Skip to content

Commit

Permalink
feat: add POST /rolePermissionsMapping for adding new rolePermissions…
Browse files Browse the repository at this point in the history
…Mapping entry #144
  • Loading branch information
duttarnab committed Jan 6, 2022
1 parent 6463758 commit cc4bc91
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 25 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,25 @@ public Response getAdminUIRolePermissionsMapping() {
}
}

@POST
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
try {
log.info("Adding role-permissions to Admin-UI.");
List<RolePermissionMapping> roleScopeMapping = userManagementService.addPermissionsToRole(rolePermissionMappingArg);
log.info("Added role-permissions to Admin-UI..");
return Response.ok(roleScopeMapping).build();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
return Response.status(e.getErrorCode()).entity(e.getMessage()).build();
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
return Response.serverError().entity(e.getMessage()).build();
}
}

@PUT
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import io.jans.orm.PersistenceEntryManager;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;

import javax.inject.Inject;
Expand Down Expand Up @@ -211,6 +212,53 @@ public List<RolePermissionMapping> getAdminUIRolePermissionsMapping() throws App
}
}

public List<RolePermissionMapping> addPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
List<AdminRole> roles = adminConf.getDynamic().getRoles();
List<AdminPermission> permissions = adminConf.getDynamic().getPermissions();

if (roles.stream().noneMatch(ele -> ele.getRole().equals(rolePermissionMappingArg.getRole()))) {
log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
}
if (permissions.stream().noneMatch(ele -> rolePermissionMappingArg.getPermissions().contains(ele.getPermission()))) {
log.error(ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
}

List<RolePermissionMapping> roleScopeMappingList = adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList());

if (CollectionUtils.isNotEmpty(roleScopeMappingList)) {
log.warn(ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
}

//create new RolePermissionMapping
RolePermissionMapping rolePermissionMapping = new RolePermissionMapping();
//add role to it
rolePermissionMapping.setRole(rolePermissionMappingArg.getRole());
//remove duplicate permissions
Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
List<String> combinedScopes = new ArrayList<>(scopesSet);
rolePermissionMapping.setPermissions(combinedScopes);
//add permission
roleScopeMappingList.add(rolePermissionMapping);
adminConf.getDynamic().getRolePermissionMapping().addAll(roleScopeMappingList);

entryManager.merge(adminConf);
return adminConf.getDynamic().getRolePermissionMapping();
} catch (ApplicationException e) {
log.error(e.getMessage());
throw e;
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
}
}

public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
Expand Down Expand Up @@ -245,8 +293,8 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
}

//remove duplicate permissions
Set<String> scopesSet = new LinkedHashSet<>(mappedPermissions);
scopesSet.addAll(rolePermissionMappingArg.getPermissions());
Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
//scopesSet.addAll(rolePermissionMappingArg.getPermissions());
List<String> combinedScopes = new ArrayList<>(scopesSet);

if (adminConf.getDynamic().getRolePermissionMapping()
Expand All @@ -263,7 +311,7 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
entryManager.merge(adminConf);
return adminConf.getDynamic().getRolePermissionMapping();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
log.error(e.getMessage());
throw e;
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
Expand All @@ -275,31 +323,12 @@ public List<RolePermissionMapping> removePermissionsFromRole(RolePermissionMappi
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
List<RolePermissionMapping> roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList());

if (roleScopeMapping == null || roleScopeMapping.isEmpty()) {
log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
}

Optional<RolePermissionMapping> rolePermissionMappingOptional = roleScopeMapping.stream().findFirst();

if (rolePermissionMappingOptional.isPresent()) {
List<String> permissions = rolePermissionMappingOptional.get().getPermissions();
permissions.removeIf(ele -> rolePermissionMappingArg.getPermissions().contains(ele));

adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList()).forEach(ele -> ele.setPermissions(permissions));

entryManager.merge(adminConf);
}
adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping);
entryManager.merge(adminConf);

return adminConf.getDynamic().getRolePermissionMapping();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
throw e;
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e);
throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public enum ErrorResponse {
PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."),
ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."),
ERROR_IN_DELETING_ROLE_PERMISSION("Error in deleting role-permission."),
ROLE_PERMISSION_MAPPING_PRESENT("Role permission mapping already present. Please use HTTP PUT request to modify mapping."),
GET_ADMIUI_ROLES_ERROR("Error in fetching Admin UI roles."),
SAVE_ADMIUI_ROLES_ERROR("Error in saving Admin UI roles."),
EDIT_ADMIUI_ROLES_ERROR("Error in editing Admin UI roles."),
Expand Down

0 comments on commit cc4bc91

Please sign in to comment.