You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by of...@apache.org on 2020/03/27 17:12:35 UTC
[incubator-dlab] branch DLAB-1590 updated (d753b18 -> bdaf53b)
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a change to branch DLAB-1590
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.
from d753b18 [DLAB-1591]: Add parameters for admin per project
new 9729f01 Admin per project
new a6aa0d2 Merge remote-tracking branch 'origin/DLAB-1590' into DLAB-1590
new bdaf53b Admin per project refactoring
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../com/epam/dlab/backendapi/dao/UserGroupDao.java | 2 -
.../epam/dlab/backendapi/dao/UserGroupDaoImpl.java | 5 --
.../com/epam/dlab/backendapi/dao/UserRoleDao.java | 2 -
.../epam/dlab/backendapi/dao/UserRoleDaoImpl.java | 5 --
.../backendapi/resources/UserGroupResource.java | 51 ++---------------
.../dlab/backendapi/service/UserGroupService.java | 9 +--
.../service/impl/UserGroupServiceImpl.java | 56 +++++++++----------
.../src/main/resources/mongo/aws/mongo_roles.json | 2 +
.../main/resources/mongo/azure/mongo_roles.json | 2 +
.../src/main/resources/mongo/gcp/mongo_roles.json | 2 +
.../administration/management/management.model.ts | 1 +
.../resources/UserGroupResourceTest.java | 65 +---------------------
.../service/impl/UserGroupServiceImplTest.java | 65 ++--------------------
13 files changed, 45 insertions(+), 222 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 03/03: Admin per project refactoring
Posted by of...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch DLAB-1590
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit bdaf53bf304b793eacf3a3c30023c1dacaf94d0b
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Fri Mar 27 19:12:11 2020 +0200
Admin per project refactoring
---
.../com/epam/dlab/backendapi/dao/UserGroupDao.java | 2 -
.../epam/dlab/backendapi/dao/UserGroupDaoImpl.java | 5 --
.../com/epam/dlab/backendapi/dao/UserRoleDao.java | 2 -
.../epam/dlab/backendapi/dao/UserRoleDaoImpl.java | 5 --
.../backendapi/resources/UserGroupResource.java | 39 --------------
.../dlab/backendapi/service/UserGroupService.java | 8 ---
.../service/impl/UserGroupServiceImpl.java | 21 --------
.../administration/management/management.model.ts | 1 +
.../resources/UserGroupResourceTest.java | 63 ----------------------
.../service/impl/UserGroupServiceImplTest.java | 53 ------------------
10 files changed, 1 insertion(+), 198 deletions(-)
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDao.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDao.java
index 0a4dde5..ae221f1 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDao.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDao.java
@@ -25,8 +25,6 @@ public interface UserGroupDao {
void updateUsers(String group, Set<String> users);
- void removeUser(String group, String user);
-
void removeGroup(String groupId);
Set<String> getUserGroups(String user);
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDaoImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDaoImpl.java
index 03a6f51..cc0da31 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDaoImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserGroupDaoImpl.java
@@ -44,11 +44,6 @@ public class UserGroupDaoImpl extends BaseDAO implements UserGroupDao {
}
@Override
- public void removeUser(String group, String user) {
- updateOne(USER_GROUPS, eq(ID, group), pull(USERS_FIELD, user));
- }
-
- @Override
public void removeGroup(String groupId) {
deleteOne(USER_GROUPS, eq(ID, groupId));
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDao.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDao.java
index 530724b..c9b5585 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDao.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDao.java
@@ -39,8 +39,6 @@ public interface UserRoleDao {
boolean addGroupToRole(Set<String> groups, Set<String> roleIds);
- boolean removeGroupFromRole(Set<String> groups, Set<String> roleIds);
-
void removeGroupWhenRoleNotIn(String group, Set<String> roleIds);
void removeUnnecessaryRoles(CloudProvider cloudProviderToBeRemoved, List<CloudProvider> remainingProviders);
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
