/** * Check the groups of given users would contain at least another user when it will be deleted. * * @param userOrg * User o delete and to check the memberships. * @param allGroups * Map of group by groupName */ private void checkLastMemberInGroups(final UserOrg userOrg, final Map<String, GroupOrg> allGroups) { for (final String group : userOrg.getGroups()) { if (allGroups.get(group).getMembers().size() == 1) { throw new ValidationJsonException(USER_KEY, "last-member-of-group", "user", userOrg.getId(), GROUP, group); } } }
/** * Remove all users from the given group and empty the group. * * @param group * The group to empty. * @param users * All known users. */ private void deleteMemoryAssociations(final GroupOrg group, final Map<String, UserOrg> users) { // Remove from in-memory cache all users for (final String member : group.getMembers()) { users.get(member).getGroups().remove(group.getId()); } // Clear the members list group.getMembers().clear(); }
/** * Persist association between users and groups. * * @param users * The existing users. * @param cacheGroups * The groups already persisted in database. * @return the amount of persisted relations. */ private int persistMemberships(final Map<String, UserOrg> users, final Map<String, CacheGroup> cacheGroups, final Map<String, CacheCompany> cacheCompanies) { int memberships = 0; for (final UserOrg user : users.values()) { // Persist users final CacheUser entity = createInternal(user, cacheCompanies); for (final String group : user.getGroups()) { addUserToGroupInternal(entity, cacheGroups.get(group)); memberships++; } } return memberships; }
final Collection<String> groups) { final Collection<String> newGroups = new HashSet<>(userOrg.getGroups()); newGroups.addAll(groups); for (final String oldGroup : userOrg.getGroups()) { final String oldGroupDn = getGroup().findById(oldGroup).getDn(); if (!groups.contains(oldGroup) && canWrite(delegates, oldGroupDn, DelegateType.GROUP)) {
/** * Remove the user from the given group. Cache is also updated but only in group members. * * @param user * The user to remove from the given group. * @param group * The group to update. */ public void removeUserFromGroup(final UserOrg user, final GroupOrg group) { // Remove from JPA cache cache.removeUserFromGroup(user, group); // Also update the membership cache user.getGroups().remove(group.getId()); group.getMembers().remove(user.getId()); }
/** * Add the user to the given group.Cache is also updated. * * @param user * The user to add to the other group. * @param group * The group to update. */ public void addUserToGroup(final UserOrg user, final GroupOrg group) { // Add to JPA cache cache.addUserToGroup(user, group); // Also update the membership cache group.getMembers().add(user.getId()); user.getGroups().add(group.getId()); }
/** * Update the membership of given group. All users are checked. */ private void updateMembership(final Map<String, UserOrg> result, final Entry<String, GroupOrg> groupEntry) { final GroupOrg groupLdap = groupEntry.getValue(); final String group = groupLdap.getId(); new ArrayList<>(groupLdap.getMembers()).forEach(dn -> { // Extract the UID final String uid = DnUtils.toRdn(dn); // Remove this DN from the members, it would be replaced by the RDN form groupLdap.getMembers().remove(dn); // Check the broken UID reference final UserOrg user = result.get(uid); if (user == null) { if (!dn.startsWith(GroupLdapRepository.DEFAULT_MEMBER_DN)) { // It is a real broken reference log.warn("Broken user UID reference found '{}' --> {}", groupLdap.getDn(), uid); } } else { if (!dn.equalsIgnoreCase(user.getDn())) { log.warn("Broken user DN reference found '{}' --> {}, instead of {}", groupLdap.getDn(), dn, user.getDn()); } user.getGroups().add(group); // Finally, add the RDN (UID) of this user to replace the groupLdap.getMembers().add(uid); } }); }
/** * Return a specific user from his/her login. When user does not exist or is within a non visible company, return a * 404. * * @param user * The user to find. A normalized form will be used for the search. * @return found user. Never <code>null</code>. */ @GET @Path("{user:" + SimpleUser.USER_PATTERN + "}") public UserOrg findById(@PathParam("user") final String user) { final UserOrg rawUserOrg = getUser().findByIdExpected(securityHelper.getLogin(), Normalizer.normalize(user)); // Check if the user lock status without using cache getUser().checkLockStatus(rawUserOrg); // User has been found, secure the object regarding the visible groups final UserOrg securedUserOrg = new UserOrg(); rawUserOrg.copy(securedUserOrg); // Show only the groups of user that are also visible to current user final Set<GroupOrg> visibleGroups = groupResource.getContainers(); securedUserOrg .setGroups(visibleGroups.stream().filter(mGroup -> rawUserOrg.getGroups().contains(mGroup.getId())) .sorted().map(GroupOrg::getName).collect(Collectors.toList())); return securedUserOrg; }
.filter(mGroup -> rawUserOrg.getGroups().contains(mGroup.getId())).map(mGroup -> { final GroupVo vo = new GroupVo(); vo.setCanWrite(writableGroups.contains(mGroup));
@Override public void delete(final UserOrg user) { final Name userDn = org.springframework.ldap.support.LdapUtils.newLdapName(user.getDn()); // Delete the user from LDAP template.unbind(userDn); // Remove user from all groups removeUserFromGroups(user, user.getGroups()); // Remove the user from the cache cacheRepository.delete(user); }
/** * Performs an operation on a group and a user. * * @param user * The user to move. * @param group * The group to update. * @param updater * The function to execute on computed groups of current user. */ private void updateGroupUser(final String user, final String group, final BiFunction<Collection<String>, String, Boolean> updater) { // Get all delegates of current user final List<DelegateOrg> delegates = delegateRepository.findAllByUser(securityHelper.getLogin()); // Get the implied user final UserOrg userOrg = getUser().findByIdExpected(user); // Check the implied group validateWriteGroup(group, delegates); // Compute the new groups final Set<String> newGroups = new HashSet<>(userOrg.getGroups()); final boolean updated = updater.apply(newGroups, group); if (updated) { // Replace the user groups by the normalized groups including the // one we have just updated final Collection<String> mergedGroups = mergeGroups(delegates, userOrg, newGroups); // Update membership getUser().updateMembership(new ArrayList<>(mergedGroups), userOrg); } }
editUser.setDepartment(user.getDepartment()); editUser.setLocalId(user.getLocalId()); editUser.setGroups(user.getGroups());
@Override public void move(final UserOrg user, final CompanyOrg company) { final LdapName newDn = org.springframework.ldap.support.LdapUtils .newLdapName(buildDn(user.getId(), company.getDn())); final LdapName oldDn = org.springframework.ldap.support.LdapUtils.newLdapName(user.getDn()); template.rename(oldDn, newDn); user.setDn(newDn.toString()); user.setCompany(company.getId()); cacheRepository.update(user); // Also, update the groups of this user user.getGroups().forEach(g -> groupLdapRepository.updateMemberDn(g, oldDn.toString(), newDn.toString())); }