RED-8414: create new role admin

If users have only the KNECON_ADMIN role they should be filtered out completely

If users have the KNECON_ADMIN role and a RED_x role they should be included in the response, but only the RED_x roles should be listed
This commit is contained in:
yhampe 2024-02-02 14:02:20 +01:00
parent dc2a11ac83
commit c0b98a1bef

View File

@ -1,5 +1,6 @@
package com.knecon.fforesight.tenantusermanagement.controller.external;
import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.DELETE_TENANT;
import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_ALL_USERS;
import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_USERS;
import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_MY_PROFILE;
@ -62,7 +63,21 @@ public class UserController implements UserResource, PublicResource {
userService.evictUserCache();
}
return userService.getAllUsers();
var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN");
return userService.getAllUsers().stream().filter(user -> {
if(user.getRoles().contains(kneconAdminRole.getName()))
{
//user should be filtered out because he has only role knecon_admin
if(user.getRoles().size() == 1) {
return false;
}
//remove knecon_admin role
user.getRoles().remove(kneconAdminRole.getName());
return true;
}
return true;
}).toList();
}
@ -113,7 +128,15 @@ public class UserController implements UserResource, PublicResource {
if (StringUtils.isEmpty(userId)) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "The userId should not be empty.");
}
return userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"));
var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN");
var user = userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"));
if (user.getRoles().contains(kneconAdminRole.getName())) {
if(user.getRoles().size() == 1) {
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found");
}
user.getRoles().remove(kneconAdminRole.getName());
}
return user;
}