index 154cbf8..c256791 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
@@ -109,11 +109,6 @@ public class UserRoleDaoImpl extends BaseDAO implements UserRoleDao {
}
@Override
- public boolean removeGroupFromRole(Set<String> groups, Set<String> roleIds) {
- return conditionMatched(updateMany(MongoCollections.ROLES, in(ID, roleIds), pullAll(GROUPS_FIELD, groups)));
- }
-
- @Override
public void removeGroupWhenRoleNotIn(String group, Set<String> roleIds) {
updateMany(MongoCollections.ROLES, not(in(ID, roleIds)), pull(GROUPS_FIELD, group));
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
index df77307..853067b 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
@@ -76,25 +76,6 @@ public class UserGroupResource {
return Response.ok(userGroupService.getAggregatedRolesByGroup(userInfo)).build();
}
-// @PUT
-// @Path("role")
-// public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) {
-// log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(),
-// updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
-// userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
-// return Response.ok().build();
-// }
-//
-// @DELETE
-// @Path("role")
-// public Response deleteGroupFromRole(@Auth UserInfo userInfo,
-// @QueryParam("group") @NotEmpty Set<String> groups,
-// @QueryParam("roleId") @NotEmpty Set<String> roleIds) {
-// log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds);
-// userGroupService.removeGroupFromRole(groups, roleIds);
-// return Response.ok().build();
-// }
-
@DELETE
@Path("{id}")
@RolesAllowed("/roleManagement/delete")
@@ -104,24 +85,4 @@ public class UserGroupResource {
userGroupService.removeGroup(group);
return Response.ok().build();
}
-
-// @PUT
-// @Path("user")
-// public Response addUserToGroup(@Auth UserInfo userInfo,
-// @Valid UpdateUserGroupDto updateUserGroupDto) {
-// log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(),
-// updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup());
-// userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers());
-// return Response.ok().build();
-// }
-//
-// @DELETE
-// @Path("user")
-// public Response deleteUserFromGroup(@Auth UserInfo userInfo,
-// @QueryParam("user") @NotEmpty String user,
-// @QueryParam("group") @NotEmpty String group) {
-// log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group);
-// userGroupService.removeUserFromGroup(group, user);
-// return Response.ok().build();
-// }
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
index 9a1d36b..94e89e3 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
@@ -30,14 +30,6 @@ public interface UserGroupService {
void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users);
- void addUsersToGroup(String group, Set<String> users);
-
- void updateRolesForGroup(String group, Set<String> roleIds);
-
- void removeUserFromGroup(String group, String user);
-
- void removeGroupFromRole(Set<String> groups, Set<String> roleIds);
-
void removeGroup(String groupId);
List<UserGroupDto> getAggregatedRolesByGroup(UserInfo user);
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
index 8024dfd..1758a8b 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
@@ -81,27 +81,6 @@ public class UserGroupServiceImpl implements UserGroupService {
}
@Override
- public void addUsersToGroup(String group, Set<String> users) {
- userGroupDao.addUsers(group, users);
- }
-
- @Override
- public void updateRolesForGroup(String group, Set<String> roleIds) {
- userRoleDao.removeGroupWhenRoleNotIn(group, roleIds);
- checkAnyRoleFound(roleIds, userRoleDao.addGroupToRole(Collections.singleton(group), roleIds));
- }
-
- @Override
- public void removeUserFromGroup(String group, String user) {
- userGroupDao.removeUser(group, user);
- }
-
- @Override
- public void removeGroupFromRole(Set<String> groups, Set<String> roleIds) {
- checkAnyRoleFound(roleIds, userRoleDao.removeGroupFromRole(groups, roleIds));
- }
-
- @Override
public void removeGroup(String groupId) {
if (projectDAO.getProjectsWithEndpointStatusNotIn(UserInstanceStatus.TERMINATED,
UserInstanceStatus.TERMINATING)
diff --git a/services/self-service/src/main/resources/webapp/src/app/administration/management/management.model.ts b/services/self-service/src/main/resources/webapp/src/app/administration/management/management.model.ts
