[New] Requiring TX for privilege services
This commit is contained in:
parent
7d189ad7ae
commit
282bbba3aa
|
@ -1,12 +1,12 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
|
* Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
* You may obtain a copy of the License at
|
* You may obtain a copy of the License at
|
||||||
*
|
*
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
*
|
*
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
@ -15,6 +15,9 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.rest.endpoint;
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
|
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_ACTION;
|
||||||
|
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_ACTION_GET_POLICIES;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
@ -26,8 +29,10 @@ import java.util.Map;
|
||||||
|
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
|
import li.strolch.privilege.model.SimpleRestrictable;
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchRestfulConstants;
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
|
||||||
|
@ -44,18 +49,27 @@ public class PrivilegePoliciesService {
|
||||||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static String getContext() {
|
||||||
|
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||||
|
return element.getClassName() + "." + element.getMethodName();
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response getRoles(@Context HttpServletRequest request) {
|
public Response getPrivilegePolicies(@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
|
tx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_GET_POLICIES));
|
||||||
|
|
||||||
JsonObject policiesJ = new JsonObject();
|
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||||
for (String key : policyDefs.keySet()) {
|
|
||||||
policiesJ.addProperty(key, policyDefs.get(key));
|
JsonObject policiesJ = new JsonObject();
|
||||||
|
for (String key : policyDefs.keySet()) {
|
||||||
|
policiesJ.addProperty(key, policyDefs.get(key));
|
||||||
|
}
|
||||||
|
return Response.ok(policiesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||||
}
|
}
|
||||||
return Response.ok(policiesJ.toString(), MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
package li.strolch.rest.endpoint;
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
import static java.util.Comparator.comparing;
|
import static java.util.Comparator.comparing;
|
||||||
|
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_GET_ROLE;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.*;
|
import javax.ws.rs.*;
|
||||||
|
@ -27,6 +28,7 @@ import com.google.gson.JsonArray;
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
||||||
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.PrivilegeRep;
|
import li.strolch.privilege.model.PrivilegeRep;
|
||||||
|
@ -48,20 +50,29 @@ public class PrivilegeRolesService {
|
||||||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static String getContext() {
|
||||||
|
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||||
|
return element.getClassName() + "." + element.getMethodName();
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response getRoles(@Context HttpServletRequest request) {
|
public Response getRoles(@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
JsonArray rolesJ = privilegeHandler.getRoles(cert).stream() //
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_ROLE);
|
||||||
.sorted(comparing(roleRep -> roleRep.getName().toLowerCase())) //
|
|
||||||
.collect(JsonArray::new, //
|
|
||||||
(array, role) -> array.add(role.accept(visitor)), //
|
|
||||||
JsonArray::addAll);
|
|
||||||
|
|
||||||
return Response.ok(rolesJ.toString(), MediaType.APPLICATION_JSON).build();
|
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||||
|
JsonArray rolesJ = privilegeHandler.getRoles(cert).stream() //
|
||||||
|
.sorted(comparing(roleRep -> roleRep.getName().toLowerCase())) //
|
||||||
|
.collect(JsonArray::new, //
|
||||||
|
(array, role) -> array.add(role.accept(visitor)), //
|
||||||
|
JsonArray::addAll);
|
||||||
|
|
||||||
|
return Response.ok(rolesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -71,9 +82,12 @@ public class PrivilegeRolesService {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
return Response.ok(role.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON)
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_ROLE);
|
||||||
.build();
|
|
||||||
|
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||||
|
return Response.ok(role.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
package li.strolch.rest.endpoint;
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
import static java.util.Comparator.comparing;
|
import static java.util.Comparator.comparing;
|
||||||
|
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_GET_USER;
|
||||||
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
||||||
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
||||||
|
|
||||||
|
@ -34,6 +35,7 @@ import com.google.gson.*;
