From c0b98a1bef13756169eb03559fde44d079ec3a31 Mon Sep 17 00:00:00 2001 From: yhampe Date: Fri, 2 Feb 2024 14:02:20 +0100 Subject: [PATCH] RED-8414: create new role admin If users have only the KNECON_ADMIN role they should be filtered out completely If users have the KNECON_ADMIN role and a RED_x role they should be included in the response, but only the RED_x roles should be listed --- .../controller/external/UserController.java | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java index 2a4f31c..59e739f 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java @@ -1,5 +1,6 @@ package com.knecon.fforesight.tenantusermanagement.controller.external; +import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.DELETE_TENANT; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_ALL_USERS; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_USERS; import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_MY_PROFILE; @@ -62,7 +63,21 @@ public class UserController implements UserResource, PublicResource { userService.evictUserCache(); } - return userService.getAllUsers(); + var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + + return userService.getAllUsers().stream().filter(user -> { + if(user.getRoles().contains(kneconAdminRole.getName())) + { + //user should be filtered out because he has only role knecon_admin + if(user.getRoles().size() == 1) { + return false; + } + //remove knecon_admin role + user.getRoles().remove(kneconAdminRole.getName()); + return true; + } + return true; + }).toList(); } @@ -113,7 +128,15 @@ public class UserController implements UserResource, PublicResource { if (StringUtils.isEmpty(userId)) { throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "The userId should not be empty."); } - return userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found")); + var kneconAdminRole = tenantUserManagementProperties.getKcRoleMapping().getRole("KNECON_ADMIN"); + var user = userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found")); + if (user.getRoles().contains(kneconAdminRole.getName())) { + if(user.getRoles().size() == 1) { + throw new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"); + } + user.getRoles().remove(kneconAdminRole.getName()); + } + return user; }