Search in sources :

Example 1 with Role

use of io.datarouter.web.user.session.service.Role in project datarouter by hotpads.

the class AdminEditUserHandler method getEditUserDetailsDto.

// TODO DATAROUTER-2788
private EditUserDetailsDto getEditUserDetailsDto(String username) {
    SessionBasedUser user = userInfo.getUserByUsername(username, false).orElseThrow();
    Set<Role> roles = userInfo.getRolesByUsername(username, false);
    List<PermissionRequestDto> permissionRequests = datarouterPermissionRequestDao.scanPermissionRequestsForUser(user.getId()).listTo(requests -> Scanner.of(datarouterUserHistoryService.getResolvedRequestToHistoryChangesMap(requests).entrySet())).sort(Comparator.comparing(Entry::getKey, DatarouterPermissionRequest.REVERSE_CHRONOLOGICAL_COMPARATOR)).map(this::buildPermissionRequestDto).list();
    return new EditUserDetailsDto(user.getUsername(), user.getId().toString(), user.getToken(), permissionRequests, deprovisionedUserDao.find(new DeprovisionedUserKey(username)).map(DeprovisionedUser::toDto).orElseGet(() -> buildDeprovisionedUserDto(user, roles)), roleManager.getConferrableRoles(getSessionInfo().getRoles()), roles, datarouterAccountUserService.getAllAccountNamesWithUserMappingsEnabled(), datarouterAccountUserService.findAccountNamesForUser(user), true, "", // zoneId can be configured through the UI, fallback to system default
    user.getZoneId().map(ZoneId::getId).orElse(ZoneId.systemDefault().getId()));
}
Also used : Role(io.datarouter.web.user.session.service.Role) Scanner(io.datarouter.scanner.Scanner) DatarouterUserExternalDetailService(io.datarouter.web.user.detail.DatarouterUserExternalDetailService) Arrays(java.util.Arrays) ResponseTool(io.datarouter.web.util.http.ResponseTool) PathNode(io.datarouter.pathnode.PathNode) BiFunction(java.util.function.BiFunction) DatarouterAuthFiles(io.datarouter.auth.config.DatarouterAuthFiles) DatarouterUserCreationService(io.datarouter.auth.service.DatarouterUserCreationService) DatarouterUserService(io.datarouter.auth.service.DatarouterUserService) Map(java.util.Map) InContextRedirectMav(io.datarouter.web.handler.mav.imp.InContextRedirectMav) ServerTypeDetector(io.datarouter.storage.servertype.ServerTypeDetector) DatarouterWebJsTool(io.datarouter.web.js.DatarouterWebJsTool) Collection(java.util.Collection) Set(java.util.Set) Collectors(java.util.stream.Collectors) ZoneId(java.time.ZoneId) DeprovisionedUserDao(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserDao) DatarouterPermissionRequest(io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequest) DatarouterAuthenticationConfig(io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig) Objects(java.util.Objects) List(java.util.List) PermissionRequestDto(io.datarouter.auth.web.DatarouterPermissionRequestHandler.PermissionRequestDto) Role(io.datarouter.web.user.session.service.Role) DatarouterUserDao(io.datarouter.auth.storage.user.DatarouterUserDao) Entry(java.util.Map.Entry) Optional(java.util.Optional) Bootstrap4PageFactory(io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory) Bootstrap4ReactPageFactory(io.datarouter.web.html.react.bootstrap4.Bootstrap4ReactPageFactory) UserInfo(io.datarouter.auth.service.UserInfo) DatarouterAccountKey(io.datarouter.auth.storage.account.DatarouterAccountKey) CurrentUserSessionInfoService(io.datarouter.web.user.session.CurrentUserSessionInfoService) HashMap(java.util.HashMap) RequestBody(io.datarouter.web.handler.types.RequestBody) Function(java.util.function.Function) HashSet(java.util.HashSet) Inject(javax.inject.Inject) EmptyArray(io.datarouter.bytes.EmptyArray) DatarouterUser(io.datarouter.web.user.databean.DatarouterUser) DeprovisionedUserDto(io.datarouter.auth.web.deprovisioning.DeprovisionedUserDto) DatarouterUserEditService(io.datarouter.auth.service.DatarouterUserEditService) DatarouterAccountUserService(io.datarouter.auth.service.DatarouterAccountUserService) DatarouterAuthPaths(io.datarouter.auth.config.DatarouterAuthPaths) Mav(io.datarouter.web.handler.mav.Mav) DatarouterUserHistoryService(io.datarouter.auth.service.DatarouterUserHistoryService) DeprovisionedUser(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUser) UserDeprovisioningStatusDto(io.datarouter.auth.web.deprovisioning.UserDeprovisioningStatusDto) StringTool(io.datarouter.util.string.StringTool) DatarouterUserByUsernameLookup(io.datarouter.web.user.databean.DatarouterUser.DatarouterUserByUsernameLookup) CopyUserListener(io.datarouter.auth.service.CopyUserListener) DeprovisionedUserKey(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserKey) RoleManager(io.datarouter.web.user.session.service.RoleManager) DatarouterPermissionRequestDao(io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequestDao) BaseHandler(io.datarouter.web.handler.BaseHandler) SessionBasedUser(io.datarouter.web.user.session.service.SessionBasedUser) ZoneIds(io.datarouter.util.time.ZoneIds) Comparator(java.util.Comparator) DeprovisionedUserKey(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserKey) DeprovisionedUser(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUser) PermissionRequestDto(io.datarouter.auth.web.DatarouterPermissionRequestHandler.PermissionRequestDto) ZoneId(java.time.ZoneId) SessionBasedUser(io.datarouter.web.user.session.service.SessionBasedUser)

