Search in sources :

Example 1 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class AuthenticationEventHandler method handle.

@Override
public void handle(AlertAuthenticationEvent event) {
    UserModel user = event.getUser();
    if (null != user) {
        try {
            Optional<UserModel> userModel = userAccessor.getUser(user.getName());
            if (userModel.isPresent() && user.isExternal()) {
                UserModel model = userModel.get();
                UserModel updatedUser = UserModel.existingUser(model.getId(), user.getName(), user.getPassword(), user.getEmailAddress(), user.getAuthenticationType(), user.getRoles(), user.isEnabled());
                userAccessor.updateUser(updatedUser, true);
            } else {
                userAccessor.addUser(user, true);
            }
        } catch (AlertForbiddenOperationException ignored) {
        // Cannot update an external user's credentials
        } catch (AlertConfigurationException ignored) {
        // User already exists. Nothing to do.
        }
    }
}
Also used : UserModel(com.synopsys.integration.alert.common.persistence.model.UserModel) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) AlertConfigurationException(com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)

Example 2 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultRoleAccessorTest method deleteRoleCustomFalseTest.

@Test
public void deleteRoleCustomFalseTest() {
    DefaultRoleAccessor authorizationUtility = new DefaultRoleAccessor(roleRepository, userRoleRepository, permissionMatrixRepository, registeredDescriptorRepository, configContextRepository);
    RoleEntity roleEntity = new RoleEntity("name", false);
    roleEntity.setId(1L);
    Mockito.when(roleRepository.findById(Mockito.any())).thenReturn(Optional.of(roleEntity));
    try {
        authorizationUtility.deleteRole(1L);
        fail("Custom parameter of roleEntity set to 'false' did not throw expected AlertForbiddenOperationException.");
    } catch (AlertForbiddenOperationException e) {
        assertNotNull(e);
    }
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) Test(org.junit.jupiter.api.Test)

Example 3 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method deleteRole.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public void deleteRole(Long roleId) throws AlertForbiddenOperationException {
    Optional<RoleEntity> foundRole = roleRepository.findById(roleId);
    if (foundRole.isPresent()) {
        RoleEntity roleEntity = foundRole.get();
        if (BooleanUtils.isFalse(roleEntity.getCustom())) {
            throw new AlertForbiddenOperationException("Cannot delete the role '" + roleId + "' because it is not a custom role.");
        }
        // Deletion cascades to permissions
        roleRepository.deleteById(roleEntity.getId());
    }
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) Transactional(org.springframework.transaction.annotation.Transactional)

Example 4 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultRoleAccessor method updateRoleName.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public void updateRoleName(Long roleId, String roleName) throws AlertForbiddenOperationException {
    Optional<RoleEntity> foundRole = roleRepository.findById(roleId);
    if (foundRole.isPresent()) {
        RoleEntity roleEntity = foundRole.get();
        if (BooleanUtils.isFalse(roleEntity.getCustom())) {
            throw new AlertForbiddenOperationException("Cannot update the existing role '" + foundRole.get().getRoleName() + "' to '" + roleName + "' because it is not a custom role");
        }
        RoleEntity updatedEntity = new RoleEntity(roleName, true);
        updatedEntity.setId(roleEntity.getId());
        roleRepository.save(updatedEntity);
    }
}
Also used : RoleEntity(com.synopsys.integration.alert.database.user.RoleEntity) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) Transactional(org.springframework.transaction.annotation.Transactional)

Example 5 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultUserAccessorTest method updateUserNonDatabaseAuthInvalidTest.

@Test
public void updateUserNonDatabaseAuthInvalidTest() throws Exception {
    final String roleName = "roleName";
    AuthenticationType authenticationType = AuthenticationType.LDAP;
    UserEntity userEntity = new UserEntity(username, password, emailAddress, 2L);
    userEntity.setId(1L);
    UserEntity existingUserEntity = new UserEntity("usernam-teste", "existing-password", "old-email.noreply@blackducksoftware.com", 2L);
    existingUserEntity.setId(1L);
    UserRoleModel roles = createUserRoleModel(1L, roleName, true);
    UserModel userModel = UserModel.existingUser(1L, username, password, emailAddress, authenticationType, Set.of(roles), true);
    UserRoleRelation userRoleRelation = new UserRoleRelation(1L, 2L);
    UserRoleModel userRoleModel = createUserRoleModel(1L, roleName, true);
    Mockito.when(userRepository.findById(Mockito.any())).thenReturn(Optional.of(existingUserEntity));
    Mockito.when(authenticationTypeAccessor.getAuthenticationType(Mockito.any())).thenReturn(Optional.of(authenticationType));
    Mockito.when(userRepository.save(Mockito.any())).thenReturn(existingUserEntity);
    createModelMocks(userRoleRelation, userRoleModel, authenticationType);
    DefaultUserAccessor defaultUserAccessor = new DefaultUserAccessor(userRepository, userRoleRepository, defaultPasswordEncoder, roleAccessor, authenticationTypeAccessor);
    try {
        defaultUserAccessor.updateUser(userModel, false);
        fail("External user with ? did not throw expected " + AlertForbiddenOperationException.class.getSimpleName());
    } catch (AlertForbiddenOperationException e) {
        assertNotNull(e);
    } catch (AlertConfigurationException wrongException) {
        fail("Wrong exception thrown");
    }
}
Also used : UserModel(com.synopsys.integration.alert.common.persistence.model.UserModel) UserEntity(com.synopsys.integration.alert.database.user.UserEntity) UserRoleModel(com.synopsys.integration.alert.common.persistence.model.UserRoleModel) UserRoleRelation(com.synopsys.integration.alert.database.user.UserRoleRelation) AlertForbiddenOperationException(com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException) AuthenticationType(com.synopsys.integration.alert.common.enumeration.AuthenticationType) AlertConfigurationException(com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException) Test(org.junit.jupiter.api.Test)

Aggregations

AlertForbiddenOperationException (com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException)9 Test (org.junit.jupiter.api.Test)5 AlertConfigurationException (com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)3 UserModel (com.synopsys.integration.alert.common.persistence.model.UserModel)3 RoleEntity (com.synopsys.integration.alert.database.user.RoleEntity)3 UserEntity (com.synopsys.integration.alert.database.user.UserEntity)3 Transactional (org.springframework.transaction.annotation.Transactional)3 AuthenticationType (com.synopsys.integration.alert.common.enumeration.AuthenticationType)2 UserRoleModel (com.synopsys.integration.alert.common.persistence.model.UserRoleModel)2 AlertRuntimeException (com.synopsys.integration.alert.api.common.model.exception.AlertRuntimeException)1 UserRoleRelation (com.synopsys.integration.alert.database.user.UserRoleRelation)1