use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.
the class PermissionFactoryImpl method parseString.
@Override
public Permission parseString(String stringPermission) throws KapuaException {
StringTokenizer st = new StringTokenizer(stringPermission, ":");
int iTokensCount = st.countTokens();
if (iTokensCount < 1 || iTokensCount > 3) {
throw new KapuaAuthorizationException(KapuaAuthorizationErrorCodes.INVALID_STRING_PERMISSION, null, stringPermission);
}
//
// Build the new Permission
String domain = st.nextToken();
Actions action = null;
if (iTokensCount > 1) {
action = Actions.valueOf(st.nextToken());
}
KapuaId scopeTargetId = null;
if (iTokensCount > 2) {
try {
BigInteger kapuaId = new BigInteger(st.nextToken());
scopeTargetId = new KapuaEid(kapuaId);
} catch (IllegalArgumentException iae) {
throw new KapuaAuthorizationException(KapuaAuthorizationErrorCodes.INVALID_STRING_PERMISSION, iae, stringPermission);
}
}
return new PermissionImpl(domain, action, scopeTargetId);
}
use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.
the class GwtUserServiceImpl method update.
public GwtUser update(GwtXSRFToken xsrfToken, GwtUser gwtUser) throws GwtKapuaException {
checkXSRFToken(xsrfToken);
GwtUser gwtUserUpdated = null;
try {
KapuaLocator locator = KapuaLocator.getInstance();
UserService userService = locator.getService(UserService.class);
KapuaId scopeId = KapuaEid.parseShortId(gwtUser.getScopeId());
KapuaId userId = KapuaEid.parseShortId(gwtUser.getId());
User user = userService.find(scopeId, userId);
if (user != null) {
//
// Update user
user.setName(gwtUser.getUnescapedUsername());
user.setDisplayName(gwtUser.getUnescapedDisplayName());
user.setEmail(gwtUser.getUnescapedEmail());
user.setPhoneNumber(gwtUser.getUnescapedPhoneNumber());
// status
user.setStatus(UserStatus.valueOf(gwtUser.getStatus()));
//
// Update permissions
Set<String> newPermissions = new HashSet<String>();
if (gwtUser.getPermissions() != null) {
// build the set of permissions
newPermissions.addAll(Arrays.asList(gwtUser.getPermissions().split(",")));
}
UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
Set<UserPermissionCreator> newUserPermissions = new HashSet<UserPermissionCreator>();
for (String p : newPermissions) {
UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
userPermissionCreator.setUserId(scopeId);
String[] tokens = p.split(":");
String domain = null;
Actions action = null;
KapuaId targetScopeId = null;
if (tokens.length > 0) {
domain = tokens[0];
}
if (tokens.length > 1) {
action = Actions.valueOf(tokens[1]);
}
if (tokens.length > 2) {
targetScopeId = KapuaEid.parseShortId(tokens[2]);
}
Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
userPermissionCreator.setPermission(permission);
userPermissionService.create(userPermissionCreator);
}
userPermissionService.merge(newUserPermissions);
// Update credentials
if (gwtUser.getPassword() != null) {
CredentialService credentialService = locator.getService(CredentialService.class);
CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
CredentialListResult credentials = credentialService.findByUserId(scopeId, userId);
if (!credentials.isEmpty()) {
//
// Delete old PASSWORD credential
Credential oldCredential = null;
for (Credential c : credentials.getItems()) {
if (CredentialType.PASSWORD.equals(c.getCredentialType())) {
oldCredential = c;
break;
}
}
credentialService.delete(oldCredential.getScopeId(), oldCredential.getId());
//
// Create new PASSWORD credential
CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUser.getPassword());
credentialService.create(credentialCreator);
}
}
// optlock
user.setOptlock(gwtUser.getOptlock());
// update the user
userService.update(user);
//
// convert to GwtAccount and return
// reload the user as we want to load all its permissions
gwtUserUpdated = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
}
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
}
return gwtUserUpdated;
}
use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.
the class GwtUserServiceImpl method create.
public GwtUser create(GwtXSRFToken xsrfToken, GwtUserCreator gwtUserCreator) throws GwtKapuaException {
checkXSRFToken(xsrfToken);
GwtUser gwtUser = null;
try {
KapuaLocator locator = KapuaLocator.getInstance();
UserFactory userFactory = locator.getFactory(UserFactory.class);
KapuaId scopeId = KapuaEid.parseShortId(gwtUserCreator.getScopeId());
UserCreator userCreator = userFactory.newCreator(scopeId, gwtUserCreator.getUsername());
userCreator.setDisplayName(gwtUserCreator.getDisplayName());
userCreator.setEmail(gwtUserCreator.getEmail());
userCreator.setPhoneNumber(gwtUserCreator.getPhoneNumber());
//
// Create the User
UserService userService = locator.getService(UserService.class);
User user = userService.create(userCreator);
//
// Create permissions
Set<String> permissions = new HashSet<String>();
if (gwtUserCreator.getPermissions() != null) {
// build the set of permissions
permissions.addAll(Arrays.asList(gwtUserCreator.getPermissions().split(",")));
}
UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
for (String p : permissions) {
UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
userPermissionCreator.setUserId(scopeId);
String[] tokens = p.split(":");
String domain = null;
Actions action = null;
KapuaId targetScopeId = null;
if (tokens.length > 0) {
domain = tokens[0];
}
if (tokens.length > 1) {
action = Actions.valueOf(tokens[1]);
}
if (tokens.length > 2) {
targetScopeId = KapuaEid.parseShortId(tokens[2]);
}
Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
userPermissionCreator.setPermission(permission);
userPermissionService.create(userPermissionCreator);
}
//
// Create credentials
CredentialService credentialService = locator.getService(CredentialService.class);
CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUserCreator.getPassword());
credentialService.create(credentialCreator);
// convert to GwtAccount and return
// reload the user as we want to load all its permissions
gwtUser = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
}
return gwtUser;
}
use of org.eclipse.kapua.service.authorization.permission.Actions in project kapua by eclipse.
the class AccountServiceImpl method delete.
@Override
public void delete(KapuaId scopeId, KapuaId accountId) throws KapuaException {
//
// Validation of the fields
ArgumentValidator.notNull(accountId, "id");
ArgumentValidator.notNull(scopeId, "id.id");
//
// Check Access
Actions action = Actions.write;
KapuaLocator locator = KapuaLocator.getInstance();
AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
authorizationService.checkPermission(permissionFactory.newPermission(AccountDomain.ACCOUNT, action, scopeId));
// Check if it has children
if (this.findChildAccountsTrusted(accountId).size() > 0) {
throw new KapuaAccountException(KapuaAccountErrorCodes.OPERATION_NOT_ALLOWED, null, "This account cannot be deleted. Delete its child first.");
}
//
// Delete the Account
EntityManager em = AccountEntityManagerFactory.getInstance().createEntityManager();
try {
// Entity needs to be loaded in the context of the same EntityManger to be able to delete it afterwards
Account accountx = AccountDAO.find(em, accountId);
if (accountx == null) {
throw new KapuaEntityNotFoundException(Account.TYPE, accountId);
}
// do not allow deletion of the kapua admin account
SystemSetting settings = SystemSetting.getInstance();
if (settings.getString(SystemSettingKey.SYS_PROVISION_ACCOUNT_NAME).equals(accountx.getName())) {
throw new KapuaIllegalAccessException(action.name());
}
if (settings.getString(SystemSettingKey.SYS_ADMIN_ACCOUNT).equals(accountx.getName())) {
throw new KapuaIllegalAccessException(action.name());
}
em.beginTransaction();
AccountDAO.delete(em, accountId);
em.commit();
} catch (Exception e) {
em.rollback();
throw KapuaExceptionUtils.convertPersistenceException(e);
} finally {
em.close();
}
}
Aggregations