Example 71 with AuditEvent
use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.
the class UsersResource method create.
@POST
@RequiresPermissions(RestPermissions.USERS_CREATE)
@ApiOperation("Create a new user account.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid user details.") })
@AuditEvent(type = AuditEventTypes.USER_CREATE)
public Response create(@ApiParam(name = "JSON body", value = "Must contain username, full_name, email, password and a list of permissions.", required = true) @Valid @NotNull CreateUserRequest cr) throws ValidationException {
if (userService.load(cr.username()) != null) {
final String msg = "Cannot create user " + cr.username() + ". Username is already taken.";
LOG.error(msg);
throw new BadRequestException(msg);
}
// Create user.
User user = userService.create();
user.setName(cr.username());
user.setPassword(cr.password());
user.setFullName(cr.fullName());
user.setEmail(cr.email());
user.setPermissions(cr.permissions());
setUserRoles(cr.roles(), user);
if (cr.timezone() != null) {
user.setTimeZone(cr.timezone());
}
final Long sessionTimeoutMs = cr.sessionTimeoutMs();
if (sessionTimeoutMs != null) {
user.setSessionTimeoutMs(sessionTimeoutMs);
}
final Startpage startpage = cr.startpage();
if (startpage != null) {
user.setStartpage(startpage.type(), startpage.id());
}
final String id = userService.save(user);
LOG.debug("Saved user {} with id {}", user.getName(), id);
final URI userUri = getUriBuilderToSelf().path(UsersResource.class).path("{username}").build(user.getName());
return Response.created(userUri).build();
}
Also used :
User(org.graylog2.plugin.database.users.User)
Startpage(org.graylog2.rest.models.users.requests.Startpage)
BadRequestException(javax.ws.rs.BadRequestException)
URI(java.net.URI)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
POST(javax.ws.rs.POST)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 72 with AuditEvent
use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.
the class UsersResource method generateNewToken.
@POST
@Path("{username}/tokens/{name}")
@RequiresPermissions(RestPermissions.USERS_TOKENCREATE)
@ApiOperation("Generates a new access token for a user")
@AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_CREATE)
public Token generateNewToken(@ApiParam(name = "username", required = true) @PathParam("username") String username, @ApiParam(name = "name", value = "Descriptive name for this token (e.g. 'cronjob') ", required = true) @PathParam("name") String name, @ApiParam(name = "JSON Body", value = "Placeholder because POST requests should have a body. Set to '{}', the content will be ignored.", defaultValue = "{}") String body) {
final User user = _tokensCheckAndLoadUser(username);
final AccessToken accessToken = accessTokenService.create(user.getName(), name);
return Token.create(accessToken.getName(), accessToken.getToken(), accessToken.getLastAccess());
}
Also used :
User(org.graylog2.plugin.database.users.User)
AccessToken(org.graylog2.security.AccessToken)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
POST(javax.ws.rs.POST)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
Example 73 with AuditEvent
use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.
the class UsersResource method editPermissions.
@PUT
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Update a user's permission set.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid permission data.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_UPDATE)
public void editPermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The list of permissions to assign to the user.", required = true) @Valid @NotNull PermissionEditRequest permissionRequest) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
user.setPermissions(getEffectiveUserPermissions(user, permissionRequest.permissions()));
userService.save(user);
}
Also used :
User(org.graylog2.plugin.database.users.User)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 74 with AuditEvent
use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.
the class UsersResource method changeUser.
@PUT
@Path("{username}")
@ApiOperation("Modify user details.")
@ApiResponses({ @ApiResponse(code = 400, message = "Attempted to modify a read only user account (e.g. built-in or LDAP users)."), @ApiResponse(code = 400, message = "Missing or invalid user details.") })
@AuditEvent(type = AuditEventTypes.USER_UPDATE)
public void changeUser(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "Updated user information.", required = true) @Valid @NotNull ChangeUserRequest cr) throws ValidationException {
checkPermission(USERS_EDIT, username);
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
if (user.isReadOnly()) {
throw new BadRequestException("Cannot modify readonly user " + username);
}
// we only allow setting a subset of the fields in CreateStreamRuleRequest
if (cr.email() != null) {
user.setEmail(cr.email());
}
if (cr.fullName() != null) {
user.setFullName(cr.fullName());
}
final boolean permitted = isPermitted(USERS_PERMISSIONSEDIT, user.getName());
if (permitted && cr.permissions() != null) {
user.setPermissions(getEffectiveUserPermissions(user, cr.permissions()));
}
if (isPermitted(USERS_ROLESEDIT, user.getName())) {
setUserRoles(cr.roles(), user);
}
final String timezone = cr.timezone();
if (timezone == null) {
user.setTimeZone((String) null);
} else {
try {
if (timezone.isEmpty()) {
user.setTimeZone((String) null);
} else {
final DateTimeZone tz = DateTimeZone.forID(timezone);
user.setTimeZone(tz);
}
} catch (IllegalArgumentException e) {
LOG.error("Invalid timezone '{}', ignoring it for user {}.", timezone, username);
}
}
final Startpage startpage = cr.startpage();
if (startpage != null) {
user.setStartpage(startpage.type(), startpage.id());
}
if (isPermitted("*")) {
final Long sessionTimeoutMs = cr.sessionTimeoutMs();
if (sessionTimeoutMs != null && sessionTimeoutMs != 0) {
user.setSessionTimeoutMs(sessionTimeoutMs);
}
}
userService.save(user);
}
Also used :
User(org.graylog2.plugin.database.users.User)
Startpage(org.graylog2.rest.models.users.requests.Startpage)
NotFoundException(javax.ws.rs.NotFoundException)
BadRequestException(javax.ws.rs.BadRequestException)
DateTimeZone(org.joda.time.DateTimeZone)
Path(javax.ws.rs.Path)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 75 with AuditEvent
use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.
the class UsersResource method deletePermissions.
@DELETE
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Revoke all permissions for a user without deleting the account.")
@ApiResponses({ @ApiResponse(code = 500, message = "When saving the user failed.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_DELETE)
public void deletePermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
user.setPermissions(Collections.emptyList());
userService.save(user);
}
Also used :
User(org.graylog2.plugin.database.users.User)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
AuditEvent (org.graylog2.audit.jersey.AuditEvent)93
ApiOperation (io.swagger.annotations.ApiOperation)92
Timed (com.codahale.metrics.annotation.Timed)76
Path (javax.ws.rs.Path)70
ApiResponses (io.swagger.annotations.ApiResponses)56
PUT (javax.ws.rs.PUT)36
Produces (javax.ws.rs.Produces)34
POST (javax.ws.rs.POST)33
BadRequestException (javax.ws.rs.BadRequestException)31
Consumes (javax.ws.rs.Consumes)29
DELETE (javax.ws.rs.DELETE)26
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)22
URI (java.net.URI)19
Stream (org.graylog2.plugin.streams.Stream)16
NotFoundException (javax.ws.rs.NotFoundException)15
NotFoundException (org.graylog2.database.NotFoundException)14
ValidationException (org.graylog2.plugin.database.ValidationException)13
NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)12
Dashboard (org.graylog2.dashboards.Dashboard)9
Input (org.graylog2.inputs.Input)9
