|
35 | 35 | import javax.ws.rs.core.Response; |
36 | 36 |
|
37 | 37 | import it.eng.knowage.security.ProductProfiler; |
| 38 | +import it.eng.spagobi.commons.dao.IRoleDAO; |
| 39 | +import it.eng.spagobi.utilities.exceptions.SpagoBIRuntimeException; |
38 | 40 | import org.apache.logging.log4j.LogManager; |
39 | 41 | import org.apache.logging.log4j.Logger; |
40 | 42 | import org.owasp.esapi.Encoder; |
@@ -278,7 +280,7 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO |
278 | 280 | usersDao = DAOFactory.getSbiUserDAO(); |
279 | 281 | boolean isAdmin = UserUtilities.userRequestDtoIsAdmin(requestDTO); |
280 | 282 |
|
281 | | - if (!userCanBeAdded(usersDao, isAdmin)) { |
| 283 | + if (isChangingRoles(isAdmin, id) && !userCanBeAdded(usersDao, isAdmin)) { |
282 | 284 | LOGGER.error("The limit for creating {} users has been reached.", isAdmin ? "admin " : "end "); |
283 | 285 | throw new SpagoBIServiceException("Update user", "The limit for creating " + (isAdmin ? "admin " : "end ") + "users has been reached."); |
284 | 286 | } |
@@ -384,8 +386,42 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO |
384 | 386 | } |
385 | 387 | } |
386 | 388 |
|
387 | | - |
388 | | - public boolean userCanBeAdded(ISbiUserDAO usersDao, boolean isAdmin) { |
| 389 | + private boolean isChangingRoles(boolean isAdmin, Integer userId) { |
| 390 | + ISbiUserDAO userDAO = DAOFactory.getSbiUserDAO(); |
| 391 | + IRoleDAO rolesDAO = DAOFactory.getRoleDAO(); |
| 392 | + List<SbiExtRoles> roles = userDAO.loadSbiUserRolesById(userId); |
| 393 | + |
| 394 | + if (isAdmin) { |
| 395 | + try { |
| 396 | + for (int i = 0; i < roles.size(); i++) { |
| 397 | + SbiExtRoles role = rolesDAO.loadSbiExtRoleById(roles.get(i).getExtRoleId()); |
| 398 | + if (UserUtilities.isRoleApplicable(role, true)) { |
| 399 | + return false; |
| 400 | + } |
| 401 | + } |
| 402 | + } catch (EMFUserError ue) { |
| 403 | + LOGGER.error("Impossible to get roles", ue); |
| 404 | + throw new SpagoBIRuntimeException("Impossible to get roles", ue); |
| 405 | + } |
| 406 | + return true; |
| 407 | + } else { |
| 408 | + try { |
| 409 | + for (int i = 0; i < roles.size(); i++) { |
| 410 | + SbiExtRoles role = rolesDAO.loadSbiExtRoleById(roles.get(i).getExtRoleId()); |
| 411 | + if (UserUtilities.isRoleApplicable(role, true)) { |
| 412 | + return true; |
| 413 | + } |
| 414 | + } |
| 415 | + } catch (EMFUserError ue) { |
| 416 | + LOGGER.error("Impossible to get roles", ue); |
| 417 | + throw new SpagoBIRuntimeException("Impossible to get roles", ue); |
| 418 | + } |
| 419 | + return false; |
| 420 | + } |
| 421 | + } |
| 422 | + |
| 423 | + |
| 424 | + public boolean userCanBeAdded(ISbiUserDAO usersDao, boolean isAdmin) { |
389 | 425 | List<SbiUser> usersToCheck = UserUtilities.getAlreadyCreatedUsers(usersDao, isAdmin); |
390 | 426 | return ProductProfiler.canAddAUser(usersToCheck.size(), isAdmin); |
391 | 427 | } |
|
0 commit comments