private List<Map> updateUserRole( @ApiParam(required = true) UserRoleList userRoleList, @HeaderParam(AUTHORIZATION) @ApiParam(value = EXAMPLE_AUTHORIZATION_HEADER, required = true) String authorizationHeader) { Username subject = authorization.getUser(authorizationHeader); UserInfo admin = authorization.getUserInfo(subject); List<Map> status = newArrayList(); for (UserRole userRole : userRoleList.getRoleList()) { try { authorization.checkUserPermissions(subject, userRole.getApplicationName(), ADMIN); status.add(authorization.setUserRole(userRole, admin)); } catch (AuthenticationException e) { LOGGER.error("Unable to check user permissions", e); status.add(ImmutableMap.<String, String>builder() .put("applicationName", userRole.getApplicationName().toString()) .put("userID", userRole.getUserID().toString()) .put("role", userRole.getRole().toString()) .put("roleAssignmentStatus", "FAILED") .put("reason", "Not Authorized").build()); } } return status; }
@Override public void assignUserToSuperAdminRole(final UserInfo candidateUserInfo, final UserInfo assigningUserInfo) { LOGGER.debug("Assigning super admin role to user={} by user={} ", candidateUserInfo, assigningUserInfo); UserRoleList userRoleList = getUserRoleList(candidateUserInfo.getUsername()); LOGGER.debug("User role list {}", userRoleList); boolean isSuperAdmin = userRoleList.getRoleList().stream().anyMatch((UserRole ur) -> ur.getRole().equals(Role.SUPERADMIN)); Preconditions.checkArgument(!isSuperAdmin, "User %s is already a superadmin", candidateUserInfo.getUsername()); authorizationRepository.assignUserToSuperAdminRole(candidateUserInfo); eventLog.postEvent(new AuthorizationChangeEvent(assigningUserInfo, null, candidateUserInfo, null, Role.SUPERADMIN.toString())); }
for (UserPermissions userPermissions : userPermissionsList.getPermissionsList()) { UserRoleList list = authorization.getApplicationUsers(userPermissions.getApplicationName()); if (!list.getRoleList().isEmpty()) { userRoleList.add(list);
for (UserRole userRole : userRoles.getRoleList()) { try { authorization.checkUserPermissions(userName, userRole.getApplicationName(), ADMIN);
/** * Returns the email adresses of the experiment admins. * * @param appName the application we want the admins from * @return a set of their valid email addresses */ private Set<String> getAdminEmails(Application.Name appName) { Set<String> adressors = new HashSet<>(); UserRoleList usersRoles = authorizationRepository.getApplicationUsers(appName); for (UserRole user : usersRoles.getRoleList()) { if (user.getRole() == Role.ADMIN) { String email = user.getUserEmail(); if (EmailValidator.getInstance().isValid(email)) { adressors.add(email); } else { LOGGER.warn("\"" + email + "\" is not a valid email address for one of the administrators of " + appName); } } } //no admins, no email! if (adressors.isEmpty()) { throw new WasabiEmailException("No Admins with an valid email registered for this Application"); } return adressors; }
boolean isAdmin = userRoleList.getRoleList().stream().anyMatch((UserRole ur) -> (ur.getRole().equals(Role.SUPERADMIN) || ur.getRole().equals(Role.ADMIN))); if (!isAdmin) {
List<UserRole> userRoleList = authorizationRepository.getUserRoleList(userRole.getUserID()).getRoleList(); Role oldRole = null; for (UserRole role : userRoleList) {