use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class RolesToGrantsMigration method upgrade.
public void upgrade() {
final Set<MigratableRole> migratableRoles = findMigratableRoles();
migratableRoles.forEach(migratableRole -> {
final Role role = migratableRole.role;
final Set<String> migratedPermissions = migrateRoleToGrant(migratableRole);
if (role.getPermissions().removeAll(migratedPermissions)) {
LOG.debug("Updating role <{}> new permissions: <{}>", role.getName(), role.getPermissions());
if (role.getPermissions().isEmpty()) {
LOG.info("Removing the now empty role <{}>", role.getName());
userService.dissociateAllUsersFromRole(role);
roleService.delete(role.getName());
} else {
try {
roleService.save(role);
} catch (ValidationException e) {
LOG.error("Failed to update modified role <{}>", role.getName(), e);
}
}
}
});
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class UserPermissionsToGrantsMigration method migrateUserPermissions.
private void migrateUserPermissions(User user, Map<String, Set<String>> migratableEntities) {
migratableEntities.forEach((entityID, permissions) -> {
final GRNTypeCapability grnTypeCapability = GrantsMetaMigration.MIGRATION_MAP.get(permissions);
// Permissions are mappable to a grant
if (grnTypeCapability != null) {
final Capability capability = grnTypeCapability.capability;
GRN targetGRN;
if (permissions.stream().anyMatch(p -> p.contains(VIEW_READ))) {
// For views we need to load the database object to be able to determine if it's a
// search or a dashboard.
targetGRN = getViewGRNType(entityID).map(grnType -> grnType.toGRN(entityID)).orElse(null);
} else {
targetGRN = requireNonNull(grnTypeCapability.grnType, "grnType cannot be null - this is a bug").toGRN(entityID);
}
if (targetGRN != null) {
dbGrantService.ensure(grnRegistry.ofUser(user), capability, targetGRN, rootUsername);
}
final List<String> updatedPermissions = user.getPermissions();
updatedPermissions.removeAll(permissions.stream().map(p -> p + ":" + entityID).collect(Collectors.toSet()));
user.setPermissions(updatedPermissions);
try {
userService.save(user);
} catch (ValidationException e) {
LOG.error("Failed to update permssions on user <{}>", user.getName(), e);
}
LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", targetGRN, permissions, capability, user.getName());
} else {
LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", entityID, permissions);
}
});
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class RolesResource method removeMember.
@DELETE
@Path("{rolename}/members/{username}")
@ApiOperation("Remove a user from a role")
@AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_DELETE)
public Response removeMember(@ApiParam(name = "rolename") @PathParam("rolename") String rolename, @ApiParam(name = "username") @PathParam("username") String username) throws NotFoundException {
checkPermission(RestPermissions.USERS_EDIT, username);
checkPermission(RestPermissions.ROLES_EDIT, rolename);
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("User " + username + " has not been found.");
}
// verify that the role exists
final Role role = roleService.load(rolename);
final HashSet<String> roles = Sets.newHashSet(user.getRoleIds());
roles.remove(role.getId());
user.setRoleIds(roles);
try {
userService.save(user);
} catch (ValidationException e) {
throw new BadRequestException("Validation failed", e);
}
return status(Response.Status.NO_CONTENT).build();
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class RolesResource method addMember.
@PUT
@Path("{rolename}/members/{username}")
@ApiOperation("Add a user to a role")
@AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_UPDATE)
public Response addMember(@ApiParam(name = "rolename") @PathParam("rolename") String rolename, @ApiParam(name = "username") @PathParam("username") String username, @ApiParam(name = "JSON Body", value = "Placeholder because PUT requests should have a body. Set to '{}', the content will be ignored.", defaultValue = "{}") String body) throws NotFoundException {
checkPermission(RestPermissions.USERS_EDIT, username);
checkPermission(RestPermissions.ROLES_EDIT, rolename);
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("User " + username + " has not been found.");
}
// verify that the role exists
final Role role = roleService.load(rolename);
final HashSet<String> roles = Sets.newHashSet(user.getRoleIds());
roles.add(role.getId());
user.setRoleIds(roles);
try {
userService.save(user);
} catch (ValidationException e) {
throw new BadRequestException("Validation failed", e);
}
return status(Response.Status.NO_CONTENT).build();
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class StreamAlarmCallbackResource method create.
@POST
@Timed
@ApiOperation(value = "Create an alarm callback", response = CreateAlarmCallbackResponse.class)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.ALARM_CALLBACK_CREATE)
public Response create(@ApiParam(name = "streamid", value = "The stream id this new alarm callback belongs to.", required = true) @PathParam("streamid") String streamid, @ApiParam(name = "JSON body", required = true) CreateAlarmCallbackRequest originalCr) throws NotFoundException {
checkPermission(RestPermissions.STREAMS_EDIT, streamid);
// make sure the values are correctly converted to the declared configuration types
final CreateAlarmCallbackRequest cr = CreateAlarmCallbackRequest.create(originalCr.type(), originalCr.title(), convertConfigurationValues(originalCr));
final AlarmCallbackConfiguration alarmCallbackConfiguration = alarmCallbackConfigurationService.create(streamid, cr, getCurrentUser().getName());
final String id;
try {
alarmCallbackFactory.create(alarmCallbackConfiguration).checkConfiguration();
id = alarmCallbackConfigurationService.save(alarmCallbackConfiguration);
} catch (ValidationException | AlarmCallbackConfigurationException | ConfigurationException e) {
LOG.error("Invalid alarm callback configuration.", e);
throw new BadRequestException(e.getMessage(), e);
} catch (ClassNotFoundException e) {
LOG.error("Invalid alarm callback type.", e);
throw new BadRequestException("Invalid alarm callback type.", e);
}
final URI alarmCallbackUri = getUriBuilderToSelf().path(StreamAlarmCallbackResource.class).path("{alarmCallbackId}").build(streamid, id);
return Response.created(alarmCallbackUri).entity(CreateAlarmCallbackResponse.create(id)).build();
}
Aggregations