Examples with TenantPredicate org.openremote.model.query.filter.TenantPredicate used on opensource projects

Example 1 with TenantPredicate

use of org.openremote.model.query.filter.TenantPredicate in project openremote by openremote.

the class AssetResourceImpl method createUserAssetLinks.

@Override
public void createUserAssetLinks(RequestParams requestParams, List<UserAssetLink> userAssetLinks) {
    // Restricted users cannot create or delete links
    if (isRestrictedUser()) {
        throw new WebApplicationException(FORBIDDEN);
    }
    // Check all links are for the same user and realm
    String realm = userAssetLinks.get(0).getId().getRealm();
    String userId = userAssetLinks.get(0).getId().getUserId();
    String[] assetIds = new String[userAssetLinks.size()];
    IntStream.range(0, userAssetLinks.size()).forEach(i -> {
        UserAssetLink userAssetLink = userAssetLinks.get(i);
        assetIds[i] = userAssetLink.getId().getAssetId();
        if (!userAssetLink.getId().getRealm().equals(realm) || !userAssetLink.getId().getUserId().equals(userId)) {
            throw new BadRequestException("All user asset links must be for the same user");
        }
    });
    if (!isSuperUser() && !realm.equals(getAuthenticatedRealm())) {
        throw new WebApplicationException(FORBIDDEN);
    }
    if (!identityService.getIdentityProvider().isUserInTenant(userId, realm)) {
        throw new WebApplicationException(FORBIDDEN);
    }
    List<Asset<?>> assets = assetStorageService.findAll(new AssetQuery().select(new AssetQuery.Select().excludeAttributes()).tenant(new TenantPredicate(realm)).ids(assetIds));
    if (assets.size() != userAssetLinks.size()) {
        throw new BadRequestException("One or more asset IDs are invalid");
    }
    try {
        assetStorageService.storeUserAssetLinks(userAssetLinks);
    } catch (Exception e) {
        throw new WebApplicationException(BAD_REQUEST);
    }
}

Example 2 with TenantPredicate

use of org.openremote.model.query.filter.TenantPredicate in project openremote by openremote.

the class AssetResourceImpl method getCurrentUserAssets.

@Override
public Asset<?>[] getCurrentUserAssets(RequestParams requestParams) {
    try {
        if (isSuperUser()) {
            return new Asset<?>[0];
        }
        AssetQuery assetQuery = new AssetQuery();
        if (!isRestrictedUser()) {
            assetQuery.tenant(new TenantPredicate(getAuthenticatedRealm())).recursive(true);
        } else {
            assetQuery.userIds(getUserId());
        }
        List<Asset<?>> assets = assetStorageService.findAll(assetQuery);
        // Compress response (the request attribute enables the interceptor)
        request.setAttribute(HttpHeaders.CONTENT_ENCODING, "gzip");
        return assets.toArray(new Asset[0]);
    } catch (IllegalStateException ex) {
        throw new WebApplicationException(ex, BAD_REQUEST);
    }
}

Example 3 with TenantPredicate

use of org.openremote.model.query.filter.TenantPredicate in project openremote by openremote.

the class UserResourceImpl method query.

@Override
public User[] query(RequestParams requestParams, UserQuery query) {
    AuthContext authContext = getAuthContext();
    boolean isAdmin = authContext.hasResourceRole(ClientRole.READ_ADMIN.getValue(), authContext.getClientId());
    boolean isRestricted = !isAdmin && authContext.hasResourceRole(ClientRole.READ_USERS.getValue(), authContext.getClientId());
    if (!isAdmin && !isRestricted) {
        throw new ForbiddenException("Insufficient permissions to read users");
    }
    if (query == null) {
        query = new UserQuery();
    }
    if (isRestricted) {
        if (query.select == null) {
            query.select = new UserQuery.Select();
        }
        query.select.basic(true);
    }
    if (!authContext.isSuperUser()) {
        // Force realm to match users
        query.tenant(new TenantPredicate(authContext.getAuthenticatedRealm()));
        // Hide system service accounts from non super users
        if (query.select == null) {
            query.select = new UserQuery.Select();
        }
        query.select.excludeSystemUsers = true;
    }
    try {
        return identityService.getIdentityProvider().queryUsers(query);
    } catch (ClientErrorException ex) {
        throw new WebApplicationException(ex.getCause(), ex.getResponse().getStatus());
    } catch (Exception ex) {
        throw new WebApplicationException(ex);
    }
}

Example 4 with TenantPredicate

use of org.openremote.model.query.filter.TenantPredicate in project openremote by openremote.

the class GatewayClientService method onCentralManagerMessage.