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
||||||
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.UserRep;
|
import li.strolch.privilege.model.UserRep;
|
||||||
|
@ -65,27 +67,36 @@ public class PrivilegeUsersService {
|
||||||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static String getContext() {
|
||||||
|
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||||
|
return element.getClassName() + "." + element.getMethodName();
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response queryUsers(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
public Response queryUsers(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
String query = queryData.getQuery();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
List<UserRep> users = privilegeHandler.getUsers(cert);
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||||
SearchResult<UserRep> result = buildSimpleValueSearch(new ValueSearch<UserRep>(), query, Arrays.asList( //
|
|
||||||
UserRep::getUsername, //
|
|
||||||
UserRep::getFirstname, //
|
|
||||||
UserRep::getLastname, //
|
|
||||||
userRep -> userRep.getUserState().name(), //
|
|
||||||
UserRep::getRoles)) //
|
|
||||||
.search(users) //
|
|
||||||
.orderBy(comparing(r -> r.getUsername().toLowerCase()));
|
|
||||||
|
|
||||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
String query = queryData.getQuery();
|
||||||
JsonObject root = toJson(queryData, users.size(), result, t -> t.accept(visitor));
|
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
SearchResult<UserRep> result = buildSimpleValueSearch(new ValueSearch<UserRep>(), query, Arrays.asList( //
|
||||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
UserRep::getUsername, //
|
||||||
|
UserRep::getFirstname, //
|
||||||
|
UserRep::getLastname, //
|
||||||
|
userRep -> userRep.getUserState().name(), //
|
||||||
|
UserRep::getRoles)) //
|
||||||
|
.search(users) //
|
||||||
|
.orderBy(comparing(r -> r.getUsername().toLowerCase()));
|
||||||
|
|
||||||
|
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||||
|
JsonObject root = toJson(queryData, users.size(), result, t -> t.accept(visitor));
|
||||||
|
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||||
|
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
@ -96,16 +107,20 @@ public class PrivilegeUsersService {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||||
|
|
||||||
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||||
JsonArray usersArr = privilegeHandler.queryUsers(cert, queryRep).stream() //
|
|
||||||
.sorted(comparing(r -> r.getUsername().toLowerCase())) //
|
|
||||||
.collect(JsonArray::new, //
|
|
||||||
(array, user) -> array.add(user.accept(visitor)), //
|
|
||||||
JsonArray::addAll);
|
|
||||||
|
|
||||||
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
|
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
||||||
|
JsonArray usersArr = privilegeHandler.queryUsers(cert, queryRep).stream() //
|
||||||
|
.sorted(comparing(r -> r.getUsername().toLowerCase())) //
|
||||||
|
.collect(JsonArray::new, //
|
||||||
|
(array, user) -> array.add(user.accept(visitor)), //
|
||||||
|
JsonArray::addAll);
|
||||||
|
|
||||||
|
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -115,9 +130,12 @@ public class PrivilegeUsersService {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.getUser(cert, username);
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON)
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||||
.build();
|
|
||||||
|
UserRep user = privilegeHandler.getUser(cert, username);
|
||||||
|
return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
package li.strolch.rest.endpoint;
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION;
|
||||||
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
@ -31,6 +32,7 @@ import java.util.Locale;
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import com.google.gson.GsonBuilder;
|
import com.google.gson.GsonBuilder;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchRestfulConstants;
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
@ -48,6 +50,11 @@ public class UserSessionsService {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(UserSessionsService.class);
|
private static final Logger logger = LoggerFactory.getLogger(UserSessionsService.class);
|
||||||
|
|
||||||
|
private static String getContext() {
|
||||||
|
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||||
|
return element.getClassName() + "." + element.getMethodName();
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response querySessions(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
public Response querySessions(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
||||||
|
@ -56,19 +63,23 @@ public class UserSessionsService {
|
||||||
logger.info("[" + cert.getUsername() + "] Querying user sessions...");
|
logger.info("[" + cert.getUsername() + "] Querying user sessions...");
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||||
|
|
||||||
String query = queryData.getQuery();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
