Example 1 with AuthUser
use of com.mercedesbenz.sechub.domain.authorization.AuthUser in project sechub by mercedes-benz.
the class AuthUserUpdateRolesService method internalUpdateRoles.
/**
* Why this retry mechanism? The update role event can happen multiple times -
* so an optimistic lock may happen. But last event shall override.
*
* @param userId
* @param roles
* @param retryCount
*/
private void internalUpdateRoles(String userId, Set<String> roles, int retryCount) {
if (retryCount > MAX_RETRY_COUNT) {
LOG.error("Maximum retry count exceeded ({}), cannot update user {} with roles {}", MAX_RETRY_COUNT, userId, roles);
return;
}
AuthUser user = authUserRepository.findOrFail(userId);
LOG.debug("Current auth roles of user '{}'. Roles: superadmin={}, user={}, owner={}", userId, user.isRoleSuperAdmin(), user.isRoleUser(), user.isRoleOwner());
/* reset all flags */
user.setRoleSuperAdmin(false);
user.setRoleOwner(false);
user.setRoleUser(false);
/* set only flags where role is defined */
for (String role : roles) {
if (isSuperAdminRole(role)) {
user.setRoleSuperAdmin(true);
} else if (isUserRole(role)) {
user.setRoleUser(true);
} else if (isOwnerRole(role)) {
user.setRoleOwner(true);
}
}
LOG.info("Updated auth roles of user '{}'. Roles: superadmin={}, user={}, owner={}", userId, user.isRoleSuperAdmin(), user.isRoleUser(), user.isRoleOwner());
try {
authUserRepository.save(user);
} catch (OptimisticLockingFailureException e) {
/*
* when this happens we do not really care! reason: last event is the event that
* matters!
*/
LOG.warn("Optimistic lock failure, ai user has already been changed. Because last event overrides all we do a retry");
internalUpdateRoles(userId, roles, retryCount++);
}
}
Also used :
OptimisticLockingFailureException(org.springframework.dao.OptimisticLockingFailureException)
AuthUser(com.mercedesbenz.sechub.domain.authorization.AuthUser)
Example 2 with AuthUser
use of com.mercedesbenz.sechub.domain.authorization.AuthUser in project sechub by mercedes-benz.
the class AuthUserUpdateRolesServiceTest method a_user_having_role_superadmin_and_updated_with_empty_list_has_no_roles_at_all.
@Test
public void a_user_having_role_superadmin_and_updated_with_empty_list_has_no_roles_at_all() {
/* prepare */
AuthUser user = new AuthUser();
user.setRoleSuperAdmin(true);
when(authUserRepository.findOrFail("user")).thenReturn(user);
/* execute */
serviceToTest.updateRoles("user", new LinkedHashSet<>());
/* test */
assertFalse(user.isRoleUser());
assertFalse(user.isRoleOwner());
assertFalse(user.isRoleSuperAdmin());
}Example 3 with AuthUser
use of com.mercedesbenz.sechub.domain.authorization.AuthUser in project sechub by mercedes-benz.
the class AuthUserUpdateRolesServiceTest method a_user_having_no_role_and_updated_as_superadmin_has_role_superadmin.
@Test
public void a_user_having_no_role_and_updated_as_superadmin_has_role_superadmin() {
/* prepare */
AuthUser user = new AuthUser();
when(authUserRepository.findOrFail("user")).thenReturn(user);
/* execute */
serviceToTest.updateRoles("user", Collections.singleton(RoleConstants.ROLE_SUPERADMIN));
/* test */
assertFalse(user.isRoleUser());
assertFalse(user.isRoleOwner());
assertTrue(user.isRoleSuperAdmin());
}Example 4 with AuthUser
use of com.mercedesbenz.sechub.domain.authorization.AuthUser in project sechub by mercedes-benz.
the class AuthUserUpdateRolesServiceTest method a_user_having_no_role_and_updated_as_owner_has_role_owner.
@Test
public void a_user_having_no_role_and_updated_as_owner_has_role_owner() {
/* prepare */
AuthUser user = new AuthUser();
when(authUserRepository.findOrFail("user")).thenReturn(user);
/* execute */
serviceToTest.updateRoles("user", Collections.singleton(RoleConstants.ROLE_OWNER));
/* test */
assertFalse(user.isRoleUser());
assertTrue(user.isRoleOwner());
assertFalse(user.isRoleSuperAdmin());
}Example 5 with AuthUser
use of com.mercedesbenz.sechub.domain.authorization.AuthUser in project sechub by mercedes-benz.
the class AuthUserUpdateRolesServiceTest method when_update_service_is_called_the_user_entity_is_persisted_after_changed.
@Test
public void when_update_service_is_called_the_user_entity_is_persisted_after_changed() {
/* prepare */
AuthUser user = mock(AuthUser.class);
when(authUserRepository.findOrFail("user")).thenReturn(user);
/* execute */
serviceToTest.updateRoles("user", new LinkedHashSet<>(Arrays.asList(RoleConstants.ROLE_USER)));
/* test */
InOrder inOrder = inOrder(authUserRepository, user, user, user, user, authUserRepository);
// first get it
inOrder.verify(authUserRepository).findOrFail("user");
// reset flags
inOrder.verify(user).setRoleSuperAdmin(false);
inOrder.verify(user).setRoleOwner(false);
inOrder.verify(user).setRoleUser(false);
// set as role owner
inOrder.verify(user).setRoleUser(true);
// after this save the changed entity
inOrder.verify(authUserRepository).save(user);
}Aggregations
AuthUser (com.mercedesbenz.sechub.domain.authorization.AuthUser)12
Test (org.junit.Test)9
IsSendingAsyncMessage (com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage)1
UseCaseAdminAcceptsSignup (com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminAcceptsSignup)1
UseCaseUserClicksLinkToGetNewAPIToken (com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserClicksLinkToGetNewAPIToken)1
InOrder (org.mockito.InOrder)1
OptimisticLockingFailureException (org.springframework.dao.OptimisticLockingFailureException)1
