use of org.openremote.model.security.Tenant in project openremote by openremote.
the class AssetBrowserPresenter method loadTenants.
protected void loadTenants(HasData<BrowserTreeNode> display) {
environment.getApp().getRequests().sendAndReturn(tenantArrayMapper, tenantResource::getAll, 200, tenants -> {
tenantNodes.clear();
for (Tenant tenant : tenants) {
tenantNodes.add(new TenantTreeNode(tenant));
}
display.setRowData(0, tenantNodes);
display.setRowCount(tenantNodes.size(), true);
afterNodeLoadChildren(tenantNodes);
});
}
use of org.openremote.model.security.Tenant in project openremote by openremote.
the class AgentResourceImpl method getParentAssetAndRealmId.
/**
* Parent takes priority over realm ID (only super user can add to other realms)
*/
protected Pair<Asset, String> getParentAssetAndRealmId(String parentId, String realmId) {
if (isRestrictedUser()) {
throw new ForbiddenException("User is restricted");
}
// Assets must be added in the same realm as the user (unless super user)
Asset parentAsset = isNullOrEmpty(parentId) ? null : assetStorageService.find(parentId);
if (parentAsset == null && !isNullOrEmpty(parentId)) {
// Either invalid asset or user doesn't have access to it
LOG.info("User is trying to import with an invalid or inaccessible parent");
throw new BadRequestException("Parent either doesn't exist or is not accessible");
}
Tenant tenant = parentAsset != null ? identityService.getIdentityProvider().getTenantForRealmId(parentAsset.getRealmId()) : !isNullOrEmpty(realmId) ? identityService.getIdentityProvider().getTenantForRealmId(realmId) : getAuthenticatedTenant();
if (!isTenantActiveAndAccessible(tenant)) {
String msg = "The requested parent asset or realm is inaccessible";
LOG.fine(msg);
throw new ForbiddenException(msg);
}
return new Pair<>(parentAsset, tenant.getId());
}
use of org.openremote.model.security.Tenant in project openremote by openremote.
the class AssetResourceImpl method getUserAssetLinks.
@Override
public UserAsset[] getUserAssetLinks(RequestParams requestParams, String realmId, String userId, String assetId) {
try {
if (realmId == null)
throw new WebApplicationException(BAD_REQUEST);
Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(realmId);
if (tenant == null)
throw new WebApplicationException(NOT_FOUND);
if (!isSuperUser() && (isRestrictedUser() && !getAuthenticatedTenant().getId().equals(tenant.getId())))
throw new WebApplicationException(FORBIDDEN);
if (userId != null && !identityService.getIdentityProvider().isUserInTenant(userId, realmId))
throw new WebApplicationException(BAD_REQUEST);
UserAsset[] result = assetStorageService.findUserAssets(realmId, userId, assetId).toArray(new UserAsset[0]);
// Compress response (the request attribute enables the interceptor)
request.setAttribute(HttpHeaders.CONTENT_ENCODING, "gzip");
return result;
} catch (IllegalStateException ex) {
throw new WebApplicationException(ex, BAD_REQUEST);
}
}
use of org.openremote.model.security.Tenant in project openremote by openremote.
the class RulesetResourceImpl method getTenantRuleset.
@Override
public TenantRuleset getTenantRuleset(@BeanParam RequestParams requestParams, Long id) {
TenantRuleset ruleset = rulesetStorageService.findById(TenantRuleset.class, id);
if (ruleset == null) {
throw new WebApplicationException(NOT_FOUND);
}
Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(ruleset.getRealmId());
if (tenant == null) {
throw new WebApplicationException(BAD_REQUEST);
}
if (!isTenantActiveAndAccessible(tenant) || isRestrictedUser()) {
LOG.fine("Forbidden access for user '" + getUsername() + "': " + tenant);
throw new WebApplicationException(Response.Status.FORBIDDEN);
}
return ruleset;
}
use of org.openremote.model.security.Tenant in project openremote by openremote.
the class RulesetResourceImpl method updateTenantRuleset.
@Override
public void updateTenantRuleset(@BeanParam RequestParams requestParams, Long id, TenantRuleset ruleset) {
TenantRuleset existingRuleset = rulesetStorageService.findById(TenantRuleset.class, id);
if (existingRuleset == null) {
throw new WebApplicationException(NOT_FOUND);
}
Tenant tenant = identityService.getIdentityProvider().getTenantForRealmId(existingRuleset.getRealmId());
if (tenant == null) {
throw new WebApplicationException(BAD_REQUEST);
}
if (!isTenantActiveAndAccessible(tenant) || isRestrictedUser()) {
LOG.fine("Forbidden access for user '" + getUsername() + "': " + tenant);
throw new WebApplicationException(Response.Status.FORBIDDEN);
}
if (!id.equals(ruleset.getId())) {
throw new WebApplicationException("Requested ID and ruleset ID don't match", BAD_REQUEST);
}
if (!existingRuleset.getRealmId().equals(ruleset.getRealmId())) {
throw new WebApplicationException("Requested realm and existing ruleset realm must match", BAD_REQUEST);
}
rulesetStorageService.merge(ruleset);
}
Aggregations