From c0b98a1bef13756169eb03559fde44d079ec3a31 Mon Sep 17 00:00:00 2001 From: yhampe Date: Fri, 2 Feb 2024 14:02:20 +0100 Subject: [PATCH 1/2] RED-8414: create new role admin If users have only the KNECON_ADMIN role they should be filtered out completely If users have the KNECON_ADMIN role and a RED_x role they should be included in the response, but only the RED_x roles should be listed --- .../controller/external/UserController.java | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java index 2a4f31c..59e739f 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java @@ -1,5 +1,6 @@ package com.knecon.fforesight.tenantusermanagement.controller.external; +import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.DELETE_TENANT; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_ALL_USERS; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_USERS; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_MY_PROFILE; @@ -62,7 +63,21 @@ public class UserController implements UserResource, PublicResource { userService.evictUserCache(); } - return userService.getAllUsers(); + var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + + return userService.getAllUsers().stream().filter(user -> { + if(user.getRoles().contains(kneconAdminRole.getName())) + { + //user should be filtered out because he has only role knecon_admin + if(user.getRoles().size() == 1) { + return false; + } + //remove knecon_admin role + user.getRoles().remove(kneconAdminRole.getName()); + return true; + } + return true; + }).toList(); } @@ -113,7 +128,15 @@ public class UserController implements UserResource, PublicResource { if (StringUtils.isEmpty(userId)) { throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "The userId should not be empty."); } - return userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found")); + var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + var user = userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found")); + if (user.getRoles().contains(kneconAdminRole.getName())) { + if(user.getRoles().size() == 1) { + throw new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"); + } + user.getRoles().remove(kneconAdminRole.getName()); + } + return user; } From e2c74b607b12ddbec6d54e3ca7cbb05d3f9004f7 Mon Sep 17 00:00:00 2001 From: yhampe Date: Mon, 5 Feb 2024 10:58:29 +0100 Subject: [PATCH 2/2] RED-8414: create new role admin fixed failing tests --- .../controller/external/UserController.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java index 59e739f..f44846b 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java @@ -63,17 +63,17 @@ public class UserController implements UserResource, PublicResource { userService.evictUserCache(); } - var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + var kneconAdminRole = "KNECON_ADMIN"; return userService.getAllUsers().stream().filter(user -> { - if(user.getRoles().contains(kneconAdminRole.getName())) + if(user.getRoles().contains(kneconAdminRole)) { //user should be filtered out because he has only role knecon_admin if(user.getRoles().size() == 1) { return false; } //remove knecon_admin role - user.getRoles().remove(kneconAdminRole.getName()); + user.getRoles().remove(kneconAdminRole); return true; } return true; @@ -128,13 +128,13 @@ public class UserController implements UserResource, PublicResource { if (StringUtils.isEmpty(userId)) { throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "The userId should not be empty."); } - var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + var kneconAdminRole = "KNECON_ADMIN"; var user = userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found")); - if (user.getRoles().contains(kneconAdminRole.getName())) { + if (user.getRoles().contains(kneconAdminRole)) { if(user.getRoles().size() == 1) { throw new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"); } - user.getRoles().remove(kneconAdminRole.getName()); + user.getRoles().remove(kneconAdminRole); } return user; }