Skip to content

Commit

Permalink
Added user and role management procedures
Browse files Browse the repository at this point in the history
  • Loading branch information
Petra Selmer committed Jun 2, 2016
1 parent 480f523 commit cd26630
Show file tree
Hide file tree
Showing 4 changed files with 297 additions and 102 deletions.
17 changes: 15 additions & 2 deletions ...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java
View file
Expand Up @@ -52,13 +52,26 @@ public void createUser( @Name( "username" ) String username, @Name( "password" )

@PerformsDBMS
@Procedure( "dbms.addUserToRole" )
public void addUserToRole( @Name( "username" ) String username, @Name( "role" ) String role ) throws IOException
public void addUserToRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName ) throws IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getRoleManager().addUserToRole( username, role );
shiroSubject.getRoleManager().addUserToRole( username, roleName );
}

@PerformsDBMS
@Procedure( "dbms.removeUserFromRole" )
public void removeUserFromRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getRoleManager().removeUserFromRole( username, roleName );
}
}
42 changes: 36 additions & 6 deletions ...prise/security/src/main/java/org/neo4j/server/security/enterprise/auth/FileUserRealm.java
View file
Expand Up @@ -183,8 +183,7 @@ RoleRecord newRole( String roleName, String... users ) throws IOException

void addUserToRole( String username, String roleName ) throws IOException
{
assertValidUsername( username );
assertValidRoleName( roleName );
checkValidityOfUsernameAndRoleName( username, roleName );

synchronized ( this )
{
Expand All @@ -193,7 +192,6 @@ void addUserToRole( String username, String roleName ) throws IOException
{
throw new IllegalArgumentException( "User " + username + " does not exist." );
}

RoleRecord role = roleRepository.findByName( roleName );
if ( role == null )
{
Expand All @@ -215,10 +213,36 @@ void addUserToRole( String username, String roleName ) throws IOException
}
}

void removeUserFromRole( String username, String rolename ) throws IOException
void removeUserFromRole( String username, String roleName ) throws IOException
{
// TODO
throw new UnsupportedOperationException( "Removing user from role is not implemented." );
checkValidityOfUsernameAndRoleName( username, roleName );

synchronized ( this )
{
User user = userRepository.findByName( username );
if ( user == null )
{
throw new IllegalArgumentException( "User " + username + " does not exist." );
}
RoleRecord role = roleRepository.findByName( roleName );
if ( role == null )
{
throw new IllegalArgumentException( "Role " + roleName + " does not exist." );
}
else
{
RoleRecord newRole = role.augment().withoutUser( username ).build();
try
{
roleRepository.update( role, newRole );
}
catch ( ConcurrentModificationException e )
{
// Try again
removeUserFromRole( username, roleName );
}
}
}
}

boolean deleteUser( String username ) throws IOException
Expand Down Expand Up @@ -249,6 +273,12 @@ private void removeUserFromAllRoles( String username ) throws IOException
}
}

private void checkValidityOfUsernameAndRoleName( String username, String roleName ) throws IllegalArgumentException
{
assertValidUsername( username );
assertValidRoleName( roleName );
}

private void assertValidUsername( String name )
{
if ( !userRepository.isValidName( name ) )
Expand Down
2 changes: 1 addition & 1 deletion enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/RoleRecord.java
View file
Expand Up @@ -126,7 +126,7 @@ public Builder()
public Builder( RoleRecord base )
{
name = base.name;
users = base.users;
users = new TreeSet<>( base.users );
}

public Builder withName( String name )
Expand Down

0 comments on commit cd26630

Please sign in to comment.