@Transactional(propagation = Propagation.SUPPORTS) public boolean hasAccessToNetwork(UserVO user, NetworkVO network) { if (!user.isAdmin()) { long count = userDao.hasAccessToNetwork(user, network); return count > 0; } return true; }
@Transactional(propagation = Propagation.SUPPORTS) public boolean hasAccessToDevice(UserVO user, String deviceId) { if (!user.isAdmin()) { long count = userDao.hasAccessToDevice(user, deviceId); return count > 0; } return true; }
private Long getCreatorId(String topic, UserVO user) { if (topic.equals("*")) { return user.isAdmin() ? user.getId() : null; } PluginVO pluginVO = pluginService.findByTopic(topic); return Optional.ofNullable(pluginVO) .map(plugin -> plugin.getUserId()) .orElse(null); }
public static Predicate[] pluginListPredicates(CriteriaBuilder cb, Root<Plugin> from, Optional<String> nameOpt, Optional<String> namePatternOpt, Optional<String> topicNameOpt, Optional<Integer> statusOpt, Optional<Long> userIdOpt, Optional<HivePrincipal> principalOpt) { List<Predicate> predicates = new LinkedList<>(); principalOpt.flatMap(principal -> { UserVO user = principal.getUser(); return ofNullable(user); }).ifPresent(user -> { if (!user.isAdmin()) { User usr = User.convertToEntity(user); predicates.add(cb.equal(from.get("userId"), usr.getId())); } }); nameOpt.ifPresent(name -> predicates.add(cb.equal(from.get("name"), name))); namePatternOpt.ifPresent(pattern -> predicates.add(cb.like(from.get("name"), pattern))); topicNameOpt.ifPresent(topic -> predicates.add(cb.equal(from.get("topicName"), topic))); statusOpt.ifPresent(status -> predicates.add(cb.equal(from.get("status"), status))); userIdOpt.ifPresent(user -> predicates.add(cb.equal(from.get("userId"), user))); return predicates.toArray(new Predicate[predicates.size()]); }
@Override public void count(String name, String namePattern, String topicName, Integer status, Long userId, AsyncResponse asyncResponse) { logger.debug("Plugin count requested"); HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserVO user = principal.getUser(); if (!user.isAdmin() && userId != null && !userId.equals(user.getId())) { logger.warn(Messages.NO_ACCESS_TO_PLUGIN); final Response response = ResponseFactory.response(FORBIDDEN, new ErrorResponse(FORBIDDEN.getStatusCode(), Messages.NO_ACCESS_TO_PLUGIN)); asyncResponse.resume(response); } else { pluginRegisterService.count(name, namePattern, topicName, status, userId, principal) .thenApply(count -> { logger.debug("Plugin count request proceed successfully"); return ResponseFactory.response(OK, count, JsonPolicyDef.Policy.PLUGINS_LISTED); }).thenAccept(asyncResponse::resume); } }
public static Predicate[] deviceTypeListPredicates(CriteriaBuilder cb, Root<DeviceType> from, Optional<String> nameOpt, Optional<String> namePatternOpt, Optional<HivePrincipal> principalOpt) { List<Predicate> predicates = new LinkedList<>(); nameOpt.ifPresent(name -> predicates.add(cb.equal(from.get("name"), name))); namePatternOpt.ifPresent(pattern -> predicates.add(cb.like(from.get("name"), pattern))); principalOpt.flatMap(principal -> { UserVO user = principal.getUser(); return ofNullable(user); }).ifPresent(user -> { if (!user.isAdmin() && !user.getAllDeviceTypesAvailable()) { User usr = User.convertToEntity(user); predicates.add(from.join("users").in(usr)); } }); principalOpt.flatMap(principal -> { Set<Long> deviceTypes = principal.getDeviceTypeIds(); return ofNullable(deviceTypes); }).ifPresent(deviceTypes -> predicates.add(from.<Long>get("id").in(deviceTypes))); return predicates.toArray(new Predicate[predicates.size()]); }
if (!user.isAdmin()) { User usr = User.convertToEntity(user); predicates.add(from.join("users").in(usr));
@Transactional(propagation = Propagation.NOT_SUPPORTED) public NetworkWithUsersAndDevicesVO getWithDevices(@NotNull Long networkId) { HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Set<Long> permittedNetworks = principal.getNetworkIds(); Set<Long> permittedDeviceTypes = principal.getDeviceTypeIds(); Optional<NetworkWithUsersAndDevicesVO> result = of(principal) .flatMap(pr -> { if (pr.getUser() != null) { return of(pr.getUser()); } else { return empty(); } }).flatMap(user -> { Long idForFiltering = user.isAdmin() ? null : user.getId(); List<NetworkWithUsersAndDevicesVO> found = networkDao.getNetworksByIdsAndUsers(idForFiltering, Collections.singleton(networkId), permittedNetworks); return found.stream().findFirst(); }).map(network -> { if (permittedDeviceTypes != null && !permittedDeviceTypes.isEmpty()) { Set<DeviceVO> allowed = network.getDevices().stream() .filter(device -> permittedDeviceTypes.contains(device.getDeviceTypeId())) .collect(Collectors.toSet()); network.setDevices(allowed); } return network; }); return result.orElse(null); }
Long idForFiltering = user.isAdmin() ? null : user.getId(); if (user.getAllDeviceTypesAvailable()) { idForFiltering = null;
@Override public void list(String name, String namePattern, String topicName, Integer status, Long userId, String sortField, String sortOrderSt, Integer take, Integer skip, AsyncResponse asyncResponse) { logger.debug("Plugin list requested"); if (sortField != null && !NAME.equalsIgnoreCase(sortField) && !ID.equalsIgnoreCase(sortField)) { final Response response = ResponseFactory.response(BAD_REQUEST, new ErrorResponse(BAD_REQUEST.getStatusCode(), Messages.INVALID_REQUEST_PARAMETERS)); asyncResponse.resume(response); } else if (sortField != null) { sortField = sortField.toLowerCase(); } HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserVO user = principal.getUser(); if (!user.isAdmin() && userId != null && !userId.equals(user.getId())) { logger.warn(Messages.NO_ACCESS_TO_PLUGIN); final Response response = ResponseFactory.response(FORBIDDEN, new ErrorResponse(FORBIDDEN.getStatusCode(), Messages.NO_ACCESS_TO_PLUGIN)); asyncResponse.resume(response); } else { pluginRegisterService.list(name, namePattern, topicName, status, userId, sortField, sortOrderSt, take, skip, principal) .thenApply(plugins -> { logger.debug("Plugin list request proceed successfully"); return ResponseFactory.response(OK, plugins, JsonPolicyDef.Policy.PLUGINS_LISTED); }).thenAccept(asyncResponse::resume); } }
@Transactional public DeviceTypeVO createOrUpdateDeviceTypeByUser(Optional<DeviceTypeVO> deviceTypeNullable, UserVO user) { //case device type is not defined if (deviceTypeNullable == null || deviceTypeNullable.orElse(null) == null) { return null; } DeviceTypeVO deviceType = deviceTypeNullable.orElse(null); Optional<DeviceTypeVO> storedOpt = findDeviceTypeByIdOrName(deviceType); if (storedOpt.isPresent()) { return storedOpt.get(); } else { if (deviceType.getId() != null) { throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS); } if (user.isAdmin()) { DeviceTypeWithUsersAndDevicesVO newDeviceType = new DeviceTypeWithUsersAndDevicesVO(deviceType); deviceTypeDao.persist(newDeviceType); deviceType.setId(newDeviceType.getId()); } else { throw new ActionNotAllowedException(Messages.DEVICE_TYPE_CREATION_NOT_ALLOWED); } return deviceType; } }