Example 2 with Role

use of io.datarouter.web.user.session.service.Role in project datarouter by hotpads.

the class AdminEditUserHandler method updateUserDetails.

// TODO DATAROUTER-2759 make this work without DatarouterUser
@Handler
private EditUserDetailsDto updateUserDetails(@RequestBody EditUserDetailsDto dto) {
    if (dto == null || StringTool.isNullOrEmptyOrWhitespace(dto.username) || dto.currentAccounts == null || dto.currentRoles == null) {
        return new EditUserDetailsDto("Invalid request.");
    }
    DatarouterUser currentUser = getCurrentUser();
    DatarouterUser userToEdit = datarouterUserDao.getByUsername(new DatarouterUserByUsernameLookup(dto.username));
    if (!userToEdit.isEnabled()) {
        return new EditUserDetailsDto("This user is not editable.");
    }
    if (!checkEditPermission(currentUser, userToEdit, datarouterUserService::canEditUser)) {
        return null;
    }
    Set<Role> requestedUserRoles = Scanner.of(dto.currentRoles.entrySet()).include(Entry::getValue).map(Entry::getKey).map(roleManager::getRoleFromPersistentString).collect(HashSet::new);
    Set<DatarouterAccountKey> requestedAccounts = Scanner.of(dto.currentAccounts.entrySet()).include(Entry::getValue).map(Entry::getKey).map(DatarouterAccountKey::new).collect(HashSet::new);
    datarouterUserEditService.editUser(userToEdit, currentUser, requestedUserRoles, null, getSigninUrl(), requestedAccounts, Optional.ofNullable(dto.currentZoneId).map(ZoneId::of), Optional.empty());
    return getEditUserDetailsDto(dto.username);
}
Also used : Role(io.datarouter.web.user.session.service.Role) DatarouterAccountKey(io.datarouter.auth.storage.account.DatarouterAccountKey) Entry(java.util.Map.Entry) DatarouterUser(io.datarouter.web.user.databean.DatarouterUser) DatarouterUserByUsernameLookup(io.datarouter.web.user.databean.DatarouterUser.DatarouterUserByUsernameLookup) HashSet(java.util.HashSet) BaseHandler(io.datarouter.web.handler.BaseHandler)

Example 3 with Role

use of io.datarouter.web.user.session.service.Role in project datarouter by hotpads.

the class SamlService method createAndSetSession.

private Session createAndSetSession(HttpServletRequest request, HttpServletResponse response, Assertion assertion) {
    String username = assertion.getSubject().getNameID().getValue();
    Set<Role> roles = determineRoles(assertion, username, samlSettings.getAttributeToRoleGroupIdMap());
    Session session = userSessionService.signInUserWithCreateIfNecessary(request, username, roles, "SAML User");
    userSessionService.setSessionCookies(response, session);
    return session;
}
Also used : Role(io.datarouter.web.user.session.service.Role) Session(io.datarouter.web.user.session.service.Session)

Example 4 with Role

use of io.datarouter.web.user.session.service.Role in project datarouter by hotpads.

the class AdminEditUserHandler method createUserSubmit.

// TODO DATAROUTER-2786
@Handler
private Mav createUserSubmit() {
    if (serverTypeDetector.mightBeProduction()) {
        return pageFactory.message(request, "This is not supported on production");
    }
    DatarouterUser currentUser = getCurrentUser();
    if (!roleManager.isAdmin(currentUser.getRoles())) {
        handleInvalidRequest();
    }
    String username = params.required(authenticationConfig.getUsernameParam());
    String password = params.required(authenticationConfig.getPasswordParam());
    String[] roleStrings = params.optionalArray(authenticationConfig.getUserRolesParam()).orElse(EmptyArray.STRING);
    Set<Role> requestedRoles = Arrays.stream(roleStrings).map(roleManager::getRoleFromPersistentString).collect(Collectors.toSet());
    boolean enabled = params.optionalBoolean(authenticationConfig.getEnabledParam(), true);
    datarouterUserCreationService.createManualUser(currentUser, username, password, requestedRoles, enabled, Optional.empty(), Optional.empty());
    return new InContextRedirectMav(request, paths.admin.viewUsers);
}
Also used : Role(io.datarouter.web.user.session.service.Role) DatarouterUser(io.datarouter.web.user.databean.DatarouterUser) InContextRedirectMav(io.datarouter.web.handler.mav.imp.InContextRedirectMav) BaseHandler(io.datarouter.web.handler.BaseHandler)

Example 5 with Role

use of io.datarouter.web.user.session.service.Role in project datarouter by hotpads.

the class AdminEditUserHandler method copyUser.

