Example 11 with SecurityUser
use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.
the class BaseController method checkDashboard.
private void checkDashboard(DashboardInfo dashboard) throws ThingsboardException {
checkNotNull(dashboard);
checkTenantId(dashboard.getTenantId());
SecurityUser authUser = getCurrentUser();
if (authUser.getAuthority() == Authority.CUSTOMER_USER) {
if (!dashboard.isAssignedToCustomer(authUser.getCustomerId())) {
throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
}
}
}
Also used :
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
ThingsboardException(org.thingsboard.server.exception.ThingsboardException)
Example 12 with SecurityUser
use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.
the class BaseController method checkRule.
protected RuleMetaData checkRule(RuleMetaData rule) throws ThingsboardException {
checkNotNull(rule);
SecurityUser authUser = getCurrentUser();
TenantId tenantId = rule.getTenantId();
validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
if (authUser.getAuthority() != Authority.SYS_ADMIN) {
if (authUser.getTenantId() == null || !tenantId.getId().equals(ModelConstants.NULL_UUID) && !authUser.getTenantId().equals(tenantId)) {
throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
}
}
return rule;
}
Also used :
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
ThingsboardException(org.thingsboard.server.exception.ThingsboardException)
Example 13 with SecurityUser
use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.
the class BaseController method checkPlugin.
protected PluginMetaData checkPlugin(PluginMetaData plugin) throws ThingsboardException {
checkNotNull(plugin);
SecurityUser authUser = getCurrentUser();
TenantId tenantId = plugin.getTenantId();
validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
if (authUser.getAuthority() != Authority.SYS_ADMIN) {
if (authUser.getTenantId() == null || !tenantId.getId().equals(ModelConstants.NULL_UUID) && !authUser.getTenantId().equals(tenantId)) {
throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
} else if (tenantId.getId().equals(ModelConstants.NULL_UUID)) {
plugin.setConfiguration(null);
}
}
return plugin;
}
Also used :
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
ThingsboardException(org.thingsboard.server.exception.ThingsboardException)
Example 14 with SecurityUser
use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.
the class DeviceController method getDeviceTypes.
@PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/device/types", method = RequestMethod.GET)
@ResponseBody
public List<EntitySubtype> getDeviceTypes() throws ThingsboardException {
try {
SecurityUser user = getCurrentUser();
TenantId tenantId = user.getTenantId();
ListenableFuture<List<EntitySubtype>> deviceTypes = deviceService.findDeviceTypesByTenantId(tenantId);
return checkNotNull(deviceTypes.get());
} catch (Exception e) {
throw handleException(e);
}
}
Also used :
TenantId(org.thingsboard.server.common.data.id.TenantId)
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
ArrayList(java.util.ArrayList)
List(java.util.List)
IncorrectParameterException(org.thingsboard.server.dao.exception.IncorrectParameterException)
ThingsboardException(org.thingsboard.server.exception.ThingsboardException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Example 15 with SecurityUser
use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.
the class PluginWebSocketHandler method toRef.
private PluginWebsocketSessionRef toRef(WebSocketSession session) throws IOException {
URI sessionUri = session.getUri();
String path = sessionUri.getPath();
path = path.substring(WebSocketConfiguration.WS_PLUGIN_PREFIX.length());
if (path.length() == 0) {
throw new IllegalArgumentException("URL should contain plugin token!");
}
String[] pathElements = path.split("/");
String pluginToken = pathElements[0];
// TODO: cache
PluginMetaData pluginMd = pluginService.findPluginByApiToken(pluginToken);
if (pluginMd == null) {
throw new InvalidParameterException("Can't find plugin with specified token!");
} else {
SecurityUser currentUser = (SecurityUser) session.getAttributes().get(WebSocketConfiguration.WS_SECURITY_USER_ATTRIBUTE);
TenantId tenantId = currentUser.getTenantId();
CustomerId customerId = currentUser.getCustomerId();
if (PluginApiController.validatePluginAccess(pluginMd, tenantId, customerId)) {
UserId userId = currentUser.getId();
String userName = currentUser.getName();
PluginApiCallSecurityContext securityCtx = new PluginApiCallSecurityContext(pluginMd.getTenantId(), pluginMd.getId(), tenantId, currentUser.getCustomerId(), userId, userName);
return new BasicPluginWebsocketSessionRef(UUID.randomUUID().toString(), securityCtx, session.getUri(), session.getAttributes(), session.getLocalAddress(), session.getRemoteAddress());
} else {
throw new SecurityException("Current user is not allowed to use this plugin!");
}
}
}
Also used :
BasicPluginWebsocketSessionRef(org.thingsboard.server.extensions.api.plugins.ws.BasicPluginWebsocketSessionRef)
PluginMetaData(org.thingsboard.server.common.data.plugin.PluginMetaData)
CustomerId(org.thingsboard.server.common.data.id.CustomerId)
URI(java.net.URI)
PluginApiCallSecurityContext(org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext)
InvalidParameterException(java.security.InvalidParameterException)
TenantId(org.thingsboard.server.common.data.id.TenantId)
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
UserId(org.thingsboard.server.common.data.id.UserId)
Aggregations
SecurityUser (org.thingsboard.server.service.security.model.SecurityUser)25
ThingsboardException (org.thingsboard.server.exception.ThingsboardException)15
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)8
User (org.thingsboard.server.common.data.User)8
UserId (org.thingsboard.server.common.data.id.UserId)7
UserCredentials (org.thingsboard.server.common.data.security.UserCredentials)7
UserPrincipal (org.thingsboard.server.service.security.model.UserPrincipal)7
CustomerId (org.thingsboard.server.common.data.id.CustomerId)6
TenantId (org.thingsboard.server.common.data.id.TenantId)6
IncorrectParameterException (org.thingsboard.server.dao.exception.IncorrectParameterException)5
ArrayList (java.util.ArrayList)4
List (java.util.List)4
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)4
URISyntaxException (java.net.URISyntaxException)3
JwtToken (org.thingsboard.server.service.security.model.token.JwtToken)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)2
Claims (io.jsonwebtoken.Claims)2
AuthenticationException (org.springframework.security.core.AuthenticationException)2
Customer (org.thingsboard.server.common.data.Customer)2
