diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-09 10:49:15 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-09 13:05:40 +0200 |
commit | da4075c09aae9078d82b3f9ec67bdf8443e17d53 (patch) | |
tree | d35ea837402b9772d366023126280834ccf33df1 /controller-server | |
parent | 22705c2b18720f92342e485600ebd32ff734508d (diff) |
Change user api response to be member-centric, with details about each membership
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java index 95cc81cd720..e64ce004d6a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java @@ -16,17 +16,18 @@ import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.controller.api.integration.user.UserId; import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; import com.yahoo.vespa.hosted.controller.api.integration.user.UserRoles; -import com.yahoo.vespa.hosted.controller.api.role.ApplicationRole; import com.yahoo.vespa.hosted.controller.api.role.Role; import com.yahoo.vespa.hosted.controller.api.role.Roles; -import com.yahoo.vespa.hosted.controller.api.role.TenantRole; import com.yahoo.vespa.hosted.controller.restapi.ErrorResponse; import com.yahoo.vespa.hosted.controller.restapi.MessageResponse; import com.yahoo.vespa.hosted.controller.restapi.SlimeJsonResponse; import com.yahoo.vespa.hosted.controller.restapi.application.EmptyJsonResponse; import com.yahoo.yolean.Exceptions; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.function.Function; import java.util.logging.Level; import java.util.logging.Logger; @@ -108,14 +109,7 @@ public class UserApiHandler extends LoggingRequestHandler { Slime slime = new Slime(); Cursor root = slime.setObject(); root.setString("tenant", tenantName); - Cursor rolesArray = root.setArray("roles"); - for (TenantRole role : roles.tenantRoles(TenantName.from(tenantName))) { - Cursor roleObject = rolesArray.addObject(); - roleObject.setString("name", role.definition().name()); - Cursor membersArray = roleObject.setArray("members"); - for (UserId user : users.listUsers(role)) - membersArray.addString(user.value()); - } + fillRoles(root, roles.tenantRoles(TenantName.from(tenantName))); return new SlimeJsonResponse(slime); } @@ -124,17 +118,35 @@ public class UserApiHandler extends LoggingRequestHandler { Cursor root = slime.setObject(); root.setString("tenant", tenantName); root.setString("application", applicationName); - Cursor rolesArray = root.setArray("roles"); - for (ApplicationRole role : roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName))) { - Cursor roleObject = rolesArray.addObject(); - roleObject.setString("name", role.definition().name()); - Cursor membersArray = roleObject.setArray("members"); - for (UserId user : users.listUsers(role)) - membersArray.addString(user.value()); - } + fillRoles(root, roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName))); return new SlimeJsonResponse(slime); } + private void fillRoles(Cursor root, List<? extends Role> roles) { + Cursor rolesArray = root.setArray("roleNames"); + for (Role role : roles) + rolesArray.addString(valueOf(role)); + + Map<UserId, List<Role>> memberships = new HashMap<>(); + for (Role role : roles) + for (UserId user : users.listUsers(role)) { + memberships.putIfAbsent(user, new ArrayList<>()); + memberships.get(user).add(role); + } + + Cursor usersArray = root.setArray("users"); + memberships.forEach((user, userRoles) -> { + Cursor userObject = usersArray.addObject(); + userObject.setString("name", user.value()); + Cursor rolesObject = userObject.setObject("roles"); + for (Role role : roles) { + Cursor roleObject = rolesObject.setObject(valueOf(role)); + roleObject.setBool("explicit", userRoles.contains(role)); + roleObject.setBool("implied", userRoles.stream().anyMatch(userRole -> userRole.implies(role))); + } + }); + } + private HttpResponse addTenantRoleMember(String tenantName, HttpRequest request) { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); @@ -180,4 +192,17 @@ public class UserApiHandler extends LoggingRequestHandler { return mapper.apply(object.field(name)); } + private static String valueOf(Role role) { + switch (role.definition()) { + case tenantOwner: return "tenantOwner"; + case tenantAdmin: return "tenantAdmin"; + case tenantOperator: return "tenantOperator"; + case applicationAdmin: return "applicationAdmin"; + case applicationOperator: return "applicationOperator"; + case applicationDeveloper: return "applicationDeveloper"; + case applicationReader: return "applicationReader"; + default: throw new IllegalArgumentException("Unexpected role type '" + role.definition() + "'."); + } + } + } |