Skip to content

Commit

Permalink
[SHIBUI-1031]
Browse files Browse the repository at this point in the history 
Added support for returning a single role for a given user.
Updated tests accordingly.
  • Loading branch information
Bill Smith committed Jan 3, 2019
1 parent 56d6253 commit fbe3075
Show file tree
Hide file tree
Showing 5 changed files with 85 additions and 38 deletions.
6 changes: 6 additions & 0 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
Expand Down Expand Up @@ -194,4 +195,9 @@ public Module stringTrimModule() {
public ModelRepresentationConversions modelRepresentationConversions() {
return new ModelRepresentationConversions(customPropertiesConfiguration());
}

@Bean
public UserRoleService userRoleService() {
return new UserRoleService();
}
}
25 changes: 6 additions & 19 deletions ...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package edu.internet2.tier.shibboleth.admin.ui.security.controller;

import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse;
import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
Expand All @@ -20,10 +20,8 @@
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.HttpClientErrorException;

import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;

import static org.springframework.http.HttpStatus.NOT_FOUND;

Expand All @@ -40,10 +38,12 @@ public class UsersController {

private UserRepository userRepository;
private RoleRepository roleRepository;
private UserRoleService userRoleService;

public UsersController(UserRepository userRepository, RoleRepository roleRepository) {
public UsersController(UserRepository userRepository, RoleRepository roleRepository, UserRoleService userRoleService) {
this.userRepository = userRepository;
this.roleRepository = roleRepository;
this.userRoleService = userRoleService;
}

@Transactional(readOnly = true)
Expand Down Expand Up @@ -76,7 +76,7 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
.body(new ErrorResponse(String.valueOf(HttpStatus.CONFLICT.value()),
String.format("A user with username [%s] already exists within the system.", user.getUsername())));
}
user.setRoles(getPersistedRoles(user.getUsername(), user.getRoles()));
userRoleService.updateUserRole(user);
//TODO: encrypt password? Or is it sent to us encrypted?
User savedUser = userRepository.save(user);
return ResponseEntity.ok(savedUser);
Expand All @@ -90,24 +90,11 @@ ResponseEntity<?> updateOne(@PathVariable(value = "username") String username, @
persistedUser.setFirstName(user.getFirstName());
persistedUser.setLastName(user.getLastName());
persistedUser.setEmailAddress(user.getEmailAddress());
persistedUser.setRoles(getPersistedRoles(user.getUsername(), user.getRoles()));
userRoleService.updateUserRole(persistedUser);
User savedUser = userRepository.save(persistedUser);
return ResponseEntity.ok(savedUser);
}

private Set<Role> getPersistedRoles(String username, Set<Role> userRolesToBeUpdated) {
Set<Role> newRoles = new HashSet<>();
for (Role role : userRolesToBeUpdated) {
Optional<Role> persistedRole = roleRepository.findByName(role.getName());
if (!persistedRole.isPresent()) {
logger.warn("Role [%s] is not present in the system. Not setting role for user [%s].", role.getName(), username);
continue;
}
newRoles.add(persistedRole.get());
}
return newRoles;
}

private User findUserOrThrowHttp404(String username) {
return userRepository.findByUsername(username)
.orElseThrow(() -> new HttpClientErrorException(NOT_FOUND, String.format("User with username [%s] not found", username)));
Expand Down
21 changes: 19 additions & 2 deletions backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,22 @@
package edu.internet2.tier.shibboleth.admin.ui.security.model;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.apache.commons.lang.StringUtils;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.Transient;
import java.util.HashSet;
import java.util.Set;

Expand Down Expand Up @@ -44,9 +46,24 @@ public class User extends AbstractAuditable {

private String emailAddress;

@Transient
private String role;

//Ignore properties annotation here is to prevent stack overflow recursive error during JSON serialization
@JsonIgnoreProperties("users")
@JsonIgnore
// @JsonIgnoreProperties("users")
@ManyToMany(cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Role> roles = new HashSet<>();

public String getRole() {
Set<Role> roles = this.getRoles();
if (roles.size() != 1) {
if (StringUtils.isNotBlank(this.role)) {
return this.role;
}
throw new RuntimeException(String.format("User with username [%s] does not have exactly one role!", this.getUsername()));
}
return roles.iterator().next().getName();
}
}
43 changes: 43 additions & 0 deletions ...rc/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserRoleService.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package edu.internet2.tier.shibboleth.admin.ui.security.service;

import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.Optional;
import java.util.Set;

