@Override protected AnyTO getAnyTO(final String key) { return userDataBinder.getUserTO(key); }
@Override protected AnyTO getAnyTO(final String key) { return userDataBinder.getUserTO(key); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final String key) { return binder.returnUserTO(binder.getUserTO(key)); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_DELETE + "')") @Override public ProvisioningResult<UserTO> delete(final String key, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(key); return doDelete(userTO, false, nullPriorityAsync); }
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfStatus(final StatusPatch statusPatch, final boolean nullPriorityAsync) { statusPatch.setKey(userDAO.findKey(AuthContextUtils.getUsername())); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_SEARCH + "')") @Transactional(readOnly = true) @Override public Pair<Integer, List<UserTO>> search( final SearchCond searchCond, final int page, final int size, final List<OrderByClause> orderBy, final String realm, final boolean details) { int count = searchDAO.count(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, AnyTypeKind.USER); List<User> matching = searchDAO.search(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, page, size, orderBy, AnyTypeKind.USER); List<UserTO> result = matching.stream(). map(user -> binder.returnUserTO(binder.getUserTO(user, details))). collect(Collectors.toList()); return Pair.of(count, result); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); }
protected ProvisioningResult<UserTO> doCreate( final UserTO userTO, final boolean storePassword, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeCreate(userTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), storePassword, nullPriorityAsync); return afterCreate( binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String update(final String username, final OIDCProvider op, final OIDCLoginResponseTO responseTO) { UserTO userTO = binder.getUserTO(userDAO.findKey(username)); UserTO original = SerializationUtils.clone(userTO); fill(op, responseTO, userTO); UserPatch userPatch = AnyOperations.diff(userTO, original, true); List<OIDCProviderActions> actions = getActions(op); for (OIDCProviderActions action : actions) { userPatch = action.beforeUpdate(userPatch, responseTO); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(userPatch, false); userTO = binder.getUserTO(updated.getLeft().getKey()); for (OIDCProviderActions action : actions) { userTO = action.afterUpdate(userTO, responseTO); } return userTO.getUsername(); } }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
protected ProvisioningResult<UserTO> doUpdate( final UserPatch userPatch, final boolean self, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(userPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(userTO.getDynRealms()); Pair<UserPatch, List<LogicActions>> before = beforeUpdate(userPatch, userTO.getRealm()); boolean authDynRealms = false; if (!self && before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue())) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), before.getLeft().getRealm().getValue()); authDynRealms = securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(before.getLeft(), nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getLeft().getKey())), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> provision( final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.provision(key, changePwd, password, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String update(final String username, final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO) { UserTO userTO = binder.getUserTO(userDAO.findKey(username)); UserTO original = SerializationUtils.clone(userTO); fill(idp.getKey(), responseTO, userTO); UserPatch userPatch = AnyOperations.diff(userTO, original, true); List<SAML2IdPActions> actions = getActions(idp); for (SAML2IdPActions action : actions) { userPatch = action.beforeUpdate(userPatch, responseTO); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(userPatch, false); userTO = binder.getUserTO(updated.getLeft().getKey()); for (SAML2IdPActions action : actions) { userTO = action.afterUpdate(userTO, responseTO); } return userTO.getUsername(); } }
protected ProvisioningResult<UserTO> doDelete( final UserTO userTO, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeDelete(userTO); if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_DELETE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); } List<Group> ownedGroups = groupDAO.findOwnedByUser(before.getLeft().getKey()); if (!ownedGroups.isEmpty()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.GroupOwnership); sce.getElements().addAll(ownedGroups.stream(). map(group -> group.getKey() + " " + group.getName()).collect(Collectors.toList())); throw sce; } List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); UserTO deletedTO; if (userDAO.find(before.getLeft().getKey()) == null) { deletedTO = new UserTO(); deletedTO.setKey(before.getLeft().getKey()); } else { deletedTO = binder.getUserTO(before.getLeft().getKey()); } return afterDelete(binder.returnUserTO(deletedTO), statuses, before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public UserTO executeNextTask(final WorkflowTaskExecInput workflowTaskExecInput) { WorkflowResult<String> updated = wfTaskManager.executeNextTask(workflowTaskExecInput); UserPatch userPatch = new UserPatch(); userPatch.setKey(updated.getResult()); List<PropagationTaskInfo> taskInfos = propagationManager.getUserUpdateTasks( new WorkflowResult<>( Pair.<UserPatch, Boolean>of(userPatch, null), updated.getPropByRes(), updated.getPerformedTasks())); taskExecutor.execute(taskInfos, false); return binder.getUserTO(updated.getResult()); }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String create(final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO, final String nameID) { UserTO userTO = new UserTO(); if (idp.getUserTemplate() != null) { templateUtils.apply(userTO, idp.getUserTemplate()); } List<SAML2IdPActions> actions = getActions(idp); for (SAML2IdPActions action : actions) { userTO = action.beforeCreate(userTO, responseTO); } fill(idp.getKey(), responseTO, userTO); if (userTO.getRealm() == null) { userTO.setRealm(SyncopeConstants.ROOT_REALM); } if (userTO.getUsername() == null) { userTO.setUsername(nameID); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(userTO, false, false); userTO = binder.getUserTO(created.getKey()); for (SAML2IdPActions action : actions) { userTO = action.afterCreate(userTO, responseTO); } return userTO.getUsername(); }
@Transactional(propagation = Propagation.REQUIRES_NEW) public String create(final OIDCProvider op, final OIDCLoginResponseTO responseTO, final String email) { UserTO userTO = new UserTO(); if (op.getUserTemplate() != null && op.getUserTemplate().get() != null) { templateUtils.apply(userTO, op.getUserTemplate().get()); } List<OIDCProviderActions> actions = getActions(op); for (OIDCProviderActions action : actions) { userTO = action.beforeCreate(userTO, responseTO); } fill(op, responseTO, userTO); if (userTO.getRealm() == null) { userTO.setRealm(SyncopeConstants.ROOT_REALM); } if (userTO.getUsername() == null) { userTO.setUsername(email); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(userTO, false, false); userTO = binder.getUserTO(created.getKey()); for (OIDCProviderActions action : actions) { userTO = action.afterCreate(userTO, responseTO); } return userTO.getUsername(); }