org.pentaho.platform.web.http.api.resources

Class UserRoleDaoResource

java.lang.Object

org.pentaho.platform.web.http.api.resources.AbstractJaxRSResource

org.pentaho.platform.web.http.api.resources.UserRoleDaoResource

public class UserRoleDaoResource
extends AbstractJaxRSResource

UserRoleDao manages Pentaho Security user and roles in the BA platform.

Field Summary

Fields inherited from class org.pentaho.platform.web.http.api.resources.AbstractJaxRSResource

TEXT_HTML

Constructor Summary

Constructors

Constructor and Description
UserRoleDaoResource()
UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, org.pentaho.platform.api.mt.ITenantManager tenantMgr, ArrayList<String> systemRoles, String adminRole)
UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, org.pentaho.platform.api.mt.ITenantManager tenantMgr, ArrayList<String> systemRoles, String adminRole, UserRoleDaoService service)

Method Summary

Methods

Modifier and Type	Method and Description
javax.ws.rs.core.Response	assignAllRolesToUser(String tenantPath, String userName) Associate all roles to the selected user
javax.ws.rs.core.Response	assignAllUsersToRole(String tenantPath, String roleName) Associates all user to a particular role
javax.ws.rs.core.Response	assignRolesToUser(String userName, String roleNames) Appends existing roles to an existing user passed to the system through query parameters.
javax.ws.rs.core.Response	assignUserToRole(String tenantPath, String userNames, String roleName) Associate list of users to the selected role
javax.ws.rs.core.Response	changeUserPassword(ChangePasswordUser user) Allows a user or any user that knows a users name and current password to change that users password.
javax.ws.rs.core.Response	createRole(String roleName) Creates a new role that that does not have any permissions assigned to it.
javax.ws.rs.core.Response	createUser(User user) Creates new user with the specified user name and password, this request is encapsulated inside a user object that has userName and password values.
javax.ws.rs.core.Response	deleteRoles(String roleNames) Delete role(s) from the platform.
javax.ws.rs.core.Response	deleteUsers(String userNames) Delete user(s) from the platform using a query parameter that takes a list of tab separated user names.
SystemRolesMap	getRoleBindingStruct(String locale) Retrieves the list of roles in the platform and the mapping for operation permissions, along with a list of operation permissions.
UserListWrapper	getRoleMembers(String roleName) Retrieves list of users for the selected role.
RoleListWrapper	getRoles() Returns the list of roles in the platform's repository.
RoleListWrapper	getRolesForUser(String user) Gets the roles for the given user.
UserListWrapper	getUsers() Returns the list of users in the platform's repository.
javax.ws.rs.core.Response	removeAllRolesFromUser(String tenantPath, String userName) Remove all roles from the selected user
javax.ws.rs.core.Response	removeAllUsersFromRole(String tenantPath, String roleName) Removes all users from a particular role
javax.ws.rs.core.Response	removeRolesFromUser(String userName, String roleNames) Removes selected roles from an existing user passed to the system through query parameters.
javax.ws.rs.core.Response	removeUserFromRole(String tenantPath, String userNames, String roleName) Remove user(s) from a particular role
javax.ws.rs.core.Response	setLogicalRoles(LogicalRoleAssignments roleAssignments) Associate a particular role to a list of physical permissions available in the system.
javax.ws.rs.core.Response	updatePassword(User user) This is an administrative tool, that allows an administator the ability to change any users password by passing in the username and the new password.

Methods inherited from class org.pentaho.platform.web.http.api.resources.AbstractJaxRSResource

setHttpHeaders

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserRoleDaoResource

public UserRoleDaoResource()

UserRoleDaoResource

public UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
                   org.pentaho.platform.api.mt.ITenantManager tenantMgr,
                   ArrayList<String> systemRoles,
                   String adminRole)

UserRoleDaoResource

public UserRoleDaoResource(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
                   org.pentaho.platform.api.mt.ITenantManager tenantMgr,
                   ArrayList<String> systemRoles,
                   String adminRole,
                   UserRoleDaoService service)

Method Detail

getUsers

public UserListWrapper getUsers()
                         throws javax.ws.rs.WebApplicationException

Returns the list of users in the platform's repository.

Example Request:
GET pentaho/api/userroledao/users

Returns:

List of users in the platform.

Example Response:

  
    suzy
    pat
    tiffany
    admin
  
 

Throws:

javax.ws.rs.WebApplicationException

getRolesForUser

public RoleListWrapper getRolesForUser(String user)
                                throws Exception

Gets the roles for the given user.

