Search in sources :

Example 91 with ValidationException

use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.

the class RolesToGrantsMigration method upgrade.

public void upgrade() {
    final Set<MigratableRole> migratableRoles = findMigratableRoles();
    migratableRoles.forEach(migratableRole -> {
        final Role role = migratableRole.role;
        final Set<String> migratedPermissions = migrateRoleToGrant(migratableRole);
        if (role.getPermissions().removeAll(migratedPermissions)) {
            LOG.debug("Updating role <{}> new permissions: <{}>", role.getName(), role.getPermissions());
            if (role.getPermissions().isEmpty()) {
                LOG.info("Removing the now empty role <{}>", role.getName());
                userService.dissociateAllUsersFromRole(role);
                roleService.delete(role.getName());
            } else {
                try {
                    roleService.save(role);
                } catch (ValidationException e) {
                    LOG.error("Failed to update modified role <{}>", role.getName(), e);
                }
            }
        }
    });
}
Also used : Role(org.graylog2.shared.users.Role) ValidationException(org.graylog2.plugin.database.ValidationException)

Example 92 with ValidationException

use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.

the class UserPermissionsToGrantsMigration method migrateUserPermissions.

private void migrateUserPermissions(User user, Map<String, Set<String>> migratableEntities) {
    migratableEntities.forEach((entityID, permissions) -> {
        final GRNTypeCapability grnTypeCapability = GrantsMetaMigration.MIGRATION_MAP.get(permissions);
        // Permissions are mappable to a grant
        if (grnTypeCapability != null) {
            final Capability capability = grnTypeCapability.capability;
            GRN targetGRN;
            if (permissions.stream().anyMatch(p -> p.contains(VIEW_READ))) {
                // For views we need to load the database object to be able to determine if it's a
                // search or a dashboard.
                targetGRN = getViewGRNType(entityID).map(grnType -> grnType.toGRN(entityID)).orElse(null);
            } else {
                targetGRN = requireNonNull(grnTypeCapability.grnType, "grnType cannot be null - this is a bug").toGRN(entityID);
            }
            if (targetGRN != null) {
                dbGrantService.ensure(grnRegistry.ofUser(user), capability, targetGRN, rootUsername);
            }
            final List<String> updatedPermissions = user.getPermissions();
            updatedPermissions.removeAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
            user.setPermissions(updatedPermissions);
            try {
                userService.save(user);
            } catch (ValidationException e) {
                LOG.error("Failed to update permssions on user <{}>", user.getName(), e);
            }
            LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", targetGRN, permissions, capability, user.getName());
        } else {
            LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
        }
    });
}
Also used : GRN(org.graylog.grn.GRN) ValidationException(org.graylog2.plugin.database.ValidationException) Capability(org.graylog.security.Capability) GRNTypeCapability(org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability) GRNTypeCapability(org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration.GRNTypeCapability)

Example 93 with ValidationException

use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.

the class RolesResource method removeMember.

@DELETE
@Path("{rolename}/members/{username}")
@ApiOperation("Remove a user from a role")
@AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_DELETE)
public Response removeMember(@ApiParam(name = "rolename") @PathParam("rolename") String rolename, @ApiParam(name = "username") @PathParam("username") String username) throws NotFoundException {
    checkPermission(RestPermissions.USERS_EDIT, username);
    checkPermission(RestPermissions.ROLES_EDIT, rolename);
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("User " + username + " has not been found.");
    }
    // verify that the role exists
    final Role role = roleService.load(rolename);
    final HashSet<String> roles = Sets.newHashSet(user.getRoleIds());
    roles.remove(role.getId());
    user.setRoleIds(roles);
    try {
        userService.save(user);
    } catch (ValidationException e) {
        throw new BadRequestException("Validation failed", e);
    }
    return status(Response.Status.NO_CONTENT).build();
}
Also used : Role(org.graylog2.shared.users.Role) User(org.graylog2.plugin.database.users.User) ValidationException(org.graylog2.plugin.database.ValidationException) NotFoundException(org.graylog2.database.NotFoundException) BadRequestException(javax.ws.rs.BadRequestException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Example 94 with ValidationException

use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.

the class RolesResource method addMember.

