List implied roles as well, in user management API

author: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-04-12 16:06:05 +0200
committer: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-04-12 16:06:05 +0200
commit: 7a28b60d0a1e58d29dbd6b27e30d2f00b6629324 (patch)
tree: 06dbd96acfe927e8014275dc8c885f8992d50679 /controller-server
parent: 7a06c6d1e16105bea33718b02157518e3926ed4b (diff)
1 files changed, 11 insertions, 4 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
index f5532a964fd..dd9f6c42df6 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
@@ -26,6 +26,7 @@ import com.yahoo.vespa.hosted.controller.restapi.application.EmptyJsonResponse;
 import com.yahoo.yolean.Exceptions;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -109,7 +110,9 @@ public class UserApiHandler extends LoggingRequestHandler {
         Slime slime = new Slime();
         Cursor root = slime.setObject();
         root.setString("tenant", tenantName);
-        fillRoles(root, roles.tenantRoles(TenantName.from(tenantName)));
+        fillRoles(root,
+                  roles.tenantRoles(TenantName.from(tenantName)),
+                  Collections.emptyList());
         return new SlimeJsonResponse(slime);
     }
 
@@ -118,17 +121,21 @@ public class UserApiHandler extends LoggingRequestHandler {
         Cursor root = slime.setObject();
         root.setString("tenant", tenantName);
         root.setString("application", applicationName);
-        fillRoles(root, roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName)));
+        fillRoles(root,
+                  roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName)),
+                  roles.tenantRoles(TenantName.from(tenantName)));
         return new SlimeJsonResponse(slime);
     }
 
-    private void fillRoles(Cursor root, List<? extends Role> roles) {
+    private void fillRoles(Cursor root, List<? extends Role> roles, List<? extends Role> superRoles) {
         Cursor rolesArray = root.setArray("roleNames");
         for (Role role : roles)
             rolesArray.addString(valueOf(role));
 
         Map<UserId, List<Role>> memberships = new HashMap<>();
-        for (Role role : roles)
+        List<Role> allRoles = new ArrayList<>(superRoles); // Membership in a super role may imply membership in a role.
+        allRoles.addAll(roles);
+        for (Role role : allRoles)
             for (UserId user : users.listUsers(role)) {
                 memberships.putIfAbsent(user, new ArrayList<>());
                 memberships.get(user).add(role);
author	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-04-12 16:06:05 +0200
committer	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-04-12 16:06:05 +0200
commit	7a28b60d0a1e58d29dbd6b27e30d2f00b6629324 (patch)
tree	06dbd96acfe927e8014275dc8c885f8992d50679 /controller-server
parent	7a06c6d1e16105bea33718b02157518e3926ed4b (diff)