This is an automated email from the ASF dual-hosted git repository. ofuks pushed a commit to branch DLAB-1590 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 9729f016974942111925557a2f1fe2afeaec2dcc Author: Oleh Fuks <olegfuk...@gmail.com> AuthorDate: Thu Mar 26 16:20:54 2020 +0200 Admin per project --- .../backendapi/resources/UserGroupResource.java | 86 +++++++++++----------- .../dlab/backendapi/service/UserGroupService.java | 3 +- .../service/impl/UserGroupServiceImpl.java | 35 ++++++--- .../src/main/resources/mongo/aws/mongo_roles.json | 2 + .../main/resources/mongo/azure/mongo_roles.json | 2 + .../src/main/resources/mongo/gcp/mongo_roles.json | 2 + .../resources/UserGroupResourceTest.java | 2 +- .../service/impl/UserGroupServiceImplTest.java | 12 +-- 8 files changed, 82 insertions(+), 62 deletions(-) diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java index 67aa073..df77307 100644 --- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java +++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/UserGroupResource.java @@ -20,13 +20,10 @@ package com.epam.dlab.backendapi.resources; import com.epam.dlab.auth.UserInfo; import com.epam.dlab.backendapi.resources.dto.GroupDTO; -import com.epam.dlab.backendapi.resources.dto.UpdateRoleGroupDto; -import com.epam.dlab.backendapi.resources.dto.UpdateUserGroupDto; import com.epam.dlab.backendapi.service.UserGroupService; import com.google.inject.Inject; import io.dropwizard.auth.Auth; import lombok.extern.slf4j.Slf4j; -import org.hibernate.validator.constraints.NotEmpty; import javax.annotation.security.RolesAllowed; import javax.validation.Valid; @@ -38,14 +35,11 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import java.util.Set; @Slf4j @Path("group") -@RolesAllowed("/roleManagement") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public class UserGroupResource { @@ -59,6 +53,7 @@ public class UserGroupResource { @POST + @RolesAllowed("/roleManagement/create") public Response createGroup(@Auth UserInfo userInfo, @Valid GroupDTO dto) { log.debug("Creating new group {}", dto.getName()); @@ -67,39 +62,42 @@ public class UserGroupResource { } @PUT + @RolesAllowed("/roleManagement") public Response updateGroup(@Auth UserInfo userInfo, @Valid GroupDTO dto) { log.debug("Updating group {}", dto.getName()); - userGroupService.updateGroup(dto.getName(), dto.getRoleIds(), dto.getUsers()); + userGroupService.updateGroup(userInfo, dto.getName(), dto.getRoleIds(), dto.getUsers()); return Response.ok().build(); } @GET + @RolesAllowed("/roleManagement") public Response getGroups(@Auth UserInfo userInfo) { log.debug("Getting all groups for admin {}...", userInfo.getName()); return Response.ok(userGroupService.getAggregatedRolesByGroup(userInfo)).build(); } - @PUT - @Path("role") - public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) { - log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(), - updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds()); - userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds()); - return Response.ok().build(); - } - - @DELETE - @Path("role") - public Response deleteGroupFromRole(@Auth UserInfo userInfo, - @QueryParam("group") @NotEmpty Set<String> groups, - @QueryParam("roleId") @NotEmpty Set<String> roleIds) { - log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds); - userGroupService.removeGroupFromRole(groups, roleIds); - return Response.ok().build(); - } +// @PUT +// @Path("role") +// public Response updateRolesForGroup(@Auth UserInfo userInfo, @Valid UpdateRoleGroupDto updateRoleGroupDto) { +// log.info("Admin {} is trying to add new group {} to roles {}", userInfo.getName(), +// updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds()); +// userGroupService.updateRolesForGroup(updateRoleGroupDto.getGroup(), updateRoleGroupDto.getRoleIds()); +// return Response.ok().build(); +// } +// +// @DELETE +// @Path("role") +// public Response deleteGroupFromRole(@Auth UserInfo userInfo, +// @QueryParam("group") @NotEmpty Set<String> groups, +// @QueryParam("roleId") @NotEmpty Set<String> roleIds) { +// log.info("Admin {} is trying to delete groups {} from roles {}", userInfo.getName(), groups, roleIds); +// userGroupService.removeGroupFromRole(groups, roleIds); +// return Response.ok().build(); +// } @DELETE @Path("{id}") + @RolesAllowed("/roleManagement/delete") public Response deleteGroup(@Auth UserInfo userInfo, @PathParam("id") String group) { log.info("Admin {} is trying to delete group {} from application", userInfo.getName(), group); @@ -107,23 +105,23 @@ public class UserGroupResource { return Response.ok().build(); } - @PUT - @Path("user") - public Response addUserToGroup(@Auth UserInfo userInfo, - @Valid UpdateUserGroupDto updateUserGroupDto) { - log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(), - updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup()); - userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers()); - return Response.ok().build(); - } - - @DELETE - @Path("user") - public Response deleteUserFromGroup(@Auth UserInfo userInfo, - @QueryParam("user") @NotEmpty String user, - @QueryParam("group") @NotEmpty String group) { - log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group); - userGroupService.removeUserFromGroup(group, user); - return Response.ok().build(); - } +// @PUT +// @Path("user") +// public Response addUserToGroup(@Auth UserInfo userInfo, +// @Valid UpdateUserGroupDto updateUserGroupDto) { +// log.info("Admin {} is trying to add new users {} to group {}", userInfo.getName(), +// updateUserGroupDto.getUsers(), updateUserGroupDto.getGroup()); +// userGroupService.addUsersToGroup(updateUserGroupDto.getGroup(), updateUserGroupDto.getUsers()); +// return Response.ok().build(); +// } +// +// @DELETE +// @Path("user") +// public Response deleteUserFromGroup(@Auth UserInfo userInfo, +// @QueryParam("user") @NotEmpty String user, +// @QueryParam("group") @NotEmpty String group) { +// log.info("Admin {} is trying to delete user {} from group {}", userInfo.getName(), user, group); +// userGroupService.removeUserFromGroup(group, user); +// return Response.ok().build(); +// } } diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java index fe81f4e..9a1d36b 100644 --- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java +++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/UserGroupService.java @@ -27,7 +27,8 @@ import java.util.Set; public interface UserGroupService { void createGroup(String group, Set<String> roleIds, Set<String> users); - void updateGroup(String group, Set<String> roleIds, Set<String> users); + + void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users); void addUsersToGroup(String group, Set<String> users); diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java index 288b84e..8024dfd 100644 --- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java +++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java @@ -63,13 +63,21 @@ public class UserGroupServiceImpl implements UserGroupService { } @Override - public void updateGroup(String group, Set<String> roleIds, Set<String> users) { - log.debug("Updating users for group {}: {}", group, users); - userGroupDao.updateUsers(group, users); - log.debug("Removing group {} from existing roles", group); - userRoleDao.removeGroupWhenRoleNotIn(group, roleIds); - log.debug("Adding group {} to roles {}", group, roleIds); - userRoleDao.addGroupToRole(Collections.singleton(group), roleIds); + public void updateGroup(UserInfo user, String group, Set<String> roleIds, Set<String> users) { + if (UserRoles.isAdmin(user)) { + updateGroup(group, roleIds, users); + } else if (UserRoles.isProjectAdmin(user)) { + projectService.getProjects(user) + .stream() + .map(ProjectDTO::getGroups) + .flatMap(Collection::stream) + .filter(g -> g.equalsIgnoreCase(group)) + .findAny() + .orElseThrow(() -> new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()))); + updateGroup(group, roleIds, users); + } else { + throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName())); + } } @Override @@ -122,15 +130,22 @@ public class UserGroupServiceImpl implements UserGroupService { .filter(userGroup -> groups.contains(userGroup.getGroup())) .collect(Collectors.toList()); } else { - throw new DlabException(String.format("User %s doesn't have appropriate permission", user)); + throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName())); } } + private void updateGroup(String group, Set<String> roleIds, Set<String> users) { + log.debug("Updating users for group {}: {}", group, users); + userGroupDao.updateUsers(group, users); + log.debug("Removing group {} from existing roles", group); + userRoleDao.removeGroupWhenRoleNotIn(group, roleIds); + log.debug("Adding group {} to roles {}", group, roleIds); + userRoleDao.addGroupToRole(Collections.singleton(group), roleIds); + } + private void checkAnyRoleFound(Set<String> roleIds, boolean anyRoleFound) { if (!anyRoleFound) { throw new ResourceNotFoundException(String.format(ROLE_NOT_FOUND_MSG, roleIds)); } } - - } diff --git a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json index e7649e6..6a8fd29 100644 --- a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json @@ -349,6 +349,8 @@ "environment/*", "/api/infrastructure/backup", "/roleManagement", + "/roleManagement/create", + "/roleManagement/delete", "/api/settings", "/user/settings", "/api/project", diff --git a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json index bb0c7d1..86eadff 100644 --- a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json @@ -289,6 +289,8 @@ "environment/*", "/api/infrastructure/backup", "/roleManagement", + "/roleManagement/create", + "/roleManagement/delete", "/api/settings", "/user/settings", "/api/project", diff --git a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json index 3f7327e..d2ef6dd 100644 --- a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json @@ -325,6 +325,8 @@ "environment/*", "/api/infrastructure/backup", "/roleManagement", + "/roleManagement/create", + "/roleManagement/delete", "/api/settings", "/user/settings", "/api/project", diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java index 5325848..bdc4104 100644 --- a/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java +++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/resources/UserGroupResourceTest.java @@ -126,7 +126,7 @@ public class UserGroupResourceTest extends TestBase { assertEquals(HttpStatus.SC_OK, response.getStatus()); - verify(userGroupService).updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER)); + verify(userGroupService).updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER)); verifyNoMoreInteractions(userGroupService); } diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java index 4b775e1..de38a2b 100644 --- a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java +++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImplTest.java @@ -225,13 +225,13 @@ public class UserGroupServiceImplTest extends TestBase { @Test public void updateGroup() { - userGroupService.updateGroup(GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER)); + userGroupService.updateGroup(getUserInfo(), GROUP, Collections.singleton(ROLE_ID), Collections.singleton(USER)); - verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER)); - verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID)); - verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID)); - verifyNoMoreInteractions(userRoleDao, userGroupDao); - } + verify(userGroupDao).updateUsers(GROUP, Collections.singleton(USER)); + verify(userRoleDao).removeGroupWhenRoleNotIn(GROUP, Collections.singleton(ROLE_ID)); + verify(userRoleDao).addGroupToRole(Collections.singleton(GROUP), Collections.singleton(ROLE_ID)); + verifyNoMoreInteractions(userRoleDao, userGroupDao); + } private UserGroupDto getUserGroup() { return new UserGroupDto(GROUP, Collections.emptyList(), Collections.emptySet()); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org