Examples with IPentahoUser org.pentaho.platform.api.engine.security.userroledao.IPentahoUser used on opensource projects

Example 26 with IPentahoUser

use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.

the class AbstractJcrBackedUserRoleDao method setRoleMembers.

public void setRoleMembers(Session session, final ITenant theTenant, final String roleName, final String[] memberUserNames) throws RepositoryException, NotFoundException {
    List<IPentahoUser> currentRoleMembers = getRoleMembers(session, theTenant, roleName);
    String[] usersToBeRemoved = findRemovedUsers(currentRoleMembers, memberUserNames);
    // will display a message to the user.
    if ((oneOfUserIsMySelf(usersToBeRemoved) || oneOfUserIsDefaultAdminUser(usersToBeRemoved)) && tenantAdminRoleName.equals(roleName)) {
        throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0009_USER_REMOVE_FAILED_YOURSELF_OR_DEFAULT_ADMIN_USER"));
    }
    // If this is the last user from the Administrator role, we will not let the user remove.
    if (tenantAdminRoleName.equals(roleName) && (currentRoleMembers != null && currentRoleMembers.size() > 0) && memberUserNames.length == 0) {
        throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0001_LAST_ADMIN_ROLE", tenantAdminRoleName));
    }
    Group jackrabbitGroup = getJackrabbitGroup(theTenant, roleName, session);
    if ((jackrabbitGroup == null) || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()) : theTenant)) {
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0002_ROLE_NOT_FOUND"));
    }
    HashMap<String, User> currentlyAssignedUsers = new HashMap<String, User>();
    Iterator<Authorizable> currentMembers = jackrabbitGroup.getMembers();
    while (currentMembers.hasNext()) {
        Authorizable member = currentMembers.next();
        if (member instanceof User) {
            currentlyAssignedUsers.put(member.getID(), (User) member);
        }
    }
    HashMap<String, User> finalCollectionOfAssignedUsers = new HashMap<String, User>();
    if (memberUserNames != null) {
        ITenant tenant = theTenant == null ? JcrTenantUtils.getTenant(roleName, false) : theTenant;
        for (String user : memberUserNames) {
            User jackrabbitUser = getJackrabbitUser(tenant, user, session);
            if (jackrabbitUser != null) {
                finalCollectionOfAssignedUsers.put(getTenantedUserNameUtils().getPrincipleId(tenant, user), jackrabbitUser);
            }
        }
    }
    ArrayList<String> usersToRemove = new ArrayList<String>(currentlyAssignedUsers.keySet());
    usersToRemove.removeAll(finalCollectionOfAssignedUsers.keySet());
    ArrayList<String> usersToAdd = new ArrayList<String>(finalCollectionOfAssignedUsers.keySet());
    usersToAdd.removeAll(currentlyAssignedUsers.keySet());
    for (String userId : usersToRemove) {
        jackrabbitGroup.removeMember(currentlyAssignedUsers.get(userId));
        purgeUserFromCache(userId);
    }
    for (String userId : usersToAdd) {
        jackrabbitGroup.addMember(finalCollectionOfAssignedUsers.get(userId));
        // Purge the UserDetails cache
        purgeUserFromCache(userId);
    }
}

Example 27 with IPentahoUser

use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.

the class AbstractJcrBackedUserRoleDao method convertToPentahoUser.

@VisibleForTesting
IPentahoUser convertToPentahoUser(User jackrabbitUser) throws RepositoryException {
    if (getUserCache().containsKey(jackrabbitUser.getID())) {
        return (IPentahoUser) getUserCache().get(jackrabbitUser.getID());
    }
    IPentahoUser pentahoUser = null;
    Value[] propertyValues = null;
    String description = null;
    try {
        // $NON-NLS-1$
        propertyValues = jackrabbitUser.getProperty("description");
        description = propertyValues.length > 0 ? propertyValues[0].getString() : null;
    } catch (Exception ex) {
    // CHECKSTYLES IGNORE
    }
    Credentials credentials = jackrabbitUser.getCredentials();
    String password = null;
    if (credentials instanceof CryptedSimpleCredentials) {
        password = new String(((CryptedSimpleCredentials) credentials).getPassword());
    }
    pentahoUser = new PentahoUser(getTenantedUserNameUtils().getTenant(jackrabbitUser.getID()), getTenantedUserNameUtils().getPrincipleName(jackrabbitUser.getID()), password, description, !jackrabbitUser.isDisabled());
    if (isUseJackrabbitUserCache()) {
        getUserCache().put(jackrabbitUser.getID(), pentahoUser);
    }
    return pentahoUser;
}

Example 28 with IPentahoUser

use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.

the class AbstractJcrBackedUserRoleDao method deleteUser.

public void deleteUser(Session session, final IPentahoUser user) throws NotFoundException, RepositoryException {
    if (canDeleteUser(session, user)) {
        User jackrabbitUser = getJackrabbitUser(user.getTenant(), user.getUsername(), session);
        if (jackrabbitUser != null && TenantUtils.isAccessibleTenant(tenantedUserNameUtils.getTenant(jackrabbitUser.getID()))) {
            // [BISERVER-9215] Adding new user with same user name as a previously deleted user, defaults to all
            // previous
            // roles
            Iterator<Group> currentGroups = jackrabbitUser.memberOf();
            while (currentGroups.hasNext()) {
                currentGroups.next().removeMember(jackrabbitUser);
            }
            purgeUserFromCache(user.getUsername());
            // [BISERVER-9215]
            jackrabbitUser.remove();
        } else {
            // $NON-NLS-1$
            throw new NotFoundException("");
        }
    } else {
        throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));
    }
}

Example 29 with IPentahoUser

use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.

the class AbstractJcrBackedUserRoleDao method deleteRole.

public void deleteRole(Session session, final IPentahoRole role) throws NotFoundException, RepositoryException {
    if (canDeleteRole(session, role)) {
        final List<IPentahoUser> roleMembers = this.getRoleMembers(session, role.getTenant(), role.getName());
        Group jackrabbitGroup = getJackrabbitGroup(role.getTenant(), role.getName(), session);
        if (jackrabbitGroup != null && TenantUtils.isAccessibleTenant(tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()))) {
            jackrabbitGroup.remove();
        } else {
            // $NON-NLS-1$
            throw new NotFoundException("");
        }
        for (IPentahoUser roleMember : roleMembers) {
            purgeUserFromCache(roleMember.getUsername());
        }
    } else {
        throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0007_ATTEMPTED_SYSTEM_ROLE_DELETE"));
    }
}

Example 30 with IPentahoUser

use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testDeleteSid.

@Test
public void testDeleteSid() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantDuff = tenantManager.createTenant(systemTenant, TENANT_ID_DUFF, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantDuff, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantDuff, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    IPentahoUser userGeorge = userRoleDao.createUser(tenantDuff, USERNAME_GEORGE, PASSWORD, "", null);
    userRoleDao.createUser(tenantDuff, USERNAME_PAT, PASSWORD, "", null);
    login(USERNAME_GEORGE, tenantDuff, new String[] { tenantAuthenticatedRoleName });
    RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
    RepositoryFile newFile = createSampleFile(parentFolder.getPath(), "hello.xaction", "", false, 2, false);
    RepositoryFileAcl acls = repo.getAcl(newFile.getId());
    RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acls);
    newAclBuilder.entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantDuff, USERNAME_PAT), RepositoryFileSid.Type.USER, RepositoryFilePermission.ALL);
    repo.updateAcl(newAclBuilder.build());
    login(USERNAME_PAT, tenantDuff, new String[] { tenantAuthenticatedRoleName });
    userRoleDao.deleteUser(userGeorge);
    // TestPrincipalProvider.enableGeorgeAndDuff(false); simulate delete of george who is owner and explicitly in
    // ACE
    RepositoryFile fetchedFile = repo.getFileById(newFile.getId());
    assertEquals(USERNAME_GEORGE, repo.getAcl(fetchedFile.getId()).getOwner().getName());
    assertEquals(RepositoryFileSid.Type.USER, repo.getAcl(fetchedFile.getId()).getOwner().getType());
    RepositoryFileAcl updatedAcl = repo.getAcl(newFile.getId());
    boolean foundGeorge = false;
    for (RepositoryFileAce ace : updatedAcl.getAces()) {
        if (USERNAME_GEORGE.equals(ace.getSid().getName())) {
            foundGeorge = true;
        }
    }
}