• Home
• org.graylog2
• graylog2-server
• 4.2.9
• source code
• EntityOwnershipService.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.graylog.security.entities.EntityOwnershipService Maven / Gradle / Ivy

/*
 * Copyright (C) 2020 Graylog, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the Server Side Public License, version 1,
 * as published by MongoDB, Inc.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * Server Side Public License for more details.
 *
 * You should have received a copy of the Server Side Public License
 * along with this program. If not, see
 * .
 */
package org.graylog.security.entities;

import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog.grn.GRNTypes;
import org.graylog.security.Capability;
import org.graylog.security.DBGrantService;
import org.graylog.security.GrantDTO;
import org.graylog2.plugin.database.users.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
public class EntityOwnershipService {
    private static final Logger LOG = LoggerFactory.getLogger(EntityOwnershipService.class);

    private final DBGrantService dbGrantService;
    private final GRNRegistry grnRegistry;


    @Inject
    public EntityOwnershipService(DBGrantService dbGrantService,
                                  GRNRegistry grnRegistry) {
        this.dbGrantService = dbGrantService;
        this.grnRegistry = grnRegistry;
    }

    public void registerNewEventDefinition(String id, User user) {
        final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_DEFINITION, id);
        registerNewEntity(grn, user);
    }

    public void registerNewEventNotification(String id, User user) {
        final GRN grn = grnRegistry.newGRN(GRNTypes.EVENT_NOTIFICATION, id);
        registerNewEntity(grn, user);
    }

    public void registerNewDashboard(String id, User user) {
        final GRN grn = grnRegistry.newGRN(GRNTypes.DASHBOARD, id);
        registerNewEntity(grn, user);
    }

    public void registerNewSearch(String id, User user) {
        final GRN grn = grnRegistry.newGRN(GRNTypes.SEARCH, id);
        registerNewEntity(grn, user);
    }

    public void registerNewStream(String id, User user) {
        final GRN grn = grnRegistry.newGRN(GRNTypes.STREAM, id);
        registerNewEntity(grn, user);
    }

    private void registerNewEntity(GRN entity, User user) {
        // Don't create ownership grants for the admin user.
        // They can access anything anyhow
        if (user.isLocalAdmin()) {
            return;
        }

        dbGrantService.create(GrantDTO.builder()
                .capability(Capability.OWN)
                .target(entity)
                .grantee(grnRegistry.ofUser(user))
                .build(), user);
    }

    public void unregisterStream(String id) {
        removeGrantsForTarget(grnRegistry.newGRN(GRNTypes.STREAM, id));
    }

    public void unregisterDashboard(String id) {
        removeGrantsForTarget(grnRegistry.newGRN(GRNTypes.DASHBOARD, id));
    }

    public void unregisterSearch(String id) {
        removeGrantsForTarget(grnRegistry.newGRN(GRNTypes.SEARCH, id));
    }

    public void unregisterEventDefinition(String id) {
        removeGrantsForTarget(grnRegistry.newGRN(GRNTypes.EVENT_DEFINITION, id));
    }

    public void unregisterEventNotification(String id) {
        removeGrantsForTarget(grnRegistry.newGRN(GRNTypes.EVENT_NOTIFICATION, id));
    }

    private void removeGrantsForTarget(GRN target) {
        LOG.debug("Removing grants for <{}>", target);
        dbGrantService.deleteForTarget(target);
    }
}