summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java')
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java331
1 files changed, 24 insertions, 307 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
index cd17f5b6c..989b89db0 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
@@ -18,35 +18,12 @@
package com.netscape.cms.servlet.admin;
-import java.net.URI;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.ConflictingOperationException;
-import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.group.GroupMemberCollection;
import com.netscape.certsrv.group.GroupMemberData;
import com.netscape.certsrv.group.GroupMemberResource;
-import com.netscape.certsrv.group.GroupNotFoundException;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.user.UserResource;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.cms.servlet.base.PKIService;
/**
@@ -54,330 +31,70 @@ import com.netscape.cms.servlet.base.PKIService;
*/
public class GroupMemberService extends PKIService implements GroupMemberResource {
- public final static int DEFAULT_SIZE = 20;
-
- public final static String MULTI_ROLE_ENABLE = "multiroles.enable";
- public final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
- public static String[] multiRoleGroupEnforceList;
-
- public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
- public GroupMemberData createGroupMemberData(String memberID) throws Exception {
-
- GroupMemberData groupMemberData = new GroupMemberData();
-
- groupMemberData.setID(memberID);
-
- String userID = URLEncoder.encode(memberID, "UTF-8");
- URI uri = uriInfo.getBaseUriBuilder().path(UserResource.class).path("{userID}").build(userID);
- groupMemberData.setLink(new Link("self", uri));
-
- return groupMemberData;
- }
-
@Override
public GroupMemberCollection findGroupMembers(String groupID, Integer start, Integer size) {
try {
- start = start == null ? 0 : start;
- size = size == null ? DEFAULT_SIZE : size;
-
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- GroupMemberCollection response = new GroupMemberCollection();
-
- Enumeration<String> members = group.getMemberNames();
-
- int i = 0;
-
- // skip to the start of the page
- for ( ; i<start && members.hasMoreElements(); i++) members.nextElement();
-
- // return entries up to the page size
- for ( ; i<start+size && members.hasMoreElements(); i++) {
- String memberID = members.nextElement();
- response.addMember(createGroupMemberData(memberID));
- }
-
- // count the total entries
- for ( ; members.hasMoreElements(); i++) members.nextElement();
-
- if (start > 0) {
- URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
- response.addLink(new Link("prev", uri));
- }
-
- if (start+size < i) {
- URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
- response.addLink(new Link("next", uri));
- }
-
- return response;
+ GroupMemberProcessor processor = new GroupMemberProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.findGroupMembers(groupID, start, size);
} catch (PKIException e) {
throw e;
} catch (Exception e) {
- CMS.debug(e);
- throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
+ throw new PKIException(e.getMessage(), e);
}
}
@Override
- public Response addGroupMember(String groupID, String memberID) {
- GroupMemberData groupMemberData = new GroupMemberData();
- groupMemberData.setID(memberID);
- return addGroupMember(groupID, groupMemberData);
- }
-
- public Response addGroupMember(String groupID, GroupMemberData groupMemberData) {
-
+ public GroupMemberData getGroupMember(String groupID, String memberID) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- String memberID = groupMemberData.getID();
- boolean multiRole = true;
-
- try {
- IConfigStore config = CMS.getConfigStore();
- multiRole = config.getBoolean(MULTI_ROLE_ENABLE);
- } catch (Exception e) {
- // ignore
- }
-
- if (multiRole) {
- // a user can be a member of multiple groups
- userGroupManager.addUserToGroup(group, memberID);
-
- } else {
- // a user can be a member of at most one group in the enforce list
- if (isGroupInMultiRoleEnforceList(groupID)) {
- // make sure the user is not already a member in another group in the list
- if (!isDuplicate(groupID, memberID)) {
- userGroupManager.addUserToGroup(group, memberID);
- } else {
- throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
- }
-
- } else {
- // the user can be a member of multiple groups outside the list
- userGroupManager.addUserToGroup(group, memberID);
- }
- }
-
- // for audit log
- SessionContext sContext = SessionContext.getContext();
- String adminId = (String) sContext.get(SessionContext.USER_ID);
-
- logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] { adminId, memberID, groupID });
-
- auditAddGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
-
- // read the data back
- groupMemberData = getGroupMember(groupID, memberID);
-
- return Response
- .created(groupMemberData.getLink().getHref())
- .entity(groupMemberData)
- .type(MediaType.APPLICATION_XML)
- .build();
