransaction();
        AccountDAO.delete(em, accountId);
        em.commit();
    } catch (Exception e) {
        em.rollback();
        throw KapuaExceptionUtils.convertPersistenceException(e);
    } finally {
        em.close();
    }
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Account(org.eclipse.kapua.service.account.Account) EntityManager(org.eclipse.kapua.commons.jpa.EntityManager) Actions(org.eclipse.kapua.service.authorization.permission.Actions) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) SystemSetting(org.eclipse.kapua.commons.setting.system.SystemSetting) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaIllegalAccessException(org.eclipse.kapua.KapuaIllegalAccessException) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaIllegalArgumentException(org.eclipse.kapua.KapuaIllegalArgumentException) KapuaIllegalAccessException(org.eclipse.kapua.KapuaIllegalAccessException) KapuaException(org.eclipse.kapua.KapuaException)

Aggregations

Actions (org.eclipse.kapua.service.authorization.permission.Actions)4 KapuaLocator (org.eclipse.kapua.locator.KapuaLocator)3 KapuaId (org.eclipse.kapua.model.id.KapuaId)3 PermissionFactory (org.eclipse.kapua.service.authorization.permission.PermissionFactory)3 HashSet (java.util.HashSet)2 GwtUser (org.eclipse.kapua.app.console.shared.model.GwtUser)2 GwtUserService (org.eclipse.kapua.app.console.shared.service.GwtUserService)2 CredentialCreator (org.eclipse.kapua.service.authentication.credential.CredentialCreator)2 CredentialFactory (org.eclipse.kapua.service.authentication.credential.CredentialFactory)2 CredentialService (org.eclipse.kapua.service.authentication.credential.CredentialService)2 Permission (org.eclipse.kapua.service.authorization.permission.Permission)2 UserPermissionCreator (org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)2 UserPermissionFactory (org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)2 UserPermissionService (org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)2 User (org.eclipse.kapua.service.user.User)2 UserService (org.eclipse.kapua.service.user.UserService)2 BigInteger (java.math.BigInteger)1 StringTokenizer (java.util.StringTokenizer)1 KapuaEntityNotFoundException (org.eclipse.kapua.KapuaEntityNotFoundException)1 KapuaException (org.eclipse.kapua.KapuaException)1