Examples with UserGroup com.emc.storageos.db.client.model.UserGroup used on opensource projects

Example 11 with UserGroup

use of com.emc.storageos.db.client.model.UserGroup in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method updateUserVdcRolesBasedOnUserGroup.

/**
 * Add the vdc roles to the user based on the user group in the
 * vdc role-assignments.
 *
 * @param user who's roles to be updated based on the user group in the
 *            vdc role-assignments.
 * @param vdc to get its role-assignments.
 */
private void updateUserVdcRolesBasedOnUserGroup(StorageOSUser user, VirtualDataCenter vdc) {
    if (user == null || vdc == null) {
        _log.error("Invalid user {} or vdc {}", user, vdc);
        return;
    }
    StringSetMap roleAssignments = vdc.getRoleAssignments();
    Map<UserGroup, StringSet> userGroupsWithRoles = getUserGroupsFromRoleAssignments(roleAssignments);
    if (CollectionUtils.isEmpty(userGroupsWithRoles)) {
        _log.info("There are no role assignments for VDC {} with user group", vdc.getLabel());
        return;
    }
    StringSet roleSet = findAllRolesToAdd(user, userGroupsWithRoles);
    if (CollectionUtils.isEmpty(roleSet)) {
        _log.debug("There are no roles found for user group in the vdc {}", vdc.getLabel());
        return;
    }
    for (String role : roleSet) {
        if (isRoleZoneLevel(role)) {
            _log.debug("Adding the vdc role {} to the user {}", role, user.getDistinguishedName());
            user.addRole(role);
        }
    }
}

Example 12 with UserGroup

use of com.emc.storageos.db.client.model.UserGroup in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method findAllRolesToAdd.

/**
 * Compares all the AD/LDAP attributes of user with configured user group
 * to find if the user's attaches matches with any of the user attributes and
 * get the role associated with that user group to add the user or
 * tenant.
 *
 * @param user attributes of the user to be compared with the user group.
 * @param userGroupsWithRoles a map contains all the user group
 *            and the all the roles associated with that groups.
 * @return returns all the roles of the user group that matches with the
 *         user's attributes.
 */
private StringSet findAllRolesToAdd(StorageOSUser user, Map<UserGroup, StringSet> userGroupsWithRoles) {
    StringSet rolesToAdd = null;
    if (CollectionUtils.isEmpty(userGroupsWithRoles)) {
        _log.error("Invalid user group and roles.");
        return rolesToAdd;
    }
    rolesToAdd = new StringSet();
    for (Map.Entry<UserGroup, StringSet> userGroupEntry : userGroupsWithRoles.entrySet()) {
        if (CollectionUtils.isEmpty(userGroupEntry.getValue())) {
            continue;
        }
        if (matchUserAttributesToUserGroup(user, userGroupEntry.getKey())) {
            rolesToAdd.addAll(userGroupEntry.getValue());
            ;
        }
    }
    return rolesToAdd;
}

Example 13 with UserGroup

use of com.emc.storageos.db.client.model.UserGroup in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method getUserGroupsFromRoleAssignments.

/**
 * Get all the configured user group from the given
 * role assignments or acls.
 *
 * @param roleAssignments to used to find the user group based in its keyset.
 * @return a map of user group and its corresponding roles.
 */
public Map<UserGroup, StringSet> getUserGroupsFromRoleAssignments(StringSetMap roleAssignments) {
    Map<UserGroup, StringSet> userGroupsWithRoles = null;
    if (CollectionUtils.isEmpty(roleAssignments)) {
        _log.warn("Invalid or Empty role-assignments");
        return userGroupsWithRoles;
    }
    userGroupsWithRoles = new HashMap<UserGroup, StringSet>();
    Set<String> keys = roleAssignments.keySet();
    for (String key : keys) {
        if (StringUtils.isBlank(key)) {
            _log.debug("Invalid entry in the role-assignments");
            continue;
        }
        PermissionsKey permissionsKey = new PermissionsKey();
        permissionsKey.parseFromString(key);
        List<UserGroup> userGroupListList = getAllUserGroupByLabel(permissionsKey.getValue());
        if (CollectionUtils.isEmpty(userGroupListList)) {
            _log.debug("Could not find any user group with label {}", permissionsKey.getValue());
            continue;
        }
        if (userGroupListList.size() > 1) {
            _log.warn("Found more than one user group with label {} in DB. " + "Using the first object in the returned list", permissionsKey.getValue());
        }
        StringSet roleSet = roleAssignments.get(key);
        _log.debug("Adding user group {} with roles", userGroupListList.get(0).getLabel(), roleSet.toString());
        userGroupsWithRoles.put(userGroupListList.get(0), roleSet);
    }
    return userGroupsWithRoles;
}

Example 14 with UserGroup

use of com.emc.storageos.db.client.model.UserGroup in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method updateUserProjectAclBasedOnUserGroup.

/**
 * Update the user's project roles based on the project's acls.
 *
 * @param user who's roles to be found based the attributes and project's acls.
 * @param project to get its acls.
 * @param projectAcls out param, to be updated all the user's roles for this project.
 */
private void updateUserProjectAclBasedOnUserGroup(StorageOSUser user, Project project, Set<String> projectAcls) {
    if (user == null || project == null) {
        _log.error("Invalid user or project", user, project);
        return;
    }
    StringSetMap roleAssignments = project.getAcls();
    Map<UserGroup, StringSet> userGroupsWithRoles = getUserGroupsFromRoleAssignments(roleAssignments);
    if (CollectionUtils.isEmpty(userGroupsWithRoles)) {
        _log.debug("There are no role assignments for project {} with user group", project.getLabel());
        return;
    }
    StringSet roleSet = findAllRolesToAdd(user, userGroupsWithRoles);
    if (CollectionUtils.isEmpty(roleSet)) {
        _log.debug("There are no roles found for user group in the project {}", project.getLabel());
        return;
    }
    for (String role : roleSet) {
        if (isProjectACL(role)) {
            _log.debug("Adding the project acl {} to the user {}", role, user.getDistinguishedName());
            projectAcls.add(role);
        }
    }
}

Example 15 with UserGroup

use of com.emc.storageos.db.client.model.UserGroup in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method updateUserTenantRolesBasedOnUserGroup.

/**
 * Update the user's tenants roles based on the tenant's role-assignments.
 *
 * @param user who's role to be found based the attributes and tenant's role-assignments.
 * @param tenant to get its role-assignments.
 * @param tenantRoles out param, to be updated all the user's roles for this tenant.
 */
private void updateUserTenantRolesBasedOnUserGroup(StorageOSUser user, TenantOrg tenant, Set<String> tenantRoles) {
    if (user == null || tenant == null) {
        _log.error("Invalid user {} or tenant {}", user, tenant);
        return;
    }
    StringSetMap roleAssignments = tenant.getRoleAssignments();
    Map<UserGroup, StringSet> userGroupsWithRoles = getUserGroupsFromRoleAssignments(roleAssignments);
    if (CollectionUtils.isEmpty(userGroupsWithRoles)) {
        _log.debug("There are no role assignments for tenant {} with user group", tenant.getLabel());
        return;
    }
    StringSet roleSet = findAllRolesToAdd(user, userGroupsWithRoles);
    if (CollectionUtils.isEmpty(roleSet)) {
        _log.debug("There are no roles found for user group in the tenant {}", tenant.getLabel());
        return;
    }
    for (String role : roleSet) {
        if (isRoleTenantLevel(role)) {
            _log.debug("Adding the tenant role {} to the user {}", role, user.getDistinguishedName());
            tenantRoles.add(role);
        }
    }
}