Examples with SecurityUser org.thingsboard.server.service.security.model.SecurityUser used on opensource projects

Search in sources :

Example 16 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class UserController method saveUser.

@PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/user", method = RequestMethod.POST)
@ResponseBody
public User saveUser(@RequestBody User user, @RequestParam(required = false, defaultValue = "true") boolean sendActivationMail, HttpServletRequest request) throws ThingsboardException {
    try {
        SecurityUser authUser = getCurrentUser();
        if (authUser.getAuthority() == Authority.CUSTOMER_USER && !authUser.getId().equals(user.getId())) {
            throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
        }
        boolean sendEmail = user.getId() == null && sendActivationMail;
        if (getCurrentUser().getAuthority() == Authority.TENANT_ADMIN) {
            user.setTenantId(getCurrentUser().getTenantId());
        }
        User savedUser = checkNotNull(userService.saveUser(user));
        if (sendEmail) {
            UserCredentials userCredentials = userService.findUserCredentialsByUserId(savedUser.getId());
            String baseUrl = constructBaseUrl(request);
            String activateUrl = String.format(ACTIVATE_URL_PATTERN, baseUrl, userCredentials.getActivateToken());
            String email = savedUser.getEmail();
            try {
                mailService.sendActivationEmail(activateUrl, email);
            } catch (ThingsboardException e) {
                userService.deleteUser(savedUser.getId());
                throw e;
            }
        }
        logEntityAction(savedUser.getId(), savedUser, savedUser.getCustomerId(), user.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null);
        return savedUser;
    } catch (Exception e) {
        logEntityAction(emptyId(EntityType.USER), user, null, user.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e);
        throw handleException(e);
    }
}
Also used : SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) User(org.thingsboard.server.common.data.User) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) UserCredentials(org.thingsboard.server.common.data.security.UserCredentials) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 17 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class UserController method getUserById.

@PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/user/{userId}", method = RequestMethod.GET)
@ResponseBody
public User getUserById(@PathVariable(USER_ID) String strUserId) throws ThingsboardException {
    checkParameter(USER_ID, strUserId);
    try {
        UserId userId = new UserId(toUUID(strUserId));
        SecurityUser authUser = getCurrentUser();
        if (authUser.getAuthority() == Authority.CUSTOMER_USER && !authUser.getId().equals(userId)) {
            throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
        }
        return checkUserId(userId);
    } catch (Exception e) {
        throw handleException(e);
    }
}
Also used : SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) UserId(org.thingsboard.server.common.data.id.UserId) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 18 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class DeviceController method getDevicesByIds.

@PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/devices", params = { "deviceIds" }, method = RequestMethod.GET)
@ResponseBody
public List<Device> getDevicesByIds(@RequestParam("deviceIds") String[] strDeviceIds) throws ThingsboardException {
    checkArrayParameter("deviceIds", strDeviceIds);
    try {
        SecurityUser user = getCurrentUser();
        TenantId tenantId = user.getTenantId();
        CustomerId customerId = user.getCustomerId();
        List<DeviceId> deviceIds = new ArrayList<>();
        for (String strDeviceId : strDeviceIds) {
            deviceIds.add(new DeviceId(toUUID(strDeviceId)));
        }
        ListenableFuture<List<Device>> devices;
        if (customerId == null || customerId.isNullUid()) {
            devices = deviceService.findDevicesByTenantIdAndIdsAsync(tenantId, deviceIds);
        } else {
            devices = deviceService.findDevicesByTenantIdCustomerIdAndIdsAsync(tenantId, customerId, deviceIds);
        }
        return checkNotNull(devices.get());
    } catch (Exception e) {
        throw handleException(e);
    }
}
Also used : TenantId(org.thingsboard.server.common.data.id.TenantId) SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) DeviceId(org.thingsboard.server.common.data.id.DeviceId) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) CustomerId(org.thingsboard.server.common.data.id.CustomerId) IncorrectParameterException(org.thingsboard.server.dao.exception.IncorrectParameterException) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 19 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class UserController method getActivationLink.

@PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
@RequestMapping(value = "/user/{userId}/activationLink", method = RequestMethod.GET, produces = "text/plain")
@ResponseBody
public String getActivationLink(@PathVariable(USER_ID) String strUserId, HttpServletRequest request) throws ThingsboardException {
    checkParameter(USER_ID, strUserId);
    try {
        UserId userId = new UserId(toUUID(strUserId));
        SecurityUser authUser = getCurrentUser();
        if (authUser.getAuthority() == Authority.CUSTOMER_USER && !authUser.getId().equals(userId)) {
            throw new ThingsboardException(YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED);
        }
        User user = checkUserId(userId);
        UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getId());
        if (!userCredentials.isEnabled()) {
            String baseUrl = constructBaseUrl(request);
            String activateUrl = String.format(ACTIVATE_URL_PATTERN, baseUrl, userCredentials.getActivateToken());
            return activateUrl;
        } else {
            throw new ThingsboardException("User is already active!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        }
    } catch (Exception e) {
        throw handleException(e);
    }
}
Also used : SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) User(org.thingsboard.server.common.data.User) UserId(org.thingsboard.server.common.data.id.UserId) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) UserCredentials(org.thingsboard.server.common.data.security.UserCredentials) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 20 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class AssetController method getAssetsByIds.

@PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/assets", params = { "assetIds" }, method = RequestMethod.GET)
@ResponseBody
public List<Asset> getAssetsByIds(@RequestParam("assetIds") String[] strAssetIds) throws ThingsboardException {
    checkArrayParameter("assetIds", strAssetIds);
    try {
        SecurityUser user = getCurrentUser();
        TenantId tenantId = user.getTenantId();
        CustomerId customerId = user.getCustomerId();
        List<AssetId> assetIds = new ArrayList<>();
        for (String strAssetId : strAssetIds) {
            assetIds.add(new AssetId(toUUID(strAssetId)));
        }
        ListenableFuture<List<Asset>> assets;
        if (customerId == null || customerId.isNullUid()) {
            assets = assetService.findAssetsByTenantIdAndIdsAsync(tenantId, assetIds);
        } else {
            assets = assetService.findAssetsByTenantIdCustomerIdAndIdsAsync(tenantId, customerId, assetIds);
        }
        return checkNotNull(assets.get());
    } catch (Exception e) {
        throw handleException(e);
    }
}
Also used : TenantId(org.thingsboard.server.common.data.id.TenantId) SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) CustomerId(org.thingsboard.server.common.data.id.CustomerId) AssetId(org.thingsboard.server.common.data.id.AssetId) ThingsboardException(org.thingsboard.server.exception.ThingsboardException) IncorrectParameterException(org.thingsboard.server.dao.exception.IncorrectParameterException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Aggregations

SecurityUser (org.thingsboard.server.service.security.model.SecurityUser)25 ThingsboardException (org.thingsboard.server.exception.ThingsboardException)15 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)8 User (org.thingsboard.server.common.data.User)8 UserId (org.thingsboard.server.common.data.id.UserId)7 UserCredentials (org.thingsboard.server.common.data.security.UserCredentials)7 UserPrincipal (org.thingsboard.server.service.security.model.UserPrincipal)7 CustomerId (org.thingsboard.server.common.data.id.CustomerId)6 TenantId (org.thingsboard.server.common.data.id.TenantId)6 IncorrectParameterException (org.thingsboard.server.dao.exception.IncorrectParameterException)5 ArrayList (java.util.ArrayList)4 List (java.util.List)4 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)4 URISyntaxException (java.net.URISyntaxException)3 JwtToken (org.thingsboard.server.service.security.model.token.JwtToken)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)2 Claims (io.jsonwebtoken.Claims)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 Customer (org.thingsboard.server.common.data.Customer)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial