简柏林 / thingskit · Commits

Commit 04cd86e4bafdef7292d9c332be54ccba98797d12

Authored by YevhenBondarenko
Committed by Andrew Shvayka
1 parent 7e39a195

added resource and firmware to the AccessValidator

Inline Side-by-side
Showing 2 changed files with 53 additions and 1 deletions
@@ -80,7 +80,7 @@ public class FirmwareController extends BaseController { @@ -80,7 +80,7 @@ public class FirmwareController extends BaseController {
80 checkParameter(FIRMWARE_ID, strFirmwareId); 80 checkParameter(FIRMWARE_ID, strFirmwareId);
81 try { 81 try {
82 FirmwareId firmwareId = new FirmwareId(toUUID(strFirmwareId)); 82 FirmwareId firmwareId = new FirmwareId(toUUID(strFirmwareId));
83 - return checkFirmwareInfoId(firmwareId, Operation.READ); 83 + return checkNotNull(firmwareService.findFirmwareInfoById(getTenantId(), firmwareId));
84 } catch (Exception e) { 84 } catch (Exception e) {
85 throw handleException(e); 85 throw handleException(e);
86 } 86 }
@@ -30,6 +30,8 @@ import org.thingsboard.server.common.data.Customer; @@ -30,6 +30,8 @@ import org.thingsboard.server.common.data.Customer;
30 import org.thingsboard.server.common.data.Device; 30 import org.thingsboard.server.common.data.Device;
31 import org.thingsboard.server.common.data.DeviceProfile; 31 import org.thingsboard.server.common.data.DeviceProfile;
32 import org.thingsboard.server.common.data.EntityView; 32 import org.thingsboard.server.common.data.EntityView;
  33 +import org.thingsboard.server.common.data.FirmwareInfo;
  34 +import org.thingsboard.server.common.data.TbResourceInfo;
33 import org.thingsboard.server.common.data.Tenant; 35 import org.thingsboard.server.common.data.Tenant;
34 import org.thingsboard.server.common.data.User; 36 import org.thingsboard.server.common.data.User;
35 import org.thingsboard.server.common.data.asset.Asset; 37 import org.thingsboard.server.common.data.asset.Asset;
@@ -44,8 +46,10 @@ import org.thingsboard.server.common.data.id.EdgeId; @@ -44,8 +46,10 @@ import org.thingsboard.server.common.data.id.EdgeId;
44 import org.thingsboard.server.common.data.id.EntityId; 46 import org.thingsboard.server.common.data.id.EntityId;
45 import org.thingsboard.server.common.data.id.EntityIdFactory; 47 import org.thingsboard.server.common.data.id.EntityIdFactory;
46 import org.thingsboard.server.common.data.id.EntityViewId; 48 import org.thingsboard.server.common.data.id.EntityViewId;
  49 +import org.thingsboard.server.common.data.id.FirmwareId;
47 import org.thingsboard.server.common.data.id.RuleChainId; 50 import org.thingsboard.server.common.data.id.RuleChainId;
48 import org.thingsboard.server.common.data.id.RuleNodeId; 51 import org.thingsboard.server.common.data.id.RuleNodeId;
  52 +import org.thingsboard.server.common.data.id.TbResourceId;
49 import org.thingsboard.server.common.data.id.TenantId; 53 import org.thingsboard.server.common.data.id.TenantId;
50 import org.thingsboard.server.common.data.id.UserId; 54 import org.thingsboard.server.common.data.id.UserId;
51 import org.thingsboard.server.common.data.rule.RuleChain; 55 import org.thingsboard.server.common.data.rule.RuleChain;
@@ -59,6 +63,8 @@ import org.thingsboard.server.dao.device.DeviceService; @@ -59,6 +63,8 @@ import org.thingsboard.server.dao.device.DeviceService;
59 import org.thingsboard.server.dao.edge.EdgeService; 63 import org.thingsboard.server.dao.edge.EdgeService;
60 import org.thingsboard.server.dao.entityview.EntityViewService; 64 import org.thingsboard.server.dao.entityview.EntityViewService;
61 import org.thingsboard.server.dao.exception.IncorrectParameterException; 65 import org.thingsboard.server.dao.exception.IncorrectParameterException;
  66 +import org.thingsboard.server.dao.firmware.FirmwareService;
  67 +import org.thingsboard.server.dao.resource.ResourceService;
62 import org.thingsboard.server.dao.rule.RuleChainService; 68 import org.thingsboard.server.dao.rule.RuleChainService;
63 import org.thingsboard.server.dao.tenant.TenantService; 69 import org.thingsboard.server.dao.tenant.TenantService;
64 import org.thingsboard.server.dao.usagerecord.ApiUsageStateService; 70 import org.thingsboard.server.dao.usagerecord.ApiUsageStateService;
@@ -125,6 +131,12 @@ public class AccessValidator { @@ -125,6 +131,12 @@ public class AccessValidator {
125 @Autowired 131 @Autowired
126 protected ApiUsageStateService apiUsageStateService; 132 protected ApiUsageStateService apiUsageStateService;
127 133
  134 + @Autowired
  135 + protected ResourceService resourceService;
  136 +
  137 + @Autowired
  138 + protected FirmwareService firmwareService;
  139 +
128 private ExecutorService executor; 140 private ExecutorService executor;
129 141
130 @PostConstruct 142 @PostConstruct
@@ -217,6 +229,12 @@ public class AccessValidator { @@ -217,6 +229,12 @@ public class AccessValidator {
217 case API_USAGE_STATE: 229 case API_USAGE_STATE:
218 validateApiUsageState(currentUser, operation, entityId, callback); 230 validateApiUsageState(currentUser, operation, entityId, callback);
219 return; 231 return;
  232 + case TB_RESOURCE:
  233 + validateResource(currentUser, operation, entityId, callback);
  234 + return;
  235 + case FIRMWARE:
  236 + validateFirmware(currentUser, operation, entityId, callback);
  237 + return;
220 default: 238 default:
221 //TODO: add support of other entities 239 //TODO: add support of other entities
222 throw new IllegalStateException("Not Implemented!"); 240 throw new IllegalStateException("Not Implemented!");
@@ -282,6 +300,40 @@ public class AccessValidator { @@ -282,6 +300,40 @@ public class AccessValidator {
282 } 300 }
283 } 301 }
284 302
  303 + private void validateFirmware(final SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
  304 + if (currentUser.isSystemAdmin()) {
  305 + callback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
  306 + } else {
  307 + FirmwareInfo firmware = firmwareService.findFirmwareInfoById(currentUser.getTenantId(), new FirmwareId(entityId.getId()));
  308 + if (firmware == null) {
  309 + callback.onSuccess(ValidationResult.entityNotFound("Firmware with requested id wasn't found!"));
  310 + } else {
  311 + try {
  312 + accessControlService.checkPermission(currentUser, Resource.FIRMWARE, operation, entityId, firmware);
  313 + } catch (ThingsboardException e) {
  314 + callback.onSuccess(ValidationResult.accessDenied(e.getMessage()));
  315 + }
  316 + callback.onSuccess(ValidationResult.ok(firmware));
  317 + }
  318 + }
  319 + }
  320 +
  321 + private void validateResource(SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
  322 + ListenableFuture<TbResourceInfo> resourceFuture = resourceService.findResourceInfoByIdAsync(currentUser.getTenantId(), new TbResourceId(entityId.getId()));
  323 + Futures.addCallback(resourceFuture, getCallback(callback, resource -> {
  324 + if (resource == null) {
  325 + return ValidationResult.entityNotFound("Resource with requested id wasn't found!");
  326 + } else {
  327 + try {
  328 + accessControlService.checkPermission(currentUser, Resource.TB_RESOURCE, operation, entityId, resource);
  329 + } catch (ThingsboardException e) {
  330 + return ValidationResult.accessDenied(e.getMessage());
  331 + }
  332 + return ValidationResult.ok(resource);
  333 + }
  334 + }), executor);
  335 + }
  336 +
285 private void validateAsset(final SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) { 337 private void validateAsset(final SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
286 if (currentUser.isSystemAdmin()) { 338 if (currentUser.isSystemAdmin()) {
287 callback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION)); 339 callback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));