@PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final String key) { return binder.returnUserTO(binder.getUserTO(key)); }
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") @Transactional(readOnly = true) public Pair<String, UserTO> selfRead() { return Pair.of( POJOHelper.serialize(AuthContextUtils.getAuthorizations()), binder.returnUserTO(binder.getAuthenticatedUserTO())); }
@Override protected AnyTO getAnyTO(final String key) { return userDataBinder.getUserTO(key); }
@PreAuthorize("isAuthenticated() " + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) " + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfDelete(final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); return doDelete(userTO, true, nullPriorityAsync); }
@Override protected AnyTO getAnyTO(final String key) { return userDataBinder.getUserTO(key); }
@PreAuthorize("isAuthenticated() " + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) " + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfUpdate(final UserPatch userPatch, final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); userPatch.setKey(userTO.getKey()); ProvisioningResult<UserTO> updated = doUpdate(userPatch, true, nullPriorityAsync); // Ensures that, if the self update above moves the user into a status from which no authentication // is possible, the existing Access Token is clean up to avoid issues with future authentications if (!confDAO.getValuesAsStrings("authentication.statuses").contains(updated.getEntity().getStatus())) { String accessToken = accessTokenDAO.findByOwner(updated.getEntity().getUsername()).getKey(); if (accessToken != null) { accessTokenDAO.delete(accessToken); } } return updated; }
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfStatus(final StatusPatch statusPatch, final boolean nullPriorityAsync) { statusPatch.setKey(userDAO.findKey(AuthContextUtils.getUsername())); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_DELETE + "')") @Override public ProvisioningResult<UserTO> delete(final String key, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(key); return doDelete(userTO, false, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_SEARCH + "')") @Transactional(readOnly = true) @Override public Pair<Integer, List<UserTO>> search( final SearchCond searchCond, final int page, final int size, final List<OrderByClause> orderBy, final String realm, final boolean details) { int count = searchDAO.count(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, AnyTypeKind.USER); List<User> matching = searchDAO.search(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, page, size, orderBy, AnyTypeKind.USER); List<UserTO> result = matching.stream(). map(user -> binder.returnUserTO(binder.getUserTO(user, details))). collect(Collectors.toList()); return Pair.of(count, result); }
return binder.getUserTO(key); } catch (Throwable ignore) { LOG.debug("Unresolved reference", ignore);
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String update(final String username, final OIDCProvider op, final OIDCLoginResponseTO responseTO) { UserTO userTO = binder.getUserTO(userDAO.findKey(username)); UserTO original = SerializationUtils.clone(userTO); fill(op, responseTO, userTO); UserPatch userPatch = AnyOperations.diff(userTO, original, true); List<OIDCProviderActions> actions = getActions(op); for (OIDCProviderActions action : actions) { userPatch = action.beforeUpdate(userPatch, responseTO); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(userPatch, false); userTO = binder.getUserTO(updated.getLeft().getKey()); for (OIDCProviderActions action : actions) { userTO = action.afterUpdate(userTO, responseTO); } return userTO.getUsername(); } }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String update(final String username, final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO) { UserTO userTO = binder.getUserTO(userDAO.findKey(username)); UserTO original = SerializationUtils.clone(userTO); fill(idp.getKey(), responseTO, userTO); UserPatch userPatch = AnyOperations.diff(userTO, original, true); List<SAML2IdPActions> actions = getActions(idp); for (SAML2IdPActions action : actions) { userPatch = action.beforeUpdate(userPatch, responseTO); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(userPatch, false); userTO = binder.getUserTO(updated.getLeft().getKey()); for (SAML2IdPActions action : actions) { userTO = action.afterUpdate(userTO, responseTO); } return userTO.getUsername(); } }
protected ProvisioningResult<UserTO> doCreate( final UserTO userTO, final boolean storePassword, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeCreate(userTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), storePassword, nullPriorityAsync); return afterCreate( binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public UserTO executeNextTask(final WorkflowTaskExecInput workflowTaskExecInput) { WorkflowResult<String> updated = wfTaskManager.executeNextTask(workflowTaskExecInput); UserPatch userPatch = new UserPatch(); userPatch.setKey(updated.getResult()); List<PropagationTaskInfo> taskInfos = propagationManager.getUserUpdateTasks( new WorkflowResult<>( Pair.<UserPatch, Boolean>of(userPatch, null), updated.getPropByRes(), updated.getPerformedTasks())); taskExecutor.execute(taskInfos, false); return binder.getUserTO(updated.getResult()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); if (changepwd) { patch.setPassword(new PasswordPatch.Builder(). value(password).onSyncope(false).resources(resources).build()); } return update(patch, nullPriorityAsync); }