[New] Added bulk method PrivilegeHandler.addOrUpdateUsers()
This commit is contained in:
parent
559e65e32c
commit
cfbeb045f1
|
@ -437,6 +437,83 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addOrUpdateUsers(Certificate certificate, List<UserRep> userReps) throws PrivilegeException {
|
||||||
|
|
||||||
|
// validate user actually has this type of privilege
|
||||||
|
PrivilegeContext prvCtx = validate(certificate);
|
||||||
|
prvCtx.assertHasPrivilege(PRIVILEGE_ADD_USER);
|
||||||
|
|
||||||
|
List<User> toCreate = new ArrayList<>();
|
||||||
|
List<User> toUpdate = new ArrayList<>();
|
||||||
|
|
||||||
|
for (UserRep e : userReps) {
|
||||||
|
UserRep userRep = e.clone();
|
||||||
|
|
||||||
|
User user;
|
||||||
|
User existingUser = this.persistenceHandler.getUser(userRep.getUsername());
|
||||||
|
|
||||||
|
if (existingUser == null) {
|
||||||
|
|
||||||
|
// add user
|
||||||
|
|
||||||
|
// make sure userId is not set
|
||||||
|
if (isNotEmpty(userRep.getUserId())) {
|
||||||
|
String msg = "UserId can not be set when adding a new user!";
|
||||||
|
throw new PrivilegeModelException(MessageFormat.format(msg, userRep.getUsername()));
|
||||||
|
}
|
||||||
|
|
||||||
|
// set userId
|
||||||
|
userRep.setUserId(getUniqueId());
|
||||||
|
|
||||||
|
// first validate user
|
||||||
|
userRep.validate();
|
||||||
|
|
||||||
|
validateRolesExist(userRep);
|
||||||
|
|
||||||
|
// create new user
|
||||||
|
user = createUser(userRep, new UserHistory(), null, null, false);
|
||||||
|
|
||||||
|
// detect privilege conflicts
|
||||||
|
assertNoPrivilegeConflict(user);
|
||||||
|
|
||||||
|
// validate this user may create such a user
|
||||||
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ADD_USER, new Tuple(null, user)));
|
||||||
|
|
||||||
|
toCreate.add(user);
|
||||||
|
logger.info("Creating new user " + user.getUsername());
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// update user
|
||||||
|
|
||||||
|
if (userRep.getUserId() == null)
|
||||||
|
userRep.setUserId(existingUser.getUserId());
|
||||||
|
|
||||||
|
UserHistory history = existingUser.getHistory().getClone();
|
||||||
|
byte[] passwordHash = existingUser.getPassword();
|
||||||
|
byte[] salt = existingUser.getSalt();
|
||||||
|
user = createUser(userRep, history, passwordHash, salt, existingUser.isPasswordChangeRequested());
|
||||||
|
|
||||||
|
// detect privilege conflicts
|
||||||
|
assertNoPrivilegeConflict(user);
|
||||||
|
|
||||||
|
// validate this user may modify this user
|
||||||
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_MODIFY_USER, new Tuple(existingUser, user)));
|
||||||
|
|
||||||
|
toUpdate.add(user);
|
||||||
|
logger.info("Updating existing user " + user.getUsername());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// delegate to persistence handler
|
||||||
|
toCreate.forEach(user -> this.persistenceHandler.addUser(user));
|
||||||
|
toUpdate.forEach(user -> this.persistenceHandler.replaceUser(user));
|
||||||
|
|
||||||
|
logger.info("Created " + toCreate.size() + " users");
|
||||||
|
logger.info("Updated " + toUpdate.size() + " users");
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password) {
|
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password) {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -378,6 +378,19 @@ public interface PrivilegeHandler {
|
||||||
*/
|
*/
|
||||||
UserRep addUser(Certificate certificate, UserRep userRep, char[] password) throws PrivilegeException;
|
UserRep addUser(Certificate certificate, UserRep userRep, char[] password) throws PrivilegeException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allows the bulk adding or updating of users. If the user exists, the user's history and password is kept,
|
||||||
|
* otherwise the user is created without a password
|
||||||
|
*
|
||||||
|
* @param certificate
|
||||||
|
* the {@link Certificate} of the user which has the privilege to perform this action
|
||||||
|
* @param userReps
|
||||||
|
* the list of users to add or update
|
||||||
|
*
|
||||||
|
* @throws PrivilegeException
|
||||||
|
*/
|
||||||
|
void addOrUpdateUsers(Certificate certificate, List<UserRep> userReps) throws PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* Updates the fields for the user with the given user. All fields on the given {@link UserRep} which are non-null
|
* Updates the fields for the user with the given user. All fields on the given {@link UserRep} which are non-null
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
package li.strolch.service.privilege.users;
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.USER;
|
||||||
|
|
||||||
import li.strolch.model.audit.AccessType;
|
import li.strolch.model.audit.AccessType;
|
||||||
import li.strolch.model.audit.Audit;
|
import li.strolch.model.audit.Audit;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.UserRep;
|
import li.strolch.privilege.model.UserRep;
|
||||||
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
|
||||||
import li.strolch.service.api.Command;
|
import li.strolch.service.api.Command;
|
||||||
import li.strolch.utils.dbc.DBC;
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
|
@ -58,9 +60,7 @@ public class PrivilegeAddUserCommand extends Command {
|
||||||
|
|
||||||
protected void writeAudit() {
|
protected void writeAudit() {
|
||||||
tx().setSuppressAuditsForAudits(true);
|
tx().setSuppressAuditsForAudits(true);
|
||||||
this.audit = tx()
|
this.audit = tx().auditFrom(AccessType.CREATE, PRIVILEGE, USER, this.userOut.getUsername());
|
||||||
.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
|
||||||
this.userOut.getUsername());
|
|
||||||
tx().getAuditTrail().add(tx(), this.audit);
|
tx().getAuditTrail().add(tx(), this.audit);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.USER;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||||
|
import li.strolch.privilege.model.Certificate;
|
||||||
|
import li.strolch.privilege.model.UserRep;
|
||||||
|
import li.strolch.service.api.Command;
|
||||||
|
import li.strolch.utils.dbc.DBC;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeAddUsersCommand extends Command {
|
||||||
|
|
||||||
|
// input
|
||||||
|
protected List<UserRep> usersIn;
|
||||||
|
protected Certificate cert;
|
||||||
|
|
||||||
|
public PrivilegeAddUsersCommand(StrolchTransaction tx) {
|
||||||
|
super(tx);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUsersIn(List<UserRep> usersIn) {
|
||||||
|
this.usersIn = usersIn;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCert(Certificate cert) {
|
||||||
|
this.cert = cert;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void validate() {
|
||||||
|
DBC.PRE.assertNotEmpty("usersIn may not be empty!", this.usersIn);
|
||||||
|
if (this.cert == null)
|
||||||
|
this.cert = tx().getCertificate();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void doCommand() {
|
||||||
|
PrivilegeHandler privilegeHandler = getContainer().getPrivilegeHandler().getPrivilegeHandler();
|
||||||
|
privilegeHandler.addOrUpdateUsers(this.cert, this.usersIn);
|
||||||
|
privilegeHandler.persist(this.cert);
|
||||||
|
writeAudits();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void writeAudits() {
|
||||||
|
tx().setSuppressAuditsForAudits(true);
|
||||||
|
for (UserRep userRep : usersIn) {
|
||||||
|
Audit audit = tx().auditFrom(AccessType.CREATE, PRIVILEGE, USER, userRep.getUsername());
|
||||||
|
tx().getAuditTrail().add(tx(), audit);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue