Example 36 with IPentahoRole
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoRole in project pentaho-platform by pentaho.
the class AbstractJcrBackedUserRoleDao method canDeleteUser.
/**
* Checks to see if the removal of the received roles and users would cause the system to have no login associated
* with the Admin role. This check is to be made before any changes take place
*
* @return Error message if invalid or null if ok
* @throws RepositoryException
*/
private boolean canDeleteUser(Session session, final IPentahoUser user) throws RepositoryException {
boolean userHasAdminRole = false;
List<IPentahoRole> roles = getUserRoles(null, user.getUsername());
for (IPentahoRole role : roles) {
if (tenantAdminRoleName.equals(role.getName())) {
userHasAdminRole = true;
break;
}
}
if ((isMyself(user.getUsername()) || isDefaultAdminUser(user.getUsername())) && userHasAdminRole) {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0008_UNABLE_TO_DELETE_USER_IS_YOURSELF_OR_DEFAULT_ADMIN_USER"));
}
if (userHasAdminRole) {
List<IPentahoUser> usersWithAdminRole = getRoleMembers(session, null, tenantAdminRoleName);
if (usersWithAdminRole == null) {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));
}
if (usersWithAdminRole.size() > 1) {
return true;
} else if (usersWithAdminRole.size() == 1) {
return false;
} else {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));
}
}
return true;
}
Also used :
RepositoryException(javax.jcr.RepositoryException)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Example 37 with IPentahoRole
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoRole in project pentaho-platform by pentaho.
the class UserRoleDaoUserDetailsService method loadUserByUsername.
// ~ Constructors
// ====================================================================================================
// ~ Methods
// =========================================================================================================
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
final boolean ACCOUNT_NON_EXPIRED = true;
final boolean CREDS_NON_EXPIRED = true;
final boolean ACCOUNT_NON_LOCKED = true;
IPentahoUser user;
try {
if (userRoleDao == null) {
userRoleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy", PentahoSessionHolder.getSession());
}
user = userRoleDao.getUser(null, username);
} catch (UncategorizedUserRoleDaoException e) {
throw new UserRoleDaoUserDetailsServiceException(Messages.getInstance().getString("UserRoleDaoUserDetailsService.ERROR_0003_DATA_ACCESS_EXCEPTION"), // $NON-NLS-1$
e);
}
if (user == null) {
throw new UsernameNotFoundException(Messages.getInstance().getString(// $NON-NLS-1$
"UserRoleDaoUserDetailsService.ERROR_0001_USER_NOT_FOUND"));
}
// convert IPentahoUser to a UserDetails instance
List<IPentahoRole> userRoles = userRoleDao.getUserRoles(null, username);
int authsSize = userRoles != null ? userRoles.size() : 0;
GrantedAuthority[] auths = new GrantedAuthority[authsSize];
int i = 0;
for (IPentahoRole role : userRoles) {
auths[i++] = new SimpleGrantedAuthority(role.getName());
}
List<GrantedAuthority> dbAuths = new ArrayList<GrantedAuthority>(Arrays.asList(auths));
addCustomAuthorities(user.getUsername(), dbAuths);
// Store the Tenant ID in the session
IPentahoSession session = PentahoSessionHolder.getSession();
String tenantId = (String) session.getAttribute(IPentahoSession.TENANT_ID_KEY);
if (tenantId == null) {
ITenant tenant = JcrTenantUtils.getTenant(username, true);
session.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId());
}
if (!StringUtils.isEmpty(defaultRoleString)) {
defaultRole = new SimpleGrantedAuthority(defaultRoleString);
}
if (defaultRole != null && !dbAuths.contains(defaultRole)) {
dbAuths.add(defaultRole);
}
if (dbAuths.size() == 0) {
throw new UsernameNotFoundException(Messages.getInstance().getString(// $NON-NLS-1$
"UserRoleDaoUserDetailsService.ERROR_0002_NO_AUTHORITIES"));
}
return new User(user.getUsername(), user.getPassword(), user.isEnabled(), ACCOUNT_NON_EXPIRED, CREDS_NON_EXPIRED, ACCOUNT_NON_LOCKED, dbAuths);
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
User(org.springframework.security.core.userdetails.User)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
IUserRoleDao(org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
ITenant(org.pentaho.platform.api.mt.ITenant)
UncategorizedUserRoleDaoException(org.pentaho.platform.api.engine.security.userroledao.UncategorizedUserRoleDaoException)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
Example 38 with IPentahoRole
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoRole in project pentaho-platform by pentaho.
the class ProxyPentahoUserRoleHelper method syncRoles.
