@GET @Path("/groups") @Produces(APPLICATION_JSON) @Permissions( @Permission(value = RolePermission.MANAGEMENT_USERS, acls = RolePermissionAction.READ) ) public List<UserGroupEntity> getGroups(@PathParam("id") String userId) { List<UserGroupEntity> groups = new ArrayList<>(); RoleScope[] scopes = {RoleScope.API, RoleScope.APPLICATION, RoleScope.GROUP}; groupService.findByUser(userId).forEach(groupEntity -> { UserGroupEntity userGroupEntity = new UserGroupEntity(); userGroupEntity.setId(groupEntity.getId()); userGroupEntity.setName(groupEntity.getName()); userGroupEntity.setRoles(new HashMap<>()); for (RoleScope scope: scopes) { RoleEntity role = membershipService.getRole(MembershipReferenceType.GROUP, groupEntity.getId(), userId, scope); if (role != null) { userGroupEntity.getRoles().put(role.getScope().name(), role.getName()); } } groups.add(userGroupEntity); }); return groups; }
@GET @Path("/groups") @Produces(APPLICATION_JSON) @Permissions( @Permission(value = RolePermission.MANAGEMENT_USERS, acls = RolePermissionAction.READ) ) public List<UserGroupEntity> getGroups(@PathParam("id") String userId) { List<UserGroupEntity> groups = new ArrayList<>(); RoleScope[] scopes = {RoleScope.API, RoleScope.APPLICATION, RoleScope.GROUP}; groupService.findByUser(userId).forEach(groupEntity -> { UserGroupEntity userGroupEntity = new UserGroupEntity(); userGroupEntity.setId(groupEntity.getId()); userGroupEntity.setName(groupEntity.getName()); userGroupEntity.setRoles(new HashMap<>()); for (RoleScope scope: scopes) { RoleEntity role = membershipService.getRole(MembershipReferenceType.GROUP, groupEntity.getId(), userId, scope); if (role != null) { userGroupEntity.getRoles().put(role.getScope().name(), role.getName()); } } groups.add(userGroupEntity); }); return groups; }
@Override public void deleteMember(MembershipReferenceType referenceType, String referenceId, String userId) { try { LOGGER.debug("Delete member {} for {} {}", userId, referenceType, referenceId); if (!GROUP.equals(referenceType)) { RoleScope roleScope = getScopeByMembershipReferenceType(referenceType); RoleEntity roleEntity = this.getRole(referenceType, referenceId, userId, roleScope); if (roleEntity != null && PRIMARY_OWNER.name().equals(roleEntity.getName())) { throw new SinglePrimaryOwnerException( referenceType.equals(API) ? RoleScope.API : RoleScope.APPLICATION ); } } Membership membership = new Membership(userId, referenceId, referenceType); membershipRepository.delete(membership); createAuditLog(MEMBERSHIP_DELETED, new Date(), membership, null); } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to delete member {} for {} {}", userId, referenceType, referenceId, ex); throw new TechnicalManagementException("An error occurs while trying to delete member " + userId + " for " + referenceType + " " + referenceId, ex); } }
@Override public void deleteMember(MembershipReferenceType referenceType, String referenceId, String userId) { try { LOGGER.debug("Delete member {} for {} {}", userId, referenceType, referenceId); if (!GROUP.equals(referenceType)) { RoleScope roleScope = getScopeByMembershipReferenceType(referenceType); RoleEntity roleEntity = this.getRole(referenceType, referenceId, userId, roleScope); if (roleEntity != null && PRIMARY_OWNER.name().equals(roleEntity.getName())) { throw new SinglePrimaryOwnerException( referenceType.equals(API) ? RoleScope.API : RoleScope.APPLICATION ); } } Membership membership = new Membership(userId, referenceId, referenceType); membershipRepository.delete(membership); createAuditLog(MEMBERSHIP_DELETED, new Date(), membership, null); } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to delete member {} for {} {}", userId, referenceType, referenceId, ex); throw new TechnicalManagementException("An error occurs while trying to delete member " + userId + " for " + referenceType + " " + referenceId, ex); } }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
