/** * Persist a new user */ private CacheUser createInternal(final UserOrg user, final Map<String, CacheCompany> companies) { final CacheUser entity = toCacheUserInternal(user); // Set the company if defined entity.setCompany(Optional.ofNullable(user.getCompany()).map(companies::get).orElse(null)); em.persist(entity); return entity; }
private void addFilteredByCompaniesAndPattern(final Set<String> companies, final String criteria, final Set<UserOrg> result, final UserOrg userLdap) { final List<CompanyOrg> userCompanies = companyRepository.findAll().get(userLdap.getCompany()).getCompanyTree(); if (userCompanies.stream().map(CompanyOrg::getId).anyMatch(companies::contains)) { addFilteredByPattern(criteria, result, userLdap); } }
/** * Transform user to JPA. */ private CacheUser toCacheUser(final UserOrg user) { final CacheUser entity = toCacheUserInternal(user); // Set the company if defined entity.setCompany(Optional.ofNullable(user.getCompany()).map(c -> { final CacheCompany company = new CacheCompany(); company.setId(user.getCompany()); return company; }).orElse(null)); return entity; }
/** * Persist a new user and flush * * @param user * the user to persist. */ public void create(final UserOrg user) { final CacheUser entity = toCacheUser(user); // Set the company if defined entity.setCompany(Optional.ofNullable(user.getCompany()).map(c -> { final CacheCompany company = new CacheCompany(); company.setId(user.getCompany()); return company; }).orElse(null)); em.persist(entity); em.flush(); em.clear(); }
/** * Update internal user with the new user. Note the security is not checked there. * * @param userOrg * The internal user to update. Note this must be the internal instance * @param newUser * The new user data. Note this will not be the stored instance. */ private void updateCompanyAsNeeded(final UserOrg userOrg, final UserOrg newUser) { // Check the company if (ObjectUtils.notEqual(userOrg.getCompany(), newUser.getCompany())) { // Move the user getUser().move(userOrg, getCompany().findById(newUser.getCompany())); } }
(int) users.values().stream().filter(user -> rawCompany.getId().equals(user.getCompany())).count()); (int) users.values().stream().filter(user -> rawCompany.getId().equals(user.getCompany())) .filter(user -> visibleCompaniesAsString.contains(user.getCompany())).count()); return securedUser; });
securedUserOrg.setCanWrite(writableCompanies.contains(rawUserOrg.getCompany())); securedUserOrg.setCanWriteGroups(!writableGroups.isEmpty());
/** * Return DN from entry. * * @param entry * LDAP entry to convert to DN. * @return DN from entry. */ public Name buildDn(final UserOrg entry) { return org.springframework.ldap.support.LdapUtils .newLdapName(buildDn(entry.getId(), companyRepository.findById(entry.getCompany()).getDn())); }
/** * Return the {@link UserOrg} corresponding to the given identifier using the user cache and the relevant security * to check the current user has the rights to perform this request. * * @param principal * The user requesting this data. * @param id * the user to find. * @return the {@link UserOrg} corresponding to the given identifier. Never <code>null</code>. * @throws ValidationJsonException * If no user is found. */ default UserOrg findByIdExpected(final String principal, final String id) { // Check the user exists final UserOrg rawUser = findByIdExpected(id); if (getCompanyRepository().findById(principal, rawUser.getCompany()) == null) { // No available delegation -> no result throw new ValidationJsonException("id", BusinessException.KEY_UNKNOW_ID, "0", "user", "1", principal); } return rawUser; }
@Override public void isolate(final String principal, final UserOrg user) { if (user.getIsolated() == null) { // Not yet isolated lock(principal, user, true); final String previousCompany = user.getCompany(); move(user, companyRepository.findById(companyRepository.getQuarantineCompany())); user.setIsolated(previousCompany); } }
/** * Return the company name of current user. * * @return The company name of current user or <code>null</code> if the current user is not in the repository. */ public CompanyOrg getUserCompany() { final UserOrg user = getUser().findById(securityHelper.getLogin()); if (user == null) { return null; } return getRepository().findById(ObjectUtils.defaultIfNull(user.getCompany(), "")); }
/** * Check the current user can reset the given user password. * * @param user * The user to alter. * @return The internal representation of found user. */ private UserOrg checkResetRight(final String user) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.TREE) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to reset the password of a user '{}' out of scope", user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }
/** * Check the current user can delete, enable or disable the given user entry. * * @param user * The user to alter. * @param hard * When <code>true</code> the user is completely deleted, in other case, this a simple disable. * @return The internal representation of found user. */ private UserOrg checkDeletionRight(final String user, final String mode) { // Check the user exists final UserOrg userOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check the company final String companyDn = getCompany().findById(userOrg.getCompany()).getDn(); if (delegateRepository.findByMatchingDnForWrite(securityHelper.getLogin(), companyDn, DelegateType.COMPANY) .isEmpty()) { // Report this attempt to delete a non writable user log.warn("Attempt to {} a user '{}' out of scope", mode, user); throw new ValidationJsonException(USER_KEY, READ_ONLY, "0", "user", "1", user); } return userOrg; }
/** * Lock an user : * <ul> * <li>Clear the password to prevent new authentication</li> * <li>Set the disabled flag.</li> * </ul> * * @param principal * Principal user requesting the lock. * @param user * The LDAP user to disable. * @param isolate * When <code>true</code>, the user will be isolated in addition. */ private void lock(final String principal, final UserOrg user, final boolean isolate) { if (user.getLockedBy() == null) { // Not yet locked final ModificationItem[] mods = new ModificationItem[2]; final long timeInMillis = DateUtils.newCalendar().getTimeInMillis(); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(lockedAttribute, String .format("%s|%s|%s|%s|", lockedValue, timeInMillis, principal, isolate ? user.getCompany() : ""))); mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(PASSWORD_ATTRIBUTE, null)); template.modifyAttributes(org.springframework.ldap.support.LdapUtils.newLdapName(user.getDn()), mods); // Also update the disabled date user.setLocked(new Date(timeInMillis)); user.setLockedBy(principal); } }
editUser.setFirstName(user.getFirstName()); editUser.setLastName(user.getLastName()); editUser.setCompany(user.getCompany()); editUser.setLastName(user.getLastName()); editUser.setMail(user.getMails().stream().findFirst().orElse(null));
if (!userOrg.getCompany().equals(importEntry.getCompany())) {