Search in sources :

Example 1 with ActionLogRecord

use of edu.harvard.iq.dataverse.actionlogging.ActionLogRecord in project dataverse by IQSS.

the class ShibGroupServiceBean method delete.

public boolean delete(ShibGroup doomed) throws Exception {
    ActionLogRecord alr = new ActionLogRecord(ActionLogRecord.ActionType.GlobalGroups, "shibDelete");
    alr.setInfo(doomed.getName() + ":" + doomed.getIdentifier());
    List<RoleAssignment> assignments = roleAssigneeSvc.getAssignmentsFor(doomed.getIdentifier());
    if (assignments.isEmpty()) {
        em.remove(doomed);
        actionLogSvc.log(alr);
        return true;
    } else {
        /**
         * @todo Delete role assignments that match this Shib group.
         */
        List<String> assignmentIds = new ArrayList<>();
        for (RoleAssignment assignment : assignments) {
            assignmentIds.add(assignment.getId().toString());
        }
        String message = "Could not delete Shibboleth group id " + doomed.getId() + " due to existing role assignments: " + assignmentIds;
        logger.info(message);
        actionLogSvc.log(alr.setActionResult(ActionLogRecord.Result.BadRequest).setInfo(alr.getInfo() + "// " + message));
        throw new Exception(message);
    }
}
Also used : ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) ArrayList(java.util.ArrayList) NoResultException(javax.persistence.NoResultException) NonUniqueResultException(javax.persistence.NonUniqueResultException)

Example 2 with ActionLogRecord

use of edu.harvard.iq.dataverse.actionlogging.ActionLogRecord in project dataverse by IQSS.

the class AuthenticationServiceBean method deleteAuthenticatedUser.

/**
 * Use with care! This method was written primarily for developers
 * interested in API testing who want to:
 *
 * 1. Create a temporary user and get an API token.
 *
 * 2. Do some work with that API token.
 *
 * 3. Delete all the stuff that was created with the API token.
 *
 * 4. Delete the temporary user.
 *
 * Before calling this method, make sure you've deleted all the stuff tied
 * to the user, including stuff they've created, role assignments, group
 * assignments, etc.
 *
 * Longer term, the intention is to have a "disableAuthenticatedUser"
 * method/command. See https://github.com/IQSS/dataverse/issues/2419
 */
public void deleteAuthenticatedUser(Object pk) {
    AuthenticatedUser user = em.find(AuthenticatedUser.class, pk);
    if (user != null) {
        ApiToken apiToken = findApiTokenByUser(user);
        if (apiToken != null) {
            em.remove(apiToken);
        }
        ConfirmEmailData confirmEmailData = confirmEmailService.findSingleConfirmEmailDataByUser(user);
        if (confirmEmailData != null) {
            /**
             * @todo This could probably be a cascade delete instead.
             */
            em.remove(confirmEmailData);
        }
        userNotificationService.findByUser(user.getId()).forEach(userNotificationService::delete);
        AuthenticationProvider prv = lookupProvider(user);
        if (prv != null && prv.isUserDeletionAllowed()) {
            prv.deleteUser(user.getAuthenticatedUserLookup().getPersistentUserId());
        }
        actionLogSvc.log(new ActionLogRecord(ActionLogRecord.ActionType.Auth, "deleteUser").setInfo(user.getUserIdentifier()));
        em.remove(user.getAuthenticatedUserLookup());
        em.remove(user);
    }
}
Also used : ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord) BuiltinAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider) AbstractOAuth2AuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider) ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider) ApiToken(edu.harvard.iq.dataverse.authorization.users.ApiToken) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) ConfirmEmailData(edu.harvard.iq.dataverse.confirmemail.ConfirmEmailData)

Example 3 with ActionLogRecord

use of edu.harvard.iq.dataverse.actionlogging.ActionLogRecord in project dataverse by IQSS.

the class IpGroupsServiceBean method store.

