org.trustedanalytics.usermanagement.users.service.UaaUsersService Maven / Gradle / Ivy
The newest version!
/**
* Copyright (c) 2015 Intel Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.trustedanalytics.usermanagement.users.service;
import org.cloudfoundry.identity.uaa.scim.ScimGroup;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.trustedanalytics.uaa.UaaOperations;
import org.trustedanalytics.uaa.UserIdNamePair;
import org.trustedanalytics.usermanagement.common.EntityNotFoundException;
import org.trustedanalytics.usermanagement.invitations.UserExistsException;
import org.trustedanalytics.usermanagement.invitations.service.AccessInvitations;
import org.trustedanalytics.usermanagement.invitations.service.AccessInvitationsService;
import org.trustedanalytics.usermanagement.invitations.service.InvitationsService;
import org.trustedanalytics.usermanagement.security.service.UserDetailsFinderImpl;
import org.trustedanalytics.usermanagement.users.model.User;
import org.trustedanalytics.usermanagement.users.model.UserRequest;
import org.trustedanalytics.usermanagement.users.model.UserRole;
import org.trustedanalytics.usermanagement.users.rest.AuthGatewayOperations;
import java.util.Collection;
import java.util.Collections;
import java.util.Optional;
import java.util.stream.Collectors;
// TODO: missing multi-organization feature.
// Currently Org ID is verified on REST controller level. Users are not bound to any organization, thus the org ID
// is ignored on the service level.
public class UaaUsersService implements UsersService {
private final UaaOperations uaaClient;
private final InvitationsService invitationsService;
private final AccessInvitationsService accessInvitationsService;
private final AuthGatewayOperations authGatewayOperations;
public UaaUsersService(UaaOperations uaaClient,
InvitationsService invitationsService,
AccessInvitationsService accessInvitationsService,
AuthGatewayOperations authGatewayOperations) {
super();
this.uaaClient = uaaClient;
this.invitationsService = invitationsService;
this.accessInvitationsService = accessInvitationsService;
this.authGatewayOperations = authGatewayOperations;
}
@Override
public Collection getOrgUsers(String orgGuid) {
Collection scimUsers = uaaClient.getUsers().getResources();
return scimUsers.stream()
.map(scimUser -> new User(scimUser.getId(), scimUser.getUserName(),
extractOrgRole(scimUser)))
.collect(Collectors.toList());
}
private UserRole extractOrgRole(ScimUser user) {
if (user.getGroups().stream().anyMatch(g -> g.getDisplay().equals(UserDetailsFinderImpl.ADMIN_GROUP))) {
return UserRole.ADMIN;
}
return UserRole.USER;
}
@Override
public void addOrgUser(UserRequest userRequest, String orgGuid, String currentUser) {
String userToAddUsername = userRequest.getUsername();
Optional idNamePair = uaaClient.findUserIdByName(userToAddUsername);
if(idNamePair.isPresent()) {
throw new UserExistsException(String.format("User %s already exists", userToAddUsername));
}
UserRole role = Optional.ofNullable(userRequest.getRole()).orElse(UserRole.USER);
inviteUserToOrg(userToAddUsername, currentUser, orgGuid, role);
}
private void inviteUserToOrg(String username, String currentUser, String orgGuid, UserRole role) {
AccessInvitationsService.CreateOrUpdateState state =
accessInvitationsService.createOrUpdateInvitation(username, ui -> ui.addOrgAccessInvitation(orgGuid, role));
if (state == AccessInvitationsService.CreateOrUpdateState.CREATED) {
invitationsService.sendInviteEmail(username, currentUser);
}
}
@Override
public void deleteUserFromOrg(String userGuid, String orgGuid) {
verifyUserBelongsToOrganization(userGuid, orgGuid);
uaaClient.deleteUser(userGuid);
authGatewayOperations.deleteUser(orgGuid, userGuid);
}
@Override
public UserRole updateOrgUserRole(String userGuid, String orgGuid, UserRole role) {
verifyUserBelongsToOrganization(userGuid, orgGuid);
ScimGroup adminGroup = getAdminGroup();
if (isGroupMember(adminGroup, userGuid) && role.equals(UserRole.USER)) {
uaaClient.removeUserFromGroup(adminGroup, userGuid);
} else if (!isGroupMember(adminGroup, userGuid) && role.equals(UserRole.ADMIN)) {
uaaClient.addUserToGroup(adminGroup, userGuid);
}
return role;
}
@Override
public void updateUserRolesInOrgs(String username, String uuid){
accessInvitationsService
.getAccessInvitations(username)
.map(AccessInvitations::getOrgAccessInvitations)
.orElse(Collections.emptyMap())
.forEach((orgGuid, role) ->
updateOrgUserRole(uuid, orgGuid, role));
}
private ScimGroup getAdminGroup() {
return uaaClient
.getGroup(UserDetailsFinderImpl.ADMIN_GROUP)
.orElseThrow(() -> new EntityNotFoundException("Group " + UserDetailsFinderImpl.ADMIN_GROUP +
" not found in UAA database"));
}
private boolean isGroupMember(ScimGroup group, String userGuid) {
return group.getMembers().stream().anyMatch(m -> m.getMemberId().equals(userGuid));
}
private void verifyUserBelongsToOrganization(String userId, String orgId) {
if (getOrgUsers(orgId).stream().noneMatch(x -> userId.equals(x.getGuid()))) {
throw new EntityNotFoundException(String.format("The user with ID %s does not exist", userId));
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy