X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=opendaylight%2Fweb%2Froot%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fweb%2FDaylightWebAdmin.java;h=4c8a6b8439f2b18482a848605e1f5e234a27f8cd;hb=03abf047ba966c53f4901d36ae5198156d66dc05;hp=8c6e23f9d3c5b3243e9f842c2739ee67a78319ac;hpb=00a1c2a7297e0d9e00e453c2e8b52471d01dc4c7;p=controller.git diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java index 8c6e23f9d3..4c8a6b8439 100644 --- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java +++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java @@ -143,17 +143,22 @@ public class DaylightWebAdmin { return gson.toJson(result); } - @RequestMapping("/users") + @RequestMapping(value = "/users", method = RequestMethod.GET) @ResponseBody - public List getUsers() { + public List getUsers() { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { return null; } - List userConfList = userManager.getLocalUserList(); + List result = new ArrayList(); + List configs = userManager.getLocalUserList(); + for (UserConfig config : configs) { + UserBean bean = new UserBean(config); + result.add(bean); + } - return userConfList; + return result; } /* @@ -161,16 +166,16 @@ public class DaylightWebAdmin { */ @RequestMapping(value = "/users", method = RequestMethod.POST) @ResponseBody - public String saveLocalUserConfig(@RequestParam(required = true) String json, + public Status saveLocalUserConfig(@RequestParam(required = true) String json, @RequestParam(required = true) String action, HttpServletRequest request) { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return "Internal Error"; + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return "Operation not permitted"; + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } Gson gson = new Gson(); @@ -180,46 +185,87 @@ public class DaylightWebAdmin { Status result = (action.equals("add")) ? userManager.addLocalUser(config) : userManager.removeLocalUser(config); if (result.isSuccess()) { - String userAction = (action.equals("add")) ? "added" : "removed"; if (action.equals("add")) { - String userRoles = ""; - for (String userRole : config.getRoles()) { - userRoles = userRoles + userRole + ","; - } - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser() - + " as " + userRoles.substring(0, userRoles.length() - 1)); + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "added", config.getUser() + + " as " + config.getRoles().toString()); } else { - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser()); + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", config.getUser()); + } + } + return result; + } + + @RequestMapping(value = "/user/modify", method = RequestMethod.POST) + @ResponseBody + public Status modifyUser(@RequestParam(required = true) String json, + @RequestParam(required = true) String action, HttpServletRequest request) { + + IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); + if (userManager == null) { + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); + } + + if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); + } + + UserConfig newConfig = gson.fromJson(json, UserConfig.class); + List currentUserConfig = userManager.getLocalUserList(); + String password = null; + String user = newConfig.getUser(); + for (UserConfig userConfig : currentUserConfig) { + if(userConfig.getUser().equals(user)){ + password = userConfig.getPassword(); + break; } - return "Success"; } - return result.getDescription(); + if (password == null) { + String msg = String.format("User %s not found in configuration database", user); + return new Status(StatusCode.NOTFOUND, msg); + } + + //While modifying a user role, the password is not provided from GUI for any user. + //The password is stored in hash mode, hence it cannot be retrieved and added to UserConfig object + //The hashed password is injected below to the json string containing username and new roles before + //converting to UserConfig object. + json = json.replace("\"roles\"", "\"password\":\""+ password + "\",\"roles\""); + Gson gson = new Gson(); + newConfig = gson.fromJson(json, UserConfig.class); + + Status result = userManager.modifyLocalUser(newConfig); + if (result.isSuccess()) { + DaylightWebUtil.auditlog("Roles of", request.getUserPrincipal().getName(), "updated", newConfig.getUser() + + " to " + newConfig.getRoles().toString()); + } + return result; } + @RequestMapping(value = "/users/{username}", method = RequestMethod.POST) @ResponseBody - public String removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) { + public Status removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) { - String username = request.getUserPrincipal().getName(); - if (username.equals(userName)) { - return "Invalid Request: User cannot delete itself"; + String loggedInUser = request.getUserPrincipal().getName(); + if (loggedInUser.equals(userName)) { + String msg = "Invalid Request: User cannot delete itself"; + return new Status(StatusCode.NOTALLOWED, msg); } IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return "Internal Error"; + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return "Operation not permitted"; + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } - Status result = userManager.removeLocalUser(userName); - if (result.isSuccess()) { + Status status = userManager.removeLocalUser(userName); + if (status.isSuccess()) { DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", userName); - return "Success"; + return status; } - return result.getDescription(); + return status; } @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST) @@ -280,7 +326,7 @@ public class DaylightWebAdmin { } if (status.isSuccess()) { - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), " changed password for User ", + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username); } return status;