index 4e7a663..b4f0701 100644
--- a/services/self-service/src/main/resources/webapp/src/app/administration/management/management.model.ts
+++ b/services/self-service/src/main/resources/webapp/src/app/administration/management/management.model.ts
@@ -69,6 +69,7 @@ export class BackupOptionsModel {
export interface GeneralEnvironmentStatus {
admin: boolean;
+ projectAdmin: boolean;
billingEnabled: boolean;
billingQuoteUsed: number;
list_resources: any;
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
index bdc4104..ec2f73e 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
@@ -153,21 +153,6 @@ public class UserGroupResourceTest extends TestBase {
}
@Test
- public void addRolesToGroup() {
-
- final Response response = resources.getJerseyTest()
- .target("/group/role")
- .request()
- .header("Authorization", "Bearer " + TOKEN)
- .put(Entity.json(new UpdateRoleGroupDto(singleton(ROLE_ID), GROUP)));
-
- assertEquals(HttpStatus.SC_OK, response.getStatus());
-
- verify(userGroupService).updateRolesForGroup(GROUP, singleton(ROLE_ID));
- verifyNoMoreInteractions(userGroupService);
- }
-
- @Test
public void addRolesToGroupWithValidationException() {
final Response response = resources.getJerseyTest()
@@ -182,23 +167,6 @@ public class UserGroupResourceTest extends TestBase {
}
@Test
- public void deleteGroupFromRole() {
- final Response response = resources.getJerseyTest()
- .target("/group/role")
- .queryParam("group", GROUP)
- .queryParam("roleId", ROLE_ID)
- .request()
- .header("Authorization", "Bearer " + TOKEN)
- .delete();
-
- assertEquals(HttpStatus.SC_OK, response.getStatus());
-
-
- verify(userGroupService).removeGroupFromRole(singleton(GROUP), singleton(ROLE_ID));
- verifyNoMoreInteractions(userGroupService);
- }
-
- @Test
public void deleteGroup() {
final Response response = resources.getJerseyTest()
.target("/group/" + GROUP)
@@ -228,20 +196,6 @@ public class UserGroupResourceTest extends TestBase {
}
@Test
- public void addUserToGroup() {
- final Response response = resources.getJerseyTest()
- .target("/group/user")
- .request()
- .header("Authorization", "Bearer " + TOKEN)
- .put(Entity.json(new UpdateUserGroupDto(GROUP, singleton(USER))));
-
- assertEquals(HttpStatus.SC_OK, response.getStatus());
-
- verify(userGroupService).addUsersToGroup(GROUP, singleton(USER));
- verifyNoMoreInteractions(userGroupService);
- }
-
- @Test
public void addUserToGroupWithValidationException() {
final Response response = resources.getJerseyTest()
.target("/group/user")
@@ -255,23 +209,6 @@ public class UserGroupResourceTest extends TestBase {
}
@Test
- public void deleteUserFromGroup() {
- final Response response = resources.getJerseyTest()
- .target("/group/user")
- .queryParam("user", USER)
- .queryParam("group", GROUP)
- .request()
- .header("Authorization", "Bearer " + TOKEN)
- .delete();
-
- assertEquals(HttpStatus.SC_OK, response.getStatus());
-
-
- verify(userGroupService).removeUserFromGroup(GROUP, USER);
- verifyNoMoreInteractions(userGroupService);
- }
-
- @Test
public void deleteUserFromGroupWithValidationException() {
final Response response = resources.getJerseyTest()
.target("/group/user")
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
index de38a2b..e6b0572 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
@@ -44,12 +44,9 @@ import java.util.List;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.anySet;
-import static org.mockito.Mockito.anySetOf;
import static org.mockito.Mockito.anyString;
import static org.mockito.Mockito.doNothing;
-import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.refEq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
@@ -106,56 +103,6 @@ public class UserGroupServiceImplTest extends TestBase {
}
@Test
- public void addUserToGroup() {
- userGroupService.addUsersToGroup(GROUP, Collections.singleton(USER));
-
- verify(userGroupDao).addUsers(eq(GROUP), refEq(Collections.singleton(USER)));
- verifyNoMoreInteractions(userRoleDao, userGroupDao);
- }
-
- @Test
- public void addRolesToGroup() {
- when(userRoleDao.addGroupToRole(anySetOf(String.class), anySetOf(String.class))).thenReturn(true);
-
