Skip to content

Commit

Permalink
Added user and role management procedures
Browse files Browse the repository at this point in the history
  • Loading branch information
Petra Selmer committed Jun 2, 2016
1 parent 480f523 commit cd26630
Show file tree
Hide file tree
Showing 4 changed files with 297 additions and 102 deletions.
17 changes: 15 additions & 2 deletions ...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java
View file
Expand Up @@ -52,13 +52,26 @@ public void createUser( @Name( "username" ) String username, @Name( "password" )


@PerformsDBMS @PerformsDBMS
@Procedure( "dbms.addUserToRole" ) @Procedure( "dbms.addUserToRole" )
public void addUserToRole( @Name( "username" ) String username, @Name( "role" ) String role ) throws IOException public void addUserToRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName ) throws IOException
{ {
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() ) if ( !shiroSubject.isAdmin() )
{ {
throw new AuthorizationViolationException( PERMISSION_DENIED ); throw new AuthorizationViolationException( PERMISSION_DENIED );
} }
shiroSubject.getRoleManager().addUserToRole( username, role ); shiroSubject.getRoleManager().addUserToRole( username, roleName );
}

@PerformsDBMS
@Procedure( "dbms.removeUserFromRole" )
public void removeUserFromRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getRoleManager().removeUserFromRole( username, roleName );
} }
} }
42 changes: 36 additions & 6 deletions ...prise/security/src/main/java/org/neo4j/server/security/enterprise/auth/FileUserRealm.java
View file
Expand Up @@ -183,8 +183,7 @@ RoleRecord newRole( String roleName, String... users ) throws IOException


void addUserToRole( String username, String roleName ) throws IOException void addUserToRole( String username, String roleName ) throws IOException
{ {
assertValidUsername( username ); checkValidityOfUsernameAndRoleName( username, roleName );
assertValidRoleName( roleName );


synchronized ( this ) synchronized ( this )
{ {
Expand All @@ -193,7 +192,6 @@ void addUserToRole( String username, String roleName ) throws IOException
{ {
throw new IllegalArgumentException( "User " + username + " does not exist." ); throw new IllegalArgumentException( "User " + username + " does not exist." );
} }

RoleRecord role = roleRepository.findByName( roleName ); RoleRecord role = roleRepository.findByName( roleName );
if ( role == null ) if ( role == null )
{ {
Expand All @@ -215,10 +213,36 @@ void addUserToRole( String username, String roleName ) throws IOException
} }
} }


void removeUserFromRole( String username, String rolename ) throws IOException void removeUserFromRole( String username, String roleName ) throws IOException
{ {
// TODO checkValidityOfUsernameAndRoleName( username, roleName );
throw new UnsupportedOperationException( "Removing user from role is not implemented." );
synchronized ( this )
{
User user = userRepository.findByName( username );
if ( user == null )
{
throw new IllegalArgumentException( "User " + username + " does not exist." );
}
RoleRecord role = roleRepository.findByName( roleName );
if ( role == null )
{
throw new IllegalArgumentException( "Role " + roleName + " does not exist." );
}
else
{
RoleRecord newRole = role.augment().withoutUser( username ).build();
try
{
roleRepository.update( role, newRole );
}
catch ( ConcurrentModificationException e )
{
// Try again
removeUserFromRole( username, roleName );
}
}
}
} }


boolean deleteUser( String username ) throws IOException boolean deleteUser( String username ) throws IOException
Expand Down Expand Up @@ -249,6 +273,12 @@ private void removeUserFromAllRoles( String username ) throws IOException
} }
} }


private void checkValidityOfUsernameAndRoleName( String username, String roleName ) throws IllegalArgumentException
{
assertValidUsername( username );
assertValidRoleName( roleName );
}

private void assertValidUsername( String name ) private void assertValidUsername( String name )
{ {
if ( !userRepository.isValidName( name ) ) if ( !userRepository.isValidName( name ) )
Expand Down
2 changes: 1 addition & 1 deletion enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/RoleRecord.java
View file
Expand Up @@ -126,7 +126,7 @@ public Builder()
public Builder( RoleRecord base ) public Builder( RoleRecord base )
{ {
name = base.name; name = base.name;
users = base.users; users = new TreeSet<>( base.users );
} }


public Builder withName( String name ) public Builder withName( String name )
Expand Down

0 comments on commit cd26630

Please sign in to comment.