private void transferOwnership(MembershipReferenceType membershipReferenceType, RoleScope roleScope, String itemId, MembershipUser user, RoleEntity newPrimaryOwnerRole) { final RoleEntity newRole = (newPrimaryOwnerRole != null) ? newPrimaryOwnerRole : roleService.findDefaultRoleByScopes(roleScope).get(0); // Set the new primary owner MemberEntity newPrimaryOwner = this.addOrUpdateMember( new MembershipReference(membershipReferenceType, itemId), new MembershipUser(user.getId(), user.getReference()), new MembershipRole(roleScope, PRIMARY_OWNER.name())); // Update the role for previous primary_owner this.getMembers(membershipReferenceType, itemId, roleScope, PRIMARY_OWNER.name()) .stream() .filter(memberEntity -> ! memberEntity.getId().equals(newPrimaryOwner.getId())) .forEach(m -> this.addOrUpdateMember( new MembershipReference(membershipReferenceType, itemId), new MembershipUser(m.getId(), null), new MembershipRole(roleScope, newRole.getName()), true)); }
private void transferOwnership(MembershipReferenceType membershipReferenceType, RoleScope roleScope, String itemId, MembershipUser user, RoleEntity newPrimaryOwnerRole) { final RoleEntity newRole = (newPrimaryOwnerRole != null) ? newPrimaryOwnerRole : roleService.findDefaultRoleByScopes(roleScope).get(0); // Set the new primary owner MemberEntity newPrimaryOwner = this.addOrUpdateMember( new MembershipReference(membershipReferenceType, itemId), new MembershipUser(user.getId(), user.getReference()), new MembershipRole(roleScope, PRIMARY_OWNER.name())); // Update the role for previous primary_owner this.getMembers(membershipReferenceType, itemId, roleScope, PRIMARY_OWNER.name()) .stream() .filter(memberEntity -> ! memberEntity.getId().equals(newPrimaryOwner.getId())) .forEach(m -> this.addOrUpdateMember( new MembershipReference(membershipReferenceType, itemId), new MembershipUser(m.getId(), null), new MembershipRole(roleScope, newRole.getName()), true)); }
throw new DefaultRoleNotFoundException(); membershipService.removeRoleUsage(scope, name, defaultRoleByScopes.get(0).getName());
private void addDefaultMembership(User user) { RoleScope[] scopes = {RoleScope.MANAGEMENT, RoleScope.PORTAL}; List<RoleEntity> defaultRoleByScopes = roleService.findDefaultRoleByScopes(scopes); if (defaultRoleByScopes == null || defaultRoleByScopes.isEmpty()) { throw new DefaultRoleNotFoundException(scopes); } for (RoleEntity defaultRoleByScope : defaultRoleByScopes) { switch (defaultRoleByScope.getScope()) { case MANAGEMENT: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.MANAGEMENT, defaultRoleByScope.getName())); break; case PORTAL: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.PORTAL, defaultRoleByScope.getName())); break; default: break; } } }
private void addDefaultMembership(User user) { RoleScope[] scopes = {RoleScope.MANAGEMENT, RoleScope.PORTAL}; List<RoleEntity> defaultRoleByScopes = roleService.findDefaultRoleByScopes(scopes); if (defaultRoleByScopes == null || defaultRoleByScopes.isEmpty()) { throw new DefaultRoleNotFoundException(scopes); } for (RoleEntity defaultRoleByScope : defaultRoleByScopes) { switch (defaultRoleByScope.getScope()) { case MANAGEMENT: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.MANAGEMENT, defaultRoleByScope.getName())); break; case PORTAL: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.PORTAL, defaultRoleByScope.getName())); break; default: break; } } }
private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
@Override public RoleEntity create(final NewRoleEntity roleEntity) { try { Role role = convert(roleEntity); if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) { throw new RoleAlreadyExistsException(role.getScope(), role.getName()); } role.setCreatedAt(new Date()); role.setUpdatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.create(role)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role); if (entity.isDefaultRole()) { toggleDefaultRole(convert(roleEntity.getScope()), entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex); } }
@Override public RoleEntity create(final NewRoleEntity roleEntity) { try { Role role = convert(roleEntity); if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) { throw new RoleAlreadyExistsException(role.getScope(), role.getName()); } role.setCreatedAt(new Date()); role.setUpdatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.create(role)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role); if (entity.isDefaultRole()) { toggleDefaultRole(convert(roleEntity.getScope()), entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex); } }