List<UserSession> sessions = sessionHandler.getSessions(cert, source);
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||||
|
|
||||||
SearchResult<UserSession> result = buildSimpleValueSearch(new ValueSearch<UserSession>(), query,
|
String query = queryData.getQuery();
|
||||||
Arrays.asList( //
|
List<UserSession> sessions = sessionHandler.getSessions(cert, source);
|
||||||
UserSession::getUsername, //
|
|
||||||
UserSession::getFirstname, //
|
|
||||||
UserSession::getLastname, //
|
|
||||||
UserSession::getUserRoles)).search(sessions);
|
|
||||||
|
|
||||||
JsonObject root = toJson(queryData, sessions.size(), result, UserSession::toJson);
|
SearchResult<UserSession> result = buildSimpleValueSearch(new ValueSearch<UserSession>(), query,
|
||||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
Arrays.asList( //
|
||||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
UserSession::getUsername, //
|
||||||
|
UserSession::getFirstname, //
|
||||||
|
UserSession::getLastname, //
|
||||||
|
UserSession::getUserRoles)).search(sessions);
|
||||||
|
|
||||||
|
JsonObject root = toJson(queryData, sessions.size(), result, UserSession::toJson);
|
||||||
|
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||||
|
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -79,8 +90,13 @@ public class UserSessionsService {
|
||||||
String source = (String) request.getAttribute(StrolchRestfulConstants.STROLCH_REQUEST_SOURCE);
|
String source = (String) request.getAttribute(StrolchRestfulConstants.STROLCH_REQUEST_SOURCE);
|
||||||
logger.info("[" + cert.getUsername() + "] Returning session " + sessionId);
|
logger.info("[" + cert.getUsername() + "] Returning session " + sessionId);
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||||
UserSession session = sessionHandler.getSession(cert, source, sessionId);
|
|
||||||
return Response.ok(session.toJson().toString(), MediaType.APPLICATION_JSON).build();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||||
|
|
||||||
|
UserSession session = sessionHandler.getSession(cert, source, sessionId);
|
||||||
|
return Response.ok(session.toJson().toString(), MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
|
@ -90,8 +106,13 @@ public class UserSessionsService {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
logger.info("[" + cert.getUsername() + "] Invalidating session " + sessionId);
|
logger.info("[" + cert.getUsername() + "] Invalidating session " + sessionId);
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||||
sessionHandler.invalidate(cert, sessionId);
|
|
||||||
return ResponseUtil.toResponse();
|
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||||
|
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||||
|
|
||||||
|
sessionHandler.invalidate(cert, sessionId);
|
||||||
|
return ResponseUtil.toResponse();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeAddOrReplacePrivilegeOnRoleService
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);
|
RoleRep role;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||||
role.getName());
|
role.getName());
|
||||||
|
|
|
@ -44,11 +44,13 @@ public class PrivilegeAddRoleService extends AbstractService<PrivilegeRoleArgume
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.addRole(getCertificate(), arg.role);
|
RoleRep role;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
role = privilegeHandler.addRole(getCertificate(), arg.role);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||||
role.getName());
|
role.getName());
|
||||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeRemovePrivilegeFromRoleService
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);
|
RoleRep role;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||||
role.getName());
|
role.getName());
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveRoleService extends AbstractService<PrivilegeRoleNam
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.removeRole(getCertificate(), arg.roleName);
|
RoleRep role;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
role = privilegeHandler.removeRole(getCertificate(), arg.roleName);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||||
role.getName());
|
role.getName());
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeUpdateRoleService extends AbstractService<PrivilegeRoleArg
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
RoleRep role = privilegeHandler.replaceRole(getCertificate(), arg.role);
|
RoleRep role;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
role = privilegeHandler.replaceRole(getCertificate(), arg.role);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||||
role.getName());
|
role.getName());
|
||||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeAddRoleToUserService
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveRoleFromUserService
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveUserService extends AbstractService<PrivilegeUserNam