- userGroupService.updateRolesForGroup(GROUP, Collections.singleton(ROLE_ID));
-
- verify(userRoleDao).addGroupToRole(refEq(Collections.singleton(GROUP)), refEq(Collections.singleton(ROLE_ID)));
- verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID));
- verifyNoMoreInteractions(userRoleDao);
- }
-
- @Test
- public void removeUserFromGroup() {
-
- userGroupService.removeUserFromGroup(GROUP, USER);
-
- verify(userGroupDao).removeUser(GROUP, USER);
- verifyNoMoreInteractions(userGroupDao);
- }
-
- @Test
- public void removeGroupFromRole() {
-
- when(userRoleDao.removeGroupFromRole(anySetOf(String.class), anySetOf(String.class))).thenReturn(true);
-
- userGroupService.removeGroupFromRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
-
- verify(userRoleDao).removeGroupFromRole(refEq(Collections.singleton(GROUP)),
- refEq(Collections.singleton(ROLE_ID)));
- verifyNoMoreInteractions(userRoleDao);
- }
-
- @Test
- public void removeGroupFromRoleWithException() {
- when(userRoleDao.removeGroupFromRole(anySetOf(String.class), anySetOf(String.class))).thenReturn(false);
-
- expectedException.expectMessage("Any of role : [" + ROLE_ID + "] were not found");
- expectedException.expect(ResourceNotFoundException.class);
-
- userGroupService.removeGroupFromRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
- }
-
- @Test
public void removeGroup() {
when(userRoleDao.removeGroup(anyString())).thenReturn(true);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 02/03: Merge remote-tracking branch
'origin/DLAB-1590' into DLAB-1590
Posted by of...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch DLAB-1590
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit a6aa0d2ed07c427a43a7348f46a21e5dea5a1020
Merge: 9729f01 d753b18
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Fri Mar 27 18:38:52 2020 +0200
Merge remote-tracking branch 'origin/DLAB-1590' into DLAB-1590
.../webapp/src/app/administration/project/project.component.html | 2 +-
.../main/resources/webapp/src/app/core/services/healthStatus.service.ts | 2 +-
.../main/resources/webapp/src/app/shared/navbar/navbar.component.html | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 01/03: Admin per project
Posted by of...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch DLAB-1590
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 9729f016974942111925557a2f1fe2afeaec2dcc
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Thu Mar 26 16:20:54 2020 +0200
Admin per project
---
.../backendapi/resources/UserGroupResource.java | 86 +++++++++++-----------
.../dlab/backendapi/service/UserGroupService.java | 3 +-
.../service/impl/UserGroupServiceImpl.java | 35 ++++++---
.../src/main/resources/mongo/aws/mongo_roles.json | 2 +
.../main/resources/mongo/azure/mongo_roles.json | 2 +
.../src/main/resources/mongo/gcp/mongo_roles.json | 2 +
.../resources/UserGroupResourceTest.java | 2 +-
.../service/impl/UserGroupServiceImplTest.java | 12 +--
8 files changed, 82 insertions(+), 62 deletions(-)
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
index 67aa073..df77307 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
@@ -20,13 +20,10 @@ package com.epam.dlab.backendapi.resources;
import com.epam.dlab.auth.UserInfo;
import com.epam.dlab.backendapi.resources.dto.GroupDTO;
-import com.epam.dlab.backendapi.resources.dto.UpdateRoleGroupDto;
-import com.epam.dlab.backendapi.resources.dto.UpdateUserGroupDto;
import com.epam.dlab.backendapi.service.UserGroupService;
import com.google.inject.Inject;
import io.dropwizard.auth.Auth;
import lombok.extern.slf4j.Slf4j;
-import org.hibernate.validator.constraints.NotEmpty;
import javax.annotation.security.RolesAllowed;
import javax.validation.Valid;
@@ -38,14 +35,11 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import java.util.Set;
@Slf4j
@Path("group")
-@RolesAllowed("/roleManagement")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class UserGroupResource {
@@ -59,6 +53,7 @@ public class UserGroupResource {
@POST
+ @RolesAllowed("/roleManagement/create")
public Response createGroup(@Auth UserInfo userInfo,
@Valid GroupDTO dto) {
log.debug("Creating new group {}", dto.getName());
@@ -67,39 +62,42 @@ public class UserGroupResource {
}
@PUT
+ @RolesAllowed("/roleManagement")
public Response updateGroup(@Auth UserInfo userInfo, @Valid GroupDTO dto) {
log.debug("Updating group {}", dto.getName());
- userGroupService.updateGroup(dto.getName(), dto.getRoleIds(), dto.getUsers());
+ userGroupService.updateGroup(userInfo, dto.getName(), dto.getRoleIds(), dto.getUsers());
return Response.ok().build();
}
@GET
+ @RolesAllowed("/roleManagement")
public Response getGroups(@Auth UserInfo userInfo) {
log.debug("Getting all groups for admin {}...", userInfo.getName());
return Response.ok(userGroupService.getAggregatedRolesByGroup(userInfo)).build();
}
- @PUT
- @Path("role")
- public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) {
- log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(),
- updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
- userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
- return Response.ok().build();
- }
-
- @DELETE
- @Path("role")
- public Response deleteGroupFromRole(@Auth UserInfo userInfo,
- @QueryParam("group") @NotEmpty Set<String> groups,
- @QueryParam("roleId") @NotEmpty Set<String> roleIds) {
- log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds);
- userGroupService.removeGroupFromRole(groups, roleIds);
- return Response.ok().build();
- }
+// @PUT
+// @Path("role")
+// public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) {
+// log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(),
+// updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
+// userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
+// return Response.ok().build();
+// }
+//
+// @DELETE
+// @Path("role")
+// public Response deleteGroupFromRole(@Auth UserInfo userInfo,
+// @QueryParam("group") @NotEmpty Set<String> groups,
+// @QueryParam("roleId") @NotEmpty Set<String> roleIds) {
+// log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds);
+// userGroupService.removeGroupFromRole(groups, roleIds);
+// return Response.ok().build();
+// }
@DELETE
@Path("{id}")
+ @RolesAllowed("/roleManagement/delete")
public Response deleteGroup(@Auth UserInfo userInfo,
@PathParam("id") String group) {
log.info("Admin {} is trying to delete group {} from application", userInfo.getName(), group);
@@ -107,23 +105,23 @@ public class UserGroupResource {
return Response.ok().build();
}
- @PUT
- @Path("user")
- public Response addUserToGroup(@Auth UserInfo userInfo,
- @Valid UpdateUserGroupDto updateUserGroupDto) {
- log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(),
- updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup());
- userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers());
- return Response.ok().build();
- }
-
- @DELETE
- @Path("user")
- public Response deleteUserFromGroup(@Auth UserInfo userInfo,
- @QueryParam("user") @NotEmpty String user,
- @QueryParam("group") @NotEmpty String group) {
- log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group);
- userGroupService.removeUserFromGroup(group, user);
- return Response.ok().build();
- }
+// @PUT
+// @Path("user")
+// public Response addUserToGroup(@Auth UserInfo userInfo,
+// @Valid UpdateUserGroupDto updateUserGroupDto) {
+// log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(),
+// updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup());
+// userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers());
+// return Response.ok().build();
+// }
+//
+// @DELETE
+// @Path("user")
+// public Response deleteUserFromGroup(@Auth UserInfo userInfo,
+// @QueryParam("user") @NotEmpty String user,
+// @QueryParam("group") @NotEmpty String group) {
+// log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group);
+// userGroupService.removeUserFromGroup(group, user);
+// return Response.ok().build();
+// }
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
index fe81f4e..9a1d36b 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
@@ -27,7 +27,8 @@ import java.util.Set;
public interface UserGroupService {
void createGroup(String group, Set<String> roleIds, Set<String> users);
- void updateGroup(String group, Set<String> roleIds, Set<String> users);
+
+ void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users);
void addUsersToGroup(String group, Set<String> users);
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
