if (!user.isEnabled()) { throw new Exception("User is disabled"); String storedApiKey = user.getAPIKeyTokenCode(); user.getUuid(); return user;
public void handleSync(InternalActionContext ac) { db.asyncTx(() -> Single.just(ac.getUser().hasAdminRole())) .subscribe(hasAdminRole -> { if (hasAdminRole) { triggerSync(ac); } else { ac.fail(error(FORBIDDEN, "error_admin_permission_required")); } }, ac::fail); }
protected MeshVertex handleBranchSchema(DataFetchingEnvironment env) { GraphQLContext gc = env.getContext(); Branch branch = env.getSource(); Stream<? extends SchemaContainerVersion> schemas = StreamSupport.stream(branch.findActiveSchemaVersions().spliterator(), false); // We need to handle permissions dedicately since we check the schema container perm and not the schema container version perm. return handleUuidNameArgsNoPerm(env, uuid -> schemas.filter(schema -> { SchemaContainer container = schema.getSchemaContainer(); return container.getUuid().equals(uuid) && gc.getUser().hasPermission(container, READ_PERM); }).findFirst().get(), name -> schemas.filter(schema -> schema.getName().equals(name) && gc.getUser().hasPermission(schema .getSchemaContainer(), READ_PERM)).findFirst().get()); }
/** * Authenticates the user and returns a JWToken if successful. * * @param username * Username * @param password * Password * @param resultHandler * Handler to be invoked with the created JWToken */ public void generateToken(String username, String password, Handler<AsyncResult<String>> resultHandler) { authenticate(username, password, rh -> { if (rh.failed()) { resultHandler.handle(Future.failedFuture(rh.cause())); } else { User user = rh.result().getUser(); String uuid; if (user instanceof MeshAuthUser) { uuid = ((MeshAuthUser) user).getUuid(); } else { uuid = user.principal().getString("uuid"); } JsonObject tokenData = new JsonObject().put(USERID_FIELD_NAME, uuid); resultHandler.handle(Future.succeededFuture(jwtProvider.generateToken(tokenData, new JWTOptions() .setExpiresInSeconds(Mesh.mesh().getOptions().getAuthenticationOptions().getTokenExpirationTime())))); } }); }
log.warn("Did not find given_name property in OAuth2 principle."); } else { user.setFirstname(givenName); log.warn("Did not find family_name property in OAuth2 principle."); } else { user.setLastname(familyName); log.warn("Did not find email property in OAuth2 principle"); } else { user.setEmailAddress(email);
/** * Return an iterator of all elements. Only use this method if you know that the root->item relation only yields a specific kind of item. This also checks * permissions. * * @param ac * The context of the request */ default Stream<? extends T> findAllStream(InternalActionContext ac) { MeshAuthUser user = ac.getUser(); FramedTransactionalGraph graph = Tx.getActive().getGraph(); String idx = "e." + getRootLabel().toLowerCase() + "_out"; Spliterator<Edge> itemEdges = graph.getEdges(idx.toLowerCase(), id()).spliterator(); return StreamSupport.stream(itemEdges, false) .map(edge -> edge.getVertex(Direction.IN)) .filter(vertex -> user.hasPermissionForId(vertex.getId(), READ_PERM)) .map(vertex -> graph.frameElementExplicit(vertex, getPersistanceClass())); }
for (Role role : ac.getUser().getRoles()) { roleUuids.add(role.getUuid());
MeshAuthUser user = boot.userRoot().findMeshAuthUserByUsername(username); if (user != null) { String accountPasswordHash = user.getPasswordHash();
/** * Generates a new JWToken with the user. * * @param user * User * @return The new token */ public String generateToken(User user) { if (user instanceof MeshAuthUser) { AuthenticationOptions options = Mesh.mesh().getOptions().getAuthenticationOptions(); JsonObject tokenData = new JsonObject().put(USERID_FIELD_NAME, ((MeshAuthUser) user).getUuid()); JWTOptions jwtOptions = new JWTOptions().setAlgorithm(options.getAlgorithm()) .setExpiresInSeconds(options.getTokenExpirationTime()); return jwtProvider.generateToken(tokenData, jwtOptions); } else { log.error("Can't generate token for user of type {" + user.getClass().getName() + "}"); throw error(INTERNAL_SERVER_ERROR, "error_internal"); } }
protected Page<SchemaContainerVersion> handleBranchSchemas(DataFetchingEnvironment env) { GraphQLContext gc = env.getContext(); Branch branch = env.getSource(); Stream<? extends SchemaContainerVersion> schemas = StreamSupport.stream(branch.findActiveSchemaVersions().spliterator(), false).filter( schema -> gc.getUser().hasPermission(schema.getSchemaContainer(), READ_PERM)); return new DynamicStreamPageImpl<>(schemas, getPagingInfo(env)); }