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.removeUser(getCertificate(), arg.username);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.removeUser(getCertificate(), arg.username);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeSetUserLocaleService
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
@ -59,14 +61,4 @@ public class PrivilegeSetUserLocaleService
|
||||||
|
|
||||||
return new PrivilegeUserResult(user);
|
return new PrivilegeUserResult(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getPrivilegeName() {
|
|
||||||
return StrolchPrivilegeConstants.PRIVILEGE_SET_USER_LOCALE;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getPrivilegeValue() {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,19 +42,20 @@ public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSe
|
||||||
@Override
|
@Override
|
||||||
protected ServiceResult internalDoService(PrivilegeSetUserPasswordArgument arg) throws Exception {
|
protected ServiceResult internalDoService(PrivilegeSetUserPasswordArgument arg) throws Exception {
|
||||||
|
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
|
||||||
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
|
||||||
|
|
||||||
// only persist if not setting own password
|
|
||||||
if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
|
|
||||||
.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
|
|
||||||
|
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
}
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer()
|
||||||
|
.getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
||||||
|
|
||||||
|
// only persist if not setting own password
|
||||||
|
if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
|
||||||
|
.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
}
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
arg.username);
|
arg.username);
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUs
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_STATE)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_STATE)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
@ -58,14 +60,4 @@ public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUs
|
||||||
|
|
||||||
return new PrivilegeUserResult(user);
|
return new PrivilegeUserResult(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getPrivilegeName() {
|
|
||||||
return StrolchPrivilegeConstants.PRIVILEGE_SET_USER_STATE;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getPrivilegeValue() {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,28 +55,31 @@ public class PrivilegeUpdateUserRolesService extends AbstractService<JsonService
|
||||||
rolesE.forEach(e -> roles.add(e.getAsString()));
|
rolesE.forEach(e -> roles.add(e.getAsString()));
|
||||||
|
|
||||||
String username = arg.objectId;
|
String username = arg.objectId;
|
||||||
UserRep user = privilegeHandler.getUser(getCertificate(), username);
|
|
||||||
|
|
||||||
// first add new roles
|
UserRep user;
|
||||||
boolean changed = false;
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||||
for (String role : roles) {
|
tx.setSuppressAudits(true);
|
||||||
if (!user.hasRole(role)) {
|
|
||||||
user = privilegeHandler.addRoleToUser(getCertificate(), username, role);
|
user = privilegeHandler.getUser(getCertificate(), username);
|
||||||
changed = true;
|
|
||||||
|
// first add new roles
|
||||||
|
boolean changed = false;
|
||||||
|
for (String role : roles) {
|
||||||
|
if (!user.hasRole(role)) {
|
||||||
|
user = privilegeHandler.addRoleToUser(getCertificate(), username, role);
|
||||||
|
changed = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// handle removed roles
|
// handle removed roles
|
||||||
for (String role : user.getRoles()) {
|
for (String role : user.getRoles()) {
|
||||||
if (!roles.contains(role)) {
|
if (!roles.contains(role)) {
|
||||||
user = privilegeHandler.removeRoleFromUser(getCertificate(), username, role);
|
user = privilegeHandler.removeRoleFromUser(getCertificate(), username, role);
|
||||||
changed = true;
|
changed = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (changed) {
|
if (changed) {
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
|
||||||
tx.setSuppressAudits(true);
|
|
||||||
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
StrolchPrivilegeConstants.USER, user.getUsername());
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
tx.getAuditTrail().add(tx, audit);
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeUpdateUserService extends AbstractService<PrivilegeUserArg
|
||||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||||
|
|
||||||
UserRep user = privilegeHandler.updateUser(getCertificate(), arg.user);
|
UserRep user;
|
||||||
privilegeHandler.persist(getCertificate());
|
|
||||||
|
|
||||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
|
|
||||||
|
user = privilegeHandler.updateUser(getCertificate(), arg.user);
|
||||||
|
privilegeHandler.persist(getCertificate());
|
||||||
|
|
||||||
Audit audit = tx
|
Audit audit = tx
|
||||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||||
user.getUsername());
|
user.getUsername());
|
||||||
|
|
Loading…
Reference in New Issue