@Handler
private EditUserDetailsDto copyUser(String oldUsername, String newUsername) {
    if (StringTool.isNullOrEmptyOrWhitespace(oldUsername) || StringTool.isNullOrEmptyOrWhitespace(newUsername)) {
        return new EditUserDetailsDto("Invalid request.");
    }
    DatarouterUser editor = getCurrentUser();
    DatarouterUser oldUser = datarouterUserDao.getByUsername(new DatarouterUserByUsernameLookup(oldUsername));
    if (editor.getUsername().equals(oldUser.getUsername())) {
        return new EditUserDetailsDto("Cannot copy yourself.");
    }
    if (!datarouterUserService.canEditUser(editor, oldUser)) {
        return new EditUserDetailsDto("Cannot copy user.");
    }
    Set<Role> requestedRoles;
    if (oldUser.isEnabled()) {
        requestedRoles = new HashSet<>(oldUser.getRoles());
    } else {
        // copy roles from deprovisioned user info, if present
        requestedRoles = deprovisionedUserDao.find(new DeprovisionedUserKey(oldUsername)).map(DeprovisionedUser::getRoles).orElseGet(HashSet::new);
    }
    Set<DatarouterAccountKey> requestedAccounts = Scanner.of(datarouterAccountUserService.findAccountNamesForUser(oldUser)).map(DatarouterAccountKey::new).collect(Collectors.toCollection(HashSet::new));
    Optional<ZoneId> zoneId = oldUser.getZoneId();
    // if newUser exists, do an "edit"; else do a "create" then "edit" (since accounts are not set in "create")
    DatarouterUser newUser = datarouterUserDao.getByUsername(new DatarouterUserByUsernameLookup(newUsername));
    var description = Optional.of("User copied from " + oldUsername + " by " + editor.getUsername());
    if (newUser == null) {
        newUser = datarouterUserCreationService.createManualUser(editor, newUsername, null, requestedRoles, true, zoneId, description);
    } else {
        // preserve existing roles and accounts that are not present on the source user of the copy
        requestedRoles.addAll(newUser.getRoles());
        Scanner.of(datarouterAccountUserService.findAccountNamesForUser(newUser)).map(DatarouterAccountKey::new).forEach(requestedAccounts::add);
    }
    var signinUrl = getSigninUrl();
    datarouterUserEditService.editUser(newUser, editor, requestedRoles, true, signinUrl, requestedAccounts, zoneId, description);
    // add history to user that was copied from
    datarouterUserHistoryService.recordMessage(oldUser, editor, "User copied to " + newUsername + " by " + editor.getUsername());
    copyUserListener.onCopiedUser(oldUsername, newUsername);
    return getEditUserDetailsDto(oldUsername);
}
Also used : DeprovisionedUserKey(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserKey) DatarouterUser(io.datarouter.web.user.databean.DatarouterUser) ZoneId(java.time.ZoneId) DatarouterUserByUsernameLookup(io.datarouter.web.user.databean.DatarouterUser.DatarouterUserByUsernameLookup) Role(io.datarouter.web.user.session.service.Role) DatarouterAccountKey(io.datarouter.auth.storage.account.DatarouterAccountKey) DeprovisionedUser(io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUser) BaseHandler(io.datarouter.web.handler.BaseHandler)

Aggregations

Role (io.datarouter.web.user.session.service.Role)5 BaseHandler (io.datarouter.web.handler.BaseHandler)4 DatarouterUser (io.datarouter.web.user.databean.DatarouterUser)4 DatarouterAccountKey (io.datarouter.auth.storage.account.DatarouterAccountKey)3 DatarouterUserByUsernameLookup (io.datarouter.web.user.databean.DatarouterUser.DatarouterUserByUsernameLookup)3 DeprovisionedUser (io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUser)2 DeprovisionedUserKey (io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserKey)2 InContextRedirectMav (io.datarouter.web.handler.mav.imp.InContextRedirectMav)2 HashSet (java.util.HashSet)2 Entry (java.util.Map.Entry)2 DatarouterAuthFiles (io.datarouter.auth.config.DatarouterAuthFiles)1 DatarouterAuthPaths (io.datarouter.auth.config.DatarouterAuthPaths)1 CopyUserListener (io.datarouter.auth.service.CopyUserListener)1 DatarouterAccountUserService (io.datarouter.auth.service.DatarouterAccountUserService)1 DatarouterUserCreationService (io.datarouter.auth.service.DatarouterUserCreationService)1 DatarouterUserEditService (io.datarouter.auth.service.DatarouterUserEditService)1 DatarouterUserHistoryService (io.datarouter.auth.service.DatarouterUserHistoryService)1 DatarouterUserService (io.datarouter.auth.service.DatarouterUserService)1 UserInfo (io.datarouter.auth.service.UserInfo)1 DeprovisionedUserDao (io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserDao)1