use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.
the class DashboardWidgetsResource method addWidget.
@POST
@Timed
@ApiOperation(value = "Add a widget to a dashboard")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 404, message = "Dashboard not found."), @ApiResponse(code = 400, message = "Validation error."), @ApiResponse(code = 400, message = "No such widget type.") })
@AuditEvent(type = AuditEventTypes.DASHBOARD_WIDGET_CREATE)
public Response addWidget(@ApiParam(name = "dashboardId", required = true) @PathParam("dashboardId") String dashboardId, @ApiParam(name = "JSON body", required = true) AddWidgetRequest awr) throws ValidationException, NotFoundException {
checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
// Bind to streams for reader users and check stream permission.
if (awr.config().containsKey("stream_id")) {
checkPermission(RestPermissions.STREAMS_READ, (String) awr.config().get("stream_id"));
} else {
checkPermission(RestPermissions.SEARCHES_ABSOLUTE);
checkPermission(RestPermissions.SEARCHES_RELATIVE);
checkPermission(RestPermissions.SEARCHES_KEYWORD);
}
final DashboardWidget widget;
try {
widget = dashboardWidgetCreator.fromRequest(awr, getCurrentUser().getName());
final Dashboard dashboard = dashboardService.load(dashboardId);
dashboardService.addWidget(dashboard, widget);
} catch (DashboardWidget.NoSuchWidgetTypeException e2) {
LOG.debug("No such widget type.", e2);
throw new BadRequestException("No such widget type.", e2);
} catch (InvalidRangeParametersException e3) {
LOG.debug("Invalid timerange parameters provided.", e3);
throw new BadRequestException("Invalid timerange parameters provided.", e3);
} catch (InvalidWidgetConfigurationException e4) {
LOG.debug("Invalid widget configuration.", e4);
throw new BadRequestException("Invalid widget configuration.", e4);
}
final Map<String, String> result = ImmutableMap.of("widget_id", widget.getId());
final URI widgetUri = getUriBuilderToSelf().path(DashboardWidgetsResource.class, "getWidget").build(dashboardId, widget.getId());
return Response.created(widgetUri).entity(result).build();
}
use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.
the class UsersResource method editPermissions.
@PUT
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Update a user's permission set.")
@ApiResponses({ @ApiResponse(code = 400, message = "Missing or invalid permission data.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_UPDATE)
public void editPermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The list of permissions to assign to the user.", required = true) @Valid @NotNull PermissionEditRequest permissionRequest) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
user.setPermissions(getEffectiveUserPermissions(user, permissionRequest.permissions()));
userService.save(user);
}
use of org.graylog2.plugin.security.Permission in project graylog2-server by Graylog2.
the class SystemJobResource method get.
@GET
@Timed
@Path("/{jobId}")
@ApiOperation(value = "Get information of a specific currently running job")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 404, message = "Job not found.") })
public SystemJobSummary get(@ApiParam(name = "jobId", required = true) @PathParam("jobId") @NotEmpty String jobId) {
// TODO jobId is ephemeral, this is not a good key for permission checks. we should use the name of the job type (but there is no way to get it yet)
checkPermission(RestPermissions.SYSTEMJOBS_READ, jobId);
SystemJob systemJob = systemJobManager.getRunningJobs().get(jobId);
if (systemJob == null) {
throw new NotFoundException("No system job with ID <" + jobId + "> found");
}
return SystemJobSummary.create(UUID.fromString(systemJob.getId()), systemJob.getDescription(), systemJob.getClassName(), systemJob.getInfo(), nodeId.toString(), systemJob.getStartedAt(), systemJob.getProgress(), systemJob.isCancelable(), systemJob.providesProgress());
}
Aggregations