protected void onCentralManagerMessage(GatewayConnection connection, String message) {
    String messageId = null;
    SharedEvent event = null;
    if (message.startsWith(EventRequestResponseWrapper.MESSAGE_PREFIX)) {
        EventRequestResponseWrapper<?> wrapper = messageFromString(message, EventRequestResponseWrapper.MESSAGE_PREFIX, EventRequestResponseWrapper.class);
        messageId = wrapper.getMessageId();
        event = wrapper.getEvent();
    }
    if (message.startsWith(SharedEvent.MESSAGE_PREFIX)) {
        event = messageFromString(message, SharedEvent.MESSAGE_PREFIX, SharedEvent.class);
    }
    if (event != null) {
        if (event instanceof GatewayDisconnectEvent) {
            if (((GatewayDisconnectEvent) event).getReason() == GatewayDisconnectEvent.Reason.PERMANENT_ERROR) {
                LOG.info("Central manager requested disconnect due to permanent error (likely this version of the edge gateway software is not compatible with that manager version)");
                destroyGatewayClient(connection, clientRealmMap.get(connection.getLocalRealm()));
                clientRealmMap.put(connection.getLocalRealm(), null);
            }
        } else if (event instanceof AttributeEvent) {
            assetProcessingService.sendAttributeEvent((AttributeEvent) event, AttributeEvent.Source.INTERNAL);
        } else if (event instanceof AssetEvent) {
            AssetEvent assetEvent = (AssetEvent) event;
            if (assetEvent.getCause() == AssetEvent.Cause.CREATE || assetEvent.getCause() == AssetEvent.Cause.UPDATE) {
                Asset asset = assetEvent.getAsset();
                asset.setRealm(connection.getLocalRealm());
                LOG.finer("Request from central manager to create/update an asset: Realm=" + connection.getLocalRealm() + ", Asset<?> ID=" + asset.getId());
                try {
                    asset = assetStorageService.merge(asset, true);
                } catch (Exception e) {
                    LOG.log(Level.INFO, "Request from central manager to create/update an asset failed: Realm=" + connection.getLocalRealm() + ", Asset<?> ID=" + asset.getId(), e);
                }
            }
        } else if (event instanceof DeleteAssetsRequestEvent) {
            DeleteAssetsRequestEvent deleteRequest = (DeleteAssetsRequestEvent) event;
            LOG.finer("Request from central manager to delete asset(s): Realm=" + connection.getLocalRealm() + ", Asset<?> IDs=" + Arrays.toString(deleteRequest.getAssetIds().toArray()));
            boolean success = false;
            try {
                success = assetStorageService.delete(deleteRequest.getAssetIds());
            } catch (Exception e) {
                LOG.log(Level.INFO, "Request from central manager to create/update an asset failed: Realm=" + connection.getLocalRealm() + ", Asset<?> IDs=" + Arrays.toString(deleteRequest.getAssetIds().toArray()), e);
            } finally {
                sendCentralManagerMessage(connection.getLocalRealm(), messageToString(EventRequestResponseWrapper.MESSAGE_PREFIX, new EventRequestResponseWrapper<>(messageId, new DeleteAssetsResponseEvent(success, deleteRequest.getAssetIds()))));
            }
        } else if (event instanceof ReadAssetsEvent) {
            ReadAssetsEvent readAssets = (ReadAssetsEvent) event;
            AssetQuery query = readAssets.getAssetQuery();
            // Force realm to be the one that this client is associated with
            query.tenant(new TenantPredicate(connection.getLocalRealm()));
            List<Asset<?>> assets = assetStorageService.findAll(readAssets.getAssetQuery());
            sendCentralManagerMessage(connection.getLocalRealm(), messageToString(EventRequestResponseWrapper.MESSAGE_PREFIX, new EventRequestResponseWrapper<>(messageId, new AssetsEvent(assets))));
        }
    }
}

Example 5 with TenantPredicate

use of org.openremote.model.query.filter.TenantPredicate in project openremote by openremote.

the class AssetsFacade method getResults.

@Override
public Stream<Asset<?>> getResults(AssetQuery assetQuery) {
    if (TenantRuleset.class.isAssignableFrom(rulesEngineId.getScope())) {
        // Realm is restricted to rules
        assetQuery.tenant = new TenantPredicate(rulesEngineId.getRealm().orElseThrow(() -> new IllegalArgumentException("Realm missing: " + rulesEngineId)));
    } else if (AssetRuleset.class.isAssignableFrom(rulesEngineId.getScope())) {
        // Realm is restricted to assets'
        assetQuery.tenant = new TenantPredicate(rulesEngineId.getRealm().orElseThrow(() -> new IllegalArgumentException("Realm missing: " + rulesEngineId)));
        Asset<?> restrictedAsset = assetStorageService.find(rulesEngineId.getAssetId().orElseThrow(() -> new IllegalStateException("Asset ID missing: " + rulesEngineId)), true);
        if (restrictedAsset == null) {
            throw new IllegalStateException("Asset is no longer available: " + rulesEngineId);
        }
        assetQuery.paths(new PathPredicate(restrictedAsset.getPath()));
    }
    AssetQuery.Select oldValue = assetQuery.select;
    assetQuery.select = new AssetQuery.Select().excludeAttributes();
    try {
        return assetStorageService.findAll(assetQuery).stream();
    } finally {
        assetQuery.select = oldValue;
    }
}