/**
* @author Bill Smith (wsmith@unicon.net)
*/
public class UserRoleService {

@Autowired
RoleRepository roleRepository;

/**
* Given a user with a defined User.role, update the User.roles collection with that role.
*
* This currently exists because users should only ever have one role in the system at this time. However, user
* roles are persisted as a set of roles (for future-proofing). Once we start allowing a user to have multiple roles,
* this method and User.role can go away.
* @param user
*/
public void updateUserRole(User user) {
if (StringUtils.isNotBlank(user.getRole())) {
Optional<Role> userRole = roleRepository.findByName(user.getRole());
if (userRole.isPresent()) {
Set<Role> userRoles = new HashSet<>();
userRoles.add(userRole.get());
user.setRoles(userRoles);
} else {
throw new RuntimeException(String.format("User with username [%s] is defined with role [%s] which does not exist in the system!", user.getUsername(), user.getRole()));
}
} else {
throw new RuntimeException(String.format("User with username [%s] has no role defined and therefor cannot be updated!", user.getUsername()));
}
}
}
28 changes: 11 additions & 17 deletions ...rnet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,7 @@ package edu.internet2.tier.shibboleth.admin.ui.security.controller

import com.fasterxml.jackson.databind.ObjectMapper
import com.fasterxml.jackson.databind.SerializationFeature
import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
import edu.internet2.tier.shibboleth.admin.ui.security.model.User
import groovy.json.JsonBuilder
import groovy.json.JsonOutput
import groovy.json.JsonSlurper
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.boot.test.web.client.TestRestTemplate
Expand Down Expand Up @@ -42,7 +38,7 @@ class UsersControllerIntegrationTests extends Specification {
then: 'Request completed with HTTP 200 and returned a list of users'
result.statusCodeValue == 200
result.body[0].username == 'admin'
result.body[0].roles[0].name == 'ROLE_ADMIN'
result.body[0].role == 'ROLE_ADMIN'
}
def 'GET ONE existing user'() {
Expand All @@ -52,7 +48,7 @@ class UsersControllerIntegrationTests extends Specification {
then: 'Request completed with HTTP 200 and returned one user'
result.statusCodeValue == 200
result.body.username == 'admin'
result.body.roles[0].name == 'ROLE_ADMIN'
result.body.role == 'ROLE_ADMIN'
}
def 'GET ONE NON-existing user'() {
Expand Down Expand Up @@ -88,7 +84,7 @@ class UsersControllerIntegrationTests extends Specification {
username: 'FooBar',
password: 'somepass',
emailAddress: 'foo@institution.edu',
roles: ['ROLE_USER']]
role: 'ROLE_USER']

when:
def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
Expand All @@ -104,7 +100,7 @@ class UsersControllerIntegrationTests extends Specification {
username: 'DuplicateUser',
password: 'somepass',
emailAddress: 'foo@institution.edu',
roles: ['ROLE_USER']]
role: 'ROLE_USER']

when:
this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
Expand All @@ -121,7 +117,7 @@ class UsersControllerIntegrationTests extends Specification {
username: 'FooBar',
password: 'somepass',
emailAddress: 'foo@institution.edu',
roles: ['ROLE_USER']]
role: 'ROLE_USER']

when:
this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
Expand All @@ -134,14 +130,12 @@ class UsersControllerIntegrationTests extends Specification {

def 'PUT detects unknown username'() {
given:
def newUser = new User().with {
it.firstName = 'Foo'
it.lastName = 'Bar'
it.username = 'UnknownUsername'
it.password = 'somepass'
it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set<Role>
it
}
def newUser = [firstName: 'Foo',
lastName: 'Bar',
username: 'UnknownUser',
password: 'somepass',
emailAddress: 'foo@institution.edu',
role: 'ROLE_USER']

when:
def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
Expand Down

0 comments on commit fbe3075

Please sign in to comment.