public boolean showEntitlements() {
if (user.getAccountId() != null) {
return entitlementEngine.canGetOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/entitlements");
} else {
return entitlementEngine.canGet("users/" + user.getId() + "/entitlements");
}
}
public boolean showAccessTokens() {
if (user.getAccountId() != null) {
return entitlementEngine.canGetOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/access-tokens");
} else {
return entitlementEngine.canGet("users/" + user.getId() + "/access-tokens");
}
}
public boolean canRevokeToken(String accessTokenId) {
if (userIdentityContext.isGlobalUser()) {
return entitlementEngine.canDelete(
"/users/" + user.getId() + "/access-tokens/" + accessTokenId);
} else {
return entitlementEngine.canDeleteOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/access-tokens/" + accessTokenId);
}
}
/** {@inheritDoc} */
@Override
public User marshal(User v) throws Exception {
User user = new User();
if (v != null) {
user.setId(v.getId());
user.setHref(v.getHref());
v = user;
}
return v;
}
public boolean canEditAccessTokenEntitlements(String accessTokenId) {
if (userIdentityContext.isGlobalUser()) {
return entitlementEngine.canPut(
"/users/" + user.getId() + "/access-tokens/" + accessTokenId + "/entitlements");
} else {
return entitlementEngine.canPutOnAccount(
user.getAccountId(),
"/users/" + user.getId() + "/access-tokens/" + accessTokenId + "/entitlements");
}
}
private void loadUserAccessTokens() {
List<ScopeType> scopes = new ArrayList<ScopeType>();
scopes.add(ScopeType.TOKEN_SCOPED);
scopes.add(ScopeType.USER_SCOPED);
this.userAccessTokens = usersApi.getUserAccessTokens(user.getId(), scopes);
}
private void loadUserAccount() {
if (user.getAccountId() != null) {
this.userAccount = accountsApi.getAccount(user.getAccountId());
}
}
private void loadUserProjects() {
this.userProjects = usersApi.getUserProjects(user.getId());
}
private void loadUserGroups() {
this.userGroups = usersApi.getUserGroups(user.getId());
}
/**
* Returns streamed content with keystone credentials rc-file for given project and current user.
*
* @param project requested project
* @return streamed content with rc-file.
* @throws IOException if there was a failure on rc-file builder
*/
public StreamedContent getRcFileForProject(Project project) throws IOException {
return rcFileBuilder.buildRcFile(user.getId(), project.getId());
}
/**
* Indicates whether user is allowed to download rc-file
*
* @return {@code true} if user is allowed to get rc-files, {@code false} otherwise
*/
public boolean showRcFileDownloader() {
return entitlementEngine.canGetOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/os-credentials");
}
public boolean showProjects() {
return entitlementEngine.canGetOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/projects");
}
public boolean showGroups() {
return entitlementEngine.canGetOnAccount(
user.getAccountId(), "/users/" + user.getId() + "/groups");
}
/**
* Indicates whether user us able to generate access token.
*
* @return {@code true} - if requested user is equal to currently logged in user, {@code false} -
* otherwise
*/
public Boolean canGenerateAccessToken() {
return identityContext.getUserId().equals(user.getId());
}
