mapJsonToObjectList(new UserRole(),s,UserRole.class);
@Override public List<Permission> getPermissionsFromRole(Role role) { return role.getRolePermissions(); }
@Override public void setUserRole(UserRole userRole) { BatchStatement batch = new BatchStatement(); batch.add(userRoleAccessor.insertUserRoleStatement( userRole.getUserID().toString(), userRole.getApplicationName().toString(), userRole.getRole().toString() )); batch.add(appRoleAccessor.insertAppRoleStatement( userRole.getApplicationName().toString(), userRole.getUserID().toString(), userRole.getRole().toString() )); manager.getSession().execute(batch); }
UserRole convertAppRoleToUserRole(Application.Name applicationName, AppRole appRole) { Role role = Role.toRole(appRole.getRole()); UserInfo.Username userID = UserInfo.Username.valueOf(appRole.getUserId()); UserInfo userInfo = getUserInfo(userID); if (userInfo == null) { userInfo = lookupUser(userID); } return UserRole.newInstance(applicationName, role) .withUserID(userID) .withUserEmail(userInfo.getEmail()) .withFirstName(userInfo.getFirstName()) .withLastName(userInfo.getLastName()) .build(); }
@Override public void assignUserToSuperAdminRole(final UserInfo candidateUserInfo, final UserInfo assigningUserInfo) { LOGGER.debug("Assigning super admin role to user={} by user={} ", candidateUserInfo, assigningUserInfo); UserRoleList userRoleList = getUserRoleList(candidateUserInfo.getUsername()); LOGGER.debug("User role list {}", userRoleList); boolean isSuperAdmin = userRoleList.getRoleList().stream().anyMatch((UserRole ur) -> ur.getRole().equals(Role.SUPERADMIN)); Preconditions.checkArgument(!isSuperAdmin, "User %s is already a superadmin", candidateUserInfo.getUsername()); authorizationRepository.assignUserToSuperAdminRole(candidateUserInfo); eventLog.postEvent(new AuthorizationChangeEvent(assigningUserInfo, null, candidateUserInfo, null, Role.SUPERADMIN.toString())); }
@Override public UserPermissionsList getUserPermissionsList(UserInfo.Username userID) { UserPermissionsList userPermissionsList = new UserPermissionsList(); Optional<UserPermissions> superAdminUserPermissions = getSuperAdminUserPermissions(userID, WILDCARD); if (superAdminUserPermissions.isPresent()) { List<String> allAppNames = getAllApplicationNameFromApplicationList(); allAppNames.stream() .map(t -> UserPermissions.newInstance( Application.Name.valueOf(t), superAdminUserPermissions.get().getPermissions() ).build()) .forEach(userPermissionsList::addPermissions); } else { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRoleList(userID, Optional.empty()); resultList.stream() .filter(t -> t.getRole() != null) .map(t -> UserPermissions.newInstance( Application.Name.valueOf(t.getAppName()) , Role.valueOf(t.getRole()).getRolePermissions()).build() ) .forEach(userPermissionsList::addPermissions); } return userPermissionsList; }
int minPriority = -1; for (UserRole userRole : userRoles) { dbRoles.add(userRole.getRole().getRoleName()); int rolePriority = userRole.getRole().getPriority(); if (rolePriority < minPriority || minPriority == -1) { minPriority = rolePriority; } for (RoleAction ra: userRole.getRole().getRoleActions()) { System.out.println("#########"+ra.getAction().getName()); System.out.println("@@@@@@@@@"+ra.getAction().getId()); map.put(ra.getAction().getName(), ra.getAction().getId()); } }
UserPermissions getAppSpecificPermission(UserInfo.Username username, Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> result = getUserRoleList(username, Optional.ofNullable(applicationName)); if (result.size() != 0) { assert result.size() <= 1 : "More than a single row returned"; com.intuit.wasabi.repository.cassandra.pojo.UserRole role = result.get(0); assert role.getRole() != null : "Role cannot be null"; return UserPermissions.newInstance(applicationName, Role.toRole(role.getRole()).getRolePermissions()) .build(); } return null; }
@Override public UserPermissions checkSuperAdminPermissions(UserInfo.Username userID, Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRolesWithWildcardAppName(userID, applicationName); Optional<com.intuit.wasabi.repository.cassandra.pojo.UserRole> adminRole = resultList .stream() .filter(t -> SUPERADMIN.equalsIgnoreCase(t.getRole())) .findAny(); if (!adminRole.isPresent()) return null; else return UserPermissions.newInstance(applicationName, Role.SUPERADMIN.getRolePermissions()) .build(); } //UserRole related operations
