public RunAsAdminAuthentication(Account account) { super(AuthorityUtils.createAuthorityList(SecurityRole.ADMINISTRATOR.name())); if (account == null) { this.account = RUNAS_ACCOUNT; } else { this.account = Account.of( account.getName(), account.getFullName(), account.getEmail(), SecurityRole.ADMINISTRATOR, account.getAuthenticationSource() ).withId(account.getId()); } }
@Override public void saveAccount(Account account) { try { getNamedParameterJdbcTemplate().update( "UPDATE ACCOUNTS SET NAME = :name, FULLNAME = :fullName, EMAIL = :email " + "WHERE ID = :id", params("id", account.id()) .addValue("name", account.getName()) .addValue("fullName", account.getFullName()) .addValue("email", account.getEmail()) ); } catch (DuplicateKeyException ex) { throw new AccountNameAlreadyDefinedException(account.getName()); } }
@Override public Account withACL(AuthenticatedAccount raw) { return raw.getAccount() // Global role .withGlobalRole( roleRepository.findGlobalRoleByAccount(raw.getAccount().id()).flatMap(rolesService::getGlobalRole) ) // Project roles .withProjectRoles( roleRepository.findProjectRoleAssociationsByAccount(raw.getAccount().id(), rolesService::getProjectRoleAssociation) ) // Groups from the repository .withGroups( accountGroupRepository.findByAccount(raw.getAccount().id()).stream() .map(this::groupWithACL) .collect(Collectors.toList()) ) // Group contributions .withGroups( accountGroupContributors.stream() .flatMap(accountGroupContributor -> accountGroupContributor.collectGroups(raw).stream()) .map(this::groupWithACL) .collect(Collectors.toList()) ) // OK .lock(); }
public PermissionTarget asPermissionTarget() { return new PermissionTarget( PermissionTargetType.ACCOUNT, id(), getName(), getFullName() ); } }
private Account toAccount(ResultSet rs, Function<String, AuthenticationSource> authenticationSourceFunction) throws SQLException { return Account.of( rs.getString("name"), rs.getString("fullName"), rs.getString("email"), getEnum(SecurityRole.class, rs, "role"), authenticationSourceFunction.apply(rs.getString("mode")) ).withId(id(rs)); }
@Override public Account newAccount(Account account) { try { int id = dbCreate( "INSERT INTO ACCOUNTS (NAME, FULLNAME, EMAIL, MODE, PASSWORD, ROLE) " + "VALUES (:name, :fullName, :email, :mode, :password, :role)", params("name", account.getName()) .addValue("fullName", account.getFullName()) .addValue("email", account.getEmail()) .addValue("mode", account.getAuthenticationSource().getId()) .addValue("password", "") .addValue("role", account.getRole().name()) ); return account.withId(ID.of(id)); } catch (DuplicateKeyException ex) { throw new AccountNameAlreadyDefinedException(account.getName()); } }
@Override public Optional<GlobalRole> getGlobalRoleForAccount(Account account) { return roleRepository.findGlobalRoleByAccount(account.id()) .flatMap(rolesService::getGlobalRole); }
@Override public Account updateAccount(ID accountId, AccountInput input) { securityService.checkGlobalFunction(AccountManagement.class); // Gets the existing account Account account = getAccount(accountId); // Checks if default admin if (account.isDefaultAdmin() && !StringUtils.equals(account.getName(), input.getName())) { throw new AccountDefaultAdminCannotUpdateNameException(); } // Updates it account = account.update(input); // Saves it accountRepository.saveAccount(account); // Updating the password? if (StringUtils.isNotBlank(input.getPassword())) { accountRepository.setPassword(accountId.getValue(), passwordEncoder.encode(input.getPassword())); } // Account groups accountGroupRepository.linkAccountToGroups(account.id(), input.getGroups()); // OK return getAccount(accountId); }
account -> contains(account.getName(), name) || contains(account.getFullName(), name) ); account -> account.getAccountGroups().stream().anyMatch( grp -> contains(grp.getName(), group)
@Override public Account create(AccountInput input, String authenticationSourceMode) { securityService.checkGlobalFunction(AccountManagement.class); // Creates the account Account account = Account.of( input.getName(), input.getFullName(), input.getEmail(), SecurityRole.USER, authenticationSourceService.getAuthenticationSource(authenticationSourceMode) ); // Saves it account = accountRepository.newAccount(account); // Account groups accountGroupRepository.linkAccountToGroups(account.id(), input.getGroups()); // OK return account; }
@Override public Ack changePassword(PasswordChange input) { // Checks the account Account account = securityService.getCurrentAccount(); if (account == null) { throw new AccessDeniedException("Must be logged to change password."); } else if (!account.getAuthenticationSource().isAllowingPasswordChange()) { throw new AccessDeniedException("Password change is not allowed from ontrack."); } else if (!accountRepository.checkPassword( account.id(), encodedPassword -> passwordEncoder.matches(input.getOldPassword(), encodedPassword) )) { throw new UserOldPasswordException(); } else { accountRepository.setPassword( account.id(), passwordEncoder.encode(input.getNewPassword()) ); return Ack.OK; } } }
private Optional<GlobalPermission> getGlobalPermission(Account account) { Optional<String> roleId = roleRepository.findGlobalRoleByAccount(account.id()); if (roleId.isPresent()) { Optional<GlobalRole> globalRole = rolesService.getGlobalRole(roleId.get()); if (globalRole.isPresent()) { return Optional.of( new GlobalPermission( account.asPermissionTarget(), globalRole.get() ) ); } } return Optional.empty(); }
@Override public List<Account> getAccounts() { securityService.checkGlobalFunction(AccountManagement.class); return accountRepository.findAll(authenticationSourceService::getAuthenticationSource) .stream() .map(account -> account.withGroups(accountGroupRepository.findByAccount(account.id()))) .collect(Collectors.toList()); }
@Override public boolean isProjectFavourite(Project project) { return securityService.isProjectFunctionGranted(project, ProjectView.class) && securityService.getAccount().filter(account -> account.getId().isSet()) .map(account -> repository.isProjectFavourite( account.id(), project.id() )).orElse(false); }
@Override public String getUsername() { return account.getName(); }
public AccountCall(String name, SecurityRole role) { this(Account.of(name, name, name + "@test.com", role, AuthenticationSource.none())); }
@Override public Collection<? extends GrantedAuthority> getAuthorities() { return AuthorityUtils.createAuthorityList(account.getRole().getRoleName()); }
public AccountCall withId(int id) { return new AccountCall(account.withId(ID.of(id))); } }
.description("Source of authentication (builtin, ldap, etc.)") .type(GraphQLString) .dataFetcher(environment -> ((Account) environment.getSource()).getAuthenticationSource().getId()) .build()
@SafeVarargs public final T with(Class<? extends GlobalFunction>... fn) { account.withGlobalRole( Optional.of( new GlobalRole( "test", "Test global role", "", ImmutableSet.copyOf(fn), Collections.emptySet() ) ) ); //noinspection unchecked return (T) this; }