use of org.jboss.hal.config.Role in project console by hal.
the class ReadAuthentication method call.
@Override
public Completable call(FlowContext context) {
logger.debug("Read authentication");
ResourceAddress address = CORE_SERVICE_TEMPLATE.resolve(statementContext);
Operation opAuthorization = new Operation.Builder(address, READ_CHILDREN_RESOURCES_OPERATION).param(CHILD_TYPE, ACCESS).param(INCLUDE_RUNTIME, true).param(RECURSIVE_DEPTH, 1).build();
Operation opWhoami = new Operation.Builder(ResourceAddress.root(), WHOAMI).param(VERBOSE, true).build();
return dispatcher.execute(new Composite(opAuthorization, opWhoami)).doOnSuccess((CompositeResult compositeResult) -> {
ModelNode result = compositeResult.step(0).get(RESULT);
if (result.hasDefined(AUTHORIZATION)) {
result = result.get(AUTHORIZATION);
// provider
AccessControlProvider accessControlProvider = asEnumValue(result, PROVIDER, AccessControlProvider::valueOf, SIMPLE);
environment.setAccessControlProvider(accessControlProvider);
// standard roles
if (result.hasDefined(STANDARD_ROLE_NAMES)) {
result.get(STANDARD_ROLE_NAMES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
}
// scoped roles
if (!environment.isStandalone()) {
if (result.hasDefined(HOST_SCOPED_ROLE)) {
result.get(HOST_SCOPED_ROLE).asPropertyList().stream().map(property -> scopedRole(property, Role.Type.HOST, HOSTS)).forEach(role -> environment.getRoles().add(role));
}
if (result.hasDefined(SERVER_GROUP_SCOPED_ROLE)) {
result.get(SERVER_GROUP_SCOPED_ROLE).asPropertyList().stream().map(property -> scopedRole(property, Role.Type.SERVER_GROUP, SERVER_GROUPS)).forEach(role -> environment.getRoles().add(role));
}
}
} else {
logger.warn("Unable to read {} (insufficient rights?). Use :whoami values as fallback.", CORE_SERVICE_TEMPLATE.append("access=authorization"));
ModelNode resultWhoami = compositeResult.step(1).get(RESULT);
environment.setAccessControlProvider(RBAC);
environment.getRoles().clear();
if (resultWhoami.hasDefined(ROLES)) {
resultWhoami.get(ROLES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
} else if (resultWhoami.hasDefined(MAPPED_ROLES)) {
resultWhoami.get(MAPPED_ROLES).asList().stream().map(node -> new Role(node.asString())).forEach(role -> environment.getRoles().add(role));
}
}
}).onErrorResumeNext(throwable -> {
if (throwable instanceof DispatchFailure) {
logger.error("Unable to read {}. Use :whoami values as fallback.", CORE_SERVICE_TEMPLATE);
return Single.just(new CompositeResult(new ModelNode()));
} else {
return Single.error(throwable);
}
}).toCompletable();
}
use of org.jboss.hal.config.Role in project console by hal.
the class ReadEnvironment method call.
@Override
public Completable call(FlowContext context) {
logger.debug("Read environment");
Keycloak keycloak = keycloakHolder.getKeycloak();
environment.setSingleSignOn(keycloak != null);
if (keycloak != null) {
logger.debug("Keycloak token: {}", keycloak.token);
}
List<Operation> ops = new ArrayList<>();
ops.add(new Operation.Builder(ResourceAddress.root(), READ_RESOURCE_OPERATION).param(ATTRIBUTES_ONLY, true).param(INCLUDE_RUNTIME, true).build());
ops.add(new Operation.Builder(ResourceAddress.root(), WHOAMI).param(VERBOSE, true).build());
ops.add(new Operation.Builder(ResourceAddress.root(), READ_CHILDREN_RESOURCES_OPERATION).param(CHILD_TYPE, CORE_SERVICE).param(RECURSIVE, false).build());
return dispatcher.execute(new Composite(ops)).doOnSuccess((CompositeResult result) -> {
ModelNode node = result.step(0).get(RESULT);
// operation mode
OperationMode operationMode = asEnumValue(node, LAUNCH_TYPE, (name) -> OperationMode.valueOf(name), OperationMode.UNDEFINED);
environment.setOperationMode(operationMode);
logger.debug("Operation mode: {}", operationMode);
// name and org
if (node.get(NAME).isDefined()) {
String name = node.get(NAME).asString();
environment.setName(name);
}
String orgAttribute = environment.isStandalone() ? ORGANIZATION : DOMAIN_ORGANIZATION;
if (node.get(orgAttribute).isDefined()) {
String org = node.get(orgAttribute).asString();
environment.setOrganization(org);
}
// server info
environment.setInstanceInfo(node.get(PRODUCT_NAME).asString(), node.get(PRODUCT_VERSION).asString(), node.get(RELEASE_CODENAME).asString(), node.get(RELEASE_VERSION).asString());
// management version
Version version = ManagementModel.parseVersion(node);
environment.setManagementVersion(version);
logger.debug("Management model version: {}", version);
if (environment.isStandalone()) {
Server.STANDALONE.addServerAttributes(node);
}
// user info
if (environment.isSingleSignOn()) {
user.setName(keycloak.userProfile.username);
// are not supported on the javascript side when run in the browser.
if (keycloak.realmAccess != null && keycloak.realmAccess.roles != null) {
for (int i = 0; i < keycloak.realmAccess.roles.length; i++) {
String role = keycloak.realmAccess.roles[i];
user.addRole(new Role(role));
}
}
} else {
ModelNode whoami = result.step(1).get(RESULT);
String username = whoami.get("identity").get("username").asString();
user.setName(username);
if (whoami.hasDefined("mapped-roles")) {
List<ModelNode> roles = whoami.get("mapped-roles").asList();
for (ModelNode role : roles) {
String roleName = role.asString();
user.addRole(new Role(roleName));
}
}
}
user.setAuthenticated(true);
logger.debug("User info: {} {}", user.getName(), user.getRoles());
ModelNode step = result.step(2).get(RESULT);
environment.setPatchingEnabled(!environment.isStandalone() || step.get(PATCHING).isDefined());
}).toCompletable();
}
use of org.jboss.hal.config.Role in project console by hal.
the class RoleColumn method editStandardRole.