public GraphQLFieldDefinition createPluginPageField() { return newFieldDefinition().name("plugins").description("Load plugins").argument(createPagingArgs()) .type(new GraphQLTypeReference(PLUGIN_PAGE_TYPE_NAME)).dataFetcher(env -> { GraphQLContext gc = env.getContext(); if (!gc.getUser().hasAdminRole()) { return new PermissionException("plugins", "Missing admin permission"); } Map<String, Plugin> deployments = manager.getPlugins(); Page<Plugin> page = new DynamicStreamPageImpl<>(deployments.values().stream(), getPagingInfo(env)); return page; }).build(); }
String uuid = user.getUuid(); syncUser(batch, user, admin, userInfo); TOKEN_ID_LOG.put(uuid, currentTokenId); String uuid = user.getUuid(); String lastSeenTokenId = TOKEN_ID_LOG.getIfPresent(user.getUuid()); if (lastSeenTokenId == null || !lastSeenTokenId.equals(currentTokenId)) { com.gentics.mesh.core.data.User admin = root.findByUsername("admin");
@Override public <T extends MeshCoreVertex<?, ?>> T requiresPerm(T vertex, GraphPermission... permission) { for (GraphPermission perm : permission) { if (getUser().hasPermission(vertex, perm)) { return vertex; } } throw missingPerm(vertex.getTypeInfo().getType(), vertex.getUuid()); }
public GraphQLFieldDefinition createPluginField() { return newFieldDefinition().name("plugin").description("Load plugin by uuid").argument(createUuidArg("Uuid of the plugin.")) .type(new GraphQLTypeReference(PLUGIN_TYPE_NAME)).dataFetcher(env -> { GraphQLContext gc = env.getContext(); if (!gc.getUser().hasAdminRole()) { return new PermissionException("plugins", "Missing admin permission"); } String uuid = env.getArgument("uuid"); if (uuid == null) { return null; } return manager.getPlugin(uuid); }).build(); }
public GraphQLObjectType createType() { Builder schemaType = newObject().name(MICROSCHEMA_TYPE_NAME).description("Microschema"); interfaceTypeProvider.addCommonFields(schemaType); // .name schemaType.field(newFieldDefinition().name("name").description("Name of the microschema").type(GraphQLString)); // .version schemaType.field(newFieldDefinition().name("version").description("Version of the microschema.").type(GraphQLInt)); // .description schemaType.field(newFieldDefinition().name("description").description("Description of the microschema.").type(GraphQLString)); schemaType.field(newPagingFieldWithFetcher("projects", "Projects that this schema is assigned to", (env) -> { GraphQLContext gc = env.getContext(); MicroschemaContainer microschema = env.getSource(); return microschema.findReferencedBranches().keySet().stream() .map(Branch::getProject) .distinct() .filter(it -> gc.getUser().hasPermission(it, GraphPermission.READ_PERM)) .collect(Collectors.toList()); }, PROJECT_REFERENCE_PAGE_TYPE_NAME)); // .fields // TODO add fields return schemaType.build(); }
public void handleClear(InternalActionContext ac) { db.asyncTx(() -> Single.just(ac.getUser().hasAdminRole())).flatMapCompletable(hasAdminRole -> { if (hasAdminRole) { return searchProvider.clear().andThen(Observable.fromIterable(registry.getHandlers()).flatMapCompletable(handler -> handler.init())); } else { throw error(FORBIDDEN, "error_admin_permission_required"); } }).subscribe(() -> { ac.send(message(ac, "search_admin_index_clear"), OK); }, error -> { if (error instanceof GenericRestException) { ac.fail(error); } else { log.error("Error while clearing all indices.", error); ac.send(message(ac, "search_admin_index_clear_error"), INTERNAL_SERVER_ERROR); } }); }
/** * Load the object by name and check the given permission. * * @param ac * Context to be used in order to check user permissions * @param name * Name of the object that should be loaded * @param perm * Permission that must be granted in order to load the object * @return */ default T findByName(InternalActionContext ac, String name, GraphPermission perm) { T element = findByName(name); if (element == null) { throw error(NOT_FOUND, "object_not_found_for_name", name); } MeshAuthUser requestUser = ac.getUser(); String elementUuid = element.getUuid(); if (requestUser.hasPermission(element, perm)) { return element; } else { throw error(FORBIDDEN, "error_missing_perm", elementUuid, perm.getRestPerm().getName()); } }
if (requestUser.hasPermission(element, perm)) { return element; } else {