+ ", user=" + user.getUserName());
throw new AmbariException("Ldap group mapping is enabled, " +
"roles for LDAP users should be managed on LDAP server");
}
UserEntity userEntity = userDAO.findByPK(user.getUserId());
if (userEntity == null) {
throw new AmbariException("User " + user + " doesn't exist");
}
RoleEntity roleEntity = roleDAO.findByName(role);
if (roleEntity == null) {
throw new AmbariException("Role " + role + " doesn't exist");
}
if (role.equals(getAdminRole())){
if (!isUserCanBeRemoved(userEntity)){
throw new AmbariException("Could not remove admin role from user " + userEntity.getUserName() +
". System should have at least one user with administrator role.");
}
}
if (userEntity.getRoleEntities().contains(roleEntity)) {
userEntity.getRoleEntities().remove(roleEntity);
roleEntity.getUserEntities().remove(userEntity);
userDAO.merge(userEntity);
roleDAO.merge(roleEntity);
} else {
throw new AmbariException("User " + user + " doesn't own role " + role);