/** * Copyright 2012 Comcast Corporation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.comcast.cqs.controller; import java.util.ArrayList; import java.util.List; import javax.servlet.AsyncContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.comcast.cmb.common.model.CMBPolicy; import com.comcast.cmb.common.model.User; import com.comcast.cmb.common.persistence.IUserPersistence; import com.comcast.cmb.common.persistence.PersistenceFactory; import com.comcast.cmb.common.util.CMBErrorCodes; import com.comcast.cmb.common.util.CMBException; import com.comcast.cmb.common.util.CMBProperties; import com.comcast.cqs.io.CQSQueuePopulator; import com.comcast.cqs.model.CQSQueue; import com.comcast.cqs.util.CQSConstants; import com.comcast.cqs.util.CQSErrorCodes; import com.comcast.cqs.util.Util; /** * Add permissions * @author vvenkatraman, bwolf, baosen */ public class CQSAddPermissionAction extends CQSAction { public CQSAddPermissionAction() { super("AddPermission"); } @Override public boolean doAction(User user, AsyncContext asyncContext) throws Exception { HttpServletRequest request = (HttpServletRequest)asyncContext.getRequest(); HttpServletResponse response = (HttpServletResponse)asyncContext.getResponse(); CQSQueue queue = CQSCache.getCachedQueue(user, request); String label = request.getParameter(CQSConstants.LABEL); if (label == null) { throw new CMBException(CMBErrorCodes.ValidationError, "Validation error detected: Value null at 'label' failed to satisfy constraint: Member must not be null"); } if (!Util.isValidId(label)) { throw new CMBException(CQSErrorCodes.InvalidBatchEntryId, "Label " + label + " is invalid. Only alphanumeric, hyphen, and underscore are allowed. It can be at most " + CMBProperties.getInstance().getCQSMaxMessageSuppliedIdLength() + " letters long."); } List<String> userList = new ArrayList<String>(); int index = 1; String userId = request.getParameter(CQSConstants.AWS_ACCOUNT_ID + "." + index); IUserPersistence userHandler = PersistenceFactory.getUserPersistence(); while (userId != null) { if (userId.equals("*") || userHandler.getUserById(userId) != null) { // only add user if they exist userList.add(userId); } index++; userId = request.getParameter(CQSConstants.AWS_ACCOUNT_ID + "." + index); } if (userList.size() == 0) { throw new CMBException(CMBErrorCodes.NotFound, "AWSAccountId is required"); } List<String> actionList = new ArrayList<String>(); index = 1; String action = request.getParameter(CQSConstants.ACTION_NAME + "." + index); while (action != null) { if (action.equals("")) { throw new CMBException(CMBErrorCodes.ValidationError, "Blank action parameter is invalid"); } if (!CMBPolicy.CQS_ACTIONS.contains(action) && !action.equals("*")) { throw new CMBException(CQSErrorCodes.InvalidAction, "Invalid action parameter " + action); } actionList.add(action); index++; action = request.getParameter(CQSConstants.ACTION_NAME + "." + index); } if (actionList.size() == 0) { throw new CMBException(CMBErrorCodes.NotFound, "ActionName is required"); } CMBPolicy policy = new CMBPolicy(queue.getPolicy()); if (policy.addStatement(CMBPolicy.SERVICE.CQS, label, "Allow", userList, actionList, queue.getArn(), null)) { PersistenceFactory.getQueuePersistence().updatePolicy(queue.getRelativeUrl(), policy.toString()); queue.setPolicy(policy.toString()); } else { throw new CMBException(CMBErrorCodes.InvalidParameterValue, "Value " + label + " for parameter Label is invalid. Reason: Already exists."); } String out = CQSQueuePopulator.getAddPermissionResponse(); writeResponse(out, response); return true; } }