// ------------------------------------------------------ modify roles
private void editStandardRole(Role role) {
Metadata metadata = metadataRegistry.lookup(ROLE_MAPPING_TEMPLATE);
Form<ModelNode> form = new ModelNodeForm.Builder<>(Ids.ROLE_MAPPING_FORM, metadata).unboundFormItem(new NameItem(), 0).include(INCLUDE_ALL).build();
form.getFormItem(NAME).setEnabled(false);
form.getFormItem(NAME).setRequired(false);
ModelNode modelNode = new ModelNode();
modelNode.get(INCLUDE_ALL).set(role.isIncludeAll());
new ModifyResourceDialog(resources.messages().modifyResourceTitle(resources.constants().role()), form, (frm, changedValues) -> series(new FlowContext(progress.get()), new CheckRoleMapping(dispatcher, role), new AddRoleMapping(dispatcher, role, status -> status == 404), new ModifyIncludeAll(dispatcher, role, frm.getModel().get(INCLUDE_ALL).asBoolean())).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {
@Override
public void onSuccess(FlowContext context) {
MessageEvent.fire(eventBus, Message.success(resources.messages().modifyResourceSuccess(resources.constants().role(), role.getName())));
accessControl.reload(() -> {
refresh(role.getId());
eventBus.fireEvent(new RolesChangedEvent());
});
}
})).show(modelNode);
form.getFormItem(NAME).setValue(role.getName());
}
use of org.jboss.hal.config.Role in project console by hal.
the class RoleColumn method removeScopedRole.
// ------------------------------------------------------ remove roles
private void removeScopedRole(Role role, String type) {
List<Task<FlowContext>> tasks = new ArrayList<>();
List<Assignment> assignments = accessControl.assignments().byRole(role).collect(toList());
if (!assignments.isEmpty()) {
tasks.add(new RemoveAssignments(dispatcher, assignments));
}
tasks.add(new CheckRoleMapping(dispatcher, role));
tasks.add(new RemoveRoleMapping(dispatcher, role, status -> status == 200));
tasks.add(new RemoveScopedRole(dispatcher, role));
series(new FlowContext(progress.get()), tasks).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {
@Override
public void onSuccess(FlowContext context) {
MessageEvent.fire(eventBus, Message.success(resources.messages().removeResourceSuccess(type, role.getName())));
accessControl.reload(() -> {
refresh(RefreshMode.CLEAR_SELECTION);
eventBus.fireEvent(new RolesChangedEvent());
});
}
});
}
use of org.jboss.hal.config.Role in project console by hal.
the class RoleColumn method addScopedRole.
// ------------------------------------------------------ add roles
@SuppressWarnings("ConstantConditions")
private void addScopedRole(Role.Type type, String typeName, AddressTemplate template, AddressTemplate typeaheadTemplate, String formId, String scopeAttribute) {
Metadata metadata = metadataRegistry.lookup(template);
Form<ModelNode> form = new ModelNodeForm.Builder<>(formId, metadata).addOnly().unboundFormItem(new NameItem(), 0).unboundFormItem(new SwitchItem(INCLUDE_ALL, new LabelBuilder().label(INCLUDE_ALL)), 3, resources.messages().includeAllHelpText()).include(BASE_ROLE, scopeAttribute).customFormItem(BASE_ROLE, attributeDescription -> {
SingleSelectBoxItem item = new SingleSelectBoxItem(BASE_ROLE, new LabelBuilder().label(BASE_ROLE), standardRoleNames, false);
item.setRequired(true);
return item;
}).build();
form.getFormItem(scopeAttribute).setRequired(true);
form.getFormItem(scopeAttribute).registerSuggestHandler(new ReadChildrenAutoComplete(dispatcher, statementContext, typeaheadTemplate));
form.attach();
AddResourceDialog dialog = new AddResourceDialog(resources.messages().addResourceTitle(typeName), form, (name, model) -> {
List<Task<FlowContext>> tasks = new ArrayList<>();
tasks.add(new AddScopedRole(dispatcher, type, name, model));
Boolean includeAll = form.<Boolean>getFormItem(INCLUDE_ALL).getValue();
Role transientRole = new Role(name, null, type, null);
// We only need the role name in the functions,
// so it's ok to setup a transient role w/o the other attributes.
tasks.add(new CheckRoleMapping(dispatcher, transientRole));
tasks.add(new AddRoleMapping(dispatcher, transientRole, status -> status == 404));
if (includeAll != null && includeAll) {
tasks.add(new ModifyIncludeAll(dispatcher, transientRole, includeAll));
}
series(new FlowContext(progress.get()), tasks).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {
@Override
public void onSuccess(FlowContext context) {
MessageEvent.fire(eventBus, Message.success(resources.messages().addResourceSuccess(typeName, name)));
accessControl.reload(() -> {
refresh(Ids.role(name));
eventBus.fireEvent(new RolesChangedEvent());
});
}
});
});
dialog.getForm().<String>getFormItem(NAME).addValidationHandler(createUniqueValidation());
dialog.show();
}
Aggregations