Example Request:
GET pentaho/api/userroledao/userRoles?userName=suzy

Parameters:

user - The username to get the roles for.

Returns:

List containing the roles for the given user.

Example Response:

     <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Power User</roles></roleList>
 

Throws:

Exception

getRoles

public RoleListWrapper getRoles()
                         throws Exception

Returns the list of roles in the platform's repository.

Example Request:
GET pentaho/api/userroledao/roles

Returns:

List of roles in the platform.

Example Response:

   <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Administrator</roles><roles>Power User</roles><roles>Report Author</roles><roles>Business Analyst</roles></roleList>>
 

Throws:

Exception

getRoleMembers

public UserListWrapper getRoleMembers(String roleName)
                               throws Exception

Retrieves list of users for the selected role. The role must be a valid role in the system. Must have administrative privileges to access this.

Example Request:
GET pentaho/api/userroledao/roleMembers?roleName=Power%20User

Parameters:

roleName - The role name to get the list of users associated with it.

Returns:

List of users for the selected role.

Example Response:

   <?xml version="1.0" encoding="UTF-8" standalone="yes"?><userList><users>suzy</users><users>admin</users></userList>
 

Throws:

Exception

assignRolesToUser

public javax.ws.rs.core.Response assignRolesToUser(String userName,
                                          String roleNames)

Appends existing roles to an existing user passed to the system through query parameters. If the user name exists but the role name is not valid (does not exist or is spelled incorrectly) the call will return 200 as the call itself is still successful. It was able to find the user and add no new roles to it. This prevents the call from failing in the instance of a set of valid roles, with a single invalid role. This endpoint is only available to users with administrative privileges.

Example Request:
PUT pentaho/api/userroledao/assignRoleToUser?userName=admin&roleNames=power%20user%09cto%09

Parameters:

userName - The username that the list of roles will be appended to

roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list

Returns:

Response object containing the status code of the operation

removeRolesFromUser

public javax.ws.rs.core.Response removeRolesFromUser(String userName,
                                            String roleNames)

Removes selected roles from an existing user passed to the system through query parameters. This endpoint is only available to users with administrative privileges.

Example Request:
PUT pentaho/api/userroledao/removeRoleFromUser?userName=admin&roleNames=Business%20User%09Power%20User%09

Parameters:

userName - The username that the list of roles will be removed from.

roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list.

Returns:

Response object containing the status code of the operation.

assignAllRolesToUser

public javax.ws.rs.core.Response assignAllRolesToUser(String tenantPath,
                                             String userName)

Associate all roles to the selected user

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

userName - (username)

Returns:

removeAllRolesFromUser

public javax.ws.rs.core.Response removeAllRolesFromUser(String tenantPath,
                                               String userName)

Remove all roles from the selected user

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

userName - (username)

Returns:

assignUserToRole

public javax.ws.rs.core.Response assignUserToRole(String tenantPath,
                                         String userNames,
                                         String roleName)

Associate list of users to the selected role

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

userNames - (list of tab (\t) separated user names

roleName - (role name)

Returns:

removeUserFromRole

public javax.ws.rs.core.Response removeUserFromRole(String tenantPath,
                                           String userNames,
                                           String roleName)

Remove user(s) from a particular role

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

userNames - (list of tab (\t) separated user names

roleName - (role name)

Returns:

assignAllUsersToRole

public javax.ws.rs.core.Response assignAllUsersToRole(String tenantPath,
                                             String roleName)

Associates all user to a particular role

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

roleName - (role name)

Returns:

removeAllUsersFromRole

public javax.ws.rs.core.Response removeAllUsersFromRole(String tenantPath,
                                               String roleName)

Removes all users from a particular role

Parameters:

tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)

roleName - (role name)

Returns:

createUser

public javax.ws.rs.core.Response createUser(User user)

Creates new user with the specified user name and password, this request is encapsulated inside a user object that has userName and password values. The user is created without any assigned roles, roles must be assigned separately. This endpoint is only accessible to an administrative user.

Example Request:
PUT pentaho/api/userroledao/createUser

 
   Joe
   password
 
 

Parameters:

user - A user is an object the system uses to pass along a userName and password in the format:

          
            Joe
            password
          
          

Returns:

Response object containing the status code of the operation

changeUserPassword

public javax.ws.rs.core.Response changeUserPassword(ChangePasswordUser user)

Allows a user or any user that knows a users name and current password to change that users password. The information is encapsulated in a ChangeUserPassword object that contains the fields: userName, newPassword, oldPassword.

