@Override protected String getUser(ApiRequest request, Object response) { return ApiUtils.getPolicy().getUserName(); }
public static <T> List<T> authorize(List<T> list) { return getPolicy().authorizeList(list); }
private void validateInfraAccess(String type) { if (REG_TOKEN.equalsIgnoreCase(type) && !infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", "Cannot access registrationToken", null); } } }
public SettingsFilter(List<String> publicSettings, ApiRequest apiRequest) { String value = null; Map<String, Object> params = apiRequest == null ? null : apiRequest.getRequestParams(); if (params != null) { value = RequestUtils.getSingularStringValue("all", params); } this.publicSettings = new HashSet<>(publicSettings); this.all = value == null || !value.toString().equalsIgnoreCase("false"); this.canListAll = "true".equals(ApiUtils.getPolicy().getOption(Policy.LIST_ALL_SETTINGS)); }
private void validateInfraAccess(ApiRequest request, String action) { if (!infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { String message = String.format("Cannot %s host", action); throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", message, null); } } }
private void validateInfraAccess(ApiRequest request, String action) { if (!infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { String message = String.format("Cannot %s machine", action); throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", message, null); } } }
@SuppressWarnings("unchecked") public static <T> T authorize(T obj) { if (obj instanceof List) { return (T) authorize((List<T>) obj); } return getPolicy().authorizeObject(obj); }
private Stack validateInfraAccess(ApiRequest request, String action, Stack stack, Service service) { if (ObjectUtils.isSystem(stack) && !infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { String message = String.format("Cannot %s system service", action); throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", message, null); } return stack; } }
private void validateInfraAccess(ApiRequest request, Stack stack, String action) { if (stack.getSystem() && !infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { String message = String.format("Cannot %s system stack", action); throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", message, null); } }
private void validateInfraAccess(Object instance, String action) { if (ObjectUtils.isSystem(instance) && !infraAccess.canModifyInfrastructure(ApiUtils.getPolicy())) { String message = String.format("Cannot %s system container", action); throw new ClientVisibleException(ResponseCodes.FORBIDDEN, "Forbidden", message, null); } }
@Override public Resource filter(ApiRequest request, Object original, Resource converted) { boolean add = false; if (original instanceof PhysicalHost || original instanceof Host) { if (StringUtils.isNotEmpty((String) DataUtils.getFields(original).get(EXTRACTED_CONFIG_FIELD))) { add = infraAccess.canModifyInfrastructure(ApiUtils.getPolicy()); } if (!add && original instanceof Host && StringUtils.isNotEmpty((String) converted.getFields().get(MachineConstants.FIELD_DRIVER))) { add = infraAccess.canModifyInfrastructure(ApiUtils.getPolicy()); } } if (add) { converted.getLinks().put(CONFIG_LINK, ApiContext.getUrlBuilder().resourceLink(converted, CONFIG_LINK)); } return converted; }
public static Host getHostFromContainer(ObjectManager objectManager, Instance instance, String hostKind) { Host found = null; for (Host host : objectManager.mappedChildren(instance, Host.class)) { found = host; } if (found != null) { found = ApiUtils.getPolicy().authorizeObject(found); } if (found == null) { return null; } if (hostKind != null && !hostKind.equals(found.getKind())) { return null; } return found; }
@Override public <T> T postProcess(T obj, Class<T> clz, Map<String, Object> properties) { ApiContext apiContext = ApiContext.getContext(); if (apiContext == null) { /* Back-end can do whatever it wants */ return obj; } Policy policy = ApiUtils.getPolicy(); boolean overwrite = true; if (policy.isOption(Policy.AUTHORIZED_FOR_ALL_ACCOUNTS) && properties.containsKey(AccountConstants.ACCOUNT_ID)) { overwrite = false; } if (overwrite) { ObjectUtils.setPropertyIgnoreErrors(obj, ObjectMetaDataManager.ACCOUNT_FIELD, policy.getAccountId()); } return obj; }
@Override public Object create(String type, ApiRequest request, ResourceManager next) { Policy policy = ApiUtils.getPolicy(); Agent agent = objectManager.loadResource(Agent.class, policy.getOption(Policy.AGENT_ID)); if (agent == null) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN, VERIFY_AGENT); } return super.create(type, request, next); } }
@Override protected Object createInternal(String type, ApiRequest request) { Publish publish = request.proxyRequestObject(Publish.class); Event event = createEvent(publish); if (isServiceEvent(event)) { eventService.publish(EventVO.newEvent(FrameworkEvents.SERVICE_EVENT) .withData(event) .withResourceId(Long.toString(ApiUtils.getPolicy().getAccountId()))); return publish; } if (SubscriptionUtils.getSubscriptionStyle(ApiUtils.getPolicy()) != SubscriptionStyle.RAW && !event.getName().startsWith(Event.REPLY_PREFIX)) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN); } eventService.publish(event); return publish; }
protected Agent getAgent() { Agent agent = objectManager.loadResource(Agent.class, ApiUtils.getPolicy().getOption(Policy.AGENT_ID)); if (agent == null) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN, VERIFY_AGENT); } return agentDao.getHostAgentForDelegate(agent.getId()); }
protected void validate(HostApiProxyToken proxyToken) { String reportedUuid = proxyToken.getReportedUuid(); Policy policy = ApiUtils.getPolicy(); Agent agent = objectManager.loadResource(Agent.class, policy.getOption(Policy.AGENT_ID)); if (agent == null) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN, VERIFY_AGENT); } Map<String, Host> hosts = agentDao.getHosts(agent.getId()); Host host = hosts.get(reportedUuid); if (host == null) { throw new ValidationErrorException(ValidationErrorCodes.INVALID_REFERENCE, HostConstants.FIELD_REPORTED_UUID); } } }
@Override protected Map<Object, Object> getDefaultCriteria(boolean byId, boolean byLink, String type) { Map<Object, Object> criteria = super.getDefaultCriteria(byId, byLink, type); Policy policy = ApiUtils.getPolicy(); addAccountAuthorization(byId, byLink, type, criteria, policy); if (!showRemoved() && !byId) { /* removed is null or removed >= (NOW() - delay) */ Condition or = new Condition(new Condition(ConditionType.NULL), new Condition(ConditionType.GTE, removedTime())); criteria.put(ObjectMetaDataManager.REMOVED_FIELD, or); /* remove_time is null or remove_time > NOW() */ or = new Condition(new Condition(ConditionType.NULL), new Condition(ConditionType.GT, new Date())); criteria.put(ObjectMetaDataManager.REMOVE_TIME_FIELD, or); } return criteria; }
@Override public Object update(String type, String id, ApiRequest request, ResourceManager next) { validateInfraAccess(request, "update"); Map<String, Object> data = CollectionUtils.toMap(request.getRequestObject()); String extracted = DataAccessor.fromMap(data).withKey(MachineConstants.EXTRACTED_CONFIG_FIELD).as(String.class); if (extracted != null) { try { extracted = secretsService.encrypt(ApiUtils.getPolicy().getAccountId(), extracted); } catch (IOException e) { log.error("Failed to encrypt machine secrets", e); throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR, "FailedEncryption"); } data.put(MachineConstants.EXTRACTED_CONFIG_FIELD, extracted); } return super.update(type, id, request, next); }
@Override public void handle(ApiRequest request) throws IOException { Policy policy = ApiUtils.getPolicy(); if (policy.isOption(Policy.PLAIN_ID)) { ApiContext.getContext().setIdFormatter(plainFormatter); } else if (policy.isOption(Policy.PLAIN_ID_OPTION) && "true".equalsIgnoreCase(request.getOptions().get("_plainId"))) { ApiContext.getContext().setIdFormatter(plainFormatter); } ApiContext.getContext().setIdFormatter(ApiContext.getContext().getIdFormatter().withSchemaFactory(request.getSchemaFactory())); }