@Override public void checkUserPermissions(UserInfo.Username userID, Application.Name applicationName, Permission permission) { //get the user's permissions for this applicationName UserPermissions userPermissions = getUserPermissions(userID, applicationName); //check that the user is permitted to perform the action if (userPermissions == null || !userPermissions.getPermissions().contains(permission)) { throw new AuthenticationException("error, user " + userID + " not authorized to " + permission .toString() + " on application " + applicationName.toString()); } }
@Override public UserRoleList getApplicationUsers(Application.Name applicationName) { UserRoleList userRoleList = new UserRoleList(); List<AppRole> appRoleList = getAppRoleList(applicationName); appRoleList.stream() .map(t -> convertAppRoleToUserRole(applicationName, t)) .forEach(userRoleList::addRole); return userRoleList; }
private List<Map> updateUserRole( @ApiParam(required = true) UserRoleList userRoleList, @HeaderParam(AUTHORIZATION) @ApiParam(value = EXAMPLE_AUTHORIZATION_HEADER, required = true) String authorizationHeader) { Username subject = authorization.getUser(authorizationHeader); UserInfo admin = authorization.getUserInfo(subject); List<Map> status = newArrayList(); for (UserRole userRole : userRoleList.getRoleList()) { try { authorization.checkUserPermissions(subject, userRole.getApplicationName(), ADMIN); status.add(authorization.setUserRole(userRole, admin)); } catch (AuthenticationException e) { LOGGER.error("Unable to check user permissions", e); status.add(ImmutableMap.<String, String>builder() .put("applicationName", userRole.getApplicationName().toString()) .put("userID", userRole.getUserID().toString()) .put("role", userRole.getRole().toString()) .put("roleAssignmentStatus", "FAILED") .put("reason", "Not Authorized").build()); } } return status; }
private UserRole getRoleWithUserInfo(com.intuit.wasabi.repository.cassandra.pojo.UserRole userRole) { LOGGER.debug("Getting user info for user role={}", userRole); Application.Name appName = userRole.getAppName().equals(ALL_APPLICATIONS) ? WILDCARD : Application.Name.valueOf(userRole.getAppName()); UserInfo userInfo = getUserInfo(UserInfo.Username.valueOf(userRole.getUserId())); UserRole roleWithUserInfo; if (nonNull(userInfo)) { roleWithUserInfo = UserRole.newInstance( appName, Role.toRole(userRole.getRole())). withUserID(UserInfo.Username.valueOf(userRole.getUserId())). withFirstName(userInfo.getFirstName()). withLastName(userInfo.getLastName()). withUserEmail(userInfo.getEmail()).build(); } else { roleWithUserInfo = UserRole.newInstance(appName, Role.toRole(userRole.getRole())) .withUserID(UserInfo.Username.valueOf(userRole.getUserId())).build(); } LOGGER.debug("Role with user info for user role={} is {}", userRole, roleWithUserInfo); return roleWithUserInfo; }
userpersis.getUserRole().clear(); // Let Hibernate know that we're really removing all the references for(UserRole role : user.getUserRole()) { userpersis.getUserRole().add(new UserRole(userpersis,role.getRole())); }
Optional<UserPermissions> getSuperAdminUserPermissions(@Nonnull UserInfo.Username username, @Nonnull Application.Name applicationName) { List<com.intuit.wasabi.repository.cassandra.pojo.UserRole> resultList = getUserRolesWithWildcardAppName( username, applicationName ); return resultList.stream() .filter(t -> SUPERADMIN.equalsIgnoreCase(t.getRole())) .map(m -> UserPermissions.newInstance(applicationName, Role.SUPERADMIN.getRolePermissions()) .build() ) .findAny(); }
public void createUserRole(String role) throws RoleAlreadyExistsException { try { UserRole userRole = new UserRole(role); em.persist(userRole); em.flush(); } catch (Exception e) { throw new RoleAlreadyExistsException(); } }
@Override protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException { Set<String> roleNames = new LinkedHashSet<>(); Collection<UserRole> roles = /* Get roles from your DB, this example use JPA entity, **but you put here any logic you want**...*/ for(UserRole userRole:roles){ roleNames.add(userRole.getRole().getName()); } return roleNames; // return roles so Shiro is 'aware' of roles to add them to current user }
Users user = new Users(); UserProfile myUserProfile = new UserProfile(); UserLogin myUserLogin = new UserLogin(); UserRole myUserRole = new UserRole(); //... set the values ... //then: user.setUserProfile(myUserProfile); user.setUserLogin(myUserLogin); user.setUserRole(myUserRole);
Set<UserRole> roles = new HashSet<UserRole> (); // Guess for roles, should be needed to load them also from the db for(UserRole role : user.getUserRole()) { roles.add(new UserRole(userpersis,role.getRole())); } userpersis.setUserRole(roles);