Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] Added missing TX to StrolchJobsResource REST API

This commit is contained in:
Robert von Burg 2020-10-27 11:36:21 +01:00
parent aa6d619e90
commit 8a34f5330d
1 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/StrolchJobsResource.java
View File

@ -17,8 +17,8 @@ package li.strolch.rest.endpoint;
import static java.util.Comparator.comparing;
import static java.util.stream.Collectors.toList;
import static li.strolch.rest.StrolchRestfulConstants.DATA;
import static li.strolch.model.StrolchModelConstants.ROLE_STROLCH_ADMIN;
import static li.strolch.rest.StrolchRestfulConstants.DATA;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
@ -31,6 +31,7 @@ import java.util.List;
import li.strolch.agent.api.ComponentContainer;
import li.strolch.job.StrolchJob;
import li.strolch.job.StrolchJobsHandler;
import li.strolch.persistence.api.StrolchTransaction;
import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.IPrivilege;
import li.strolch.privilege.model.PrivilegeContext;
@ -48,6 +49,11 @@ public class StrolchJobsResource {
private static final Logger logger = LoggerFactory.getLogger(StrolchJobsResource.class);
private static String getContext() {
StackTraceElement element = new Throwable().getStackTrace()[1];
return element.getClassName() + "." + element.getMethodName();
}
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getAll(@Context HttpServletRequest request, @Context HttpHeaders headers) {
@ -55,9 +61,11 @@ public class StrolchJobsResource {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
String source = (String) request.getAttribute(StrolchRestfulConstants.STROLCH_REQUEST_SOURCE);
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
PrivilegeContext ctx = container.getPrivilegeHandler().validate(cert, source);
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
// assert user can access StrolchJobs
PrivilegeContext ctx = tx.getPrivilegeContext();
if (!ctx.hasRole(ROLE_STROLCH_ADMIN))
ctx.assertHasPrivilege(StrolchJob.class.getName());
@ -75,6 +83,7 @@ public class StrolchJobsResource {
.collect(toList());
return ResponseUtil.listToResponse(DATA, jobs, StrolchJob::toJson);
}
}
@PUT
@Produces(MediaType.APPLICATION_JSON)
@ -82,18 +91,18 @@ public class StrolchJobsResource {
public Response doAction(@Context HttpServletRequest request, @Context HttpHeaders headers,
@PathParam("name") String name, @QueryParam("action") String action) {
try {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
String source = (String) request.getAttribute(StrolchRestfulConstants.STROLCH_REQUEST_SOURCE);
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
StrolchJobsHandler strolchJobsHandler = container.getComponent(StrolchJobsHandler.class);
StrolchJob job = strolchJobsHandler.getJob(cert, source, name);
// assert user can access StrolchJobs
PrivilegeContext ctx = container.getPrivilegeHandler().validate(cert, source);
PrivilegeContext ctx = tx.getPrivilegeContext();
if (!ctx.hasRole(ROLE_STROLCH_ADMIN))
ctx.validateAction(job);