@SuppressWarnings("unchecked") private static List<Predicate> deviceSpecificPrincipalPredicates(CriteriaBuilder cb, Root<Device> from, Optional<HivePrincipal> principal) { final List<Predicate> predicates = new LinkedList<>(); final Join<Device, Network> networkJoin = (Join) from.fetch("network", JoinType.LEFT); final Join<Device, DeviceType> deviceTypeJoin = (Join) from.fetch("deviceType", JoinType.LEFT); principal.ifPresent(p -> { UserVO user = p.getUser(); if (user != null && !user.isAdmin()) { // Joining after check to prevent duplicate objects final Join<Device, Network> usersJoin = (Join) networkJoin.fetch("users", JoinType.LEFT); predicates.add(cb.equal(usersJoin.<Long>get("id"), user.getId())); } if (p.getNetworkIds() != null) { predicates.add(networkJoin.<Long>get("id").in(p.getNetworkIds())); } if (p.getDeviceTypeIds() != null) { predicates.add(deviceTypeJoin.<Long>get("id").in(p.getDeviceTypeIds())); } }); return predicates; } }
private static List<Predicate> deviceCountPrincipalPredicates(CriteriaBuilder cb, Root<Device> from, Optional<HivePrincipal> principal) { final List<Predicate> predicates = new LinkedList<>(); final Join<Device, Network> networkJoin = from.join("network", JoinType.LEFT); final Join<Device, DeviceType> deviceTypeJoin = from.join("deviceType", JoinType.LEFT); principal.ifPresent(p -> { UserVO user = p.getUser(); if (user != null && !user.isAdmin()) { // Joining after check to prevent duplicate objects final Join<Device, Network> usersJoin = networkJoin.join("users", JoinType.LEFT); predicates.add(cb.equal(usersJoin.<Long>get("id"), user.getId())); } if (p.getNetworkIds() != null) { predicates.add(networkJoin.<Long>get("id").in(p.getNetworkIds())); } if (p.getDeviceTypeIds() != null) { predicates.add(deviceTypeJoin.<Long>get("id").in(p.getDeviceTypeIds())); } }); return predicates; }
@Transactional public NetworkVO createOrUpdateNetworkByUser(Optional<NetworkVO> networkNullable, UserVO user) { //case network is not defined if (networkNullable == null || networkNullable.orElse(null) == null) { return null; } NetworkVO network = networkNullable.orElse(null); Optional<NetworkVO> storedOpt = findNetworkByIdOrName(network); if (storedOpt.isPresent()) { return storedOpt.get(); } else { if (network.getId() != null) { throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS); } if (user.isAdmin()) { NetworkWithUsersAndDevicesVO newNetwork = new NetworkWithUsersAndDevicesVO(network); networkDao.persist(newNetwork); network.setId(newNetwork.getId()); baseUserService.assignNetwork(user.getId(), network.getId()); // Assign created network to user } else { throw new ActionNotAllowedException(Messages.NETWORK_CREATION_NOT_ALLOWED); } return network; } }
private PluginVO getPluginVO(String topicName, AsyncResponse asyncResponse, HivePrincipal principal, UserVO user) { PluginVO pluginVO; if (principal.getPlugin() != null) { pluginVO = principal.getPlugin(); } else { pluginVO = pluginService.findByTopic(topicName); if (pluginVO == null) { if (user.isAdmin()) { asyncResponse.resume(ResponseFactory.response(NOT_FOUND, new ErrorResponse(NOT_FOUND.getStatusCode(), PLUGIN_NOT_FOUND))); } else { asyncResponse.resume(ResponseFactory.response(FORBIDDEN, new ErrorResponse(FORBIDDEN.getStatusCode(), NO_ACCESS_TO_PLUGIN))); } } else if (!user.isAdmin() && pluginVO.getUserId() != null && !pluginVO.getUserId().equals(user.getId())) { asyncResponse.resume(ResponseFactory.response(FORBIDDEN, new ErrorResponse(FORBIDDEN.getStatusCode(), NO_ACCESS_TO_PLUGIN))); } } return pluginVO; } }
Set<String> deviceTypeIds = new HashSet<>(); Set<Integer> actions = new HashSet<>(); if (user.isAdmin()) { networkIds.add("*"); deviceTypeIds.add("*");