Skip to content

Commit c15b4ef

Browse files
committed
[KNOWAGE-9310] add check on role changes while updating a user
1 parent 42c8c19 commit c15b4ef

2 files changed

Lines changed: 40 additions & 4 deletions

File tree

knowage-core/src/main/java/it/eng/spagobi/api/v2/UserResource.java

Lines changed: 39 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@
3535
import javax.ws.rs.core.Response;
3636

3737
import it.eng.knowage.security.ProductProfiler;
38+
import it.eng.spagobi.commons.dao.IRoleDAO;
39+
import it.eng.spagobi.utilities.exceptions.SpagoBIRuntimeException;
3840
import org.apache.logging.log4j.LogManager;
3941
import org.apache.logging.log4j.Logger;
4042
import org.owasp.esapi.Encoder;
@@ -278,7 +280,7 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO
278280
usersDao = DAOFactory.getSbiUserDAO();
279281
boolean isAdmin = UserUtilities.userRequestDtoIsAdmin(requestDTO);
280282

281-
if (!userCanBeAdded(usersDao, isAdmin)) {
283+
if (isChangingRoles(isAdmin, id) && !userCanBeAdded(usersDao, isAdmin)) {
282284
LOGGER.error("The limit for creating {} users has been reached.", isAdmin ? "admin " : "end ");
283285
throw new SpagoBIServiceException("Update user", "The limit for creating " + (isAdmin ? "admin " : "end ") + "users has been reached.");
284286
}
@@ -384,8 +386,42 @@ public Response updateUser(@PathParam("id") Integer id, @Valid UserBO requestDTO
384386
}
385387
}
386388

387-
388-
public boolean userCanBeAdded(ISbiUserDAO usersDao, boolean isAdmin) {
389+
private boolean isChangingRoles(boolean isAdmin, Integer userId) {
390+
ISbiUserDAO userDAO = DAOFactory.getSbiUserDAO();
391+
IRoleDAO rolesDAO = DAOFactory.getRoleDAO();
392+
List<SbiExtRoles> roles = userDAO.loadSbiUserRolesById(userId);
393+
394+
if (isAdmin) {
395+
try {
396+
for (int i = 0; i < roles.size(); i++) {
397+
SbiExtRoles role = rolesDAO.loadSbiExtRoleById(roles.get(i).getExtRoleId());
398+
if (UserUtilities.isRoleApplicable(role, true)) {
399+
return false;
400+
}
401+
}
402+
} catch (EMFUserError ue) {
403+
LOGGER.error("Impossible to get roles", ue);
404+
throw new SpagoBIRuntimeException("Impossible to get roles", ue);
405+
}
406+
return true;
407+
} else {
408+
try {
409+
for (int i = 0; i < roles.size(); i++) {
410+
SbiExtRoles role = rolesDAO.loadSbiExtRoleById(roles.get(i).getExtRoleId());
411+
if (UserUtilities.isRoleApplicable(role, true)) {
412+
return true;
413+
}
414+
}
415+
} catch (EMFUserError ue) {
416+
LOGGER.error("Impossible to get roles", ue);
417+
throw new SpagoBIRuntimeException("Impossible to get roles", ue);
418+
}
419+
return false;
420+
}
421+
}
422+
423+
424+
public boolean userCanBeAdded(ISbiUserDAO usersDao, boolean isAdmin) {
389425
List<SbiUser> usersToCheck = UserUtilities.getAlreadyCreatedUsers(usersDao, isAdmin);
390426
return ProductProfiler.canAddAUser(usersToCheck.size(), isAdmin);
391427
}

knowagedao/src/main/java/it/eng/spagobi/commons/utilities/UserUtilities.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1398,7 +1398,7 @@ public static boolean isRoleApplicable(SbiExtRoles role, boolean checkAdmin) {
13981398
}
13991399

14001400

1401-
private UserUtilities() {
1401+
private UserUtilities() {
14021402
}
14031403

14041404
}

0 commit comments

Comments
 (0)