diff --git a/graylog2-server/src/main/java/org/graylog2/users/RoleService.java b/graylog2-server/src/main/java/org/graylog2/users/RoleService.java index 9e8fc58b0f7e..b7154f5ff2f5 100644 --- a/graylog2-server/src/main/java/org/graylog2/users/RoleService.java +++ b/graylog2-server/src/main/java/org/graylog2/users/RoleService.java @@ -47,4 +47,6 @@ public interface RoleService { * @return the number of deleted roles */ int delete(String roleName); + + String getAdminRoleObjectId(); } diff --git a/graylog2-server/src/main/java/org/graylog2/users/RoleServiceImpl.java b/graylog2-server/src/main/java/org/graylog2/users/RoleServiceImpl.java index e355ff003221..707d04e535d2 100644 --- a/graylog2-server/src/main/java/org/graylog2/users/RoleServiceImpl.java +++ b/graylog2-server/src/main/java/org/graylog2/users/RoleServiceImpl.java @@ -59,6 +59,7 @@ public class RoleServiceImpl implements RoleService { private final JacksonDBCollection dbCollection; private final Validator validator; + private final String adminRoleObjectId; @Inject protected RoleServiceImpl(MongoConnection mongoConnection, @@ -75,16 +76,16 @@ protected RoleServiceImpl(MongoConnection mongoConnection, dbCollection.createIndex(new BasicDBObject(NAME_LOWER, 1), new BasicDBObject("unique", true)); // make sure the two built-in roles actually exist - ensureBuiltinRole(ADMIN_ROLENAME, Sets.newHashSet("*"), "Admin", - "Grants all permissions for Graylog administrators (built-in)"); + adminRoleObjectId = ensureBuiltinRole(ADMIN_ROLENAME, Sets.newHashSet("*"), "Admin", + "Grants all permissions for Graylog administrators (built-in)"); ensureBuiltinRole(READER_ROLENAME, RestPermissions.READER_BASE_PERMISSIONS, "Reader", "Grants basic permissions for every Graylog user (built-in)"); } - private void ensureBuiltinRole(String roleName, - Set expectedPermissions, - String name, String description) { + private String ensureBuiltinRole(String roleName, + Set expectedPermissions, + String name, String description) { RoleImpl previousRole = null; try { previousRole = load(roleName); @@ -104,11 +105,17 @@ private void ensureBuiltinRole(String roleName, fixedAdmin.setDescription(description); fixedAdmin.setPermissions(expectedPermissions); try { - save(fixedAdmin); + final RoleImpl savedRole = save(fixedAdmin); + return savedRole.getId(); } catch (DuplicateKeyException | ValidationException e) { log.error("Unable to save fixed " + roleName + " role, please restart Graylog to fix this.", e); } } + if (previousRole == null) { + log.error("Unable to access fixed " + roleName + " role, please restart Graylog to fix this."); + return null; + } + return previousRole.getId(); } @Override @@ -185,5 +192,8 @@ public int delete(String roleName) { return dbCollection.remove(nameMatchesAndNotReadonly).getN(); } - + @Override + public String getAdminRoleObjectId() { + return adminRoleObjectId; + } } diff --git a/graylog2-server/src/main/java/org/graylog2/users/UserImpl.java b/graylog2-server/src/main/java/org/graylog2/users/UserImpl.java index e73b47362516..5cd126313cfe 100644 --- a/graylog2-server/src/main/java/org/graylog2/users/UserImpl.java +++ b/graylog2-server/src/main/java/org/graylog2/users/UserImpl.java @@ -18,6 +18,7 @@ import com.google.common.collect.Collections2; import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; @@ -286,10 +287,12 @@ public void setStartpage(final String type, final String id) { public static class LocalAdminUser extends UserImpl { private final Configuration configuration; + private final Set roles; - public LocalAdminUser(Configuration configuration) { + public LocalAdminUser(Configuration configuration, String adminRoleObjectId) { super(null, Collections.emptyMap()); this.configuration = configuration; + this.roles = ImmutableSet.of(adminRoleObjectId); } @Override @@ -349,7 +352,7 @@ public boolean isLocalAdmin() { @Nonnull @Override public Set getRoleIds() { - return Collections.emptySet(); + return roles; } @Override diff --git a/graylog2-server/src/main/java/org/graylog2/users/UserServiceImpl.java b/graylog2-server/src/main/java/org/graylog2/users/UserServiceImpl.java index d01179c1de26..4aeea94af7c2 100644 --- a/graylog2-server/src/main/java/org/graylog2/users/UserServiceImpl.java +++ b/graylog2-server/src/main/java/org/graylog2/users/UserServiceImpl.java @@ -72,7 +72,7 @@ public User load(final String username) { // special case for the locally defined user, we don't store that in MongoDB. if (configuration.getRootUsername().equals(username)) { LOG.debug("User {} is the built-in admin user", username); - return new UserImpl.LocalAdminUser(configuration); + return new UserImpl.LocalAdminUser(configuration, roleService.getAdminRoleObjectId()); } final DBObject query = new BasicDBObject(); @@ -219,7 +219,7 @@ public String save(T model) throws ValidationException { @Override public User getAdminUser() { - return new UserImpl.LocalAdminUser(configuration); + return new UserImpl.LocalAdminUser(configuration, roleService.getAdminRoleObjectId()); } @Override