Search in sources :

Example 6 with AuthorityRequired

use of org.pmiops.workbench.annotations.AuthorityRequired in project workbench by all-of-us.

the class AuthInterceptor method hasRequiredAuthority.

boolean hasRequiredAuthority(Method controllerMethod, User user) {
    String controllerMethodName = controllerMethod.getDeclaringClass().getName() + "." + controllerMethod.getName();
    AuthorityRequired req = controllerMethod.getAnnotation(AuthorityRequired.class);
    if (req != null) {
        if (user == null) {
            throw new BadRequestException("User is not initialized; please register");
        }
        // Fetch the user with authorities, since they aren't loaded during normal
        user = userDao.findUserWithAuthorities(user.getUserId());
        Collection<Authority> granted = user.getAuthorities();
        if (granted.containsAll(Arrays.asList(req.value()))) {
            return true;
        } else {
            log.log(Level.INFO, "{0} required authorities {1} but user had only {2}.", new Object[] { controllerMethodName, Arrays.toString(req.value()), Arrays.toString(granted.toArray()) });
            return false;
        }
    }
    // No @AuthorityRequired annotation found at runtime, default to allowed.
    return true;
}
Also used : Authority(org.pmiops.workbench.model.Authority) AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired) BadRequestException(org.pmiops.workbench.exceptions.BadRequestException)

Example 7 with AuthorityRequired

use of org.pmiops.workbench.annotations.AuthorityRequired in project workbench by all-of-us.

the class AuthDomainController method removeUserFromAuthDomain.

@Override
@AuthorityRequired({ Authority.MANAGE_GROUP })
public ResponseEntity<Void> removeUserFromAuthDomain(String groupName, AuthDomainRequest request) {
    User user = userDao.findUserByEmail(request.getEmail());
    DataAccessLevel previousAccess = user.getDataAccessLevel();
    try {
        fireCloudService.removeUserFromGroup(request.getEmail(), groupName);
    } catch (ApiException e) {
        ExceptionUtils.convertFirecloudException(e);
    }
    // TODO(calbach): Teardown any active clusters here.
    user.setDataAccessLevel(DataAccessLevel.REVOKED);
    user.setDisabled(true);
    userDao.save(user);
    userService.logAdminUserAction(user.getUserId(), "user access to  " + groupName + " domain", previousAccess, DataAccessLevel.REVOKED);
    return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
}
Also used : User(org.pmiops.workbench.db.model.User) DataAccessLevel(org.pmiops.workbench.model.DataAccessLevel) ApiException(org.pmiops.workbench.firecloud.ApiException) AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)

Aggregations

AuthorityRequired (org.pmiops.workbench.annotations.AuthorityRequired)7 User (org.pmiops.workbench.db.model.User)3 ApiException (org.pmiops.workbench.firecloud.ApiException)3 DataAccessLevel (org.pmiops.workbench.model.DataAccessLevel)2 ArrayList (java.util.ArrayList)1 BadRequestException (org.pmiops.workbench.exceptions.BadRequestException)1 Authority (org.pmiops.workbench.model.Authority)1 BlockscoreIdVerificationStatus (org.pmiops.workbench.model.BlockscoreIdVerificationStatus)1 EmptyResponse (org.pmiops.workbench.model.EmptyResponse)1 IdVerificationListResponse (org.pmiops.workbench.model.IdVerificationListResponse)1 Profile (org.pmiops.workbench.model.Profile)1 Workspace (org.pmiops.workbench.model.Workspace)1 WorkspaceListResponse (org.pmiops.workbench.model.WorkspaceListResponse)1