feat(jans-config-api): add deletable flag to admin-ui role object #888 (

#900) * feat: add deletable flag to admin-ui role object #888 * feat: add deletable flag to admin-ui role object #888 * feat: add deletable flag to admin-ui role object #888
JanssenProject · Feb 24, 2022 · 500a773 · 500a773
1 parent b9f56c3
commit 500a773
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 0 deletions.
diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java b/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java
@@ -5,6 +5,7 @@
 public class AdminRole {
     private String role;
     private String description;
+    private Boolean deletable;
 
     public String getRole() {
         return role;
@@ -22,6 +23,13 @@ public void setDescription(String description) {
         this.description = description;
     }
 
+    public Boolean getDeletable() {
+        return deletable;
+    }
+
+    public void setDeletable(Boolean deletable) {
+        this.deletable = deletable;
+    }
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
@@ -40,6 +48,7 @@ public String toString() {
         return "AdminRole{" +
                 "role='" + role + '\'' +
                 ", description='" + description + '\'' +
+                ", deletable='" + deletable + '\'' +
                 '}';
     }
 }
diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml
@@ -6471,6 +6471,9 @@ components:
         description:
           type: string
           description: role description
+        deletable:
+          type: boolean
+          description: can we delete the role?
     AdminPermission:
       type: object
       description: Admin permission

diff --git a/...ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/...ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java
@@ -37,6 +37,24 @@ public List<AdminRole> getRoles() throws ApplicationException {
         }
     }
 
+    private AdminRole getRoleObjByName(String role) throws ApplicationException {
+        try {
+            AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
+            List<AdminRole> roles = adminConf.getDynamic().getRoles().stream().filter(ele -> ele.getRole().equals(role)).collect(Collectors.toList());
+            if (roles.isEmpty()) {
+                log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
+            }
+            return roles.get(0);
+        } catch (ApplicationException e) {
+            log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription());
+            throw e;
+        } catch (Exception e) {
+            log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription(), e);
+            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription());
+        }
+    }
+
     public List<AdminRole> addRole(AdminRole roleArg) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
@@ -103,6 +121,11 @@ public List<AdminRole> deleteRole(String role) throws ApplicationException {
             }
 
             List<AdminRole> roles = adminConf.getDynamic().getRoles();
+            if (isFalse(getRoleObjByName(role).getDeletable())) {
+                log.error(ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription());
+            }
+
             roles.removeIf(ele -> ele.getRole().equals(role));
 
             adminConf.getDynamic().setRoles(roles);
@@ -287,13 +310,20 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
     public List<RolePermissionMapping> removePermissionsFromRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
+            if (isFalse(getRoleObjByName(role).getDeletable())) {
+                log.error(ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription());
+            }
             List<RolePermissionMapping> roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping()
                     .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
                     .collect(Collectors.toList());
             adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping);
             entryManager.merge(adminConf);
 
             return adminConf.getDynamic().getRolePermissionMapping();
+        } catch (ApplicationException e) {
+            log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
+            throw e;
         } catch (Exception e) {
             log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e);
             throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
@@ -321,4 +351,11 @@ private void validateRolePermissionMapping(AdminConf adminConf, RolePermissionMa
             throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
         }
     }
+
+    private static boolean isFalse(Boolean bool) {
+        if (bool == null) {
+            return true;
+        }
+        return bool.booleanValue() ? false : true;
+    }
 }
diff --git a/.../plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/.../plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java
@@ -29,6 +29,7 @@ public enum ErrorResponse {
     SAVE_ADMIUI_PERMISSIONS_ERROR("Error in saving Admin UI permissions."),
     EDIT_ADMIUI_PERMISSIONS_ERROR("Error in editing Admin UI permissions."),
     DELETE_ADMIUI_PERMISSIONS_ERROR("Error in deleting Admin UI permissions."),
+    ROLE_MARKED_UNDELETABLE("Role cannot be deleted. Please set ‘deletable’ property of role to true."),
     UNABLE_TO_DELETE_ROLE_MAPPED_TO_PERMISSIONS("Role is mapped to permissions so cannot be deleted. Please remove the permissions mapped before deleting the role."),
     UNABLE_TO_DELETE_PERMISSION_MAPPED_TO_ROLE("Permission is mapped to role so cannot be deleted. Please remove the permission mapped to the role before deleting it.");