All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.trustedanalytics.usermanagement.users.rest.UsersController Maven / Gradle / Ivy

The newest version!
/**
 *  Copyright (c) 2015 Intel Corporation 
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.trustedanalytics.usermanagement.users.rest;

import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.trustedanalytics.usermanagement.common.EntityNotFoundException;
import org.trustedanalytics.usermanagement.orgs.service.OrganizationsStorage;
import org.trustedanalytics.usermanagement.security.service.UserDetailsFinder;
import org.trustedanalytics.usermanagement.users.BlacklistEmailValidator;
import org.trustedanalytics.usermanagement.users.UserRoleRequestValidator;
import org.trustedanalytics.usermanagement.users.model.User;
import org.trustedanalytics.usermanagement.users.model.UserRequest;
import org.trustedanalytics.usermanagement.users.model.UserRole;
import org.trustedanalytics.usermanagement.users.model.UserRolesRequest;
import org.trustedanalytics.usermanagement.users.service.UsersService;

import java.util.Collection;

import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
import static org.springframework.web.bind.annotation.RequestMethod.*;

@RestController
public class UsersController {

    public static final String ORG_USERS_URL = "/rest/orgs/{org}/users";

    private final UsersService usersService;
    private final UsersService privilegedUsersService;
    private final OrganizationsStorage organizationsStorage;
    private final UserDetailsFinder detailsFinder;
    private final BlacklistEmailValidator emailValidator;

    @Autowired
    public UsersController(UsersService usersService, UsersService privilegedUsersService,
                           OrganizationsStorage organizationsStorage, UserDetailsFinder detailsFinder,
                           BlacklistEmailValidator emailValidator) {
        this.usersService = usersService;
        this.privilegedUsersService = privilegedUsersService;
        this.organizationsStorage = organizationsStorage;
        this.detailsFinder = detailsFinder;
        this.emailValidator = emailValidator;
    }

    private UsersService determinePriviledgeLevel(Authentication auth) {
        if (detailsFinder.findUserRole(auth).equals(UserRole.ADMIN)) {
            return privilegedUsersService;
        }
        return usersService;
    }

    @ApiOperation(
            value = "Returns list of users which has at least one role in the organization. NOTE: The CF role " +
                    "'Users' is not included ",
            notes = "Privilege level: Consumer of this endpoint must be a member of specified organization based on " +
                    "valid access token")
    @ApiResponses(value = {
        @ApiResponse(code = 200, message = "OK", response = User.class, responseContainer = "List"),
        @ApiResponse(code = 400, message = "Request was malformed. eg. organization with ID 'org' doesn't exist"),
        @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")
    })
    @RequestMapping(value = ORG_USERS_URL, method = GET, produces = APPLICATION_JSON_VALUE)
    public Collection getOrgUsers(@PathVariable String org, @ApiParam(hidden = true) Authentication auth) {
        verifyOrganizationExists(org);
        return determinePriviledgeLevel(auth).getOrgUsers(org);
    }

    @ApiOperation(
            value = "Sends invitations message for new users or returns user for existing one in organization.",
            notes = "Privilege level: Consumer of this endpoint must be a member of specified organization " +
                    "with OrgManager role, based on valid access token"
    )
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "OK", response = User.class),
            @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"),
            @ApiResponse(code = 409, message = "Email is not valid or it belongs to forbidden domains."),
            @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")
    })
    @RequestMapping(value = ORG_USERS_URL, method = POST,
            produces = APPLICATION_JSON_VALUE, consumes = APPLICATION_JSON_VALUE)
    public void createOrgUser(@RequestBody UserRequest userRequest, @PathVariable String org,
                              @ApiParam(hidden = true) Authentication auth) {
        emailValidator.validate(userRequest.getUsername());
        verifyOrganizationExists(org);
        String userPerformingRequestGuid = detailsFinder.findUserName(auth);
        determinePriviledgeLevel(auth).addOrgUser(userRequest, org, userPerformingRequestGuid);
    }

    @ApiOperation(
            value = "Updates user roles in organization",
            notes = "Privilege level: Consumer of this endpoint must be a member of specified organization " +
                    "with OrgManager role, based on valid access token")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "OK", response = UserRole.class, responseContainer = "List"),
            @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"),
            @ApiResponse(code = 404, message = "User not found in organization."),
            @ApiResponse(code = 409, message = "Roles should be specified."),
            @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")
    })
    @RequestMapping(value = ORG_USERS_URL+"/{user}", method = POST,
            produces = APPLICATION_JSON_VALUE, consumes = APPLICATION_JSON_VALUE)
    public UserRole updateOrgUserRole(@RequestBody UserRolesRequest userRolesRequest, @PathVariable String org,
                                         @PathVariable String user, @ApiParam(hidden = true) Authentication auth) {
        UserRoleRequestValidator.validate(userRolesRequest);
        String userPerformingRequestGuid = detailsFinder.findUserId(auth);
        verifyOrganizationExists(org);
        denyOperationsOnYourself(userPerformingRequestGuid, user);
        return determinePriviledgeLevel(auth)
                .updateOrgUserRole(user, org, userRolesRequest.getRole());
    }

    @ApiOperation(
            value = "Deletes user from organization.",
            notes = "Privilege level: Consumer of this endpoint must be a member of specified organization " +
                    "with OrgManager role, based on valid access token")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "OK"),
            @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"),
            @ApiResponse(code = 404, message = "User 'user' not found in organization."),
            @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")
    })
    @RequestMapping(value = ORG_USERS_URL+"/{user}", method = DELETE)
    public void deleteUserFromOrg(@PathVariable String org, @PathVariable String user,
                                  @ApiParam(hidden = true) Authentication auth) {
        String userPerformingRequestGuid = detailsFinder.findUserId(auth);
        verifyOrganizationExists(org);
        denyOperationsOnYourself(userPerformingRequestGuid, user);
        determinePriviledgeLevel(auth).deleteUserFromOrg(user, org);
    }

    private void denyOperationsOnYourself(String operationPerformer, String userEntity){
        if(operationPerformer.equals(userEntity)){
            throw new AccessDeniedException("You cannot perform request on yourself.");
        }
    }

  private void verifyOrganizationExists(String orgId) {
    organizationsStorage.getOrganization(orgId)
        .orElseThrow(() -> new EntityNotFoundException
                (String.format("Organization with ID %s does not exist", orgId)));
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy