Search in sources :

Example 1 with UserContext

use of org.graylog.security.UserContext in project graylog2-server by Graylog2.

the class StreamResource method create.

@POST
@Timed
@ApiOperation(value = "Create a stream")
@RequiresPermissions(RestPermissions.STREAMS_CREATE)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.STREAM_CREATE)
public Response create(@ApiParam(name = "JSON body", required = true) final CreateStreamRequest cr, @Context UserContext userContext) throws ValidationException {
    // Create stream.
    final Stream stream = streamService.create(cr, getCurrentUser().getName());
    stream.setDisabled(true);
    final IndexSet indexSet = stream.getIndexSet();
    if (!indexSet.getConfig().isWritable()) {
        throw new BadRequestException("Assigned index set must be writable!");
    } else if (!indexSet.getConfig().isRegularIndex()) {
        throw new BadRequestException("Assigned index set is not usable");
    }
    final Set<StreamRule> streamRules = cr.rules().stream().map(streamRule -> streamRuleService.create(null, streamRule)).collect(Collectors.toSet());
    final String id = streamService.saveWithRulesAndOwnership(stream, streamRules, userContext.getUser());
    final Map<String, String> result = ImmutableMap.of("stream_id", id);
    final URI streamUri = getUriBuilderToSelf().path(StreamResource.class).path("{streamId}").build(id);
    return Response.created(streamUri).entity(result).build();
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) Arrays(java.util.Arrays) Produces(javax.ws.rs.Produces) Tools(org.graylog2.plugin.Tools) UserContext(org.graylog.security.UserContext) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) ApiParam(io.swagger.annotations.ApiParam) AlarmCallbackConfiguration(org.graylog2.alarmcallbacks.AlarmCallbackConfiguration) AlertService(org.graylog2.alerts.AlertService) StreamRule(org.graylog2.plugin.streams.StreamRule) NotEmpty(javax.validation.constraints.NotEmpty) Valid(javax.validation.Valid) ApiOperation(io.swagger.annotations.ApiOperation) PaginatedList(org.graylog2.database.PaginatedList) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) SearchQueryField(org.graylog2.search.SearchQueryField) AlertConditionSummary(org.graylog2.rest.models.streams.alerts.AlertConditionSummary) StreamImpl(org.graylog2.streams.StreamImpl) StreamRuleService(org.graylog2.streams.StreamRuleService) Map(java.util.Map) DefaultValue(javax.ws.rs.DefaultValue) BadRequestException(javax.ws.rs.BadRequestException) IndexSet(org.graylog2.indexer.IndexSet) URI(java.net.URI) DELETE(javax.ws.rs.DELETE) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent) StreamRouterEngine(org.graylog2.streams.StreamRouterEngine) ISODateTimeFormat(org.joda.time.format.ISODateTimeFormat) ImmutableSet(com.google.common.collect.ImmutableSet) Context(javax.ws.rs.core.Context) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) Collection(java.util.Collection) Set(java.util.Set) NotNull(javax.validation.constraints.NotNull) Collectors(java.util.stream.Collectors) Executors(java.util.concurrent.Executors) Timed(com.codahale.metrics.annotation.Timed) CreateStreamRequest(org.graylog2.rest.resources.streams.requests.CreateStreamRequest) CreateAlarmCallbackRequest(org.graylog2.rest.models.alarmcallbacks.requests.CreateAlarmCallbackRequest) List(java.util.List) Response(javax.ws.rs.core.Response) Stream(org.graylog2.plugin.streams.Stream) AuditEventTypes(org.graylog2.audit.AuditEventTypes) StreamService(org.graylog2.streams.StreamService) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) AlertReceivers(org.graylog2.rest.models.alarmcallbacks.requests.AlertReceivers) StreamDTO(org.graylog2.streams.StreamDTO) CreateConditionRequest(org.graylog2.rest.models.streams.alerts.requests.CreateConditionRequest) Optional(java.util.Optional) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) ThreadFactoryBuilder(com.google.common.util.concurrent.ThreadFactoryBuilder) PathParam(javax.ws.rs.PathParam) PaginatedStreamService(org.graylog2.streams.PaginatedStreamService) CloneStreamRequest(org.graylog2.rest.resources.streams.requests.CloneStreamRequest) SearchQueryParser(org.graylog2.search.SearchQueryParser) GET(javax.ws.rs.GET) TestMatchResponse(org.graylog2.rest.resources.streams.responses.TestMatchResponse) StreamPageListResponse(org.graylog2.rest.resources.streams.responses.StreamPageListResponse) HashMap(java.util.HashMap) ApiResponses(io.swagger.annotations.ApiResponses) StreamListResponse(org.graylog2.rest.resources.streams.responses.StreamListResponse) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) Strings(com.google.common.base.Strings) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) UpdateStreamRequest(org.graylog2.rest.models.streams.requests.UpdateStreamRequest) Lists(com.google.common.collect.Lists) ConfigurationException(org.graylog2.plugin.configuration.ConfigurationException) AuditEvent(org.graylog2.audit.jersey.AuditEvent) Api(io.swagger.annotations.Api) SearchQuery(org.graylog2.search.SearchQuery) NotFoundException(org.graylog2.database.NotFoundException) IndexSetRegistry(org.graylog2.indexer.IndexSetRegistry) ExecutorService(java.util.concurrent.ExecutorService) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) DateTime(org.joda.time.DateTime) RestResource(org.graylog2.shared.rest.resources.RestResource) OutputSummary(org.graylog2.rest.models.system.outputs.responses.OutputSummary) Maps(com.google.common.collect.Maps) AlarmCallbackConfigurationService(org.graylog2.alarmcallbacks.AlarmCallbackConfigurationService) Output(org.graylog2.plugin.streams.Output) ApiResponse(io.swagger.annotations.ApiResponse) ValidationException(org.graylog2.plugin.database.ValidationException) RestPermissions(org.graylog2.shared.security.RestPermissions) StreamResponse(org.graylog2.rest.resources.streams.responses.StreamResponse) ObjectId(org.bson.types.ObjectId) PUT(javax.ws.rs.PUT) StreamRuleImpl(org.graylog2.streams.StreamRuleImpl) Message(org.graylog2.plugin.Message) Collections(java.util.Collections) StreamRule(org.graylog2.plugin.streams.StreamRule) BadRequestException(javax.ws.rs.BadRequestException) Stream(org.graylog2.plugin.streams.Stream) URI(java.net.URI) IndexSet(org.graylog2.indexer.IndexSet) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Example 2 with UserContext

use of org.graylog.security.UserContext in project graylog2-server by Graylog2.

the class SearchUserFactory method provide.

@Override
public SearchUser provide() {
    final UserContext userContext = serviceLocator.getService(UserContext.class);
    final SecurityContext securityContext = serviceLocator.getService(SecurityContext.class);
    return new SearchUser(userContext.getUser(), (permission) -> this.isPermitted(securityContext, permission), (permission, instanceId) -> this.isPermitted(securityContext, permission, instanceId), permittedStreams);
}
Also used : UserContext(org.graylog.security.UserContext) SecurityContext(javax.ws.rs.core.SecurityContext) SearchUser(org.graylog.plugins.views.search.permissions.SearchUser)

Example 3 with UserContext

use of org.graylog.security.UserContext in project graylog2-server by Graylog2.

the class ViewsResourceTest method creatingViewAddsCurrentUserAsOwner.

@Test
public void creatingViewAddsCurrentUserAsOwner() throws Exception {
    final ViewDTO.Builder builder = mock(ViewDTO.Builder.class);
    when(view.toBuilder()).thenReturn(builder);
    when(view.type()).thenReturn(ViewDTO.Type.DASHBOARD);
    when(view.searchId()).thenReturn("6141d457d3a6b9d73c8ac55a");
    when(builder.owner(any())).thenReturn(builder);
    when(builder.build()).thenReturn(view);
    final UserImpl testUser = new UserImpl(mock(PasswordAlgorithmFactory.class), new Permissions(ImmutableSet.of()), ImmutableMap.of("username", "testuser"));
    final UserContext userContext = mock(UserContext.class);
    when(userContext.getUser()).thenReturn(testUser);
    when(userContext.getUserId()).thenReturn("testuser");
    when(currentUser.isLocalAdmin()).thenReturn(true);
    when(searchUser.username()).thenReturn("testuser");
    this.viewsResource.create(view, userContext, searchUser);
    final ArgumentCaptor<String> ownerCaptor = ArgumentCaptor.forClass(String.class);
    verify(builder, times(1)).owner(ownerCaptor.capture());
    assertThat(ownerCaptor.getValue()).isEqualTo("testuser");
}
Also used : ViewDTO(org.graylog.plugins.views.search.views.ViewDTO) PasswordAlgorithmFactory(org.graylog2.security.PasswordAlgorithmFactory) UserContext(org.graylog.security.UserContext) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) Test(org.junit.Test)

Aggregations

UserContext (org.graylog.security.UserContext)2 Timed (com.codahale.metrics.annotation.Timed)1 MoreObjects.firstNonNull (com.google.common.base.MoreObjects.firstNonNull)1 Strings (com.google.common.base.Strings)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Lists (com.google.common.collect.Lists)1 Maps (com.google.common.collect.Maps)1 ThreadFactoryBuilder (com.google.common.util.concurrent.ThreadFactoryBuilder)1 Api (io.swagger.annotations.Api)1 ApiOperation (io.swagger.annotations.ApiOperation)1 ApiParam (io.swagger.annotations.ApiParam)1 ApiResponse (io.swagger.annotations.ApiResponse)1 ApiResponses (io.swagger.annotations.ApiResponses)1 URI (java.net.URI)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1