1818package it .eng .spagobi .api .v2 ;
1919
2020import java .net .URI ;
21- import java .util .ArrayList ;
22- import java .util .HashMap ;
23- import java .util .HashSet ;
24- import java .util .List ;
25- import java .util .Locale ;
21+ import java .util .*;
2622import java .util .Map .Entry ;
27- import java .util .Set ;
2823
2924import javax .validation .Valid ;
3025import javax .ws .rs .Consumes ;
3934import javax .ws .rs .core .MediaType ;
4035import javax .ws .rs .core .Response ;
4136
37+ import it .eng .knowage .security .ProductProfiler ;
38+ import it .eng .spagobi .commons .dao .IRoleDAO ;
4239import org .apache .logging .log4j .LogManager ;
4340import org .apache .logging .log4j .Logger ;
4441import org .owasp .esapi .Encoder ;
7673public class UserResource extends AbstractSpagoBIResource {
7774
7875 private static final Logger LOGGER = LogManager .getLogger (UserResource .class );
76+ private static final String [] ADMIN_ROLES = { "admin" , "dev_role" , "model_admin" };
77+ private static final String [] USER_ROLES = { "user" , "test_role" };
7978 private static final String CHARSET = "; charset=UTF-8" ;
8079
8180 @ GET
@@ -172,15 +171,20 @@ public Response insertUser(@Valid UserBO requestDTO) {
172171 MessageBuilder msgBuilder = new MessageBuilder ();
173172 Locale locale = msgBuilder .getLocale (request );
174173
175- ISbiUserDAO usersDao = null ;
176-
177174 String userId = requestDTO .getUserId ();
178175 if (userId .startsWith (PublicProfile .PUBLIC_USER_PREFIX )) {
179176 LOGGER .error ("public is reserved prefix for user id" );
180177 throw new SpagoBIServiceException ("SPAGOBI_SERVICE" , "public_ is a reserved prefix for user name" , null );
181178 }
179+ ISbiUserDAO usersDao = DAOFactory .getSbiUserDAO ();
180+
181+ boolean isAdmin = userRequestDtoIsAdmin (requestDTO );
182+
183+ if (!userCanBeAdded (requestDTO , usersDao , isAdmin )) {
184+ LOGGER .error ("The limit for creating {} users has been reached." , isAdmin ? "admin " : "end " );
185+ throw new SpagoBIServiceException ("Create user" , "The limit for creating " + (isAdmin ? "admin " : "end " ) + "users has been reached." );
186+ }
182187
183- usersDao = DAOFactory .getSbiUserDAO ();
184188 usersDao .setUserProfile (getUserProfile ());
185189 SbiUser existingUser = usersDao .loadSbiUserByUserId (userId );
186190 if (existingUser != null && userId .equals (existingUser .getUserId ())) {
@@ -234,14 +238,12 @@ public Response insertUser(@Valid UserBO requestDTO) {
234238 }
235239 }
236240
237- //if (password != null && password.length() > 0) {
238241 try {
239242 sbiUser .setPassword (Password .hashPassword (password ));
240243 } catch (Exception e ) {
241244 LOGGER .error ("Impossible to encrypt Password" , e );
242245 throw new SpagoBIServiceException ("SPAGOBI_SERVICE" , "Impossible to encrypt Password" , e );
243246 }
244- //}
245247
246248 try {
247249 Integer id = usersDao .fullSaveOrUpdateSbiUser (sbiUser );
@@ -254,6 +256,67 @@ public Response insertUser(@Valid UserBO requestDTO) {
254256 }
255257 }
256258
259+ private boolean userCanBeAdded (UserBO requestDTO , ISbiUserDAO usersDao , boolean isAdmin ) {
260+ List <SbiUser > dbUsers = usersDao .loadAllTenantsUsers ();
261+
262+ List <SbiUser > usersToCheck = filterUsersToCheck (dbUsers , isAdmin );
263+ return ProductProfiler .canAddAUser (usersToCheck .size (), isAdmin );
264+ }
265+
266+ private List <SbiUser > filterUsersToCheck (List <SbiUser > sbiUsers , boolean isAdmin ) {
267+ ISbiUserDAO usersDao = DAOFactory .getSbiUserDAO ();
268+ usersDao .setUserProfile (getUserProfile ());
269+
270+ return filterUsersWithRoles (sbiUsers , isAdmin , usersDao );
271+ }
272+
273+ private List <SbiUser > filterUsersWithRoles (List <SbiUser > sbiUsers , boolean isAdmin , ISbiUserDAO usersDao ) {
274+ return sbiUsers .stream ()
275+ .filter (user -> hasApplicableRoles (user , isAdmin , usersDao ))
276+ .toList ();
277+ }
278+
279+ private boolean hasApplicableRoles (SbiUser user , boolean isAdmin , ISbiUserDAO usersDao ) {
280+ try {
281+ ArrayList <SbiExtRoles > userRoles = usersDao .loadSbiUserRolesByIdAllTenants (user .getId ());
282+
283+ return userRoles .stream ()
284+ .anyMatch (role -> role != null && isRoleApplicable (role , isAdmin ));
285+ } catch (Exception e ) {
286+ LOGGER .error ("Error loading roles for user with id: {}" , user .getId (), e );
287+ return false ;
288+ }
289+ }
290+
291+
292+ private boolean userRequestDtoIsAdmin (@ Valid UserBO requestDTO ) {
293+ List <Integer > sbiExtUserRoleses = requestDTO .getSbiExtUserRoleses ();
294+ IRoleDAO rolesDao = DAOFactory .getRoleDAO ();
295+ List <SbiExtRoles > adminRoles = new ArrayList <>();
296+ if (sbiExtUserRoleses != null ) {
297+ for (Integer roleId : sbiExtUserRoleses ) {
298+ try {
299+ SbiExtRoles role = rolesDao .loadSbiExtRoleById (roleId );
300+ if (role != null && isRoleApplicable (role , true )) adminRoles .add (role );
301+ } catch (Exception e ) {
302+ LOGGER .error ("Error loading role with id: {}" , roleId , e );
303+ return false ;
304+ }
305+ }
306+ }
307+ return !adminRoles .isEmpty ();
308+ }
309+
310+ private static boolean isThereAMatchInRoleArray (SbiExtRoles role , String ... roles ) {
311+ return Arrays .stream (roles ).anyMatch (role .getRoleTypeCode ()::equalsIgnoreCase );
312+ }
313+
314+ private static boolean isRoleApplicable (SbiExtRoles role , boolean checkAdmin ) {
315+ if (checkAdmin ) return isThereAMatchInRoleArray (role , ADMIN_ROLES );
316+
317+ return isThereAMatchInRoleArray (role , USER_ROLES ) && !isThereAMatchInRoleArray (role , ADMIN_ROLES );
318+ }
319+
257320 @ PUT
258321 @ Path ("/{id}" )
259322 @ UserConstraint (functionalities = { CommunityFunctionalityConstants .PROFILE_MANAGEMENT ,
@@ -274,6 +337,14 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO
274337 throw new SpagoBIServiceException ("SPAGOBI_SERVICE" , "public_ is a reserved prefix for user name" , null );
275338 }
276339
340+ usersDao = DAOFactory .getSbiUserDAO ();
341+ boolean isAdmin = userRequestDtoIsAdmin (requestDTO );
342+
343+ if (!userCanBeAdded (requestDTO , usersDao , isAdmin )) {
344+ LOGGER .error ("The limit for creating {} users has been reached." , isAdmin ? "admin " : "end " );
345+ throw new SpagoBIServiceException ("Update user" , "The limit for creating " + (isAdmin ? "admin " : "end " ) + "users has been reached." );
346+ }
347+
277348 SbiUser sbiUser = new SbiUser ();
278349 sbiUser .changeId (id );
279350 sbiUser .setUserId (requestDTO .getUserId ());
@@ -300,7 +371,6 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO
300371 ISbiAttributeDAO objDao = null ;
301372
302373 try {
303- usersDao = DAOFactory .getSbiUserDAO ();
304374 usersDao .setUserProfile (getUserProfile ());
305375 sbiUserOriginal = usersDao .loadSbiUserById (sbiUser .getId ());
306376 objDao = DAOFactory .getSbiAttributeDAO ();
0 commit comments