@Description( "Delete the specified user." ) @Procedure( name = "dbms.security.deleteUser", mode = DBMS ) public void deleteUser( @Name( "username" ) String username ) throws InvalidArgumentsException, IOException { securityContext.assertCredentialsNotExpired(); if ( securityContext.subject().hasUsername( username ) ) { throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." ); } userManager.deleteUser( username ); }
private void assertSelfOrUserManager( String username ) { if ( !subject.hasUsername( username ) ) { assertUserManager(); } }
public static Stream<TransactionTerminationResult> terminateTransactionsForValidUser( DependencyResolver dependencyResolver, String username, KernelTransaction currentTx ) { long terminatedCount = getActiveTransactions( dependencyResolver ) .stream() .filter( tx -> tx.subject().hasUsername( username ) && !tx.isUnderlyingTransaction( currentTx ) ) .map( tx -> tx.markForTermination( Status.Transaction.Terminated ) ) .filter( marked -> marked ) .count(); return Stream.of( new TransactionTerminationResult( username, terminatedCount ) ); }
private boolean isAdminOrSelf( String username ) { return isAdmin() || securityContext.subject().hasUsername( username ); }
protected void terminateTransactionsForValidUser( String username ) { KernelTransaction currentTx = getCurrentTx(); getActiveTransactions() .stream() .filter( tx -> tx.subject().hasUsername( username ) && !tx.isUnderlyingTransaction( currentTx ) ).forEach( tx -> tx.markForTermination( Status.Transaction.Terminated ) ); }
private void setUserPassword( String username, String newPassword, boolean requirePasswordChange ) throws IOException, InvalidArgumentsException { userManager.setUserPassword( username, newPassword, requirePasswordChange ); if ( securityContext.subject().hasUsername( username ) ) { securityContext.subject().setPasswordChangeNoLongerRequired(); } } }
@Override public void removeRoleFromUser( String roleName, String username ) throws IOException, InvalidArgumentsException, AuthorizationViolationException { try { assertUserManager(); if ( subject.hasUsername( username ) && roleName.equals( PredefinedRoles.ADMIN ) ) { throw new InvalidArgumentsException( "Removing yourself (user '" + username + "') from the admin role is not allowed." ); } userManager.removeRoleFromUser( roleName, username ); securityLog.info( subject, "removed role `%s` from user `%s`", roleName, username ); } catch ( AuthorizationViolationException | IOException | InvalidArgumentsException e ) { securityLog.error( subject, "tried to remove role `%s` from user `%s`: %s", roleName, username, e .getMessage() ); throw e; } }
@Override public void activateUser( String username, boolean requirePasswordChange ) throws IOException, InvalidArgumentsException, AuthorizationViolationException { try { assertUserManager(); if ( subject.hasUsername( username ) ) { throw new InvalidArgumentsException( "Activating yourself (user '" + username + "') is not allowed." ); } userManager.activateUser( username, requirePasswordChange ); securityLog.info( subject, "activated user `%s`", username ); } catch ( AuthorizationViolationException | IOException | InvalidArgumentsException e ) { securityLog.error( subject, "tried to activate user `%s`: %s", username, e.getMessage() ); throw e; } }
@Override public void suspendUser( String username ) throws IOException, InvalidArgumentsException, AuthorizationViolationException { try { assertUserManager(); if ( subject.hasUsername( username ) ) { throw new InvalidArgumentsException( "Suspending yourself (user '" + username + "') is not allowed." ); } userManager.suspendUser( username ); securityLog.info( subject, "suspended user `%s`", username ); } catch ( AuthorizationViolationException | IOException | InvalidArgumentsException e ) { securityLog.error( subject, "tried to suspend user `%s`: %s", username, e.getMessage() ); throw e; } }
@Override public boolean deleteUser( String username ) throws IOException, InvalidArgumentsException, AuthorizationViolationException { try { assertUserManager(); if ( subject.hasUsername( username ) ) { throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." ); } boolean wasDeleted = userManager.deleteUser( username ); securityLog.info( subject, "deleted user `%s`", username ); return wasDeleted; } catch ( AuthorizationViolationException | IOException | InvalidArgumentsException e ) { securityLog.error( subject, "tried to delete user `%s`: %s", username, e.getMessage() ); throw e; } }
throws IOException, InvalidArgumentsException, AuthorizationViolationException if ( subject.hasUsername( username ) )
@Description( "Delete the specified user." ) @Procedure( name = "dbms.security.deleteUser", mode = DBMS ) public void deleteUser( @Name( "username" ) String username ) throws InvalidArgumentsException, IOException { securityContext.assertCredentialsNotExpired(); if ( securityContext.subject().hasUsername( username ) ) { throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." ); } userManager.deleteUser( username ); }