/** * Return all user entries. Cache manager is not involved, poor performance is expected. * * @param groups * The available and resolved groups. * @return all user entries. Key is the user identifier. * @since 3.0.2 */ default Map<String, UserOrg> findAllNoCache(Map<String, GroupOrg> groups) { return findAll(); }
/** * Return the {@link UserOrg} corresponding to the given identifier using the user cache and the relevant security * to check the current user has the rights to perform this request. * * @param principal * The user requesting this data. * @param id * the user to find. * @return the {@link UserOrg} corresponding to the given identifier. Never <code>null</code>. * @throws ValidationJsonException * If no user is found. */ default UserOrg findByIdExpected(final String principal, final String id) { // Check the user exists final UserOrg rawUser = findByIdExpected(id); if (getCompanyRepository().findById(principal, rawUser.getCompany()) == null) { // No available delegation -> no result throw new ValidationJsonException("id", BusinessException.KEY_UNKNOW_ID, "0", "user", "1", principal); } return rawUser; }
/** * Return the {@link UserOrg} corresponding to the given attribute/value without using cache for the query, but * using it to resolve the user. * * @param attribute * the attribute name to match. * @param value * the attribute value to match. * @return the found user or <code>null</code> when not found. Groups are not fetched for this operation. */ default UserOrg findOneBy(final String attribute, final String value) { return findAllBy(attribute, value).stream().findFirst().orElse(null); }
/** * Default constructor initializing the validators. */ public DelegateOrgResource() { // Check the user/company/group is visible toReceiver.put(ReceiverType.USER, r -> getUser().findByIdExpected(securityHelper.getLogin(), r)); toReceiver.put(ReceiverType.COMPANY, r -> getCompany().findByIdExpected(securityHelper.getLogin(), r)); toReceiver.put(ReceiverType.GROUP, r -> getGroup().findByIdExpected(securityHelper.getLogin(), r)); }
/** * Return a specific user from his/her login. When user does not exist or is within a non visible company, return a * 404. * * @param user * The user to find. A normalized form will be used for the search. * @return found user. Never <code>null</code>. */ @GET @Path("{user:" + SimpleUser.USER_PATTERN + "}") public UserOrg findById(@PathParam("user") final String user) { final UserOrg rawUserOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check if the user lock status without using cache getUser().checkLockStatus(rawUserOrg); // User has been found, secure the object regarding the visible groups final UserOrg securedUserOrg = new UserOrg(); rawUserOrg.copy(securedUserOrg); // Show only the groups of user that are also visible to current user final Set<GroupOrg> visibleGroups = groupResource.getContainers(); securedUserOrg .setGroups(visibleGroups.stream().filter(mGroup -> rawUserOrg.getGroups().contains(mGroup.getId())) .sorted().map(GroupOrg::getName).collect(Collectors.toList())); return securedUserOrg; }
UserOrg user = repository.findById(importEntry.getId()); final UserOrg newUser = toUserOrg(importEntry); if (user == null) { user = repository.create(newUser); repository.updateMembership(importEntry.getGroups(), user);
/** * Performs an operation on a group and a user. * * @param user * The user to move. * @param group * The group to update. * @param updater * The function to execute on computed groups of current user. */ private void updateGroupUser(final String user, final String group, final BiFunction<Collection<String>, String, Boolean> updater) { // Get all delegates of current user final List<DelegateOrg> delegates = delegateRepository.findAllByUser(securityHelper.getLogin()); // Get the implied user final UserOrg userOrg = getUser().findByIdExpected(user); // Check the implied group validateWriteGroup(group, delegates); // Compute the new groups final Set<String> newGroups = new HashSet<>(userOrg.getGroups()); final boolean updated = updater.apply(newGroups, group); if (updated) { // Replace the user groups by the normalized groups including the // one we have just updated final Collection<String> mergedGroups = mergeGroups(delegates, userOrg, newGroups); // Update membership getUser().updateMembership(new ArrayList<>(mergedGroups), userOrg); } }
/** * Return the {@link UserOrg} corresponding to the given identifier using the user cache. * * @param id * The user identifier. * @return the {@link UserOrg} corresponding to the given identifier. Never <code>null</code>. * @throws ValidationJsonException * If no user is found. */ default UserOrg findByIdExpected(final String id) { return Optional.ofNullable(findById(id)) .orElseThrow(() -> new ValidationJsonException("id", "unknown-id", "0", "user", "1", id)); }
/** * Return the {@link UserOrg} corresponding to the given attribute/value without using cache. * * @param user * The user to find. A normalized form will be used for the search. * @return the found user or <code>null</code> when not found. Groups are not fetched for this operation. */ public UserOrg findByIdNoCache(final String user) { return getUser().findByIdNoCache(Normalizer.normalize(user)); }
