protected LogContext(User user, Account account, String logContextId) { this.user = user; userId = user.getId(); this.account = account; accountId = account.getId(); this.logContextId = logContextId; }
@Override public long getAccountId() { return _caller.getAccountId(); }
@Override public String getEventDescription() { User user = _responseGenerator.findUserById(getId()); return (user != null ? ("deleting User " + user.getUsername() + " (id: " + user.getId() + ") and accountId = " + user.getAccountId()) : "user delete, but this user does not exist in the system"); }
@Override public boolean checkAccess(User user, Domain domain) throws PermissionDeniedException { if (user.getRemoved() != null) { throw new PermissionDeniedException(user + " is no longer active."); } Account account = _accountDao.findById(user.getAccountId()); return checkAccess(account, domain); }
public boolean verifyUser(Long userId) { // copy from ApiServer.java, a bit ugly here User user = _accountMgr.getUserIncludingRemoved(userId); Account account = null; if (user != null) { account = _accountMgr.getAccount(user.getAccountId()); } if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.enabled) || (account == null) || !account.getState().equals(Account.State.enabled)) { s_logger.warn("Deleted/Disabled/Locked user with id=" + userId + " attempting to access public API"); return false; } return true; }
if (user == null || user.getRemoved() != null) { throw new InvalidParameterValueException("Unable to find user by id"); Account account = _accountDao.findById(user.getAccountId()); if (account == null) { throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); if (user.getState().equals(State.locked)) { } else if (user.getState().equals(State.enabled)) { success = doSetUserStatus(user.getId(), State.locked); List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId()); for (UserVO oneUser : allUsersByAccount) { if (oneUser.getState().equals(State.enabled)) { success = (success && lockAccount(user.getAccountId())); s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + user.getId() + "), locking failed."); CallContext.current().putContextParameter(User.class, user.getUuid());
@Override public boolean checkAccess(User user, String commandName) throws PermissionDeniedException { if (isDisabled()) { return true; } Account account = accountService.getAccount(user.getAccountId()); if (account == null) { throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); } RoleType roleType = accountService.getRoleType(account); boolean isAllowed = commandsPropertiesOverrides.contains(commandName) ? commandsPropertiesRoleBasedApisMap.get(roleType).contains(commandName) : annotationRoleBasedApisMap.get( roleType).contains(commandName); if (isAllowed) { return true; } if (commandNames.contains(commandName)) { throw new PermissionDeniedException("The API is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } else { throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account."); } }
Account account = userAcctPair.second(); if (!user.getState().equals(Account.State.enabled) || !account.getState().equals(Account.State.enabled)) { s_logger.debug("disabled or locked user accessing the api, userid = " + user.getId() + "; name = " + user.getUsername() + "; state: " + user.getState() + "; accountState: " + account.getState()); return false; secretKey = user.getSecretKey(); if (secretKey == null) { s_logger.debug("User does not have a secret key associated with the account -- ignoring request, username: " + user.getUsername()); return false; requestParameters.put("userid", new Object[] {String.valueOf(user.getId())}); requestParameters.put("account", new Object[] {account.getAccountName()}); requestParameters.put("accountobj", new Object[] {account});
final User user = _userDao.findByUuid(userUuid); final Domain domain = _domainDao.findByUuid(domainUuid); final UserAccount nextUserAccount = _accountService.getUserAccountById(user.getId()); if (nextUserAccount != null && !nextUserAccount.getAccountState().equals(Account.State.enabled.toString())) { throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.PARAM_ERROR.getHttpCode(), Domain domain = _domainService.getDomain(userAccount.getDomainId()); SamlUserAccountResponse accountResponse = new SamlUserAccountResponse(); accountResponse.setUserId(user.getUuid()); accountResponse.setUserName(user.getUsername()); accountResponse.setDomainId(domain.getUuid()); accountResponse.setDomainName(domain.getName()); accountResponse.setDomainPath(domain.getPath()); accountResponse.setAccountName(userAccount.getAccountName()); accountResponse.setIdpId(user.getExternalEntity()); accountResponses.add(accountResponse);
Account jobOwner = accountMgr.getAccount(userJobOwner.getAccountId()); eventDescription.put("user", userJobOwner.getUuid()); eventDescription.put("account", jobOwner.getUuid()); eventDescription.put("processStatus", "" + job.getProcessStatus()); eventDescription.put("username", userJobOwner.getUsername()); eventDescription.put("accountname", jobOwner.getAccountName()); eventDescription.put("domainname", domain.getName());
if (user.getAccountId() != vmProfile.getAccountId()) { throw new InvalidParameterValueException("AutoScale User id does not belong to the same account"); String apiKey = user.getApiKey(); String secretKey = user.getSecretKey(); String csUrl = ApiServiceConfiguration.ApiServletPath.value(); throw new InvalidParameterValueException("apiKey for user: " + user.getUsername() + " is empty. Please generate it"); throw new InvalidParameterValueException("secretKey for user: " + user.getUsername() + " is empty. Please generate it");
if (user == null || user.getRemoved() != null) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); Account account = _accountDao.findById(user.getAccountId()); if (account == null) { throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); if (success) { CallContext.current().putContextParameter(User.class, user.getUuid());
if (user == null || user.getRemoved() != null) { final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find active user of specified id"); ex.addProxyObject(String.valueOf(userId), "userId"); _accountMgr.checkAccess(caller, null, true, _accountMgr.getAccount(user.getAccountId())); final String secretKey = user.getSecretKey(); final String input = cloudIdentifier; signature = signRequest(input, secretKey);
callingUser.getUuid(), callingUser.getUsername(), callingAccount.getUuid(), callingAccount.getAccountName())); return;
Long autoscaleUserId = autoScaleVmProfile.getAutoScaleUserId(); User user = _userDao.findByIdIncludingRemoved(autoscaleUserId); String apiKey = user.getApiKey(); String secretKey = user.getSecretKey(); String csUrl = ApiServiceConfiguration.ApiServletPath.value(); String zoneId = _dcDao.findById(autoScaleVmProfile.getZoneId()).getUuid(); throw new InvalidParameterValueException("apiKey for user: " + user.getUsername() + " is empty. Please generate it"); throw new InvalidParameterValueException("secretKey for user: " + user.getUsername() + " is empty. Please generate it");
public String getCallingUserUuid() { return getCallingUser().getUuid(); }
@Override public void execute() { List<UserVO> users = new ArrayList<UserVO>(); if (getUserId() != null) { UserVO user = _userDao.getUser(getUserId()); if (user != null) { Account account = _accountService.getAccount(user.getAccountId()); _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.ListEntry, true, account); users.add(user); } } else if (CallContext.current().getCallingAccount().getType() == Account.ACCOUNT_TYPE_ADMIN) { users = _userDao.listAll(); } ListResponse<SamlAuthorizationResponse> response = new ListResponse<SamlAuthorizationResponse>(); List<SamlAuthorizationResponse> authorizationResponses = new ArrayList<SamlAuthorizationResponse>(); for (User user: users) { SamlAuthorizationResponse authorizationResponse = new SamlAuthorizationResponse(user.getUuid(), user.getSource().equals(User.Source.SAML2), user.getExternalEntity()); authorizationResponse.setObjectName("samlauthorization"); authorizationResponses.add(authorizationResponse); } response.setResponses(authorizationResponses); response.setResponseName(getCommandName()); setResponseObject(response); } }
User creditorUser = _userDao.getUser(updatedBy); if (creditorUser != null) { creditor = creditorUser.getUsername();
@Override public Map<String, String> getKeys(GetUserKeysCmd cmd) { final long userId = cmd.getID(); User user = getActiveUser(userId); if (user == null) { throw new InvalidParameterValueException("Unable to find user by id"); } final ControlledEntity account = getAccount(getUserAccountById(userId).getAccountId()); //Extracting the Account from the userID of the requested user. checkAccess(CallContext.current().getCallingUser(), account); Map<String, String> keys = new HashMap<String, String>(); keys.put("apikey", user.getApiKey()); keys.put("secretkey", user.getSecretKey()); return keys; }
@Override public boolean destroy(final Network config, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { final List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); if (routers == null || routers.isEmpty()) { return true; } boolean result = true; // NOTE that we need to pass caller account to destroyRouter, otherwise // it will fail permission check there. Context passed in from // deleteNetwork is the network account, // not caller account final Account callerAccount = _accountMgr.getAccount(context.getCaller().getAccountId()); for (final DomainRouterVO router : routers) { result = result && _routerMgr.destroyRouter(router.getId(), callerAccount, context.getCaller().getId()) != null; } return result; }