/**
* Removes a role from the given user
*
* @param loggedInUser The current user
* @param login The login for the user you would like to remove the role from
* @param role The role you would like to remove from the user
* @return Returns 1 if successful (exception otherwise)
* @throws FaultException A FaultException is thrown if the user doesn't have access to lookup the
* user corresponding to login or if the user does not exist.
* @xmlrpc.doc Remove a role from a user.
* @xmlrpc.param #param("string", "sessionKey")
* @xmlrpc.param #param_desc("string", "login", "User login name to update.")
* @xmlrpc.param #param_desc("string", "role", "Role label to remove. Can be any of:
* satellite_admin, org_admin, channel_admin, config_admin, system_group_admin,
* activation_key_admin, or monitoring_admin.")
* @xmlrpc.returntype #return_int_success()
*/
public int removeRole(User loggedInUser, String login, String role) throws FaultException {
validateRoleInputs(role, loggedInUser);
if (RoleFactory.SAT_ADMIN.getLabel().equals(role)) {
return modifySatAdminRole(loggedInUser, login, false);
}
ensureOrgAdmin(loggedInUser);
User target = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);
/*
* Perform some error checking here... we need to make sure that this
* isn't the last org_admin in the org trying to remove org_admin
* status from himself.
*/
if (role.equals(RoleFactory.ORG_ADMIN.getLabel())
&& target.hasRole(RoleFactory.ORG_ADMIN)
&& target.getOrg().numActiveOrgAdmins() <= 1) {
throw new PermissionCheckFailureException();
}
// Retrieve the role object corresponding to the role label passed in and
// remove from user
Role r = RoleFactory.lookupByLabel(role);
target.removePermanentRole(r);
UserManager.storeUser(target);
return 1;
}
/**
* Handles the vagaries related to granting or revoking sat admin role
*
* @param loggedInUser the logged in user
* @param login the login of the user who needs to be granted/revoked sat admin role
* @param grant true if granting the role to the login, false for revoking...
* @return 1 if it success.. Ofcourse error on failure..
*/
private int modifySatAdminRole(User loggedInUser, String login, boolean grant) {
ensureUserRole(loggedInUser, RoleFactory.SAT_ADMIN);
SatManager manager = SatManager.getInstance();
User user = UserFactory.lookupByLogin(login);
if (grant) {
manager.grantSatAdminRoleTo(user, loggedInUser);
} else {
manager.revokeSatAdminRoleFrom(user, loggedInUser);
}
UserManager.storeUser(user);
return 1;
}
/**
* Adds a role to the given user
*
* @param loggedInUser The current user
* @param login The login for the user you would like to add the role to
* @param role The role you would like to give the user
* @return Returns 1 if successful (exception otherwise)
* @throws FaultException A FaultException is thrown if the user doesn't have access to lookup the
* user corresponding to login or if the user does not exist.
* @xmlrpc.doc Adds a role to a user.
* @xmlrpc.param #param("string", "sessionKey")
* @xmlrpc.param #param_desc("string", "login", "User login name to update.")
* @xmlrpc.param #param_desc("string", "role", "Role label to add. Can be any of: satellite_admin,
* org_admin, channel_admin, config_admin, system_group_admin, activation_key_admin, or
* monitoring_admin.")
* @xmlrpc.returntype #return_int_success()
*/
public int addRole(User loggedInUser, String login, String role) throws FaultException {
validateRoleInputs(role, loggedInUser);
if (RoleFactory.SAT_ADMIN.getLabel().equals(role)) {
return modifySatAdminRole(loggedInUser, login, true);
}
User target = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);
// Retrieve the role object corresponding to the role label passed in and
// add to user
Role r = RoleFactory.lookupByLabel(role);
target.addPermanentRole(r);
UserManager.storeUser(target);
return 1;
}
/**
* Toggles whether or not a user users pamAuthentication or the basic RHN db auth.
*
* @param loggedInUser The current user
* @param login The login for the user you would like to change
* @param val The value you would like to set this to (1 = true, 0 = false)
* @return Returns 1 if successful (exception otherwise)
* @throws FaultException A FaultException is thrown if the user doesn't have access to lookup the
* user corresponding to login or if the user does not exist.
* @xmlrpc.doc Toggles whether or not a user uses PAM authentication or basic RHN authentication.
* @xmlrpc.param #param("string", "sessionKey")
* @xmlrpc.param #param_desc("string", "login", "User's login name.")
* @xmlrpc.param #param("int", "pam_value") #options() #item("1 to enable PAM authentication")
* #item("0 to disable.") #options_end()
* @xmlrpc.returntype #return_int_success()
*/
public int usePamAuthentication(User loggedInUser, String login, Integer val)
throws FaultException {
// Only org admins can use this method.
ensureOrgAdmin(loggedInUser);
User target = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);
if (val.equals(new Integer(1))) {
target.setUsePamAuthentication(true);
} else {
target.setUsePamAuthentication(false);
}
UserManager.storeUser(target);
return 1;
}
/**
* Add ServerGroups to the list of Default System groups. The ServerGroups <strong>MUST</strong>
* exist otherwise a IllegalArgumentException is thrown.
*
* @param loggedInUser The current user in user.
* @param login The login for the user whose Default ServerGroup list will be affected.
* @param sgNames names of ServerGroups.
* @return Returns 1 if successful (exception otherwise)
* @xmlrpc.doc Add system groups to user's list of default system groups.
* @xmlrpc.param #param("string", "sessionKey")
* @xmlrpc.param #param_desc("string", "login", "User's login name.")
* @xmlrpc.param #array_single("string", "serverGroupName")
* @xmlrpc.returntype #return_int_success()
*/
public int addDefaultSystemGroups(User loggedInUser, String login, List sgNames) {
User target = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);
if (sgNames == null || sgNames.size() < 1) {
throw new IllegalArgumentException("no servergroup names supplied");
}
List groups = ServerGroupFactory.listManagedGroups(target.getOrg());
Map groupMap = new HashMap();
// sigh. After looking through all of the apache collections package
// I couldn't find anything that would create a map from a list using
// a property from the object in the list as the key. This is where
// python would be useful.
for (Iterator itr = groups.iterator(); itr.hasNext(); ) {
ServerGroup sg = (ServerGroup) itr.next();
groupMap.put(sg.getName(), sg);
}
// Doing full check of all supplied names, if one is bad
// throw an exception, prior to altering the DefaultSystemGroup Set.
for (Iterator itr = sgNames.iterator(); itr.hasNext(); ) {
String name = (String) itr.next();
ServerGroup sg = (ServerGroup) groupMap.get(name);
if (sg == null) {
throw new LookupServerGroupException(name);
}
}
// now for the real reason we're in this method.
Set defaults = target.getDefaultSystemGroupIds();
for (Iterator itr = sgNames.iterator(); itr.hasNext(); ) {
ServerGroup sg = (ServerGroup) groupMap.get(itr.next());
if (sg != null) {
// not a simple add to the groups. Needs to call
// UserManager as DataSource is being used.
defaults.add(sg.getId());
}
}
UserManager.setDefaultSystemGroupIds(target, defaults);
UserManager.storeUser(target);
return 1;
}
public void testSelectAll() throws Exception {
BaseSystemListAction action = createAction();
ActionHelper ah = new ActionHelper();
ah.setUpAction(action);
ah.setupProcessPagination();
User user = ah.getUser();
user.addPermanentRole(RoleFactory.ORG_ADMIN);
UserManager.storeUser(user);
ah.getRequest().setupAddParameter("items_on_page", (String[]) null);
ah.getRequest().setupAddParameter("items_selected", (String[]) null);
ah.executeAction("selectall");
// This test only ensures that 'Select All' doesn't blow up.
// To really test that something got selected, we would have to create an
// appropriate system for each of the subclasses. The fact that the set cleaner
// doesn't clean servers that should stay in the set is already tested by
// testAddOne()
}
public void testAddOne() throws Exception {
BaseSystemListAction action = createAction();
ActionHelper ah = new ActionHelper();
ah.setUpAction(action);
ah.setupProcessPagination();
User user = ah.getUser();
user.addPermanentRole(RoleFactory.ORG_ADMIN);
// Create a server that can be put in the set. Note that the
// server is not set up entirely right for subclasses, which would
// only display servers with certain attributes, e.g. a satellite.
// But this test is only concerned with keeping a server in the set
// w/o having it cleaned up by the set cleaner
Server server =
ServerFactoryTest.createTestServer(
user, true, ServerConstants.getServerGroupTypeEnterpriseEntitled());
UserManager.storeUser(user);
String sid = server.getId().toString();
ah.getRequest().setupAddParameter("items_on_page", (String[]) null);
ah.getRequest().setupAddParameter("items_selected", new String[] {sid});
ah.executeAction("updatelist");
RhnSetActionTest.verifyRhnSetData(ah.getUser(), RhnSetDecl.SYSTEMS, 1);
}