index 288b84e..8024dfd 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
@@ -63,13 +63,21 @@ public class UserGroupServiceImpl implements UserGroupService {
}
@Override
- public void updateGroup(String group, Set<String> roleIds, Set<String> users) {
- log.debug("Updating users for group {}: {}", group, users);
- userGroupDao.updateUsers(group, users);
- log.debug("Removing group {} from existing roles", group);
- userRoleDao.removeGroupWhenRoleNotIn(group, roleIds);
- log.debug("Adding group {} to roles {}", group, roleIds);
- userRoleDao.addGroupToRole(Collections.singleton(group), roleIds);
+ public void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users) {
+ if (UserRoles.isAdmin(user)) {
+ updateGroup(group, roleIds, users);
+ } else if (UserRoles.isProjectAdmin(user)) {
+ projectService.getProjects(user)
+ .stream()
+ .map(ProjectDTO::getGroups)
+ .flatMap(Collection::stream)
+ .filter(g -> g.equalsIgnoreCase(group))
+ .findAny()
+ .orElseThrow(() -> new DlabException(String.format("User %s doesn't have appropriate permission", user.getName())));
+ updateGroup(group, roleIds, users);
+ } else {
+ throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()));
+ }
}
@Override
@@ -122,15 +130,22 @@ public class UserGroupServiceImpl implements UserGroupService {
.filter(userGroup -> groups.contains(userGroup.getGroup()))
.collect(Collectors.toList());
} else {
- throw new DlabException(String.format("User %s doesn't have appropriate permission", user));
+ throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()));
}
}
+ private void updateGroup(String group, Set<String> roleIds, Set<String> users) {
+ log.debug("Updating users for group {}: {}", group, users);
+ userGroupDao.updateUsers(group, users);
+ log.debug("Removing group {} from existing roles", group);
+ userRoleDao.removeGroupWhenRoleNotIn(group, roleIds);
+ log.debug("Adding group {} to roles {}", group, roleIds);
+ userRoleDao.addGroupToRole(Collections.singleton(group), roleIds);
+ }
+
private void checkAnyRoleFound(Set<String> roleIds, boolean anyRoleFound) {
if (!anyRoleFound) {
throw new ResourceNotFoundException(String.format(ROLE_NOT_FOUND_MSG, roleIds));
}
}
-
-
}
diff --git a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
index e7649e6..6a8fd29 100644
--- a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
@@ -349,6 +349,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
index bb0c7d1..86eadff 100644
--- a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
@@ -289,6 +289,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
index 3f7327e..d2ef6dd 100644
--- a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
@@ -325,6 +325,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
index 5325848..bdc4104 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
@@ -126,7 +126,7 @@ public class UserGroupResourceTest extends TestBase {
assertEquals(HttpStatus.SC_OK, response.getStatus());
- verify(userGroupService).updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
+ verify(userGroupService).updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
verifyNoMoreInteractions(userGroupService);
}
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
index 4b775e1..de38a2b 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
@@ -225,13 +225,13 @@ public class UserGroupServiceImplTest extends TestBase {
@Test
public void updateGroup() {
- userGroupService.updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
+ userGroupService.updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
- verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER));
- verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID));
- verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
- verifyNoMoreInteractions(userRoleDao, userGroupDao);
- }
+ verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER));
+ verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID));
+ verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
+ verifyNoMoreInteractions(userRoleDao, userGroupDao);
+ }
private UserGroupDto getUserGroup() {
return new UserGroupDto(GROUP, Collections.emptyList(), Collections.emptySet());
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org