private List<Map> updateUserRole( @ApiParam(required = true) UserRoleList userRoleList, @HeaderParam(AUTHORIZATION) @ApiParam(value = EXAMPLE_AUTHORIZATION_HEADER, required = true) String authorizationHeader) { Username subject = authorization.getUser(authorizationHeader); UserInfo admin = authorization.getUserInfo(subject); List<Map> status = newArrayList(); for (UserRole userRole : userRoleList.getRoleList()) { try { authorization.checkUserPermissions(subject, userRole.getApplicationName(), ADMIN); status.add(authorization.setUserRole(userRole, admin)); } catch (AuthenticationException e) { LOGGER.error("Unable to check user permissions", e); status.add(ImmutableMap.<String, String>builder() .put("applicationName", userRole.getApplicationName().toString()) .put("userID", userRole.getUserID().toString()) .put("role", userRole.getRole().toString()) .put("roleAssignmentStatus", "FAILED") .put("reason", "Not Authorized").build()); } } return status; }
@Override public void removeUserFromSuperAdminRole(final UserInfo candidateUserInfo, final UserInfo assigningUserInfo) { LOGGER.debug("Removing user={} from superadmin by assigningUser={}", candidateUserInfo, assigningUserInfo); List<UserRole> allSuperAdmins = getSuperAdminRoleList(); LOGGER.debug("Current superadmins {}", allSuperAdmins); Preconditions.checkArgument(allSuperAdmins.size() > 1, "Cannot delete. SuperAdmins less than 1"); boolean isSuperAdmin = allSuperAdmins.stream().anyMatch((UserRole ur) -> ur.getRole().equals(Role.SUPERADMIN) && ur.getUserID().equals(candidateUserInfo.getUsername())); Preconditions.checkArgument(isSuperAdmin, "User %s is not a superadmin", candidateUserInfo.getUsername()); authorizationRepository.removeUserFromSuperAdminRole(candidateUserInfo); eventLog.postEvent(new AuthorizationChangeEvent(assigningUserInfo, null, candidateUserInfo, Role.SUPERADMIN.toString(), null)); }
Map<String, String> status = new HashMap<>(); status.put("applicationName", userRole.getApplicationName().toString()); status.put("userID", userRole.getUserID().toString()); status.put("role", userRole.getRole().toString()); List<UserRole> userRoleList = authorizationRepository.getUserRoleList(userRole.getUserID()).getRoleList(); Role oldRole = null; for (UserRole role : userRoleList) { UserInfo user = getUserInfo(userRole.getUserID()); eventLog.postEvent(new AuthorizationChangeEvent(admin, userRole.getApplicationName(), user, oldRole == null || "superadmin".equalsIgnoreCase(oldRole.toString()) ? null : oldRole.toString(),
@Override public void setUserRole(UserRole userRole) { BatchStatement batch = new BatchStatement(); batch.add(userRoleAccessor.insertUserRoleStatement( userRole.getUserID().toString(), userRole.getApplicationName().toString(), userRole.getRole().toString() )); batch.add(appRoleAccessor.insertAppRoleStatement( userRole.getApplicationName().toString(), userRole.getUserID().toString(), userRole.getRole().toString() )); manager.getSession().execute(batch); }