/** * Delete an user.<br> * Rules, order is important : * <ul> * <li>Only users managing the company of this user can perform the deletion, if not, act as if the user did not * exist</li> * <li>User must exist</li> * </ul> * Note : even if the user requesting this deletion has no right on the groups the involved user, this operation can * be performed. * * @param user * The user to delete. A normalized form of this parameter will be used for this operation. */ @DELETE @Path("{user}") public void delete(@PathParam("user") final String user) { // Check the user can be deleted final UserOrg userOrg = checkDeletionRight(user, "delete"); // Hard deletion // Check the group : You can't delete an user if he is the last member // of a group final Map<String, GroupOrg> allGroups = getGroup().findAll(); checkLastMemberInGroups(userOrg, allGroups); final IUserRepository repository = getUser(); // Revoke all memberships of this user repository.updateMembership(new ArrayList<>(), userOrg); repository.delete(userOrg); }
/** * Reset the database cache with the LDAP data. Note there is no synchronization for this method. Initial first * concurrent calls may note involve the cache. * * @return The fresh LDAP data.. */ protected Map<CacheDataType, Map<String, ? extends ResourceOrg>> refreshData() { final Map<CacheDataType, Map<String, ? extends ResourceOrg>> result = new EnumMap<>(CacheDataType.class); // Fetch origin data log.info("Fetching origin data ..."); final Map<String, GroupOrg> groups = getGroup().findAllNoCache(); result.put(CacheDataType.COMPANY, getCompany().findAllNoCache()); result.put(CacheDataType.GROUP, groups); result.put(CacheDataType.USER, getUser().findAllNoCache(groups)); this.data = result; return result; }
/** * Update the given user. * * @param user * The user definition, and associated groups. Group changes are checked.User definition changes are * checked. */ @PUT public void update(final UserOrgEditionVo user) { // Check the right on the company and the groups validateChanges(securityHelper.getLogin(), user); // Check the user exists getUser().findByIdExpected(user.getId()); saveOrUpdate(user); }
/** * Return a safe {@link UserOrg} instance, even if the user is not in LDAP directory. * * @param id * The user identifier. Must not be <code>null</code>. * @return a not <code>null</code> {@link UserOrg} instance with at least identifier attribute. */ default UserOrg toUser(final String id) { if (id == null) { return null; } // Non null user name UserOrg result = findById(id); if (result == null) { result = new UserOrg(); result.setId(id); } return result; }
@Override public boolean checkStatus(final String node, final Map<String, String> parameters) { // Query the LDAP, the user is not important, we expect no error, that's all self.getConfiguration(node).getUserRepository().findByIdNoCache("-any-"); return true; }
/** * Return the {@link UserOrg} corresponding to the given identifier using the user cache. * * @param id * the user identifier. * @return the {@link UserOrg} corresponding to the given identifier. May be <code>null</code>. */ default UserOrg findById(final String id) { return findAll().get(id); }
/** * Check the current user can reset the given user password. * * @param user * The user to alter. * @return The internal representation of found user. */ private UserOrg checkResetRight(final String user) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.TREE) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to reset the password of a user '{}' out of scope", user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }
/** * Return the company name of current user. * * @return The company name of current user or <code>null</code> if the current user is not in the repository. */ public CompanyOrg getUserCompany() { final UserOrg user = getUser().findById(securityHelper.getLogin()); if (user == null) { return null; } return getRepository().findById(ObjectUtils.defaultIfNull(user.getCompany(), "")); }
/** * Return the {@link UserOrg} list corresponding to the given attribute/value without using cache for the search, * but using it for the instances. * * @param attribute * The attribute name to match. * @param value * The attribute value to match. * @return the found users. May be empty. */ public List<UserOrg> findAllBy(final String attribute, final String value) { return getUser().findAllBy(attribute, value); }
/** * Add given user to the cache. Membership is not considered. * * @param user * The new user. * @return <code>user</code> */ public UserOrg create(final UserOrg user) { cache.create(user); getUser().findAll().put(user.getId(), user); return user; }
/** * Check the current user can delete, enable or disable the given user entry. * * @param user * The user to alter. * @param hard * When <code>true</code> the user is completely deleted, in other case, this a simple disable. * @return The internal representation of found user. */ private UserOrg checkDeletionRight(final String user, final String mode) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.COMPANY) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to {} a user '{}' out of scope", mode, user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }