Example 6 with AuthorityRequired
use of org.pmiops.workbench.annotations.AuthorityRequired in project workbench by all-of-us.
the class AuthInterceptor method hasRequiredAuthority.
boolean hasRequiredAuthority(Method controllerMethod, User user) {
String controllerMethodName = controllerMethod.getDeclaringClass().getName() + "." + controllerMethod.getName();
AuthorityRequired req = controllerMethod.getAnnotation(AuthorityRequired.class);
if (req != null) {
if (user == null) {
throw new BadRequestException("User is not initialized; please register");
}
// Fetch the user with authorities, since they aren't loaded during normal
user = userDao.findUserWithAuthorities(user.getUserId());
Collection<Authority> granted = user.getAuthorities();
if (granted.containsAll(Arrays.asList(req.value()))) {
return true;
} else {
log.log(Level.INFO, "{0} required authorities {1} but user had only {2}.", new Object[] { controllerMethodName, Arrays.toString(req.value()), Arrays.toString(granted.toArray()) });
return false;
}
}
// No @AuthorityRequired annotation found at runtime, default to allowed.
return true;
}
Also used :
Authority(org.pmiops.workbench.model.Authority)
AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)
BadRequestException(org.pmiops.workbench.exceptions.BadRequestException)
Example 7 with AuthorityRequired
use of org.pmiops.workbench.annotations.AuthorityRequired in project workbench by all-of-us.
the class AuthDomainController method removeUserFromAuthDomain.
@Override
@AuthorityRequired({ Authority.MANAGE_GROUP })
public ResponseEntity<Void> removeUserFromAuthDomain(String groupName, AuthDomainRequest request) {
User user = userDao.findUserByEmail(request.getEmail());
DataAccessLevel previousAccess = user.getDataAccessLevel();
try {
fireCloudService.removeUserFromGroup(request.getEmail(), groupName);
} catch (ApiException e) {
ExceptionUtils.convertFirecloudException(e);
}
// TODO(calbach): Teardown any active clusters here.
user.setDataAccessLevel(DataAccessLevel.REVOKED);
user.setDisabled(true);
userDao.save(user);
userService.logAdminUserAction(user.getUserId(), "user access to " + groupName + " domain", previousAccess, DataAccessLevel.REVOKED);
return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
}
Also used :
User(org.pmiops.workbench.db.model.User)
DataAccessLevel(org.pmiops.workbench.model.DataAccessLevel)
ApiException(org.pmiops.workbench.firecloud.ApiException)
AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)
Aggregations
AuthorityRequired (org.pmiops.workbench.annotations.AuthorityRequired)7
User (org.pmiops.workbench.db.model.User)3
ApiException (org.pmiops.workbench.firecloud.ApiException)3
DataAccessLevel (org.pmiops.workbench.model.DataAccessLevel)2
ArrayList (java.util.ArrayList)1
BadRequestException (org.pmiops.workbench.exceptions.BadRequestException)1
Authority (org.pmiops.workbench.model.Authority)1
BlockscoreIdVerificationStatus (org.pmiops.workbench.model.BlockscoreIdVerificationStatus)1
EmptyResponse (org.pmiops.workbench.model.EmptyResponse)1
IdVerificationListResponse (org.pmiops.workbench.model.IdVerificationListResponse)1
Profile (org.pmiops.workbench.model.Profile)1
Workspace (org.pmiops.workbench.model.Workspace)1
WorkspaceListResponse (org.pmiops.workbench.model.WorkspaceListResponse)1
