예제 #1
0
  /**
   * Saves a user.
   *
   * @param user the user to save
   * @param currentUser the user performing the save operation
   */
  public void saveUser(User user, User currentUser) throws IOException {
    Assert.notNull(user);
    Assert.notNull(currentUser);

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
      Map<String, Object> userMap = new HashMap<String, Object>();
      userMap.put("loginName", user.getLoginName()); // $NON-NLS-1$
      userMap.put("password", user.getPassword()); // $NON-NLS-1$
      userMap.put("email", user.getEmail()); // $NON-NLS-1$
      userMap.put("disabled", Boolean.valueOf(user.isDisabled())); // $NON-NLS-1$
      if (!user.getOpenIds().isEmpty()) {
        userMap.put("openIds", user.getOpenIds()); // $NON-NLS-1$
      }

      Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
      String json = gson.toJson(userMap);
      File workingDir = RepositoryUtil.getWorkingDir(repo.r());
      File workingFile = new File(workingDir, user.getLoginName() + USER_SUFFIX);
      FileUtils.write(workingFile, json, Charsets.UTF_8);

      Git git = Git.wrap(repo.r());
      git.add().addFilepattern(user.getLoginName() + USER_SUFFIX).call();
      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit().setAuthor(ident).setCommitter(ident).setMessage(user.getLoginName()).call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }
 /* (non-Javadoc)
  * @see gov.nih.nci.security.dao.SearchCriteria#getFieldAndValues()
  */
 public Hashtable getFieldAndValues() {
   // TODO Auto-generated method stub
   Hashtable ht = new Hashtable();
   if (user.getLoginName() != null) {
     ht.put("loginName", user.getLoginName());
   }
   if (user.getPreMigrationLoginName() != null) {
     ht.put("preMigrationLoginName", user.getPreMigrationLoginName());
   }
   if (user.getLastName() != null) {
     ht.put("lastName", getEncryptedString(user.getLastName()));
   }
   if (user.getFirstName() != null) {
     ht.put("firstName", getEncryptedString(user.getFirstName()));
   }
   if (user.getOrganization() != null) {
     ht.put("organization", getEncryptedString(user.getOrganization()));
   }
   if (user.getDepartment() != null) {
     ht.put("department", getEncryptedString(user.getDepartment()));
   }
   if (user.getEmailId() != null) {
     ht.put("emailId", getEncryptedString(user.getEmailId()));
   }
   if (ht.size() == 0) {
     ht.put("loginName", "%");
   }
   return ht;
 }
예제 #3
0
  private void deleteFromAllAuthorities(
      Predicate<RoleGrantedAuthority> predicate, String commitMessage, User currentUser)
      throws IOException, GitAPIException {

    ILockedRepository repo = null;
    try {
      List<String> users = listUsers();
      users.add(ANONYMOUS_USER_LOGIN_NAME);
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
      boolean anyChanged = false;
      for (String loginName : users) {
        Set<RoleGrantedAuthority> authorities =
            Sets.newHashSet(getUserAuthorities(loginName, repo));
        Set<RoleGrantedAuthority> newAuthorities =
            Sets.newHashSet(Sets.filter(authorities, predicate));
        if (!newAuthorities.equals(authorities)) {
          saveUserAuthorities(loginName, newAuthorities, repo, currentUser, false);
          anyChanged = true;
        }
      }

      if (anyChanged) {
        PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
        Git.wrap(repo.r())
            .commit()
            .setAuthor(ident)
            .setCommitter(ident)
            .setMessage(commitMessage)
            .call();
      }
    } finally {
      Util.closeQuietly(repo);
    }
  }
예제 #4
0
  public void renameRole(String roleName, String newRoleName, User currentUser) throws IOException {
    Assert.hasLength(roleName);
    Assert.hasLength(newRoleName);
    Assert.notNull(currentUser);
    // check that role exists by trying to load it
    getRole(roleName);
    // check that new role does not exist by trying to load it
    try {
      getRole(newRoleName);
      throw new IllegalArgumentException("role already exists: " + newRoleName); // $NON-NLS-1$
    } catch (RoleNotFoundException e) {
      // okay
    }

    log.info("renaming role: {} -> {}", roleName, newRoleName); // $NON-NLS-1$

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);

