Examples with AlertForbiddenOperationException com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException used on opensource projects

Example 6 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultUserAccessorTest method deleteUserReservedIdTest.

@Test
public void deleteUserReservedIdTest() throws Exception {
    UserEntity userEntity = new UserEntity(username, password, emailAddress, 2L);
    userEntity.setId(1L);
    Mockito.when(userRepository.findByUserName(Mockito.eq(username))).thenReturn(Optional.of(userEntity));
    Mockito.when(userRepository.findById(Mockito.any())).thenReturn(Optional.of(userEntity));
    DefaultUserAccessor defaultUserAccessor = new DefaultUserAccessor(userRepository, userRoleRepository, defaultPasswordEncoder, roleAccessor, authenticationTypeAccessor);
    try {
        defaultUserAccessor.deleteUser(username);
        fail("A forbidden userEntity id did not throw the expected AlertForbiddenOperationException");
    } catch (AlertForbiddenOperationException e) {
        assertNotNull(e);
    }
}

Example 7 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class RoleActionsTest method deleteErrorTest.

@Test
public void deleteErrorTest() throws Exception {
    PermissionModel permissionModel = createPermissionModel();
    UserRoleModel userRoleModel = new UserRoleModel(1L, roleName, false, PermissionModelUtil.convertToPermissionMatrixModel(Set.of(permissionModel)));
    Mockito.when(roleAccessor.getRoles(Mockito.anyCollection())).thenReturn(Set.of(userRoleModel));
    Mockito.doThrow(new AlertForbiddenOperationException("Exception for test")).when(authorizationManager).deleteRole(Mockito.anyLong());
    RoleActions roleActions = new RoleActions(userManagementDescriptorKey, roleAccessor, authorizationManager, descriptorMap);
    ActionResponse<RolePermissionModel> rolePermissionModelActionResponse = roleActions.delete(1L);
    assertTrue(rolePermissionModelActionResponse.isError());
    assertFalse(rolePermissionModelActionResponse.hasContent());
    assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, rolePermissionModelActionResponse.getHttpStatus());
}

Example 8 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class UserActionsTest method testDeleteWithoutChecksException.

@Test
public void testDeleteWithoutChecksException() throws AlertForbiddenOperationException {
    UserModel userModel = UserModel.existingUser(id, name, password, emailAddress, authenticationType, roles, true);
    Mockito.when(userAccessor.getUser(id)).thenReturn(Optional.of(userModel));
    Mockito.doThrow(new AlertForbiddenOperationException("Exception for test")).when(userAccessor).deleteUser(id);
    UserActions userActions = new UserActions(userManagementDescriptorKey, userAccessor, roleAccessor, authorizationManager, authenticationTypeAccessor, userSystemValidator);
    ActionResponse<UserConfig> userConfigActionResponse = userActions.deleteWithoutChecks(id);
    assertFalse(userConfigActionResponse.hasContent());
    assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, userConfigActionResponse.getHttpStatus());
}

Example 9 with AlertForbiddenOperationException

use of com.synopsys.integration.alert.common.exception.AlertForbiddenOperationException in project hub-alert by blackducksoftware.

the class DefaultUserAccessor method updateUser.

@Override
@Transactional(propagation = Propagation.REQUIRED)
public UserModel updateUser(UserModel user, boolean passwordEncoded) throws AlertConfigurationException, AlertForbiddenOperationException {
    Long userId = user.getId();
    UserEntity existingUser = userRepository.findById(userId).orElseThrow(() -> new AlertConfigurationException(String.format("No user found with id '%s'", userId)));
    Long existingUserId = existingUser.getId();
    UserEntity savedEntity = existingUser;
    // if it isn't an external user then update username, password, and email.
    Optional<AuthenticationType> authenticationType = authenticationTypeAccessor.getAuthenticationType(existingUser.getAuthenticationType());
    if (authenticationType.isEmpty()) {
        throw new AlertRuntimeException("Unknown Authentication Type, user not updated.");
    } else if (AuthenticationType.DATABASE != authenticationType.get()) {
        boolean isUserNameInvalid = !StringUtils.equals(existingUser.getUserName(), user.getName());
        boolean isEmailInvalid = !StringUtils.equals(existingUser.getEmailAddress(), user.getEmailAddress());
        boolean isPasswordSet = StringUtils.isNotBlank(user.getPassword());
        if (isUserNameInvalid || isEmailInvalid || isPasswordSet) {
            throw new AlertForbiddenOperationException("An external user cannot change its credentials.");
        }
    } else {
        String password = passwordEncoded ? user.getPassword() : defaultPasswordEncoder.encode(user.getPassword());
        UserEntity newEntity = new UserEntity(user.getName(), password, user.getEmailAddress(), user.isExpired(), user.isLocked(), user.isPasswordExpired(), user.isEnabled(), existingUser.getAuthenticationType());
        newEntity.setId(existingUserId);
        savedEntity = userRepository.save(newEntity);
    }
    roleAccessor.updateUserRoles(existingUserId, user.getRoles());
    return createModel(savedEntity);
}