Examples with Permission org.graylog2.plugin.security.Permission used on opensource projects

Search in sources :

Example 6 with Permission

use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.

the class DashboardWidgetsResource method addWidget.

@POST
@Timed
@ApiOperation(value = "Add a widget to a dashboard")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 404, message = "Dashboard not found."), @ApiResponse(code = 400, message = "Validation error."), @ApiResponse(code = 400, message = "No such widget type.") })
@AuditEvent(type = AuditEventTypes.DASHBOARD_WIDGET_CREATE)
public Response addWidget(@ApiParam(name = "dashboardId", required = true) @PathParam("dashboardId") String dashboardId, @ApiParam(name = "JSON body", required = true) AddWidgetRequest awr) throws ValidationException, NotFoundException {
    checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
    // Bind to streams for reader users and check stream permission.
    if (awr.config().containsKey("stream_id")) {
        checkPermission(RestPermissions.STREAMS_READ, (String) awr.config().get("stream_id"));
    } else {
        checkPermission(RestPermissions.SEARCHES_ABSOLUTE);
        checkPermission(RestPermissions.SEARCHES_RELATIVE);
        checkPermission(RestPermissions.SEARCHES_KEYWORD);
    }
    final DashboardWidget widget;
    try {
        widget = dashboardWidgetCreator.fromRequest(awr, getCurrentUser().getName());
        final Dashboard dashboard = dashboardService.load(dashboardId);
        dashboardService.addWidget(dashboard, widget);
    } catch (DashboardWidget.NoSuchWidgetTypeException e2) {
        LOG.debug("No such widget type.", e2);
        throw new BadRequestException("No such widget type.", e2);
    } catch (InvalidRangeParametersException e3) {
        LOG.debug("Invalid timerange parameters provided.", e3);
        throw new BadRequestException("Invalid timerange parameters provided.", e3);
    } catch (InvalidWidgetConfigurationException e4) {
        LOG.debug("Invalid widget configuration.", e4);
        throw new BadRequestException("Invalid widget configuration.", e4);
    }
    final Map<String, String> result = ImmutableMap.of("widget_id", widget.getId());
    final URI widgetUri = getUriBuilderToSelf().path(DashboardWidgetsResource.class, "getWidget").build(dashboardId, widget.getId());
    return Response.created(widgetUri).entity(result).build();
}
Also used : InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) DashboardWidget(org.graylog2.dashboards.widgets.DashboardWidget) Dashboard(org.graylog2.dashboards.Dashboard) BadRequestException(javax.ws.rs.BadRequestException) InvalidWidgetConfigurationException(org.graylog2.dashboards.widgets.InvalidWidgetConfigurationException) URI(java.net.URI) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ApiResponses(io.swagger.annotations.ApiResponses)

Example 7 with Permission

use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.

the class UsersResource method editPermissions.

@PUT
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Update a user's permission set.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid permission data.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_UPDATE)
public void editPermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The list of permissions to assign to the user.", required = true) @Valid @NotNull PermissionEditRequest permissionRequest) throws ValidationException {
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("Couldn't find user " + username);
    }
    user.setPermissions(getEffectiveUserPermissions(user, permissionRequest.permissions()));
    userService.save(user);
}
Also used : User(org.graylog2.plugin.database.users.User) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Example 8 with Permission

use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.

the class SystemJobResource method get.

@GET
@Timed
@Path("/{jobId}")
@ApiOperation(value = "Get information of a specific currently running job")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 404, message = "Job not found.") })
public SystemJobSummary get(@ApiParam(name = "jobId", required = true) @PathParam("jobId") @NotEmpty String jobId) {
    // TODO jobId is ephemeral, this is not a good key for permission checks. we should use the name of the job type (but there is no way to get it yet)
    checkPermission(RestPermissions.SYSTEMJOBS_READ, jobId);
    SystemJob systemJob = systemJobManager.getRunningJobs().get(jobId);
    if (systemJob == null) {
        throw new NotFoundException("No system job with ID <" + jobId + "> found");
    }
    return SystemJobSummary.create(UUID.fromString(systemJob.getId()), systemJob.getDescription(), systemJob.getClassName(), systemJob.getInfo(), nodeId.toString(), systemJob.getStartedAt(), systemJob.getProgress(), systemJob.isCancelable(), systemJob.providesProgress());
}
Also used : SystemJob(org.graylog2.system.jobs.SystemJob) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

ApiOperation (io.swagger.annotations.ApiOperation)6 ApiResponses (io.swagger.annotations.ApiResponses)5 NotFoundException (javax.ws.rs.NotFoundException)4 Path (javax.ws.rs.Path)4 User (org.graylog2.plugin.database.users.User)4 Timed (com.codahale.metrics.annotation.Timed)3 GET (javax.ws.rs.GET)3 Produces (javax.ws.rs.Produces)3 AuditEvent (org.graylog2.audit.jersey.AuditEvent)3 PUT (javax.ws.rs.PUT)2 SystemJob (org.graylog2.system.jobs.SystemJob)2 Predicate (com.google.common.base.Predicate)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 Lists (com.google.common.collect.Lists)1 Sets (com.google.common.collect.Sets)1 URI (java.net.URI)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 Inject (javax.inject.Inject)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial