/** * Add given company to the cache. * * @param company * The new company. * @return <code>company</code> */ public CompanyOrg create(final CompanyOrg company) { cache.create(company); getCompany().findAll().put(company.getId(), company); return company; }
/** * Default constructor initializing the validators. */ public DelegateOrgResource() { // Check the user/company/group is visible toReceiver.put(ReceiverType.USER, r -> getUser().findByIdExpected(securityHelper.getLogin(), r)); toReceiver.put(ReceiverType.COMPANY, r -> getCompany().findByIdExpected(securityHelper.getLogin(), r)); toReceiver.put(ReceiverType.GROUP, r -> getGroup().findByIdExpected(securityHelper.getLogin(), r)); }
/** * Reset the database cache with the LDAP data. Note there is no synchronization for this method. Initial first * concurrent calls may note involve the cache. * * @return The fresh LDAP data.. */ protected Map<CacheDataType, Map<String, ? extends ResourceOrg>> refreshData() { final Map<CacheDataType, Map<String, ? extends ResourceOrg>> result = new EnumMap<>(CacheDataType.class); // Fetch origin data log.info("Fetching origin data ..."); final Map<String, GroupOrg> groups = getGroup().findAllNoCache(); result.put(CacheDataType.COMPANY, getCompany().findAllNoCache()); result.put(CacheDataType.GROUP, groups); result.put(CacheDataType.USER, getUser().findAllNoCache(groups)); this.data = result; return result; }
/** * Return the {@link UserOrg} corresponding to the given identifier using the user cache and the relevant security * to check the current user has the rights to perform this request. * * @param principal * The user requesting this data. * @param id * the user to find. * @return the {@link UserOrg} corresponding to the given identifier. Never <code>null</code>. * @throws ValidationJsonException * If no user is found. */ default UserOrg findByIdExpected(final String principal, final String id) { // Check the user exists final UserOrg rawUser = findByIdExpected(id); if (getCompanyRepository().findById(principal, rawUser.getCompany()) == null) { // No available delegation -> no result throw new ValidationJsonException("id", BusinessException.KEY_UNKNOW_ID, "0", "user", "1", principal); } return rawUser; }
/** * Return the company name of current user. * * @return The company name of current user or <code>null</code> if the current user is not in the repository. */ public CompanyOrg getUserCompany() { final UserOrg user = getUser().findById(securityHelper.getLogin()); if (user == null) { return null; } return getRepository().findById(ObjectUtils.defaultIfNull(user.getCompany(), "")); }
/** * Remove given company from the cache. Warning, it is assumed there is no more user associated to the deleted * company. * * @param company * The company to remove. */ public void delete(final CompanyOrg company) { final Map<String, CompanyOrg> companiesNameToDn = getCompany().findAll(); // Remove from JPA cache cache.delete(company); // Remove from in-memory cache companiesNameToDn.remove(company.getId()); }
/** * Check the current user can reset the given user password. * * @param user * The user to alter. * @return The internal representation of found user. */ private UserOrg checkResetRight(final String user) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.TREE) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to reset the password of a user '{}' out of scope", user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }
final String companyDn = getCompany().findByIdExpected(securityHelper.getLogin(), cleanCompany).getDn(); final boolean hasAttributeChange = hasAttributeChange(importEntry, userOrg); if (hasAttributeChange && !canWrite(delegates, companyDn, DelegateType.COMPANY)) {
@Override protected void checkForDeletion(final ContainerOrg container) { super.checkForDeletion(container); // Company deletion is only possible where there is no user inside this company, or inside any sub-company final Map<String, UserOrg> users = getUser().findAll(); if (getRepository().findAll().values().stream() .filter(c -> DnUtils.equalsOrParentOf(container.getDn(), c.getDn())) .anyMatch(c -> users.values().stream().map(UserOrg::getCompany).anyMatch(c.getId()::equals))) { // Locked container is inside the container to delete throw new ValidationJsonException(getTypeName(), "not-empty-company", "0", getTypeName(), "1", container.getId()); } }
/** * Check the current user can delete, enable or disable the given user entry. * * @param user * The user to alter. * @param hard * When <code>true</code> the user is completely deleted, in other case, this a simple disable. * @return The internal representation of found user. */ private UserOrg checkDeletionRight(final String user, final String mode) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.COMPANY) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to {} a user '{}' out of scope", mode, user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }
final Page<CompanyOrg> findAll = getRepository().findAll(visibleCompanies, DataTableAttributes.getSearch(uriInfo), pageRequest, Collections.singletonMap(TYPE_ATTRIBUTE, new TypeComparator(types)));
/** * Update internal user with the new user. Note the security is not checked there. * * @param userOrg * The internal user to update. Note this must be the internal instance * @param newUser * The new user data. Note this will not be the stored instance. */ private void updateCompanyAsNeeded(final UserOrg userOrg, final UserOrg newUser) { // Check the company if (ObjectUtils.notEqual(userOrg.getCompany(), newUser.getCompany())) { // Move the user getUser().move(userOrg, getCompany().findById(newUser.getCompany())); } }
/** * Return groups matching to given criteria. The visible groups, trees and companies are checked. The returned * groups of each user depends on the groups the user can see/write in CN form. * * @param uriInfo * filter data. * @return found groups. */ @GET public TableItem<ContainerCountVo> findAll(@Context final UriInfo uriInfo) { final List<ContainerScope> types = containerScopeResource.findAllDescOrder(ContainerType.GROUP); final Map<String, CompanyOrg> companies = getCompany().findAll(); final Collection<CompanyOrg> visibleCompanies = organizationResource.getContainers(); final Set<GroupOrg> writeGroups = getContainersForWrite(); final Set<GroupOrg> adminGroups = getContainersForAdmin(); final Map<String, UserOrg> users = getUser().findAll(); // Search the groups final Page<GroupOrg> findAll = getContainers(DataTableAttributes.getSearch(uriInfo), paginationJson.getPageRequest(uriInfo, ORDERED_COLUMNS)); // Apply pagination and secure the users data return paginationJson.applyPagination(uriInfo, findAll, rawGroup -> { final ContainerCountVo securedUserOrg = newContainerCountVo(rawGroup, writeGroups, adminGroups, types); securedUserOrg.setCount(rawGroup.getMembers().size()); // Computed the visible members securedUserOrg.setCountVisible((int) rawGroup.getMembers().stream().map(users::get).map(UserOrg::getCompany) .map(companies::get).map(CompanyOrg::getCompanyTree) .filter(c -> CollectionUtils.containsAny(visibleCompanies, c)).count()); return securedUserOrg; }); }
final Map<String, CompanyOrg> allCompanies = getCompany().findAll(); final Map<String, GroupOrg> allGroups = getGroup().findAll();