Package com.denimgroup.threadfix.webapp.controller

Source Code of com.denimgroup.threadfix.webapp.controller.AddUserController

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.webapp.controller;

import com.denimgroup.threadfix.data.entities.Role;
import com.denimgroup.threadfix.data.entities.User;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.remote.response.RestResponse;
import com.denimgroup.threadfix.service.enterprise.EnterpriseTest;
import com.denimgroup.threadfix.service.RoleService;
import com.denimgroup.threadfix.service.UserService;
import com.denimgroup.threadfix.webapp.config.FormRestResponse;
import com.denimgroup.threadfix.webapp.utils.MessageConstants;
import com.denimgroup.threadfix.webapp.validator.UserValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.List;

@Controller
@RequestMapping("/configuration/users/new")
@SessionAttributes("user")
@PreAuthorize("hasRole('ROLE_CAN_MANAGE_USERS')")
public class AddUserController {

  private UserService userService = null;
  private RoleService roleService = null;
  private boolean ldapPluginInstalled = false;
 
  private final SanitizedLogger log = new SanitizedLogger(AddUserController.class);

  @Autowired
  public AddUserController(
      UserService userService, RoleService roleService) {
    this.roleService = roleService;
    this.userService = userService;
    ldapPluginInstalled = EnterpriseTest.isEnterprise();
  }
 
  public AddUserController(){}

  @InitBinder
  public void setAllowedFields(WebDataBinder dataBinder) {
    if(ldapPluginInstalled && EnterpriseTest.isEnterprise()) {
      dataBinder.setAllowedFields("name", "globalRole.id", "unencryptedPassword",
          "passwordConfirm", "hasGlobalGroupAccess", "isLdapUser");
    } else if (ldapPluginInstalled) {
      dataBinder.setAllowedFields("name", "globalRole.id", "unencryptedPassword",
          "passwordConfirm", "isLdapUser");
    } else if (EnterpriseTest.isEnterprise()) {
      dataBinder.setAllowedFields("name", "globalRole.id", "unencryptedPassword",
          "passwordConfirm", "hasGlobalGroupAccess");
    } else {
      dataBinder.setAllowedFields("name", "globalRole.id", "unencryptedPassword",
          "passwordConfirm", "hasGlobalGroupAccess");
    }
  }

  @ModelAttribute
  public List<Role> populateRoles() {
    return roleService.loadAll();
  }

  @RequestMapping(method = RequestMethod.POST)
  public @ResponseBody RestResponse<User> processNew(@Valid @ModelAttribute User user, BindingResult result) {
    new UserValidator(roleService).validate(user, result);
    if (result.hasErrors()) {
            return FormRestResponse.failure("Errors", result);
    } else {
      User databaseUser = userService.loadUser(user.getName().trim());
      if (databaseUser != null) {
        result.rejectValue("name", MessageConstants.ERROR_NAMETAKEN);
                return FormRestResponse.failure("Errors", result);
      }

            user.setId(null);
      Integer id = userService.createUser(user);
     
      String currentUser = SecurityContextHolder.getContext().getAuthentication().getName();
      log.debug(currentUser + " has created a new User with the name " + user.getName() +
                    ", the ID " + user.getId());
      return RestResponse.success(userService.loadUser(id));
    }
  }
}
TOP

Related Classes of com.denimgroup.threadfix.webapp.controller.AddUserController

  • com.denimgroup.threadfix.data.entities.User
  • com.denimgroup.threadfix.webapp.validator.UserValidator
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.