You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by of...@apache.org on 2020/03/27 17:12:36 UTC
[incubator-dlab] 01/03: Admin per project
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch DLAB-1590
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 9729f016974942111925557a2f1fe2afeaec2dcc
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Thu Mar 26 16:20:54 2020 +0200
Admin per project
---
.../backendapi/resources/UserGroupResource.java | 86 +++++++++++-----------
.../dlab/backendapi/service/UserGroupService.java | 3 +-
.../service/impl/UserGroupServiceImpl.java | 35 ++++++---
.../src/main/resources/mongo/aws/mongo_roles.json | 2 +
.../main/resources/mongo/azure/mongo_roles.json | 2 +
.../src/main/resources/mongo/gcp/mongo_roles.json | 2 +
.../resources/UserGroupResourceTest.java | 2 +-
.../service/impl/UserGroupServiceImplTest.java | 12 +--
8 files changed, 82 insertions(+), 62 deletions(-)
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
index 67aa073..df77307 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java
@@ -20,13 +20,10 @@ package com.epam.dlab.backendapi.resources;
import com.epam.dlab.auth.UserInfo;
import com.epam.dlab.backendapi.resources.dto.GroupDTO;
-import com.epam.dlab.backendapi.resources.dto.UpdateRoleGroupDto;
-import com.epam.dlab.backendapi.resources.dto.UpdateUserGroupDto;
import com.epam.dlab.backendapi.service.UserGroupService;
import com.google.inject.Inject;
import io.dropwizard.auth.Auth;
import lombok.extern.slf4j.Slf4j;
-import org.hibernate.validator.constraints.NotEmpty;
import javax.annotation.security.RolesAllowed;
import javax.validation.Valid;
@@ -38,14 +35,11 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import java.util.Set;
@Slf4j
@Path("group")
-@RolesAllowed("/roleManagement")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class UserGroupResource {
@@ -59,6 +53,7 @@ public class UserGroupResource {
@POST
+ @RolesAllowed("/roleManagement/create")
public Response createGroup(@Auth UserInfo userInfo,
@Valid GroupDTO dto) {
log.debug("Creating new group {}", dto.getName());
@@ -67,39 +62,42 @@ public class UserGroupResource {
}
@PUT
+ @RolesAllowed("/roleManagement")
public Response updateGroup(@Auth UserInfo userInfo, @Valid GroupDTO dto) {
log.debug("Updating group {}", dto.getName());
- userGroupService.updateGroup(dto.getName(), dto.getRoleIds(), dto.getUsers());
+ userGroupService.updateGroup(userInfo, dto.getName(), dto.getRoleIds(), dto.getUsers());
return Response.ok().build();
}
@GET
+ @RolesAllowed("/roleManagement")
public Response getGroups(@Auth UserInfo userInfo) {
log.debug("Getting all groups for admin {}...", userInfo.getName());
return Response.ok(userGroupService.getAggregatedRolesByGroup(userInfo)).build();
}
- @PUT
- @Path("role")
- public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) {
- log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(),
- updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
- userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
- return Response.ok().build();
- }
-
- @DELETE
- @Path("role")
- public Response deleteGroupFromRole(@Auth UserInfo userInfo,
- @QueryParam("group") @NotEmpty Set<String> groups,
- @QueryParam("roleId") @NotEmpty Set<String> roleIds) {
- log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds);
- userGroupService.removeGroupFromRole(groups, roleIds);
- return Response.ok().build();
- }
+// @PUT
+// @Path("role")
+// public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) {
+// log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(),
+// updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
+// userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds());
+// return Response.ok().build();
+// }
+//
+// @DELETE
+// @Path("role")
+// public Response deleteGroupFromRole(@Auth UserInfo userInfo,
+// @QueryParam("group") @NotEmpty Set<String> groups,
+// @QueryParam("roleId") @NotEmpty Set<String> roleIds) {
+// log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds);
+// userGroupService.removeGroupFromRole(groups, roleIds);
+// return Response.ok().build();
+// }
@DELETE
@Path("{id}")
+ @RolesAllowed("/roleManagement/delete")
public Response deleteGroup(@Auth UserInfo userInfo,
@PathParam("id") String group) {
log.info("Admin {} is trying to delete group {} from application", userInfo.getName(), group);
@@ -107,23 +105,23 @@ public class UserGroupResource {
return Response.ok().build();
}
- @PUT
- @Path("user")
- public Response addUserToGroup(@Auth UserInfo userInfo,
- @Valid UpdateUserGroupDto updateUserGroupDto) {
- log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(),
- updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup());
- userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers());
- return Response.ok().build();
- }
-
- @DELETE
- @Path("user")
- public Response deleteUserFromGroup(@Auth UserInfo userInfo,
- @QueryParam("user") @NotEmpty String user,
- @QueryParam("group") @NotEmpty String group) {
- log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group);
- userGroupService.removeUserFromGroup(group, user);
- return Response.ok().build();
- }
+// @PUT
+// @Path("user")
+// public Response addUserToGroup(@Auth UserInfo userInfo,
+// @Valid UpdateUserGroupDto updateUserGroupDto) {
+// log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(),
+// updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup());
+// userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers());
+// return Response.ok().build();
+// }
+//
+// @DELETE
+// @Path("user")
+// public Response deleteUserFromGroup(@Auth UserInfo userInfo,
+// @QueryParam("user") @NotEmpty String user,
+// @QueryParam("group") @NotEmpty String group) {
+// log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group);
+// userGroupService.removeUserFromGroup(group, user);
+// return Response.ok().build();
+// }
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
index fe81f4e..9a1d36b 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java
@@ -27,7 +27,8 @@ import java.util.Set;
public interface UserGroupService {
void createGroup(String group, Set<String> roleIds, Set<String> users);
- void updateGroup(String group, Set<String> roleIds, Set<String> users);
+
+ void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users);
void addUsersToGroup(String group, Set<String> users);
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
index 288b84e..8024dfd 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
@@ -63,13 +63,21 @@ public class UserGroupServiceImpl implements UserGroupService {
}
@Override
- public void updateGroup(String group, Set<String> roleIds, Set<String> users) {
- log.debug("Updating users for group {}: {}", group, users);
- userGroupDao.updateUsers(group, users);
- log.debug("Removing group {} from existing roles", group);
- userRoleDao.removeGroupWhenRoleNotIn(group, roleIds);
- log.debug("Adding group {} to roles {}", group, roleIds);
- userRoleDao.addGroupToRole(Collections.singleton(group), roleIds);
+ public void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users) {
+ if (UserRoles.isAdmin(user)) {
+ updateGroup(group, roleIds, users);
+ } else if (UserRoles.isProjectAdmin(user)) {
+ projectService.getProjects(user)
+ .stream()
+ .map(ProjectDTO::getGroups)
+ .flatMap(Collection::stream)
+ .filter(g -> g.equalsIgnoreCase(group))
+ .findAny()
+ .orElseThrow(() -> new DlabException(String.format("User %s doesn't have appropriate permission", user.getName())));
+ updateGroup(group, roleIds, users);
+ } else {
+ throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()));
+ }
}
@Override
@@ -122,15 +130,22 @@ public class UserGroupServiceImpl implements UserGroupService {
.filter(userGroup -> groups.contains(userGroup.getGroup()))
.collect(Collectors.toList());
} else {
- throw new DlabException(String.format("User %s doesn't have appropriate permission", user));
+ throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()));
}
}
+ private void updateGroup(String group, Set<String> roleIds, Set<String> users) {
+ log.debug("Updating users for group {}: {}", group, users);
+ userGroupDao.updateUsers(group, users);
+ log.debug("Removing group {} from existing roles", group);
+ userRoleDao.removeGroupWhenRoleNotIn(group, roleIds);
+ log.debug("Adding group {} to roles {}", group, roleIds);
+ userRoleDao.addGroupToRole(Collections.singleton(group), roleIds);
+ }
+
private void checkAnyRoleFound(Set<String> roleIds, boolean anyRoleFound) {
if (!anyRoleFound) {
throw new ResourceNotFoundException(String.format(ROLE_NOT_FOUND_MSG, roleIds));
}
}
-
-
}
diff --git a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
index e7649e6..6a8fd29 100644
--- a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
@@ -349,6 +349,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
index bb0c7d1..86eadff 100644
--- a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
@@ -289,6 +289,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
index 3f7327e..d2ef6dd 100644
--- a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
@@ -325,6 +325,8 @@
"environment/*",
"/api/infrastructure/backup",
"/roleManagement",
+ "/roleManagement/create",
+ "/roleManagement/delete",
"/api/settings",
"/user/settings",
"/api/project",
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
index 5325848..bdc4104 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java
@@ -126,7 +126,7 @@ public class UserGroupResourceTest extends TestBase {
assertEquals(HttpStatus.SC_OK, response.getStatus());
- verify(userGroupService).updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
+ verify(userGroupService).updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
verifyNoMoreInteractions(userGroupService);
}
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
index 4b775e1..de38a2b 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java
@@ -225,13 +225,13 @@ public class UserGroupServiceImplTest extends TestBase {
@Test
public void updateGroup() {
- userGroupService.updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
+ userGroupService.updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER));
- verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER));
- verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID));
- verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
- verifyNoMoreInteractions(userRoleDao, userGroupDao);
- }
+ verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER));
+ verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID));
+ verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID));
+ verifyNoMoreInteractions(userRoleDao, userGroupDao);
+ }
private UserGroupDto getUserGroup() {
return new UserGroupDto(GROUP, Collections.emptyList(), Collections.emptySet());
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org