/**
 * Stores (inserts/updates) the passed IP group.
 * @param grp The group to store.
 * @return Managed version of the group. The provider might be un-set.
 */
public IpGroup store(IpGroup grp) {
    ActionLogRecord alr = new ActionLogRecord(ActionLogRecord.ActionType.GlobalGroups, "ipCreate");
    if (grp.getGroupProvider() != null) {
        alr.setInfo(grp.getIdentifier());
    } else {
        alr.setInfo(grp.getDisplayName());
    }
    alr.setInfo(alr.getInfo() + "// " + grp.getRanges());
    if (grp.getId() == null) {
        if (grp.getPersistedGroupAlias() != null) {
            IpGroup existing = getByGroupName(grp.getPersistedGroupAlias());
            if (existing == null) {
                // new group
                em.persist(grp);
                actionLogSvc.log(alr);
                return grp;
            } else {
                existing.setDescription(grp.getDescription());
                existing.setDisplayName(grp.getDisplayName());
                existing.setIpv4Ranges(grp.getIpv4Ranges());
                existing.setIpv6Ranges(grp.getIpv6Ranges());
                actionLogSvc.log(alr.setActionSubType("ipUpdate"));
                return existing;
            }
        } else {
            actionLogSvc.log(alr);
            em.persist(grp);
            return grp;
        }
    } else {
        actionLogSvc.log(alr.setActionSubType("ipUpdate"));
        return em.merge(grp);
    }
}
Also used : ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord)

Example 4 with ActionLogRecord

use of edu.harvard.iq.dataverse.actionlogging.ActionLogRecord in project dataverse by IQSS.

the class ExternalTools method addExternalTool.

@POST
public Response addExternalTool(String manifest) {
    try {
        ExternalTool externalTool = ExternalToolServiceBean.parseAddExternalToolManifest(manifest);
        ExternalTool saved = externalToolService.save(externalTool);
        Long toolId = saved.getId();
        actionLogSvc.log(new ActionLogRecord(ActionLogRecord.ActionType.ExternalTool, "addExternalTool").setInfo("External tool added with id " + toolId + "."));
        return ok(saved.toJson());
    } catch (Exception ex) {
        return error(BAD_REQUEST, ex.getMessage());
    }
}
Also used : ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord) ExternalTool(edu.harvard.iq.dataverse.externaltools.ExternalTool) POST(javax.ws.rs.POST)

Example 5 with ActionLogRecord

use of edu.harvard.iq.dataverse.actionlogging.ActionLogRecord in project dataverse by IQSS.

the class Admin method toggleSuperuser.

@Path("superuser/{identifier}")
@POST
public Response toggleSuperuser(@PathParam("identifier") String identifier) {
    ActionLogRecord alr = new ActionLogRecord(ActionLogRecord.ActionType.Admin, "toggleSuperuser").setInfo(identifier);
    try {
        AuthenticatedUser user = authSvc.getAuthenticatedUser(identifier);
        user.setSuperuser(!user.isSuperuser());
        return ok("User " + user.getIdentifier() + " " + (user.isSuperuser() ? "set" : "removed") + " as a superuser.");
    } catch (Exception e) {
        alr.setActionResult(ActionLogRecord.Result.InternalError);
        alr.setInfo(alr.getInfo() + "// " + e.getMessage());
        return error(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
    } finally {
        actionLogSvc.log(alr);
    }
}
Also used : ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) AuthenticationProviderFactoryNotFoundException(edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationProviderFactoryNotFoundException) AuthorizationSetupException(edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException) ConfirmEmailException(edu.harvard.iq.dataverse.confirmemail.ConfirmEmailException) ConstraintViolationException(javax.validation.ConstraintViolationException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

ActionLogRecord (edu.harvard.iq.dataverse.actionlogging.ActionLogRecord)16 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)4 ApiToken (edu.harvard.iq.dataverse.authorization.users.ApiToken)3 Timestamp (java.sql.Timestamp)3 EJBException (javax.ejb.EJBException)3 NoResultException (javax.persistence.NoResultException)3 ConstraintViolationException (javax.validation.ConstraintViolationException)3 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 IOException (java.io.IOException)2 Calendar (java.util.Calendar)2 Date (java.util.Date)2 NonUniqueResultException (javax.persistence.NonUniqueResultException)2 Dataverse (edu.harvard.iq.dataverse.Dataverse)1 RoleAssignment (edu.harvard.iq.dataverse.RoleAssignment)1 Permission (edu.harvard.iq.dataverse.authorization.Permission)1 UserRecordIdentifier (edu.harvard.iq.dataverse.authorization.UserRecordIdentifier)1 AuthenticationProviderFactoryNotFoundException (edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationProviderFactoryNotFoundException)1 AuthorizationSetupException (edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException)1 BuiltinAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider)1