use of alien4cloud.audit.annotation.Audit in project alien4cloud by alien4cloud.
the class UserController method removeRole.
/**
* Removes a role from a given user.
*
* @param username The unique username of the user from which to remove the role.
* @param role The role to remove to the user.
* @return an empty (void) rest {@link RestResponse}.
*/
@ApiOperation(value = "Remove a role from a user.")
@RequestMapping(value = "/{username}/roles/{role}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasAuthority('ADMIN')")
@Audit
public RestResponse<Void> removeRole(@PathVariable String username, @PathVariable String role, HttpServletResponse servletResponse) {
if (username == null || username.isEmpty()) {
return RestResponseBuilder.<Void>builder().error(RestErrorBuilder.builder(RestErrorCode.ILLEGAL_PARAMETER).message("username cannot be null or empty").build()).build();
}
// This checks that the role exists
String goodRoleToAdd = Role.getStringFormatedRole(role);
if (Role.ADMIN.equals(Role.valueOf(role)) && userService.isAdmin(username) && userService.countAdminUser() == 1) {
servletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
return RestResponseBuilder.<Void>builder().error(RestErrorBuilder.builder(RestErrorCode.DELETE_LAST_ADMIN_ROLE_ERROR).message("It's forbidden to remove the admin role of the last admin user.").build()).build();
}
User user = userService.retrieveUser(username);
String[] roles = user.getRoles();
roles = ArrayUtils.removeElement(roles, goodRoleToAdd);
user.setRoles(roles);
alienUserDao.save(user);
return RestResponseBuilder.<Void>builder().build();
}
Aggregations