/** * @param id * @param groupName */ public RESTUserGroup(Long id, String groupName, Set<User> users, String description) { this.id = id; this.groupName = groupName; List<RESTUser> list = new ArrayList<RESTUser>(); for(User u : users){ list.add(new RESTUser(u.getId(), u.getName(), u.getRole(), u.getGroups(), true)); } this.restUsers = new UserList(list); this.description = description; }
@Override public void deassignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to remove is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't remove the group EVERYONE or any other reserved groups from the users group list..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() != null){ Set<UserGroup> ugs = targetUser.getGroups(); for( UserGroup group : ugs){ if( group.getId() == groupId){ targetUser.getGroups().remove(group); userDAO.merge(targetUser); return; } } } }
@Override public UserList getUserList(SecurityContext sc, String nameLike, Integer page, Integer entries, boolean includeAttributes) throws BadRequestWebEx { nameLike = nameLike.replaceAll("[*]", "%"); try { List<User> userList = userService.getAll(page, entries, nameLike, includeAttributes); Iterator<User> iterator = userList.iterator(); List<RESTUser> restUSERList = new ArrayList<RESTUser>(); while (iterator.hasNext()) { User user = iterator.next(); RESTUser restUser = new RESTUser(user.getId(), user.getName(), user.getRole(), user.getGroups(), false); restUSERList.add(restUser); } return new UserList(restUSERList); } catch (BadRequestServiceEx ex) { throw new BadRequestWebEx(ex.getMessage()); } }
@Override public UserList getAll(SecurityContext sc, Integer page, Integer entries) throws BadRequestWebEx { try { List<User> userList = userService.getAll(page, entries); Iterator<User> iterator = userList.iterator(); List<RESTUser> restUSERList = new ArrayList<RESTUser>(); while (iterator.hasNext()) { User user = iterator.next(); RESTUser restUser = new RESTUser(user.getId(), user.getName(), user.getRole(), user.getGroups(), false); restUSERList.add(restUser); } return new UserList(restUSERList); } catch (BadRequestServiceEx ex) { throw new BadRequestWebEx(ex.getMessage()); } }
@Override public void assignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to assign is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't re-assign the group EVERYONE or any other reserved groups..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() == null){ Set<UserGroup> groups = new HashSet<UserGroup>(); groups.add(groupToAssign); targetUser.setGroups(groups); userDAO.merge(targetUser); } else{ targetUser.getGroups().add(groupToAssign); userDAO.merge(targetUser); } }
/** * Add security filtering in order to filter out resources the user has not read access to */ public void addReadSecurityConstraints(Search searchCriteria, User user) { // no further constraints for admin user if(user.getRole() == Role.ADMIN) { return; } Filter userFiltering = Filter.equal("user.name", user.getName()); if(! user.getGroups().isEmpty()) { List<Long> groupsId = new ArrayList<>(); for (UserGroup group : user.getGroups()) { groupsId.add(group.getId()); } userFiltering = Filter.or( userFiltering, Filter.in("group.id", groupsId)); } Filter securityFilter = Filter.some( "security", Filter.and( Filter.equal("canRead", true), userFiltering ) ); searchCriteria.addFilter(securityFilter); }
@Override public User find(Long id) { User user = super.find(id); if (user != null) { // // To load the LAZY list of the user attributes // if (Hibernate.isInitialized(user)) { List<UserAttribute> attributes = user.getAttribute(); Hibernate.initialize(attributes); Set<UserGroup> groups = user.getGroups(); Hibernate.initialize(groups); } } return user; }
@Override public boolean delete(long id) throws NotFoundServiceEx, BadRequestServiceEx { UserGroup group = userGroupDAO.find(id); if(group == null){ LOGGER.error("Can't find usergroup with id '" + id + "'"); throw new NotFoundServiceEx("Can't find usergroup with id '" + id + "'"); } if(!GroupReservedNames.isAllowedName(group.getGroupName())){ throw new BadRequestServiceEx("Delete a special usergroup ('" + group.getGroupName() + "' in this case) isn't possible"); } Set<User> users = group.getUsers(); for(User u : users){ u.getGroups().remove(group); userDAO.merge(u); } userGroupDAO.remove(group); return true; }
