@Override public List<UserRole> getSuperAdminRoleList() { LOGGER.debug("Getting super admin role list"); List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> allUserRoles = userRoleAccessor.getAllUserRoles().all(); LOGGER.debug("Received all roles {}", allUserRoles); List<UserRole> superAdmins = allUserRoles.stream().filter( userRole -> Role.SUPERADMIN.toString().equalsIgnoreCase( userRole.getRole().toString()) && ALL_APPLICATIONS.equals(userRole.getAppName())).map( userRole -> getRoleWithUserInfo(userRole)).collect(Collectors.toList()); LOGGER.debug("Returning {} roles", superAdmins); return superAdmins; }
@Override public void assignUserToSuperAdminRole(UserInfo candidateUser) { LOGGER.debug("Adding user {} as superadmin", candidateUser); String superAdminRole = Role.SUPERADMIN.toString().toLowerCase(); String userID = candidateUser.getUsername().toString(); userRoleAccessor.insertUserRoleBy(userID, ALL_APPLICATIONS, superAdminRole); appRoleAccessor.insertAppRoleBy(ALL_APPLICATIONS, userID, superAdminRole); }
private List<Map> updateUserRole( @ApiParam(required = true) UserRoleList userRoleList, @HeaderParam(AUTHORIZATION) @ApiParam(value = EXAMPLE_AUTHORIZATION_HEADER, required = true) String authorizationHeader) { Username subject = authorization.getUser(authorizationHeader); UserInfo admin = authorization.getUserInfo(subject); List<Map> status = newArrayList(); for (UserRole userRole : userRoleList.getRoleList()) { try { authorization.checkUserPermissions(subject, userRole.getApplicationName(), ADMIN); status.add(authorization.setUserRole(userRole, admin)); } catch (AuthenticationException e) { LOGGER.error("Unable to check user permissions", e); status.add(ImmutableMap.<String, String>builder() .put("applicationName", userRole.getApplicationName().toString()) .put("userID", userRole.getUserID().toString()) .put("role", userRole.getRole().toString()) .put("roleAssignmentStatus", "FAILED") .put("reason", "Not Authorized").build()); } } return status; }
@Override public void assignUserToSuperAdminRole(final UserInfo candidateUserInfo, final UserInfo assigningUserInfo) { LOGGER.debug("Assigning super admin role to user={} by user={} ", candidateUserInfo, assigningUserInfo); UserRoleList userRoleList = getUserRoleList(candidateUserInfo.getUsername()); LOGGER.debug("User role list {}", userRoleList); boolean isSuperAdmin = userRoleList.getRoleList().stream().anyMatch((UserRole ur) -> ur.getRole().equals(Role.SUPERADMIN)); Preconditions.checkArgument(!isSuperAdmin, "User %s is already a superadmin", candidateUserInfo.getUsername()); authorizationRepository.assignUserToSuperAdminRole(candidateUserInfo); eventLog.postEvent(new AuthorizationChangeEvent(assigningUserInfo, null, candidateUserInfo, null, Role.SUPERADMIN.toString())); }
@Override public void removeUserFromSuperAdminRole(final UserInfo candidateUserInfo, final UserInfo assigningUserInfo) { LOGGER.debug("Removing user={} from superadmin by assigningUser={}", candidateUserInfo, assigningUserInfo); List<UserRole> allSuperAdmins = getSuperAdminRoleList(); LOGGER.debug("Current superadmins {}", allSuperAdmins); Preconditions.checkArgument(allSuperAdmins.size() > 1, "Cannot delete. SuperAdmins less than 1"); boolean isSuperAdmin = allSuperAdmins.stream().anyMatch((UserRole ur) -> ur.getRole().equals(Role.SUPERADMIN) && ur.getUserID().equals(candidateUserInfo.getUsername())); Preconditions.checkArgument(isSuperAdmin, "User %s is not a superadmin", candidateUserInfo.getUsername()); authorizationRepository.removeUserFromSuperAdminRole(candidateUserInfo); eventLog.postEvent(new AuthorizationChangeEvent(assigningUserInfo, null, candidateUserInfo, Role.SUPERADMIN.toString(), null)); }
status.put("applicationName", userRole.getApplicationName().toString()); status.put("userID", userRole.getUserID().toString()); status.put("role", userRole.getRole().toString()); oldRole == null || "superadmin".equalsIgnoreCase(oldRole.toString()) ? null : oldRole.toString(), userRole.getRole().toString())); } catch (RepositoryException e) { LOGGER.info("RepoitoryException for setting user Role in DefaultAuthorization ", e);
@Override public void setUserRole(UserRole userRole) { BatchStatement batch = new BatchStatement(); batch.add(userRoleAccessor.insertUserRoleStatement( userRole.getUserID().toString(), userRole.getApplicationName().toString(), userRole.getRole().toString() )); batch.add(appRoleAccessor.insertAppRoleStatement( userRole.getApplicationName().toString(), userRole.getUserID().toString(), userRole.getRole().toString() )); manager.getSession().execute(batch); }