/* * MIT License * * Copyright (c) 2020-present Cloudogu GmbH and Contributors * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ package sonia.scm.user; import com.github.sdorra.ssp.PermissionActionCheck; import com.google.inject.Inject; import com.google.inject.Singleton; import org.apache.shiro.SecurityUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import sonia.scm.ContextEntry; import sonia.scm.EagerSingleton; import sonia.scm.HandlerEventType; import sonia.scm.ManagerDaoAdapter; import sonia.scm.NotFoundException; import sonia.scm.SCMContextProvider; import sonia.scm.TransformFilter; import sonia.scm.search.SearchRequest; import sonia.scm.search.SearchUtil; import sonia.scm.security.Authentications; import sonia.scm.util.CollectionAppender; import sonia.scm.util.Util; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Comparator; import java.util.List; import java.util.function.Predicate; /** * * @author Sebastian Sdorra */ @Singleton @EagerSingleton public class DefaultUserManager extends AbstractUserManager { /** Field description */ public static final String STORE_NAME = "users"; /** the logger for XmlUserManager */ private static final Logger logger = LoggerFactory.getLogger(DefaultUserManager.class); //~--- constructors --------------------------------------------------------- /** * Constructs ... * * @param userDAO */ @Inject public DefaultUserManager(UserDAO userDAO) { this.userDAO = userDAO; this.managerDaoAdapter = new ManagerDaoAdapter<>(userDAO); } //~--- methods -------------------------------------------------------------- /** * Method description * * * @throws IOException */ @Override public void close() throws IOException { // do nothing } /** * Method description * * * @param username * * @return */ @Override public boolean contains(String username) { return userDAO.contains(username); } /** * Method description * * * @param user * * @throws IOException */ @Override public User create(User user) { String type = user.getType(); if (Util.isEmpty(type)) { user.setType(userDAO.getType()); } logger.info("create user {} of type {}", user.getName(), user.getType()); return managerDaoAdapter.create( user, UserPermissions::create, newUser -> fireEvent(HandlerEventType.BEFORE_CREATE, newUser), newUser -> fireEvent(HandlerEventType.CREATE, newUser) ); } @Override public void delete(User user) { logger.info("delete user {} of type {}", user.getName(), user.getType()); managerDaoAdapter.delete( user, () -> UserPermissions.delete(user.getName()), toDelete -> fireEvent(HandlerEventType.BEFORE_DELETE, toDelete), toDelete -> fireEvent(HandlerEventType.DELETE, toDelete) ); } /** * Method description * * * @param context */ @Override public void init(SCMContextProvider context) { } /** * Method description * * * @param user * * @throws IOException */ @Override public void modify(User user) { logger.info("modify user {} of type {}", user.getName(), user.getType()); managerDaoAdapter.modify( user, UserPermissions::modify, notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified), notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified)); } /** * Method description * * * @param user * * @throws IOException */ @Override public void refresh(User user) { if (logger.isInfoEnabled()) { logger.info("refresh user {} of type {}", user.getName(), user.getType()); } UserPermissions.read(user).check(); User fresh = userDAO.get(user.getName()); if (fresh == null) { throw new NotFoundException(User.class, user.getName()); } fresh.copyProperties(user); } /** * Method description * * * @param searchRequest * * @return */ @Override public Collection search(final SearchRequest searchRequest) { if (logger.isDebugEnabled()) { logger.debug("search user with query {}", searchRequest.getQuery()); } final PermissionActionCheck check = UserPermissions.read(); return SearchUtil.search(searchRequest, userDAO.getAll(), new TransformFilter() { @Override public User accept(User user) { User result = null; if (check.isPermitted(user) && matches(searchRequest, user)) { result = user.clone(); } return result; } }); } private boolean matches(SearchRequest searchRequest, User user) { return SearchUtil.matchesOne(searchRequest, user.getName(), user.getDisplayName(), user.getMail()); } //~--- get methods ---------------------------------------------------------- /** * Method description * * * @param id * * @return */ @Override public User get(String id) { UserPermissions.read().check(id); User user = userDAO.get(id); if (user != null) { user = user.clone(); } return user; } /** * Method description * * * @return */ @Override public Collection getAll() { return getAll(user -> true, null); } /** * Method description * * * @param comparator * * @return */ @Override public Collection getAll(Predicate filter, Comparator comparator) { List users = new ArrayList<>(); PermissionActionCheck check = UserPermissions.read(); for (User user : userDAO.getAll()) { if (filter.test(user) && check.isPermitted(user)) { users.add(user.clone()); } } if (comparator != null) { Collections.sort(users, comparator); } return users; } /** * Method description * * * * @param comaparator * @param start * @param limit * * @return */ @Override public Collection getAll(Comparator comaparator, int start, int limit) { final PermissionActionCheck check = UserPermissions.read(); return Util.createSubCollection(userDAO.getAll(), comaparator, new CollectionAppender() { @Override public void append(Collection collection, User item) { if (check.isPermitted(item)) { collection.add(item.clone()); } } }, start, limit); } /** * Method description * * * @param start * @param limit * * @return */ @Override public Collection getAll(int start, int limit) { return getAll(null, start, limit); } /** * Method description * * * @return */ @Override public String getDefaultType() { return userDAO.getType(); } /** * Method description * * * @return */ @Override public Long getLastModified() { return userDAO.getLastModified(); } //~--- methods -------------------------------------------------------------- @Override public void changePasswordForLoggedInUser(String oldPassword, String newPassword) { User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal()); if (!isAnonymousUser(user) && !user.getPassword().equals(oldPassword)) { throw new InvalidPasswordException(ContextEntry.ContextBuilder.entity("PasswordChange", "-").in(User.class, user.getName())); } user.setPassword(newPassword); managerDaoAdapter.modify( user, UserPermissions::changePassword, notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified), notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified)); } @Override public void overwritePassword(String userId, String newPassword) { User user = get(userId); if (user == null) { throw new NotFoundException(User.class, userId); } if (isAnonymousUser(user)) { throw new ChangePasswordNotAllowedException(ContextEntry.ContextBuilder.entity("PasswordChange", "-").in(User.class, user.getName()), user.getType()); } user.setPassword(newPassword); this.modify(user); } private boolean isAnonymousUser(User user) { return Authentications.isSubjectAnonymous(user.getName()); } //~--- fields --------------------------------------------------------------- private final UserDAO userDAO; private final ManagerDaoAdapter managerDaoAdapter; }