From 500a77358ad6d811fc95de3a13829d6f983bc1b0 Mon Sep 17 00:00:00 2001 From: Arnab Dutta <32794267+duttarnab@users.noreply.github.com> Date: Thu, 24 Feb 2022 18:48:08 +0530 Subject: [PATCH] feat(jans-config-api): add deletable flag to admin-ui role object #888 (#900) * feat: add deletable flag to admin-ui role object #888 * feat: add deletable flag to admin-ui role object #888 * feat: add deletable flag to admin-ui role object #888 --- .../as/model/config/adminui/AdminRole.java | 9 +++++ .../docs/jans-config-api-swagger.yaml | 3 ++ .../service/user/UserManagementService.java | 37 +++++++++++++++++++ .../plugin/adminui/utils/ErrorResponse.java | 1 + 4 files changed, 50 insertions(+) diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java b/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java index 3ca00cf34cb..f6f61b9d8a2 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/config/adminui/AdminRole.java @@ -5,6 +5,7 @@ public class AdminRole { private String role; private String description; + private Boolean deletable; public String getRole() { return role; @@ -22,6 +23,13 @@ public void setDescription(String description) { this.description = description; } + public Boolean getDeletable() { + return deletable; + } + + public void setDeletable(Boolean deletable) { + this.deletable = deletable; + } @Override public boolean equals(Object o) { if (this == o) return true; @@ -40,6 +48,7 @@ public String toString() { return "AdminRole{" + "role='" + role + '\'' + ", description='" + description + '\'' + + ", deletable='" + deletable + '\'' + '}'; } } diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index fb938215dcf..9786a60a967 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -6471,6 +6471,9 @@ components: description: type: string description: role description + deletable: + type: boolean + description: can we delete the role? AdminPermission: type: object description: Admin permission diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java index bfe433462bd..a925282097f 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java @@ -37,6 +37,24 @@ public List getRoles() throws ApplicationException { } } + private AdminRole getRoleObjByName(String role) throws ApplicationException { + try { + AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); + List roles = adminConf.getDynamic().getRoles().stream().filter(ele -> ele.getRole().equals(role)).collect(Collectors.toList()); + if (roles.isEmpty()) { + log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription()); + } + return roles.get(0); + } catch (ApplicationException e) { + log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription()); + throw e; + } catch (Exception e) { + log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription(), e); + throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription()); + } + } + public List addRole(AdminRole roleArg) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); @@ -103,6 +121,11 @@ public List deleteRole(String role) throws ApplicationException { } List roles = adminConf.getDynamic().getRoles(); + if (isFalse(getRoleObjByName(role).getDeletable())) { + log.error(ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); + } + roles.removeIf(ele -> ele.getRole().equals(role)); adminConf.getDynamic().setRoles(roles); @@ -287,6 +310,10 @@ public List mapPermissionsToRole(RolePermissionMapping ro public List removePermissionsFromRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN); + if (isFalse(getRoleObjByName(role).getDeletable())) { + log.error(ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); + } List roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping() .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) .collect(Collectors.toList()); @@ -294,6 +321,9 @@ public List removePermissionsFromRole(RolePermissionMappi entryManager.merge(adminConf); return adminConf.getDynamic().getRolePermissionMapping(); + } catch (ApplicationException e) { + log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription()); + throw e; } catch (Exception e) { log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e); throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription()); @@ -321,4 +351,11 @@ private void validateRolePermissionMapping(AdminConf adminConf, RolePermissionMa throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription()); } } + + private static boolean isFalse(Boolean bool) { + if (bool == null) { + return true; + } + return bool.booleanValue() ? false : true; + } } \ No newline at end of file diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java index d2071dcff76..c07a354e3bb 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java @@ -29,6 +29,7 @@ public enum ErrorResponse { SAVE_ADMIUI_PERMISSIONS_ERROR("Error in saving Admin UI permissions."), EDIT_ADMIUI_PERMISSIONS_ERROR("Error in editing Admin UI permissions."), DELETE_ADMIUI_PERMISSIONS_ERROR("Error in deleting Admin UI permissions."), + ROLE_MARKED_UNDELETABLE("Role cannot be deleted. Please set ‘deletable’ property of role to true."), UNABLE_TO_DELETE_ROLE_MAPPED_TO_PERMISSIONS("Role is mapped to permissions so cannot be deleted. Please remove the permissions mapped before deleting the role."), UNABLE_TO_DELETE_PERMISSION_MAPPED_TO_ROLE("Permission is mapped to role so cannot be deleted. Please remove the permission mapped to the role before deleting it.");