diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-09 16:11:09 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-09 16:11:09 +0200 |
commit | ddd0811dca9dd176808af1d3794af90806bffd67 (patch) | |
tree | 33eac530cb567218fa69ef6a9699eea17a36eb04 /controller-server | |
parent | 8d7076665e8ad6294068ac543fdbc8185ec7a71c (diff) |
Guard against deleting last tenant owner
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java index e64ce004d6a..03ffdbb0208 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java @@ -17,6 +17,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.user.UserId; import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; import com.yahoo.vespa.hosted.controller.api.integration.user.UserRoles; import com.yahoo.vespa.hosted.controller.api.role.Role; +import com.yahoo.vespa.hosted.controller.api.role.RoleDefinition; import com.yahoo.vespa.hosted.controller.api.role.Roles; import com.yahoo.vespa.hosted.controller.restapi.ErrorResponse; import com.yahoo.vespa.hosted.controller.restapi.MessageResponse; @@ -150,36 +151,40 @@ public class UserApiHandler extends LoggingRequestHandler { private HttpResponse addTenantRoleMember(String tenantName, HttpRequest request) { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); - String user = require("user", Inspector::asString, requestObject); + UserId user = new UserId(require("user", Inspector::asString, requestObject)); Role role = roles.toRole(TenantName.from(tenantName), roleName); - users.addUsers(role, List.of(new UserId(user))); + users.addUsers(role, List.of(user)); return new MessageResponse(user + " is now a member of " + role); } private HttpResponse addApplicationRoleMember(String tenantName, String applicationName, HttpRequest request) { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); - String user = require("user", Inspector::asString, requestObject); + UserId user = new UserId(require("user", Inspector::asString, requestObject)); Role role = roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); - users.addUsers(role, List.of(new UserId(user))); + users.addUsers(role, List.of(user)); return new MessageResponse(user + " is now a member of " + role); } private HttpResponse removeTenantRoleMember(String tenantName, HttpRequest request) { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); - String user = require("user", Inspector::asString, requestObject); + UserId user = new UserId(require("user", Inspector::asString, requestObject)); Role role = roles.toRole(TenantName.from(tenantName), roleName); - users.removeUsers(role, List.of(new UserId(user))); + if ( role.definition() == RoleDefinition.tenantOwner + && users.listUsers(role).equals(List.of(user))) + throw new IllegalArgumentException("Can't remove the last owner of a tenant."); + + users.removeUsers(role, List.of(user)); return new MessageResponse(user + " is no longer a member of " + role); } private HttpResponse removeApplicationRoleMember(String tenantName, String applicationName, HttpRequest request) { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); - String user = require("user", Inspector::asString, requestObject); + UserId user = new UserId(require("user", Inspector::asString, requestObject)); Role role = roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); - users.removeUsers(role, List.of(new UserId(user))); + users.removeUsers(role, List.of(user)); return new MessageResponse(user + " is no longer a member of " + role); } |