@PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final String key) { return binder.returnUserTO(binder.getUserTO(key)); }
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") @Transactional(readOnly = true) public Pair<String, UserTO> selfRead() { return Pair.of( POJOHelper.serialize(AuthContextUtils.getAuthorizations()), binder.returnUserTO(binder.getAuthenticatedUserTO())); }
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfStatus(final StatusPatch statusPatch, final boolean nullPriorityAsync) { statusPatch.setKey(userDAO.findKey(AuthContextUtils.getUsername())); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_SEARCH + "')") @Transactional(readOnly = true) @Override public Pair<Integer, List<UserTO>> search( final SearchCond searchCond, final int page, final int size, final List<OrderByClause> orderBy, final String realm, final boolean details) { int count = searchDAO.count(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, AnyTypeKind.USER); List<User> matching = searchDAO.search(RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realm), searchCond == null ? userDAO.getAllMatchingCond() : searchCond, page, size, orderBy, AnyTypeKind.USER); List<UserTO> result = matching.stream(). map(user -> binder.returnUserTO(binder.getUserTO(user, details))). collect(Collectors.toList()); return Pair.of(count, result); }
protected ProvisioningResult<UserTO> doCreate( final UserTO userTO, final boolean storePassword, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeCreate(userTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), storePassword, nullPriorityAsync); return afterCreate( binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
protected ProvisioningResult<UserTO> doDelete( final UserTO userTO, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeDelete(userTO); if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_DELETE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); } List<Group> ownedGroups = groupDAO.findOwnedByUser(before.getLeft().getKey()); if (!ownedGroups.isEmpty()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.GroupOwnership); sce.getElements().addAll(ownedGroups.stream(). map(group -> group.getKey() + " " + group.getName()).collect(Collectors.toList())); throw sce; } List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); UserTO deletedTO; if (userDAO.find(before.getLeft().getKey()) == null) { deletedTO = new UserTO(); deletedTO.setKey(before.getLeft().getKey()); } else { deletedTO = binder.getUserTO(before.getLeft().getKey()); } return afterDelete(binder.returnUserTO(deletedTO), statuses, before.getRight()); }
protected ProvisioningResult<UserTO> doUpdate( final UserPatch userPatch, final boolean self, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(userPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(userTO.getDynRealms()); Pair<UserPatch, List<LogicActions>> before = beforeUpdate(userPatch, userTO.getRealm()); boolean authDynRealms = false; if (!self && before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue())) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), before.getLeft().getRealm().getValue()); authDynRealms = securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(before.getLeft(), nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getLeft().getKey())), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> provision( final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.provision(key, changePwd, password, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }