Skip to content
Snippets Groups Projects
Commit 044e1724 authored by juanf's avatar juanf
Browse files

CCS-75 / SP-1100: Design a maintenance task to revoke user access privileges.... 

CCS-75 / SP-1100: Design a maintenance task to revoke user access privileges. Fix to not revoke the ETL_SERVER

SVN: 30429
parent 787e2463
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
openbis/source/java/ch/systemsx/cisd/openbis/generic/server/task/RevokeUserAccessMaintenanceTask.java
+ 17
3
View file @ 044e1724
...@@ -33,7 +33,9 @@ import ch.systemsx.cisd.common.logging.LogFactory; ...@@ -33,7 +33,9 @@ import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.common.maintenance.IMaintenanceTask; import ch.systemsx.cisd.common.maintenance.IMaintenanceTask;
import ch.systemsx.cisd.openbis.generic.server.CommonServiceProvider; import ch.systemsx.cisd.openbis.generic.server.CommonServiceProvider;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IPersonDAO; import ch.systemsx.cisd.openbis.generic.server.dataaccess.IPersonDAO;
import ch.systemsx.cisd.openbis.generic.server.dataaccess.IRoleAssignmentDAO;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE; import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
/** /**
* {@link IMaintenanceTask} to revoke access to delete LDAP users. * {@link IMaintenanceTask} to revoke access to delete LDAP users.
...@@ -70,20 +72,30 @@ public class RevokeUserAccessMaintenanceTask implements IMaintenanceTask { ...@@ -70,20 +72,30 @@ public class RevokeUserAccessMaintenanceTask implements IMaintenanceTask {
@Override @Override
public void execute() { public void execute() {
operationLog.info("execution started"); operationLog.info("execution started");
// 1. Grab all users // 1. Grab all users
IPersonDAO personDAO = CommonServiceProvider.getDAOFactory() IPersonDAO personDAO = CommonServiceProvider.getDAOFactory()
.getPersonDAO(); .getPersonDAO();
List<PersonPE> people = personDAO.listAllEntities(); IRoleAssignmentDAO rolesDAO = CommonServiceProvider.getDAOFactory()
.getRoleAssignmentDAO();
List<PersonPE> people = personDAO.listActivePersons();
// 2. Users to Revoke // 2. Users to Revoke
List<PersonPE> peopleToRevoke = new ArrayList<PersonPE>(); List<PersonPE> peopleToRevoke = new ArrayList<PersonPE>();
// 3. Check if the users exists on LDAP currently // 3. Check if the users exists on LDAP currently
for (PersonPE person : people) { personCheck: for (PersonPE person : people) {
if (false == person.isSystemUser() && person.isActive() if (false == person.isSystemUser() && person.isActive()
&& false == isUserAtLDAP(person.getUserId())) { && false == isUserAtLDAP(person.getUserId())) {
List<RoleAssignmentPE> roles = rolesDAO
.listRoleAssignmentsByPerson(person);
for (RoleAssignmentPE role : roles) {
if (role.getRole().name().equals("ETL_SERVER")) {
continue personCheck;
}
}
peopleToRevoke.add(person); peopleToRevoke.add(person);
} }
} }
...@@ -94,6 +106,8 @@ public class RevokeUserAccessMaintenanceTask implements IMaintenanceTask { ...@@ -94,6 +106,8 @@ public class RevokeUserAccessMaintenanceTask implements IMaintenanceTask {
String userIdToRevoke = person.getUserId(); String userIdToRevoke = person.getUserId();
person.setUserId(person.getUserId() + "-" + getTimeStamp()); person.setUserId(person.getUserId() + "-" + getTimeStamp());
person.setActive(false); person.setActive(false);
operationLog.info("person " + userIdToRevoke
+ " is going to be revoked.");
personDAO.updatePerson(person); personDAO.updatePerson(person);
operationLog operationLog
.info("person " + userIdToRevoke + " has been revoked."); .info("person " + userIdToRevoke + " has been revoked.");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment