コード例 #1
0
 /**
  * Evaluates the tenancies that this user maps to based on the mappings defined in the Tenants in
  * the system.
  *
  * @brief Get the tenancies to which a user maps given the current mappings
  * @prereq none
  * @param username required The user name for which to retrieve the tenant list.
  * @return user tenant list
  */
 @GET
 @Path("/tenant")
 @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
 public UserTenantList getUserTenantList(@QueryParam("username") String username) {
   Principal principal = sc.getUserPrincipal();
   if (!(principal instanceof StorageOSUser)
       || !((StorageOSUser) principal).getRoles().contains(Role.SECURITY_ADMIN.toString())) {
     throw APIException.forbidden.invalidSecurityContext();
   }
   if (username == null || username.isEmpty()) {
     throw APIException.badRequests.requiredParameterMissingOrEmpty("username");
   }
   return Validator.getUserTenants(username);
 }
コード例 #2
0
  /**
   * This call returns the list of tenants that the user maps to including the details of the
   * mappings. It also returns a list of the virtual data center roles and tenant roles assigned to
   * this user.
   *
   * @brief Show my Tenant and assigned roles
   * @prereq none
   * @return List of tenants user mappings,VDC role and tenant role of the user.
   */
  @GET
  @Path("/whoami")
  @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  public UserInfo getMyInfo() {
    Principal principal = sc.getUserPrincipal();
    if (!(principal instanceof StorageOSUser)) {
      throw APIException.forbidden.invalidSecurityContext();
    }
    StorageOSUser user = (StorageOSUser) principal;
    UserInfo info = new UserInfo();
    info.setCommonName(user.getName());
    // To Do - fix Distinguished name - for now setting it to name
    info.setDistinguishedName(user.getName());
    info.setTenant(user.getTenantId());
    info.setTenantName(_permissionsHelper.getTenantNameByID(user.getTenantId()));
    info.setVdcRoles(new ArrayList<String>());
    info.setHomeTenantRoles(new ArrayList<String>());
    info.setSubTenantRoles(new ArrayList<SubTenantRoles>());

    // special check: root in geo scenario
    boolean isLocalVdcSingleSite = VdcUtil.isLocalVdcSingleSite();
    boolean isRootInGeo = user.getName().equalsIgnoreCase("root") && (!isLocalVdcSingleSite);

    // add Vdc Roles
    if (user.getRoles() != null) {
      for (String role : user.getRoles()) {

        // geo scenario, return RESTRICTED_*_ADMIN for root, instead of *_ADMIN
        if (isRootInGeo) {
          if (role.equalsIgnoreCase(Role.SYSTEM_ADMIN.toString())) {
            role = Role.RESTRICTED_SYSTEM_ADMIN.toString();
          }

          if (role.equalsIgnoreCase(Role.SECURITY_ADMIN.toString())) {
            role = Role.RESTRICTED_SECURITY_ADMIN.toString();
          }
        }

        info.getVdcRoles().add(role);
      }
    }

    // geo scenario, skip adding tenant roles for root
    if (isRootInGeo) {
      return info;
    }

    try {
      Set<String> tenantRoles =
          _permissionsHelper.getTenantRolesForUser(user, URI.create(user.getTenantId()), false);
      if (tenantRoles != null) {
        for (String role : tenantRoles) {
          info.getHomeTenantRoles().add(role);
        }
      }

      Map<String, Collection<String>> subTenantRoles =
          _permissionsHelper.getSubtenantRolesForUser(user);
      if (subTenantRoles != null) {
        for (Entry<String, Collection<String>> entry : subTenantRoles.entrySet()) {
          SubTenantRoles subRoles = new SubTenantRoles();
          subRoles.setTenant(entry.getKey());
          subRoles.setTenantName(_permissionsHelper.getTenantNameByID(entry.getKey()));
          subRoles.setRoles(new ArrayList<String>(entry.getValue()));
          info.getSubTenantRoles().add(subRoles);
        }
      }

    } catch (DatabaseException ex) {
      throw SecurityException.fatals.failedReadingTenantRoles(ex);
    }

    return info;
  }