Examples with Tenant org.openremote.model.security.Tenant used on opensource projects

Example 11 with Tenant

use of org.openremote.model.security.Tenant in project openremote by openremote.

the class AssetBrowserPresenter method loadTenants.

protected void loadTenants(HasData<BrowserTreeNode> display) {
    environment.getApp().getRequests().sendAndReturn(tenantArrayMapper, tenantResource::getAll, 200, tenants -> {
        tenantNodes.clear();
        for (Tenant tenant : tenants) {
            tenantNodes.add(new TenantTreeNode(tenant));
        }
        display.setRowData(0, tenantNodes);
        display.setRowCount(tenantNodes.size(), true);
        afterNodeLoadChildren(tenantNodes);
    });
}

Example 12 with Tenant

use of org.openremote.model.security.Tenant in project openremote by openremote.

the class AgentResourceImpl method getParentAssetAndRealmId.

/**
 * Parent takes priority over realm ID (only super user can add to other realms)
 */
protected Pair<Asset, String> getParentAssetAndRealmId(String parentId, String realmId) {
    if (isRestrictedUser()) {
        throw new ForbiddenException("User is restricted");
    }
    // Assets must be added in the same realm as the user (unless super user)
    Asset parentAsset = isNullOrEmpty(parentId) ? null : assetStorageService.find(parentId);
    if (parentAsset == null && !isNullOrEmpty(parentId)) {
        // Either invalid asset or user doesn't have access to it
        LOG.info("User is trying to import with an invalid or inaccessible parent");
        throw new BadRequestException("Parent either doesn't exist or is not accessible");
    }
    Tenant tenant = parentAsset != null ? identityService.getIdentityProvider().getTenantForRealmId(parentAsset.getRealmId()) : !isNullOrEmpty(realmId) ? identityService.getIdentityProvider().getTenantForRealmId(realmId) : getAuthenticatedTenant();
    if (!isTenantActiveAndAccessible(tenant)) {
        String msg = "The requested parent asset or realm is inaccessible";
        LOG.fine(msg);
        throw new ForbiddenException(msg);
    }
    return new Pair<>(parentAsset, tenant.getId());
}

Example 13 with Tenant

use of org.openremote.model.security.Tenant in project openremote by openremote.

the class AssetResourceImpl method getUserAssetLinks.

@Override
public UserAsset[] getUserAssetLinks(RequestParams requestParams, String realmId, String userId, String assetId) {
    try {
        if (realmId == null)
            throw new WebApplicationException(BAD_REQUEST);
        Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(realmId);
        if (tenant == null)
            throw new WebApplicationException(NOT_FOUND);
        if (!isSuperUser() && (isRestrictedUser() && !getAuthenticatedTenant().getId().equals(tenant.getId())))
            throw new WebApplicationException(FORBIDDEN);
        if (userId != null && !identityService.getIdentityProvider().isUserInTenant(userId, realmId))
            throw new WebApplicationException(BAD_REQUEST);
        UserAsset[] result = assetStorageService.findUserAssets(realmId, userId, assetId).toArray(new UserAsset[0]);
        // Compress response (the request attribute enables the interceptor)
        request.setAttribute(HttpHeaders.CONTENT_ENCODING, "gzip");
        return result;
    } catch (IllegalStateException ex) {
        throw new WebApplicationException(ex, BAD_REQUEST);
    }
}

Example 14 with Tenant

use of org.openremote.model.security.Tenant in project openremote by openremote.

the class RulesetResourceImpl method getTenantRuleset.

@Override
public TenantRuleset getTenantRuleset(@BeanParam RequestParams requestParams, Long id) {
    TenantRuleset ruleset = rulesetStorageService.findById(TenantRuleset.class, id);
    if (ruleset == null) {
        throw new WebApplicationException(NOT_FOUND);
    }
    Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(ruleset.getRealmId());
    if (tenant == null) {
        throw new WebApplicationException(BAD_REQUEST);
    }
    if (!isTenantActiveAndAccessible(tenant) || isRestrictedUser()) {
        LOG.fine("Forbidden access for user '" + getUsername() + "': " + tenant);
        throw new WebApplicationException(Response.Status.FORBIDDEN);
    }
    return ruleset;
}

Example 15 with Tenant

use of org.openremote.model.security.Tenant in project openremote by openremote.

the class RulesetResourceImpl method updateTenantRuleset.

@Override
public void updateTenantRuleset(@BeanParam RequestParams requestParams, Long id, TenantRuleset ruleset) {
    TenantRuleset existingRuleset = rulesetStorageService.findById(TenantRuleset.class, id);
    if (existingRuleset == null) {
        throw new WebApplicationException(NOT_FOUND);
    }
    Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(existingRuleset.getRealmId());
    if (tenant == null) {
        throw new WebApplicationException(BAD_REQUEST);
    }
    if (!isTenantActiveAndAccessible(tenant) || isRestrictedUser()) {
        LOG.fine("Forbidden access for user '" + getUsername() + "': " + tenant);
        throw new WebApplicationException(Response.Status.FORBIDDEN);
    }
    if (!id.equals(ruleset.getId())) {
        throw new WebApplicationException("Requested ID and ruleset ID don't match", BAD_REQUEST);
    }
    if (!existingRuleset.getRealmId().equals(ruleset.getRealmId())) {
        throw new WebApplicationException("Requested realm and existing ruleset realm must match", BAD_REQUEST);
    }
    rulesetStorageService.merge(ruleset);
}