Skip to content

Commit

Permalink
feat(jans-config-api): user mgmt patch endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
pujavs committed Apr 8, 2022
1 parent 84eadf6 commit 0427186
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -112,5 +112,8 @@ private ApiConstants() {}
public static final int DEFAULT_MAX_COUNT = 200;
public static final String SORT_BY = "sortBy";
public static final String SORT_ORDER = "sortOrder";

//commaSeparatedString of attributes to be excluded in User fetch request
public static final String USER_EXCLUDED_ATTRIBUTES = "userPassword,";

}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import io.jans.orm.model.PagedResult;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
Expand Down Expand Up @@ -50,29 +51,34 @@ public Response getUsers(@DefaultValue(DEFAULT_LIST_SIZE) @QueryParam(value = Ap
@DefaultValue("") @QueryParam(value = ApiConstants.PATTERN) String pattern,
@DefaultValue(DEFAULT_LIST_START_INDEX) @QueryParam(value = ApiConstants.START_INDEX) int startIndex,
@QueryParam(value = ApiConstants.SORT_BY) String sortBy,
@QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder) {
@QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder) throws IllegalAccessException, InvocationTargetException {
if (logger.isDebugEnabled()) {
logger.debug("User search param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}",
escapeLog(limit), escapeLog(pattern), escapeLog(startIndex), escapeLog(sortBy),
escapeLog(sortOrder));
}
SearchRequest searchReq = createSearchRequest(userSrv.getPeopleBaseDn(), pattern, sortBy, sortOrder, startIndex,
limit, null, null);
limit, null, ApiConstants.USER_EXCLUDED_ATTRIBUTES);

final List<User> users = this.doSearch(searchReq);
logger.debug("User search result:{}", users);
List<User> users = this.doSearch(searchReq);
logger.debug("User search result:{}", users);

return Response.ok(users).build();
}

@GET
@ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS })
@Path(ApiConstants.INUM_PATH)
public Response getUserByInum(@PathParam(ApiConstants.INUM) @NotNull String inum) {
public Response getUserByInum(@PathParam(ApiConstants.INUM) @NotNull String inum) throws IllegalAccessException, InvocationTargetException {
if (logger.isDebugEnabled()) {
logger.debug("User search by inum:{}", escapeLog(inum));
}
User user = userSrv.getUserByInum(inum);
logger.debug("user:{}", user);

//excludedAttributes
user = userSrv.excludedAttributes(user, ApiConstants.USER_EXCLUDED_ATTRIBUTES);

return Response.ok(user).build();
}

Expand Down Expand Up @@ -100,7 +106,7 @@ public Response updateUser(@Valid User user) {
}

@PATCH
@Consumes(MediaType.APPLICATION_JSON_PATCH_JSON)
//@Consumes(MediaType.APPLICATION_JSON_PATCH_JSON)
@ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS })
@Path(ApiConstants.INUM_PATH)
public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @NotNull UserPatchRequest userPatchRequest) throws JsonPatchException, IOException {
Expand All @@ -119,7 +125,8 @@ public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @N

return Response.ok(existingUser).build();
}



@DELETE
@Path(ApiConstants.INUM_PATH)
@ProtectedApi(scopes = { ApiAccessConstants.USER_DELETE_ACCESS })
Expand All @@ -133,7 +140,7 @@ public Response deleteUser(@PathParam(ApiConstants.INUM) @NotNull String inum) {
return Response.noContent().build();
}

private List<User> doSearch(SearchRequest searchReq) {
private List<User> doSearch(SearchRequest searchReq) throws IllegalAccessException, InvocationTargetException{
if (logger.isDebugEnabled()) {
logger.debug("User search params - searchReq:{} ", escapeLog(searchReq));
}
Expand All @@ -151,7 +158,14 @@ private List<User> doSearch(SearchRequest searchReq) {
if (logger.isDebugEnabled()) {
logger.debug("Users fetched - users:{}", users);
}

//excludedAttributes
users = userSrv.excludedAttributes(users, searchReq.getExcludedAttributesStr());

return users;
}




}
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import io.jans.as.common.util.AttributeConstants;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.configapi.util.AuthUtil;
import io.jans.configapi.core.util.Jackson;
import io.jans.configapi.model.user.UserPatchRequest;
import io.jans.configapi.rest.model.SearchRequest;
Expand All @@ -23,13 +24,14 @@
import static io.jans.as.model.util.Util.escapeLog;

import java.io.IOException;
import java.util.ArrayList;
import java.lang.reflect.InvocationTargetException;
import java.util.Arrays;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.core.Response;

import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

Expand All @@ -45,6 +47,9 @@ public class UserService extends io.jans.as.common.service.common.UserService {

@Inject
private AppConfiguration appConfiguration;

@Inject
AuthUtil authUtil;

@Override
public List<String> getPersonCustomObjectClassList() {
Expand Down Expand Up @@ -148,5 +153,38 @@ else if (attribute.getValue() == null || attribute.getValues() == null) {

return user;
}

public List<User> excludedAttributes(List<User> users, String commaSeparatedString) throws IllegalAccessException, InvocationTargetException {
logger.error("Attributes:{} to be excluded from users:{} ", commaSeparatedString, users);
for(User user: users) {
user = excludedAttributes(user, commaSeparatedString);
}
logger.error("Users:{} after excluding attribute:{} ", users, commaSeparatedString);

return users;
}

public User excludedAttributes(User user, String commaSeparatedString) throws IllegalAccessException, InvocationTargetException {
logger.error("Attributes:{} to be excluded from user:{} ", commaSeparatedString, user);
if(user == null || StringUtils.isEmpty(commaSeparatedString)) {
return user;
}
List<String> excludedAttributes = Arrays.asList(commaSeparatedString.split(","));
logger.error("Attributes List:{} to be excluded ", excludedAttributes);

for(String attribute : excludedAttributes) {
logger.error("User class conatins attribute:{} ? :{} ", attribute, authUtil.doesObjectContainField(user,attribute));
if(authUtil.doesObjectContainField(user,attribute)) {
BeanUtils.setProperty(user,attribute,null);

}
else {
logger.error("Removing custom attribute:{} from user:{} ", attribute, user);
user.removeAttribute(attribute);
}
}

return user;
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import javax.ws.rs.core.Response;

import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
Expand Down Expand Up @@ -352,5 +353,14 @@ public List<String> findMissingElements(List<String> list1, List<String> list2)
public boolean isEqualCollection(List<String> list1, List<String> list2) {
return CollectionUtils.isEqualCollection(list1, list2);
}

public boolean doesObjectContainField(Object object, String fieldName) {
log.error("Check if object:{} contain fieldName:{} ", object, fieldName);
if(object == null || StringUtils.isEmpty(fieldName)) {
return false;
}
return Arrays.stream(object.getClass().getFields())
.anyMatch(f -> f.getName().equals(fieldName));
}

}

0 comments on commit 0427186

Please sign in to comment.