Search in sources :

Example 1 with USERS_ROLESEDIT

use of org.graylog2.shared.security.RestPermissions.USERS_ROLESEDIT in project graylog2-server by Graylog2.

the class UsersResource method changeUser.

@PUT
@Path("{username}")
@ApiOperation("Modify user details.")
@ApiResponses({ @ApiResponse(code = 400, message = "Attempted to modify a read only user account (e.g. built-in or LDAP users)."), @ApiResponse(code = 400, message = "Missing or invalid user details.") })
@AuditEvent(type = AuditEventTypes.USER_UPDATE)
public void changeUser(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "Updated user information.", required = true) @Valid @NotNull ChangeUserRequest cr) throws ValidationException {
    checkPermission(USERS_EDIT, username);
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("Couldn't find user " + username);
    }
    if (user.isReadOnly()) {
        throw new BadRequestException("Cannot modify readonly user " + username);
    }
    // we only allow setting a subset of the fields in CreateStreamRuleRequest
    if (cr.email() != null) {
        user.setEmail(cr.email());
    }
    if (cr.fullName() != null) {
        user.setFullName(cr.fullName());
    }
    final boolean permitted = isPermitted(USERS_PERMISSIONSEDIT, user.getName());
    if (permitted && cr.permissions() != null) {
        user.setPermissions(getEffectiveUserPermissions(user, cr.permissions()));
    }
    if (isPermitted(USERS_ROLESEDIT, user.getName())) {
        setUserRoles(cr.roles(), user);
    }
    final String timezone = cr.timezone();
    if (timezone == null) {
        user.setTimeZone((String) null);
    } else {
        try {
            if (timezone.isEmpty()) {
                user.setTimeZone((String) null);
            } else {
                final DateTimeZone tz = DateTimeZone.forID(timezone);
                user.setTimeZone(tz);
            }
        } catch (IllegalArgumentException e) {
            LOG.error("Invalid timezone '{}', ignoring it for user {}.", timezone, username);
        }
    }
    final Startpage startpage = cr.startpage();
    if (startpage != null) {
        user.setStartpage(startpage.type(), startpage.id());
    }
    if (isPermitted("*")) {
        final Long sessionTimeoutMs = cr.sessionTimeoutMs();
        if (sessionTimeoutMs != null && sessionTimeoutMs != 0) {
            user.setSessionTimeoutMs(sessionTimeoutMs);
        }
    }
    userService.save(user);
}
Also used : User(org.graylog2.plugin.database.users.User) Startpage(org.graylog2.rest.models.users.requests.Startpage) NotFoundException(javax.ws.rs.NotFoundException) BadRequestException(javax.ws.rs.BadRequestException) DateTimeZone(org.joda.time.DateTimeZone) Path(javax.ws.rs.Path) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

ApiOperation (io.swagger.annotations.ApiOperation)1 ApiResponses (io.swagger.annotations.ApiResponses)1 BadRequestException (javax.ws.rs.BadRequestException)1 NotFoundException (javax.ws.rs.NotFoundException)1 PUT (javax.ws.rs.PUT)1 Path (javax.ws.rs.Path)1 AuditEvent (org.graylog2.audit.jersey.AuditEvent)1 User (org.graylog2.plugin.database.users.User)1 Startpage (org.graylog2.rest.models.users.requests.Startpage)1 DateTimeZone (org.joda.time.DateTimeZone)1