@Override public User get(SecurityContext sc, String name, boolean includeAttributes) throws NotFoundWebEx { if (name == null) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("User Name is null !"); } throw new BadRequestWebEx("User name is null"); } User ret; try { ret = userService.get(name); if (includeAttributes) { ret.setAttribute(ret.getAttribute()); } else { ret.setAttribute(null); } ret.setGroups(removeReservedGroups(ret.getGroups())); } catch (NotFoundServiceEx e) { throw new NotFoundWebEx("User not found"); } return ret; }
List<String> groupNames = extratcGroupNames(authUser.getGroups()); if(groupNames != null && groupNames.size() > 0){ List<SecurityRule> groupSecurityRules = getSecurityService().getGroupSecurityRule(
List<String> groupNames = extratcGroupNames(authUser.getGroups()); if(groupNames != null && groupNames.size() > 0){ List<SecurityRule> groupSecurityRules = getSecurityService().getGroupSecurityRule(
@Override public long getCount(User user, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); Search searchCriteria = new Search(UserGroup.class); searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) { searchCriteria.addFilterILike("groupName", nameLike); } if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); return userGroupDAO.count(searchCriteria); }
/** * @param list * @param includeAttributes * @return List<User> */ private List<User> configUserList(List<User> list, boolean includeAttributes) { List<User> uList = new ArrayList<User>(list.size()); for (User user : list) { User u = new User(); u.setGroups(user.getGroups()); u.setId(user.getId()); u.setName(user.getName()); u.setEnabled(user.isEnabled()); u.setPassword(user.getPassword()); u.setRole(user.getRole()); if (includeAttributes) { u.setAttribute(user.getAttribute()); } uList.add(u); } return uList; }
List<String> groupNames = extratcGroupNames(authUser.getGroups()); if(groupNames != null && groupNames.size() > 0){ List<SecurityRule> groupSecurityRules = getSecurityService().getGroupSecurityRule(groupNames, resourceId);
Set<UserGroup> groups = user.getGroups(); List<String> groupNames = new ArrayList<String>(); List<UserGroup> existingGroups = new ArrayList<UserGroup>();
@Override public List<UserGroup> getAllAllowed(User user, Integer page, Integer entries, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); if (((page != null) && (entries == null)) || ((page == null) && (entries != null))) { throw new BadRequestServiceEx("Page and entries params should be declared together."); } Search searchCriteria = new Search(UserGroup.class); if (page != null) { searchCriteria.setMaxResults(entries); searchCriteria.setPage(page); } searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) searchCriteria.addFilterILike("groupName", nameLike); if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); List<UserGroup> found = userGroupDAO.search(searchCriteria); return found; }
List<String> groups = extratcGroupNames(authUser.getGroups()); if (groups.contains(userGroup.getGroupName())) { if (rule.isCanWrite()) {
@Override public User get(SecurityContext sc, long id, boolean includeAttributes) throws NotFoundWebEx { if (id == -1) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Retriving dummy data !"); } // // return test instance // User user = new User(); user.setName("dummy name"); return user; } User authUser = userService.get(id); if (authUser == null) { throw new NotFoundWebEx("User not found"); } User ret = new User(); ret.setId(authUser.getId()); ret.setName(authUser.getName()); // ret.setPassword(authUser.getPassword()); // NO! password should not be sent out of the server! ret.setRole(authUser.getRole()); ret.setEnabled(authUser.isEnabled()); ret.setGroups(removeReservedGroups(authUser.getGroups())); if (includeAttributes) { ret.setAttribute(authUser.getAttribute()); } return ret; }
@Override public User getAuthUserDetails(SecurityContext sc, boolean includeAttributes) { User authUser = extractAuthUser(sc); User ret = null; try { authUser = userService.get(authUser.getName()); if (authUser != null) { if(authUser.getRole().equals(Role.GUEST)){ throw new NotFoundWebEx("User not found"); } ret = new User(); ret.setId(authUser.getId()); ret.setName(authUser.getName()); // ret.setPassword(authUser.getPassword()); // NO! password should not be sent out of the server! ret.setRole(authUser.getRole()); ret.setGroups(authUser.getGroups()); if (includeAttributes) { ret.setAttribute(authUser.getAttribute()); } } } catch (NotFoundServiceEx e) { throw new NotFoundWebEx("User not found"); } return ret; }