From 4b2bea76e5f25d66722a2cf8f50a705ab6cf1eff Mon Sep 17 00:00:00 2001 From: Arnab Dutta Date: Thu, 6 Jan 2022 22:40:07 +0530 Subject: [PATCH] feat: add POST /rolePermissionsMapping for adding new rolePermissionsMapping entry #144 --- .../rest/user/UserManagementResource.java | 19 +++++ .../service/user/UserManagementService.java | 79 +++++++++++++------ .../plugin/adminui/utils/ErrorResponse.java | 1 + 3 files changed, 74 insertions(+), 25 deletions(-) diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java index ae4e3337d8c..3464dcf5c9f 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java @@ -207,6 +207,25 @@ public Response getAdminUIRolePermissionsMapping() { } } + @POST + @Path(ROLE_PERMISSIONS_MAPPING) + @Produces(MediaType.APPLICATION_JSON) + @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE) + public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) { + try { + log.info("Adding role-permissions to Admin-UI."); + List roleScopeMapping = userManagementService.addPermissionsToRole(rolePermissionMappingArg); + log.info("Added role-permissions to Admin-UI.."); + return Response.ok(roleScopeMapping).build(); + } catch (ApplicationException e) { + log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e); + return Response.status(e.getErrorCode()).entity(e.getMessage()).build(); + } catch (Exception e) { + log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e); + return Response.serverError().entity(e.getMessage()).build(); + } + } + @PUT @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java index 4b955b10c76..3e773ed0db2 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java @@ -8,6 +8,7 @@ import io.jans.ca.plugin.adminui.model.exception.ApplicationException; import io.jans.ca.plugin.adminui.utils.ErrorResponse; import io.jans.orm.PersistenceEntryManager; +import org.apache.commons.collections.CollectionUtils; import org.slf4j.Logger; import javax.inject.Inject; @@ -211,6 +212,53 @@ public List getAdminUIRolePermissionsMapping() throws App } } + public List addPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException { + try { + AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); + List roles = adminConf.getDynamic().getRoles(); + List permissions = adminConf.getDynamic().getPermissions(); + + if (roles.stream().noneMatch(ele -> ele.getRole().equals(rolePermissionMappingArg.getRole()))) { + log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription()); + } + if (permissions.stream().noneMatch(ele -> rolePermissionMappingArg.getPermissions().contains(ele.getPermission()))) { + log.error(ErrorResponse.PERMISSION_NOT_FOUND.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription()); + } + + List roleScopeMappingList = adminConf.getDynamic().getRolePermissionMapping() + .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) + .collect(Collectors.toList()); + + if (CollectionUtils.isNotEmpty(roleScopeMappingList)) { + log.warn(ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription()); + } + + //create new RolePermissionMapping + RolePermissionMapping rolePermissionMapping = new RolePermissionMapping(); + //add role to it + rolePermissionMapping.setRole(rolePermissionMappingArg.getRole()); + //remove duplicate permissions + Set scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions()); + List combinedScopes = new ArrayList<>(scopesSet); + rolePermissionMapping.setPermissions(combinedScopes); + //add permission + roleScopeMappingList.add(rolePermissionMapping); + adminConf.getDynamic().getRolePermissionMapping().addAll(roleScopeMappingList); + + entryManager.merge(adminConf); + return adminConf.getDynamic().getRolePermissionMapping(); + } catch (ApplicationException e) { + log.error(e.getMessage()); + throw e; + } catch (Exception e) { + log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e); + throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription()); + } + } + public List mapPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); @@ -245,8 +293,8 @@ public List mapPermissionsToRole(RolePermissionMapping ro } //remove duplicate permissions - Set scopesSet = new LinkedHashSet<>(mappedPermissions); - scopesSet.addAll(rolePermissionMappingArg.getPermissions()); + Set scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions()); + //scopesSet.addAll(rolePermissionMappingArg.getPermissions()); List combinedScopes = new ArrayList<>(scopesSet); if (adminConf.getDynamic().getRolePermissionMapping() @@ -263,7 +311,7 @@ public List mapPermissionsToRole(RolePermissionMapping ro entryManager.merge(adminConf); return adminConf.getDynamic().getRolePermissionMapping(); } catch (ApplicationException e) { - log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription()); + log.error(e.getMessage()); throw e; } catch (Exception e) { log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e); @@ -275,31 +323,12 @@ public List removePermissionsFromRole(RolePermissionMappi try { AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); List roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping() - .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) + .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) .collect(Collectors.toList()); - - if (roleScopeMapping == null || roleScopeMapping.isEmpty()) { - log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription()); - throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription()); - } - - Optional rolePermissionMappingOptional = roleScopeMapping.stream().findFirst(); - - if (rolePermissionMappingOptional.isPresent()) { - List permissions = rolePermissionMappingOptional.get().getPermissions(); - permissions.removeIf(ele -> rolePermissionMappingArg.getPermissions().contains(ele)); - - adminConf.getDynamic().getRolePermissionMapping() - .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) - .collect(Collectors.toList()).forEach(ele -> ele.setPermissions(permissions)); - - entryManager.merge(adminConf); - } + adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping); + entryManager.merge(adminConf); return adminConf.getDynamic().getRolePermissionMapping(); - } catch (ApplicationException e) { - log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription()); - throw e; } catch (Exception e) { log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e); throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription()); diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java index 9d58e660808..d2071dcff76 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java @@ -20,6 +20,7 @@ public enum ErrorResponse { PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."), ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."), ERROR_IN_DELETING_ROLE_PERMISSION("Error in deleting role-permission."), + ROLE_PERMISSION_MAPPING_PRESENT("Role permission mapping already present. Please use HTTP PUT request to modify mapping."), GET_ADMIUI_ROLES_ERROR("Error in fetching Admin UI roles."), SAVE_ADMIUI_ROLES_ERROR("Error in saving Admin UI roles."), EDIT_ADMIUI_ROLES_ERROR("Error in editing Admin UI roles."),