private void addUserToApiAndAppGroupsWithDefaultRole(String userId, Collection<GroupEntity> groupsToAdd) { // Get the default role from system List<RoleEntity> roleEntities = roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION); // Add groups to user for (GroupEntity groupEntity : groupsToAdd) { for (RoleEntity roleEntity : roleEntities) { String defaultRole = roleEntity.getName(); // If defined, get the override default role at the group level if (groupEntity.getRoles() != null) { String groupDefaultRole = groupEntity.getRoles().get(io.gravitee.management.model.permissions.RoleScope.valueOf(roleEntity.getScope().name())); if (groupDefaultRole != null) { defaultRole = groupDefaultRole; } } membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.GROUP, groupEntity.getId()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole(mapScope(roleEntity.getScope()), defaultRole)); } } }
private void addUserToApiAndAppGroupsWithDefaultRole(String userId, Collection<GroupEntity> groupsToAdd) { // Get the default role from system List<RoleEntity> roleEntities = roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION); // Add groups to user for (GroupEntity groupEntity : groupsToAdd) { for (RoleEntity roleEntity : roleEntities) { String defaultRole = roleEntity.getName(); // If defined, get the override default role at the group level if (groupEntity.getRoles() != null) { String groupDefaultRole = groupEntity.getRoles().get(io.gravitee.management.model.permissions.RoleScope.valueOf(roleEntity.getScope().name())); if (groupDefaultRole != null) { defaultRole = groupDefaultRole; } } membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.GROUP, groupEntity.getId()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole(mapScope(roleEntity.getScope()), defaultRole)); } } }
@Override public RoleEntity update(final UpdateRoleEntity roleEntity) { if (isReserved(roleEntity.getName())) { throw new RoleReservedNameException(roleEntity.getName()); } RoleScope scope = convert(roleEntity.getScope()); try { Optional<Role> optRole = roleRepository.findById(scope, roleEntity.getName()); if (!optRole.isPresent()) { throw new RoleNotFoundException(scope, roleEntity.getName()); } Role role = optRole.get(); Role updatedRole = convert(roleEntity); updatedRole.setCreatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.update(updatedRole)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope()+":"+role.getName()), ROLE_UPDATED, updatedRole.getUpdatedAt(), role, updatedRole); if (entity.isDefaultRole()) { toggleDefaultRole(scope, entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to update role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to update role " + roleEntity.getName(), ex); } }
private MemberEntity convert(Membership membership, RoleScope roleScope) { final MemberEntity member = new MemberEntity(); final UserEntity userEntity = userService.findById(membership.getUserId()); final RoleEntity role = getRole( membership.getReferenceType(), membership.getReferenceId(), membership.getUserId(), roleScope); // because API and APPLICATION RoleScope is not mandatory for a group, // role could be null if (role == null) { return null; } member.setPermissions(role.getPermissions()); member.setId(membership.getUserId()); member.setCreatedAt(membership.getCreatedAt()); member.setUpdatedAt(membership.getUpdatedAt()); member.setRole(role.getName()); member.setDisplayName(userEntity.getDisplayName()); member.setEmail(userEntity.getEmail()); return member; }
private MemberEntity convert(Membership membership, RoleScope roleScope) { final MemberEntity member = new MemberEntity(); final UserEntity userEntity = userService.findById(membership.getUserId()); final RoleEntity role = getRole( membership.getReferenceType(), membership.getReferenceId(), membership.getUserId(), roleScope); // because API and APPLICATION RoleScope is not mandatory for a group, // role could be null if (role == null) { return null; } member.setPermissions(role.getPermissions()); member.setId(membership.getUserId()); member.setCreatedAt(membership.getCreatedAt()); member.setUpdatedAt(membership.getUpdatedAt()); member.setRole(role.getName()); member.setDisplayName(userEntity.getDisplayName()); member.setEmail(userEntity.getEmail()); return member; }