Example 16 with Permissions
use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.
the class UsersResource method deletePermissions.
@DELETE
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Revoke all permissions for a user without deleting the account.")
@ApiResponses({ @ApiResponse(code = 500, message = "When saving the user failed.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_DELETE)
public void deletePermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
user.setPermissions(Collections.emptyList());
userService.save(user);
}
Also used :
User(org.graylog2.plugin.database.users.User)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 17 with Permissions
use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.
the class SystemJobResource method trigger.
@POST
@Timed
@ApiOperation(value = "Trigger new job")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 202, message = "Job accepted."), @ApiResponse(code = 400, message = "There is no such systemjob type."), @ApiResponse(code = 403, message = "Maximum concurrency level of this systemjob type reached.") })
@AuditEvent(type = AuditEventTypes.SYSTEM_JOB_START)
public Response trigger(@ApiParam(name = "JSON body", required = true) @Valid @NotNull TriggerRequest tr) {
// TODO cleanup jobId vs jobName checking in permissions
checkPermission(RestPermissions.SYSTEMJOBS_CREATE, tr.jobName());
SystemJob job;
try {
job = systemJobFactory.build(tr.jobName());
} catch (NoSuchJobException e) {
LOG.error("Such a system job type does not exist. Returning HTTP 400.");
throw new BadRequestException(e);
}
try {
systemJobManager.submit(job);
} catch (SystemJobConcurrencyException e) {
LOG.error("Maximum concurrency level of this job reached. ", e);
throw new ForbiddenException("Maximum concurrency level of this job reached", e);
}
return Response.accepted().entity(ImmutableMap.of("system_job_id", job.getId())).build();
}
Also used :
SystemJob(org.graylog2.system.jobs.SystemJob)
ForbiddenException(javax.ws.rs.ForbiddenException)
NoSuchJobException(org.graylog2.system.jobs.NoSuchJobException)
SystemJobConcurrencyException(org.graylog2.system.jobs.SystemJobConcurrencyException)
BadRequestException(javax.ws.rs.BadRequestException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 18 with Permissions
use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testSyncFromLdapEntryExistingUser.
@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntryExistingUser() {
final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
final LdapEntry userEntry = new LdapEntry();
final LdapSettings ldapSettings = mock(LdapSettings.class);
when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
final HashMap<String, Object> fields = Maps.newHashMap();
fields.put("permissions", Collections.singletonList("test:permission:1234"));
when(userService.load(anyString())).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), fields));
final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
assertThat(ldapUser).isNotNull();
assertThat(ldapUser.getPermissions()).contains("test:permission:1234");
assertThat(ldapUser.isExternalUser()).isTrue();
assertThat(ldapUser.getName()).isEqualTo("user");
assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used :
User(org.graylog2.plugin.database.users.User)
UserImpl(org.graylog2.users.UserImpl)
Permissions(org.graylog2.shared.security.Permissions)
LdapEntry(org.graylog2.shared.security.ldap.LdapEntry)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet)
Test(org.junit.Test)
Example 19 with Permissions
use of org.graylog2.shared.security.Permissions in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testSyncFromLdapEntry.
@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntry() {
final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
final LdapEntry userEntry = new LdapEntry();
final LdapSettings ldapSettings = mock(LdapSettings.class);
when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
when(userService.create()).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), Maps.newHashMap()));
final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
assertThat(ldapUser).isNotNull();
assertThat(ldapUser.isExternalUser()).isTrue();
assertThat(ldapUser.getName()).isEqualTo("user");
assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used :
User(org.graylog2.plugin.database.users.User)
UserImpl(org.graylog2.users.UserImpl)
Permissions(org.graylog2.shared.security.Permissions)
LdapEntry(org.graylog2.shared.security.ldap.LdapEntry)
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet)
Test(org.junit.Test)
Aggregations
User (org.graylog2.plugin.database.users.User)9
ApiOperation (io.swagger.annotations.ApiOperation)7
Permissions (org.graylog2.shared.security.Permissions)7
ApiResponses (io.swagger.annotations.ApiResponses)6
Test (org.junit.Test)6
Path (javax.ws.rs.Path)5
NotFoundException (javax.ws.rs.NotFoundException)4
AuditEvent (org.graylog2.audit.jersey.AuditEvent)4
Role (org.graylog2.shared.users.Role)4
GET (javax.ws.rs.GET)3
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3
Lists (com.google.common.collect.Lists)2
Sets (com.google.common.collect.Sets)2
UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2
URI (java.net.URI)2
List (java.util.List)2
Set (java.util.Set)2
Inject (javax.inject.Inject)2
BadRequestException (javax.ws.rs.BadRequestException)2
POST (javax.ws.rs.POST)2