@PUT
@Path("{rolename}/members/{username}")
@ApiOperation("Add a user to a role")
@AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_UPDATE)
public Response addMember(@ApiParam(name = "rolename") @PathParam("rolename") String rolename, @ApiParam(name = "username") @PathParam("username") String username, @ApiParam(name = "JSON Body", value = "Placeholder because PUT requests should have a body. Set to '{}', the content will be ignored.", defaultValue = "{}") String body) throws NotFoundException {
    checkPermission(RestPermissions.USERS_EDIT, username);
    checkPermission(RestPermissions.ROLES_EDIT, rolename);
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("User " + username + " has not been found.");
    }
    // verify that the role exists
    final Role role = roleService.load(rolename);
    final HashSet<String> roles = Sets.newHashSet(user.getRoleIds());
    roles.add(role.getId());
    user.setRoleIds(roles);
    try {
        userService.save(user);
    } catch (ValidationException e) {
        throw new BadRequestException("Validation failed", e);
    }
    return status(Response.Status.NO_CONTENT).build();
}
Also used : Role(org.graylog2.shared.users.Role) User(org.graylog2.plugin.database.users.User) ValidationException(org.graylog2.plugin.database.ValidationException) NotFoundException(org.graylog2.database.NotFoundException) BadRequestException(javax.ws.rs.BadRequestException) Path(javax.ws.rs.Path) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) PUT(javax.ws.rs.PUT)

Example 95 with ValidationException

use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.

the class StreamAlarmCallbackResource method create.

@POST
@Timed
@ApiOperation(value = "Create an alarm callback", response = CreateAlarmCallbackResponse.class)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.ALARM_CALLBACK_CREATE)
public Response create(@ApiParam(name = "streamid", value = "The stream id this new alarm callback belongs to.", required = true) @PathParam("streamid") String streamid, @ApiParam(name = "JSON body", required = true) CreateAlarmCallbackRequest originalCr) throws NotFoundException {
    checkPermission(RestPermissions.STREAMS_EDIT, streamid);
    // make sure the values are correctly converted to the declared configuration types
    final CreateAlarmCallbackRequest cr = CreateAlarmCallbackRequest.create(originalCr.type(), originalCr.title(), convertConfigurationValues(originalCr));
    final AlarmCallbackConfiguration alarmCallbackConfiguration = alarmCallbackConfigurationService.create(streamid, cr, getCurrentUser().getName());
    final String id;
    try {
        alarmCallbackFactory.create(alarmCallbackConfiguration).checkConfiguration();
        id = alarmCallbackConfigurationService.save(alarmCallbackConfiguration);
    } catch (ValidationException | AlarmCallbackConfigurationException | ConfigurationException e) {
        LOG.error("Invalid alarm callback configuration.", e);
        throw new BadRequestException(e.getMessage(), e);
    } catch (ClassNotFoundException e) {
        LOG.error("Invalid alarm callback type.", e);
        throw new BadRequestException("Invalid alarm callback type.", e);
    }
    final URI alarmCallbackUri = getUriBuilderToSelf().path(StreamAlarmCallbackResource.class).path("{alarmCallbackId}").build(streamid, id);
    return Response.created(alarmCallbackUri).entity(CreateAlarmCallbackResponse.create(id)).build();
}
Also used : CreateAlarmCallbackRequest(org.graylog2.rest.models.alarmcallbacks.requests.CreateAlarmCallbackRequest) ValidationException(org.graylog2.plugin.database.ValidationException) AlarmCallbackConfigurationException(org.graylog2.plugin.alarms.callbacks.AlarmCallbackConfigurationException) ConfigurationException(org.graylog2.plugin.configuration.ConfigurationException) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) AlarmCallbackConfiguration(org.graylog2.alarmcallbacks.AlarmCallbackConfiguration) AlarmCallbackConfigurationException(org.graylog2.plugin.alarms.callbacks.AlarmCallbackConfigurationException) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Aggregations

ApiOperation (io.swagger.annotations.ApiOperation)52 AuditEvent (org.graylog2.audit.jersey.AuditEvent)52 ValidationException (org.graylog2.plugin.database.ValidationException)52 Timed (com.codahale.metrics.annotation.Timed)39 Path (javax.ws.rs.Path)32 ApiResponses (io.swagger.annotations.ApiResponses)30 BadRequestException (javax.ws.rs.BadRequestException)28 PUT (javax.ws.rs.PUT)27 Consumes (javax.ws.rs.Consumes)25 POST (javax.ws.rs.POST)24 Produces (javax.ws.rs.Produces)24 User (org.graylog2.plugin.database.users.User)22 URI (java.net.URI)20 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)15 NotFoundException (org.graylog2.database.NotFoundException)15 Test (org.junit.Test)15 Stream (org.graylog2.plugin.streams.Stream)14 ObjectId (org.bson.types.ObjectId)13 GrokPattern (org.graylog2.grok.GrokPattern)13 MessageInput (org.graylog2.plugin.inputs.MessageInput)13