      File workingDir = RepositoryUtil.getWorkingDir(repo.r());

      File file = new File(workingDir, roleName + ROLE_SUFFIX);
      File newFile = new File(workingDir, newRoleName + ROLE_SUFFIX);
      FileUtils.copyFile(file, newFile);
      Git git = Git.wrap(repo.r());
      git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();
      git.add().addFilepattern(newRoleName + ROLE_SUFFIX).call();

      List<String> users = listUsers(repo);
      users.add(ANONYMOUS_USER_LOGIN_NAME);
      for (String user : users) {
        List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
        Set<RoleGrantedAuthority> newAuthorities = Sets.newHashSet();
        for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
          RoleGrantedAuthority rga = iter.next();
          if (rga.getRoleName().equals(roleName)) {
            RoleGrantedAuthority newRga = new RoleGrantedAuthority(rga.getTarget(), newRoleName);
            newAuthorities.add(newRga);
            iter.remove();
          }
        }
        if (!newAuthorities.isEmpty()) {
          authorities.addAll(newAuthorities);
          saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
        }
      }

      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit()
          .setAuthor(ident)
          .setCommitter(ident)
          .setMessage("rename role " + roleName + " to " + newRoleName) // $NON-NLS-1$ //$NON-NLS-2$
          .call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }
예제 #5
0
  private void saveUserAuthorities(
      String loginName,
      Set<RoleGrantedAuthority> authorities,
      ILockedRepository repo,
      User currentUser,
      boolean commit)
      throws IOException, GitAPIException {

    Map<String, Set<String>> authoritiesMap = new HashMap<String, Set<String>>();
    for (RoleGrantedAuthority rga : authorities) {
      GrantedAuthorityTarget target = rga.getTarget();
      String targetStr = target.getType().name() + ":" + target.getTargetId(); // $NON-NLS-1$
      Set<String> roleNames = authoritiesMap.get(targetStr);
      if (roleNames == null) {
        roleNames = Sets.newHashSet();
        authoritiesMap.put(targetStr, roleNames);
      }
      roleNames.add(rga.getRoleName());
    }

    Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
    String json = gson.toJson(authoritiesMap);
    File workingDir = RepositoryUtil.getWorkingDir(repo.r());
    File workingFile = new File(workingDir, loginName + AUTHORITIES_SUFFIX);
    FileUtils.write(workingFile, json, Charsets.UTF_8);

    Git git = Git.wrap(repo.r());
    git.add().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
    if (commit) {
      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit().setAuthor(ident).setCommitter(ident).setMessage(loginName).call();
    }
  }
예제 #6
0
  /**
   * Saves a role.
   *
   * @param role the role to save
   * @param currentUser the user performing the save operation
   */
  public void saveRole(Role role, User currentUser) throws IOException {
    Assert.notNull(role);
    Assert.notNull(currentUser);

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);

      Map<String, Object> roleMap = new HashMap<String, Object>();
      roleMap.put("name", role.getName()); // $NON-NLS-1$
      Set<String> permissions = Sets.newHashSet();
      for (Permission permission : role.getPermissions()) {
        permissions.add(permission.name());
      }
      roleMap.put("permissions", permissions); // $NON-NLS-1$

      Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
      String json = gson.toJson(roleMap);
      File workingDir = RepositoryUtil.getWorkingDir(repo.r());
      File workingFile = new File(workingDir, role.getName() + ROLE_SUFFIX);
      FileUtils.write(workingFile, json, Charsets.UTF_8);

      Git git = Git.wrap(repo.r());
      git.add().addFilepattern(role.getName() + ROLE_SUFFIX).call();
      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit().setAuthor(ident).setCommitter(ident).setMessage(role.getName()).call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }
예제 #7
0
  private void createInitialRoles(User adminUser) throws IOException {
    saveRole(new Role("Administrator", EnumSet.of(Permission.ADMIN)), adminUser); // $NON-NLS-1$
    saveRole(
        new Role("Editor", EnumSet.of(Permission.EDIT_BRANCH, Permission.EDIT_PAGE)),
        adminUser); //$NON-NLS-1$
    saveRole(new Role("Reader", EnumSet.of(Permission.VIEW)), adminUser); // $NON-NLS-1$

    Set<RoleGrantedAuthority> authorities =
        Collections.singleton(
            new RoleGrantedAuthority(
                GrantedAuthorityTarget.APPLICATION, "Administrator")); // $NON-NLS-1$
    saveUserAuthorities(adminUser.getLoginName(), authorities, adminUser);

    authorities =
        Collections.singleton(
            new RoleGrantedAuthority(GrantedAuthorityTarget.APPLICATION, "Reader")); // $NON-NLS-1$
    saveUserAuthorities(ANONYMOUS_USER_LOGIN_NAME, authorities, adminUser);
  }
예제 #8
0
  public void renameUser(String loginName, String newLoginName, User currentUser)
      throws IOException {
    Assert.hasLength(loginName);
    Assert.hasLength(newLoginName);
    Assert.notNull(currentUser);
    // check that user exists by trying to load it
    getUser(loginName);
    // check that new user does not exist by trying to load it
    try {
      getUser(newLoginName);
      throw new IllegalArgumentException("user already exists: " + newLoginName); // $NON-NLS-1$
    } catch (UserNotFoundException e) {
      // okay
    }

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);

      File workingDir = RepositoryUtil.getWorkingDir(repo.r());
      File file = new File(workingDir, loginName + USER_SUFFIX);
      File newFile = new File(workingDir, newLoginName + USER_SUFFIX);
      FileUtils.copyFile(file, newFile);
      file = new File(workingDir, loginName + AUTHORITIES_SUFFIX);
      newFile = new File(workingDir, newLoginName + AUTHORITIES_SUFFIX);
      FileUtils.copyFile(file, newFile);
      Git git = Git.wrap(repo.r());
      git.rm().addFilepattern(loginName + USER_SUFFIX).call();
      git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
      git.add().addFilepattern(newLoginName + USER_SUFFIX).call();
      git.add().addFilepattern(newLoginName + AUTHORITIES_SUFFIX).call();
      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit()
          .setAuthor(ident)
          .setCommitter(ident)
          .setMessage(
              "rename user " + loginName + " to " + newLoginName) // $NON-NLS-1$ //$NON-NLS-2$
          .call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }
예제 #9
0
  public void deleteRole(String roleName, User currentUser) throws IOException {
    Assert.hasLength(roleName);
    Assert.notNull(currentUser);
    // check that role exists by trying to load it
    getRole(roleName);

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
      Git git = Git.wrap(repo.r());

      git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();

      // remove role from all users
      List<String> users = listUsers(repo);
      users.add(ANONYMOUS_USER_LOGIN_NAME);
      for (String user : users) {
        List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
        boolean changed = false;
        for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
          RoleGrantedAuthority rga = iter.next();
          if (rga.getRoleName().equals(roleName)) {
            iter.remove();
            changed = true;
          }
        }
        if (changed) {
          saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
        }
      }

      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit()
          .setAuthor(ident)
          .setCommitter(ident)
          .setMessage("delete role " + roleName) // $NON-NLS-1$
          .call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }
예제 #10
0
  public void deleteUser(String loginName, User currentUser) throws IOException {
    Assert.hasLength(loginName);
    Assert.notNull(currentUser);

    ILockedRepository repo = null;
    try {
      repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
      Git git = Git.wrap(repo.r());
      git.rm().addFilepattern(loginName + USER_SUFFIX).call();
      git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
      PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
      git.commit()
          .setAuthor(ident)
          .setCommitter(ident)
          .setMessage("delete user " + loginName) // $NON-NLS-1$
          .call();
    } catch (GitAPIException e) {
      throw new IOException(e);
    } finally {
      Util.closeQuietly(repo);
    }
  }