예제 #1
0
  /**
   * Removes a role from the given user
   *
   * @param loggedInUser The current user
   * @param login The login for the user you would like to remove the role from
   * @param role The role you would like to remove from the user
   * @return Returns 1 if successful (exception otherwise)
   * @throws FaultException A FaultException is thrown if the user doesn't have access to lookup the
   *     user corresponding to login or if the user does not exist.
   * @xmlrpc.doc Remove a role from a user.
   * @xmlrpc.param #param("string", "sessionKey")
   * @xmlrpc.param #param_desc("string", "login", "User login name to update.")
   * @xmlrpc.param #param_desc("string", "role", "Role label to remove. Can be any of:
   *     satellite_admin, org_admin, channel_admin, config_admin, system_group_admin,
   *     activation_key_admin, or monitoring_admin.")
   * @xmlrpc.returntype #return_int_success()
   */
  public int removeRole(User loggedInUser, String login, String role) throws FaultException {
    validateRoleInputs(role, loggedInUser);

    if (RoleFactory.SAT_ADMIN.getLabel().equals(role)) {
      return modifySatAdminRole(loggedInUser, login, false);
    }

    ensureOrgAdmin(loggedInUser);
    User target = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);

    /*
     * Perform some error checking here... we need to make sure that this
     * isn't the last org_admin in the org trying to remove org_admin
     * status from himself.
     */
    if (role.equals(RoleFactory.ORG_ADMIN.getLabel())
        && target.hasRole(RoleFactory.ORG_ADMIN)
        && target.getOrg().numActiveOrgAdmins() <= 1) {
      throw new PermissionCheckFailureException();
    }

    // Retrieve the role object corresponding to the role label passed in and
    // remove from user
    Role r = RoleFactory.lookupByLabel(role);
    target.removePermanentRole(r);

    UserManager.storeUser(target);
    return 1;
  }
예제 #2
0
  /**
   * @param loggedInUser The current user
   * @param login User to modify.
   * @param readOnly readOnly flag to set
   * @return 1 (should always succeed)
   * @xmlrpc.doc Sets whether the target user should have only read-only API access or standard full
   *     scale access.
   * @xmlrpc.param #param("string", "sessionKey")
   * @xmlrpc.param #param_desc("string", "login", "User's login name.")
   * @xmlrpc.param #param_desc("boolean", "readOnly", "Sets whether the target user should have only
   *     read-only API access or standard full scale access.")
   * @xmlrpc.returntype #return_int_success()
   */
  public int setReadOnly(User loggedInUser, String login, Boolean readOnly) {
    // Logged in user must be an org admin.
    ensureOrgAdmin(loggedInUser);

    User targetUser = XmlRpcUserHelper.getInstance().lookupTargetUser(loggedInUser, login);

    if (readOnly
        && targetUser.hasRole(RoleFactory.ORG_ADMIN)
        && targetUser.getOrg().numActiveOrgAdmins() < 2) {
      throw new InvalidOperationException(
          "error.readonly_org_admin", targetUser.getOrg().getName());
    }
    if (readOnly
        && targetUser.hasRole(RoleFactory.SAT_ADMIN)
        && SatManager.getActiveSatAdmins().size() < 2) {
      throw new InvalidOperationException("error.readonly_sat_admin");
    }
    targetUser.setReadOnly(readOnly);
    return 1;
  }
예제 #3
0
  /**
   * Migrate systems from one organization to another. If executed by a Satellite administrator, the
   * systems will be migrated from their current organization to the organization specified by the
   * toOrgId. If executed by an organization administrator, the systems must exist in the same
   * organization as that administrator and the systems will be migrated to the organization
   * specified by the toOrgId. In any scenario, the origination and destination organizations must
   * be defined in a trust.
   *
   * @param sessionKey User's session key.
   * @param toOrgId destination organization ID.
   * @param sids System IDs.
   * @return list of systems migrated.
   * @throws FaultException A FaultException is thrown if: - The user performing the request is not
   *     an organization administrator - The user performing the request is not a satellite
   *     administrator, but the from org id is different than the user's org id. - The from and to
   *     org id provided are the same. - One or more of the servers provides do not exist - The
   *     origination or destination organization does not exist - The user is not defined in the
   *     destination organization's trust
   * @xmlrpc.doc Migrate systems from one organization to another. If executed by a Satellite
   *     administrator, the systems will be migrated from their current organization to the
   *     organization specified by the toOrgId. If executed by an organization administrator, the
   *     systems must exist in the same organization as that administrator and the systems will be
   *     migrated to the organization specified by the toOrgId. In any scenario, the origination and
   *     destination organizations must be defined in a trust.
   * @xmlrpc.param #param("string", "sessionKey")
   * @xmlrpc.param #param_desc("int", "toOrgId", "ID of the organization where the system(s) will be
   *     migrated to.")
   * @xmlrpc.param #array_single("int", "systemId")
   * @xmlrpc.returntype #array_single("int", "serverIdMigrated")
   */
  public Object[] migrateSystems(String sessionKey, Integer toOrgId, List<Integer> sids)
      throws FaultException {

    // the user executing the request must at least be an org admin to perform
    // a system migration
    User admin = getOrgAdmin(sessionKey);

    Org toOrg = verifyOrgExists(toOrgId);

    List<Server> servers = new LinkedList<Server>();

    for (Integer sid : sids) {
      Long serverId = new Long(sid.longValue());
      Server server = null;
      try {
        server = ServerFactory.lookupById(serverId);

        // throw a no_such_system exception if the server was not found.
        if (server == null) {
          throw new NoSuchSystemException("No such system - sid[" + sid + "]");
        }
      } catch (LookupException e) {
        throw new NoSuchSystemException("No such system - sid[" + sid + "]");
      }
      servers.add(server);

      // As a pre-requisite to performing the actual migration, verify that each
      // server that is planned for migration passes the criteria that follows.
      // If any of the servers fails that criteria, none will be migrated.

      // unless the user is a satellite admin, they are not permitted to migrate
      // systems from an org that they do not belong to
      if ((!admin.hasRole(RoleFactory.SAT_ADMIN)) && (!admin.getOrg().equals(server.getOrg()))) {
        throw new PermissionCheckFailureException(server);
      }

      // do not allow the user to migrate systems to/from the same org.  doing so
      // would essentially remove entitlements, channels...etc from the systems
      // being migrated.
      if (toOrg.equals(server.getOrg())) {
        throw new MigrationToSameOrgException(server);
      }

      // if the originating org is not defined within the destination org's trust
      // the migration should not be permitted.
      if (!toOrg.getTrustedOrgs().contains(server.getOrg())) {
        throw new OrgNotInTrustException(server);
      }
    }

    List<Long> serversMigrated = MigrationManager.migrateServers(admin, toOrg, servers);
    return serversMigrated.toArray();
  }
예제 #4
0
 private void verifyKSAdmin(User user) {
   if (!user.hasRole(RoleFactory.CONFIG_ADMIN)) {
     throw new PermissionCheckFailureException(RoleFactory.CONFIG_ADMIN);
   }
 }
예제 #5
0
 /**
  * Simple test illustrating how roles work. Note that the channel_admin role is implied for an org
  * admin iff the org has the channel_admin role.
  */
 public void testAddRole() {
   User user = UserTestUtils.findNewUser("testuser", "testorg");
   user.addPermanentRole(RoleFactory.ORG_ADMIN);
   assertTrue(user.hasRole(RoleFactory.CHANNEL_ADMIN));
 }