Skip to content

Commit

Permalink
Fix merge conflicts.
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Morgan committed Jul 8, 2010
2 parents 0237773 + e0651ae commit 1a9ca74
Show file tree
Hide file tree
Showing 9 changed files with 242 additions and 49 deletions.
7 changes: 7 additions & 0 deletions ChangeLog
View file
Expand Up @@ -87,6 +87,13 @@ Changes in HQApi 3.0

*) [HHQ-3144] Add ServerConfigApi to allow manipulation of HQ server config
settings.

Changes in HQApi 2.5

*) [HHQ-4133] Perform permission checking on ResourceApi.

*) Back port AlertApi to 2.x branch. As a part of this change portions of
the new MetricDataApi were also backported to aid in testing.

Changes in HQApi 2.4

Expand Down
3 changes: 3 additions & 0 deletions hqu/hqapi1/app/AlertController.groovy
View file
Expand Up @@ -8,6 +8,7 @@ import org.hyperic.hq.events.server.session.AlertManagerEJBImpl as AlertMan
import org.hyperic.hq.escalation.server.session.EscalationManagerEJBImpl as EscMan
import org.hyperic.hq.events.server.session.ClassicEscalationAlertType
import org.hyperic.hq.authz.shared.PermissionException
import org.hyperic.hq.authz.shared.PermissionException

public class AlertController extends ApiController {

Expand Down Expand Up @@ -189,6 +190,8 @@ public class AlertController extends ApiController {
failureXml = getFailureXML(ErrorCode.INVALID_PARAMETERS,
"Invalid severity " + sev)

} catch (PermissionException e) {
// User cannot see this resource, continue with empty list
} catch (Throwable t) {
failureXml = getFailureXML(ErrorCode.UNEXPECTED_ERROR,
t.getMessage())
Expand Down
38 changes: 30 additions & 8 deletions hqu/hqapi1/app/AlertdefinitionController.groovy
View file
Expand Up @@ -268,11 +268,17 @@ public class AlertdefinitionController extends ApiController {
def postRequest = new XmlParser().parseText(getPostData())
def resources = []
for (xmlDef in postRequest['Resource']) {
def resource = getResource(xmlDef.'@id'?.toInteger())
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Unable to find resource with id " + xmlDef.'@id')
break
try {
def resource = getResource(xmlDef.'@id'?.toInteger())
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Unable to find resource with id " + xmlDef.'@id')
break
}

resources.add(resource)
} catch (PermissionException e) {
// Ignore resources the user cannot see
}
}

Expand Down Expand Up @@ -350,7 +356,13 @@ public class AlertdefinitionController extends ApiController {
}
}
} else if (resourceId != null) {
def resource = getResource(resourceId)
def resource = null
try {
resource = getResource(resourceId)
} catch (PermissionException e) {
failureXml = getFailureXML(ErrorCode.PERMISSION_DENIED)
}

if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Resource with id = " + resourceId +
Expand Down Expand Up @@ -504,7 +516,12 @@ public class AlertdefinitionController extends ApiController {
} else if (xmlDef['Resource'].size() == 1) {
typeBased = false
def rid = xmlDef['Resource'][0].'@id'?.toInteger()
resource = getResource(rid)
try {
resource = getResource(rid)
} catch (PermissionException e) {
// Ignore
}

if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Cannot find resource with " +
Expand Down Expand Up @@ -678,7 +695,12 @@ public class AlertdefinitionController extends ApiController {
it.'@key' == 'action'
}?.'@value'

def cResource = getResource(rId)
def cResource = null
try {
cResource = getResource(rId)
} catch (PermissionException e) {
// Ignore
}
if (cResource != null && action != null) {
def actions = cResource.getControlActions(user)
if (!actions.find { it == action }) {
Expand Down
22 changes: 21 additions & 1 deletion hqu/hqapi1/app/ApiController.groovy
View file
Expand Up @@ -50,6 +50,24 @@ class ApiController extends BaseController {
return null
}

/**
* Checks view permission for the passed in resource.
* @throws PermissionException if permission is not granted, otherwise
* the passed in Resource is returned.
*/
protected checkViewPermission(resource) {
if (resource.isPlatform()) {
return resource.toPlatform().checkPerms(operation: 'view', user:user)
} else if (resource.isServer()) {
return resource.toServer().checkPerms(operation: 'view', user:user)
} else if (resource.isService()) {
return resource.toService().checkPerms(operation: 'view', user:user)
} else {
log.error("Unhandled resource type " + resource.prototype)
return null
}
}

/**
* Get the resource based on the given id. If the resource is not found,
* null is returned.
Expand All @@ -69,10 +87,12 @@ class ApiController extends BaseController {
try {
resource.name // Check the object really exists
resource.entityId // Check the object is an appdef object
return resource
} catch (Throwable t) {
return null
}

// ResourceHelper does not check permissions
return checkViewPermission(resource)
}
}

Expand Down
7 changes: 6 additions & 1 deletion hqu/hqapi1/app/GroupController.groovy
View file
Expand Up @@ -172,7 +172,12 @@ class GroupController extends ApiController {
for (xmlResource in xmlGroup['Resource']) {
log.debug("Found resource " + xmlResource.'@name')

def resource = getResource(xmlResource.'@id'?.toInteger());
def resource = null
try {
resource = getResource(xmlResource.'@id'?.toInteger());
} catch (PermissionException e) {
// Ignore resources the user cannot see.
}

if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
Expand Down
59 changes: 43 additions & 16 deletions hqu/hqapi1/app/MetricController.groovy
View file
Expand Up @@ -3,6 +3,7 @@ import org.hyperic.hq.hqu.rendit.BaseController
import org.hyperic.hq.hqapi1.ErrorCode;
import org.hyperic.hq.zevents.ZeventManager;
import org.hyperic.hq.appdef.server.session.ResourceRefreshZevent;
import org.hyperic.hq.authz.shared.PermissionException

class MetricController extends ApiController {

Expand Down Expand Up @@ -137,21 +138,25 @@ class MetricController extends ApiController {
failureXml = getFailureXML(ErrorCode.INVALID_PARAMETERS,
"Resource id not given")
} else {
def res = getResource(resourceId)
if (!res) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Unable to find resource id=" + resourceId)
} else {
try {
if (enabled != null && enabled) {
metrics = res.enabledMetrics
} else {
metrics = res.metrics
}
} catch (Exception e) {
log.error("UnexpectedError: " + e.getMessage(), e)
failureXml = getFailureXML(ErrorCode.UNEXPECTED_ERROR)
try {
def res = getResource(resourceId)
if (!res) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Unable to find resource id=" + resourceId)
} else {
try {
if (enabled != null && enabled) {
metrics = res.enabledMetrics
} else {
metrics = res.metrics
}
} catch (Exception e) {
log.error("UnexpectedError: " + e.getMessage(), e)
failureXml = getFailureXML(ErrorCode.UNEXPECTED_ERROR)
}
}
} catch (PermissionException e) {
failureXml = getFailureXML(ErrorCode.PERMISSION_DENIED)
}
}

Expand Down Expand Up @@ -506,7 +511,18 @@ class MetricController extends ApiController {
// Validate the resources exist.
def results = []
for (String id : ids) {
def resource = getResource(id.toInteger())
def resource = null
try {
resource = getResource(id.toInteger())
} catch (PermissionException e) {
renderXml() {
MetricsDataResponse() {
out << getFailureXML(ErrorCode.PERMISSION_DENIED)
}
}
return
}

if (!resource) {
renderXml() {
MetricsDataResponse() {
Expand Down Expand Up @@ -560,7 +576,18 @@ class MetricController extends ApiController {

def zevents = []
for (res in xmlResources) {
def resource = getResource(res.'@id'.toInteger())
def resource = null
try {
resource = getResource(res.'@id'.toInteger())
} catch (PermissionException e) {
renderXml() {
StatusResponse() {
out << getFailureXML(ErrorCode.PERMISSION_DENIED)
}
}
return
}

if (!resource) {
renderXml() {
StatusResponse() {
Expand Down
69 changes: 46 additions & 23 deletions hqu/hqapi1/app/ResourceController.groovy
View file
Expand Up @@ -367,31 +367,31 @@ class ResourceController extends ApiController {
if (!id && !platformName && !fqdn) {
failureXml = getFailureXML(ErrorCode.INVALID_PARAMETERS)
} else {
if (id) {
resource = getResource(id)
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Resource id=" + id +
" not found")
}
} else if (platformName) {
resource = resourceHelper.find('platform':platformName)
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Platform '" + platformName +
"' not found")
}
} else if (fqdn) {
try {
try {
if (id) {
resource = getResource(id)
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Resource id=" + id +
" not found")
}
} else if (platformName) {
resource = resourceHelper.find('platform': platformName)
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Platform '" + platformName +
"' not found")
}
} else if (fqdn) {
resource = resourceHelper.find('byFqdn':fqdn)
if (!resource) {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"Platform fqdn='" + fqdn +
"' not found")
}
} catch (PermissionException pe) {
failureXml = getFailureXML(ErrorCode.PERMISSION_DENIED)
}
} catch (PermissionException e) {
failureXml = getFailureXML(ErrorCode.PERMISSION_DENIED)
}
}

Expand Down Expand Up @@ -428,19 +428,42 @@ class ResourceController extends ApiController {
" not found")
} else {
def platforms = agent.platforms
resources = platforms*.resource
for (platform in platforms) {
try {
resources.add(platform.checkPerms(operation: 'view', user:user))
} catch (PermissionException e) {
log.debug("Ignoring platform " + platform.name + " due to permissions.")
}
}
}
} else if (prototype) {
resources = resourceHelper.find('byPrototype': prototype)
def matching = resourceHelper.find('byPrototype': prototype)

for (resource in matching) {
try {
resources.add(checkViewPermission(resource))
} catch (PermissionException e) {
log.debug("Ignoring resource " + resource.name + " due to permissions")
}
}
} else if (description) {
// TODO: Move into HQ.
def matching = []
def session = DAOFactory.getDAOFactory().currentSession
resources.addAll(session.createQuery(
matching.addAll(session.createQuery(
"select p.resource from Platform p where p.description like '%${description}%'").list())
resources.addAll(session.createQuery(
matching.addAll(session.createQuery(
"select s.resource from Server s where s.description like '%${description}%'").list())
resources.addAll(session.createQuery(
matching.addAll(session.createQuery(
"select s.resource from Service s where s.description like '%${description}%'").list())

for (resource in matching) {
try {
resources.add(checkViewPermission(resource))
} catch (PermissionException e) {
log.debug("Ignoring resource " + resource.name + " due to permissions")
}
}
} else {
// Shouldn't happen
failureXml = getFailureXML(ErrorCode.INVALID_PARAMETERS)
Expand Down

0 comments on commit 1a9ca74

Please sign in to comment.