+ GroupMemberProcessor processor = new GroupMemberProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.getGroupMember(groupID, memberID);
} catch (PKIException e) {
- auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
throw e;
} catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
- }
- }
-
- public boolean isGroupInMultiRoleEnforceList(String groupID) {
-
- if (groupID == null || groupID.equals("")) {
- return true;
- }
-
- String groupList = null;
- if (multiRoleGroupEnforceList == null) {
- try {
- IConfigStore config = CMS.getConfigStore();
- groupList = config.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
- } catch (Exception e) {
- // ignore
- }
-
- if (groupList != null && !groupList.equals("")) {
- multiRoleGroupEnforceList = groupList.split(",");
- for (int j = 0; j < multiRoleGroupEnforceList.length; j++) {
- multiRoleGroupEnforceList[j] = multiRoleGroupEnforceList[j].trim();
- }
- }
- }
-
- if (multiRoleGroupEnforceList == null)
- return true;
-
- for (int i = 0; i < multiRoleGroupEnforceList.length; i++) {
- if (groupID.equals(multiRoleGroupEnforceList[i])) {
- return true;
- }
- }
-
- return false;
- }
-
- public boolean isDuplicate(String groupID, String memberID) {
-
- // Let's not mess with users that are already a member of this group
- try {
- boolean isMember = userGroupManager.isMemberOf(memberID, groupID);
- if (isMember == true) return false;
-
- } catch (Exception e) {
- // ignore
- }
-
- try {
- Enumeration<IGroup> groups = userGroupManager.listGroups("*");
- while (groups.hasMoreElements()) {
- IGroup group = groups.nextElement();
- String name = group.getName();
-
- Enumeration<IGroup> g = userGroupManager.findGroups(name);
- IGroup g1 = g.nextElement();
-
- if (!name.equals(groupID)) {
- if (isGroupInMultiRoleEnforceList(name)) {
- Enumeration<String> members = g1.getMemberNames();
- while (members.hasMoreElements()) {
- String m1 = members.nextElement();
- if (m1.equals(memberID))
- return true;
- }
- }
- }
- }
- } catch (Exception e) {
- // ignore
+ throw new PKIException(e.getMessage(), e);
}
-
- return false;
}
@Override
- public GroupMemberData getGroupMember(String groupID, String memberID) {
+ public Response addGroupMember(String groupID, String memberID) {
+ GroupMemberData groupMemberData = new GroupMemberData();
+ groupMemberData.setID(memberID);
+ groupMemberData.setGroupID(groupID);
+ return addGroupMember(groupMemberData);
+ }
+ public Response addGroupMember(GroupMemberData groupMemberData) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- Enumeration<String> e = group.getMemberNames();
- while (e.hasMoreElements()) {
- String memberName = e.nextElement();
- if (!memberName.equals(memberID)) continue;
-
- GroupMemberData groupMemberData = createGroupMemberData(memberID);
- return groupMemberData;
- }
-
- throw new ResourceNotFoundException("Group member " + memberID + " not found");
+ GroupMemberProcessor processor = new GroupMemberProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.addGroupMember(groupMemberData);
} catch (PKIException e) {
throw e;
} catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- throw new PKIException(e.getMessage());
+ throw new PKIException(e.getMessage(), e);
}
}
@Override
public void removeGroupMember(String groupID, String memberID) {
- GroupMemberData groupMemberData = new GroupMemberData();
- groupMemberData.setID(memberID);
- removeGroupMember(groupID, groupMemberData);
- }
-
- public void removeGroupMember(String groupID, GroupMemberData groupMemberData) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- String member = groupMemberData.getID();
- userGroupManager.removeUserFromGroup(group, member);
-
- // for audit log
- SessionContext sContext = SessionContext.getContext();
- String adminId = (String) sContext.get(SessionContext.USER_ID);
-
- logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.REMOVEUSERGROUPFORMAT,
- new Object[] { adminId, member, groupID });
-
- auditDeleteGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
+ GroupMemberProcessor processor = new GroupMemberProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ processor.removeGroupMember(groupID, memberID);
} catch (PKIException e) {
- auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
throw e;
} catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+ throw new PKIException(e.getMessage(), e);
}
}
-
- public void log(int level, String message) {
- log(ILogger.S_USRGRP, level, message);
- }
-
- public void auditAddGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
- audit(OpDef.OP_ADD, groupID, getParams(groupMemberData), status);
- }
-
- public void auditDeleteGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
- audit(OpDef.OP_DELETE, groupID, getParams(groupMemberData), status);
- }
-
- public void audit(String type, String id, Map<String, String> params, String status) {
- audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_GROUP_MEMBERS, type, id, params, status);
- }
}
generated by cgit (git 2.34.1) at 2024-04-19 21:45:13 +0000