/**
* Synchronizes <code>role</code> with fields from <code>proxyRole</code>. The users set of given
* <code>role</code> is unmodified.
*/
public static IPentahoRole syncRoles(IPentahoRole role, ProxyPentahoRole proxyRole) {
IPentahoRole syncedRole = role;
if (syncedRole == null) {
syncedRole = new PentahoRole(proxyRole.getName());
}
syncedRole.setDescription(proxyRole.getDescription());
return syncedRole;
}
Also used :
PentahoRole(org.pentaho.platform.security.userroledao.PentahoRole)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
Example 39 with IPentahoRole
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoRole in project pentaho-platform by pentaho.
the class UserRoleWebServiceBase method testCreateRole.
@Test
public void testCreateRole() throws Exception {
UserRoleDaoMock userRoleDao = PentahoSystem.get(UserRoleDaoMock.class, USER_ROLE_DAO_TXN, null);
IUserRoleWebService service = getUserRoleWebService();
mockUserAsAdmin(false);
ProxyPentahoRole role = new ProxyPentahoRole("role");
role.setDescription("testing");
try {
service.createRole(role);
Assert.fail();
} catch (UserRoleException e) {
Assert.assertTrue("ERROR_0001 not found in " + e.getMessage(), e.getMessage().indexOf("ERROR_0001") >= 0);
}
mockUserAsAdmin(true);
service.createRole(role);
// the last role should have the same name and description
IPentahoRole roleVerified = userRoleDao.getRole(null, "role");
Assert.assertNotNull(roleVerified);
Assert.assertEquals("role", roleVerified.getName());
Assert.assertEquals("testing", roleVerified.getDescription());
}
Also used :
ProxyPentahoRole(org.pentaho.platform.security.userroledao.ws.ProxyPentahoRole)
IUserRoleWebService(org.pentaho.platform.security.userroledao.ws.IUserRoleWebService)
UserRoleException(org.pentaho.platform.security.userroledao.ws.UserRoleException)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
Test(org.junit.Test)
Example 40 with IPentahoRole
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoRole in project pentaho-platform by pentaho.
the class MockUserRoleDao method setRoleMembers.
public void setRoleMembers(ITenant tenant, String roleName, String[] userNames) throws NotFoundException, UncategorizedUserRoleDaoException {
if (tenant == null) {
tenant = getTenant(roleName, false);
roleName = getPrincipalName(roleName, false);
}
if (tenant == null || tenant.getId() == null) {
tenant = getCurrentTenant();
}
IPentahoRole role = getRole(tenant, roleName);
HashSet<IPentahoUser> users = roleMembers.get(role);
users.clear();
if (userNames != null) {
for (String userName : userNames) {
IPentahoUser user = getUser(tenant, userName);
if (!userRoles.containsKey(user)) {
userRoles.put(user, new HashSet<IPentahoRole>());
}
userRoles.get(user).add(role);
if (user != null) {
users.add(user);
}
}
}
}
Also used :
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Aggregations
IPentahoRole (org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)48
Test (org.junit.Test)19
ArrayList (java.util.ArrayList)16
IPentahoUser (org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)13
ITenant (org.pentaho.platform.api.mt.ITenant)12
IUserRoleDao (org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao)10
AlreadyExistsException (org.pentaho.platform.api.engine.security.userroledao.AlreadyExistsException)8
HashSet (java.util.HashSet)7
Matchers.anyString (org.mockito.Matchers.anyString)6
NotFoundException (org.pentaho.platform.api.engine.security.userroledao.NotFoundException)6
DefaultTenantedPrincipleNameResolver (org.pentaho.platform.security.userroledao.DefaultTenantedPrincipleNameResolver)6
IOException (java.io.IOException)5
RepositoryException (javax.jcr.RepositoryException)5
AccessControlException (javax.jcr.security.AccessControlException)4
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)4
PentahoRole (org.pentaho.platform.security.userroledao.PentahoRole)4
BeansException (org.springframework.beans.BeansException)4
StringTokenizer (java.util.StringTokenizer)2
Group (org.apache.jackrabbit.api.security.user.Group)2
UncategorizedUserRoleDaoException (org.pentaho.platform.api.engine.security.userroledao.UncategorizedUserRoleDaoException)2