Example Request:
PUT pentaho/api/userroledao/user

 
   Joe
   newPassword
   oldPassword
 
 

Parameters:

ChangePasswordUser - Encapsulates the fields required for a user to update their password. The object requires the name of the user whose password is being changed, the old password, and the new password. A ChangePasswordUser object can be constructed as follows: <

>
 
   Joe
   newPassword
   oldPassword
 
 

Returns:

Response object containing the status code of the operation

createRole

public javax.ws.rs.core.Response createRole(String roleName)

Creates a new role that that does not have any permissions assigned to it. Permissions must be assigned after creating the role. This endpoint is only usable by an administrative user.

Example Request:
PUT pentaho/api/userroledao/createRole?roleName=rName

Parameters:

roleName - Name of the new role to create in the system.

Returns:

Response containing the result of the operation.

deleteRoles

public javax.ws.rs.core.Response deleteRoles(String roleNames)

Delete role(s) from the platform. Must have administrative privileges.

Example Request:
PUT pentaho/api/userroledao/deleteRoles?roleNames=role1%09

Parameters:

roleNames - List of tab (\t) separated role names, must be valid roles.

Returns:

Response containing the result of the operation.

deleteUsers

public javax.ws.rs.core.Response deleteUsers(String userNames)

Delete user(s) from the platform using a query parameter that takes a list of tab separated user names.

Example Request:
PUT pentaho/api/userroledao/deleteUsers?userNames=user1%09user2%09

Parameters:

userNames - (List of tab (\t) separated user names)

Returns:

Response object containing the status code of the operation

updatePassword

public javax.ws.rs.core.Response updatePassword(User user)

This is an administrative tool, that allows an administator the ability to change any users password by passing in the username and the new password. The fields are encapsulated in a user object containing a userName and password.

Example Request:
PUT pentaho/api/userroledao/updatePassword

 
   Joe
   password
 
 

Parameters:

user - A user is an object the system uses to pass along a userName and password in the format:

          
            Joe
            password
          
          

Returns:

response object containing the status code of the operation

getRoleBindingStruct

public SystemRolesMap getRoleBindingStruct(String locale)

Retrieves the list of roles in the platform and the mapping for operation permissions, along with a list of operation permissions. The logical role name mapping is determined by the locale. If the locale is empty, the system will use the default locale of "en".

Example Request:
GET pentaho/api/userroledao/logicalRoleMap?locale=en

Parameters:

locale - The locale paramter is optional and determines the localized role name for a physical permission in the system roles map.

Returns:

A role mapping for the current system. Each assignment contains the immutable flag and roles for immutable assignments cannot be edited. This is useful for roles such as administrator, who should never lose the administrative priviledge. Logical roles in the assignment are the physical permissions currently mapped to the role. The role name is the name of the role that can be assigned to users. The system roles map also includes a list of all physical permissions in the system along with their localized role name. The localized role name is based on the local passed into the call, defaulting to "en". These are the physical permissions that can be used to create roles.

Example Response:

  <systemRolesMap>
  <assignments>
  <immutable>false</immutable>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <roleName>Power User</roleName>
  </assignments>
  <assignments>
  <immutable>true</immutable>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <logicalRoles>
    org.pentaho.platform.dataaccess.datasource.security.manage
  </logicalRoles>
  <logicalRoles>org.pentaho.repository.read</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.administerSecurity</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <roleName>Administrator</roleName>
  </assignments>
  <localizedRoleNames>
  <localizedName>Administer Security</localizedName>
  <roleName>org.pentaho.security.administerSecurity</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Schedule Content</localizedName>
  <roleName>org.pentaho.scheduler.manage</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Read Content</localizedName>
  <roleName>org.pentaho.repository.read</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Publish Content</localizedName>
  <roleName>org.pentaho.security.publish</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Create Content</localizedName>
  <roleName>org.pentaho.repository.create</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Execute</localizedName>
  <roleName>org.pentaho.repository.execute</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Manage Data Sources</localizedName>
  <roleName>
  org.pentaho.platform.dataaccess.datasource.security.manage
  </roleName>
  </localizedRoleNames>
  </systemRolesMap>
 

setLogicalRoles

public javax.ws.rs.core.Response setLogicalRoles(LogicalRoleAssignments roleAssignments)

Associate a particular role to a list of physical permissions available in the system. Setting the physical permissions to the roles is a way to add and delete permissions from the role. Any permissions the role had before that are not on this list will be deleted. Any permissions on this list that were not previously assigned will now be assigned.

Example Request:
PUT /pentaho/api/userroledao/roleAssignments

   <systemRolesMap>
   <assignments>
   <roleName>Report Author</roleName>
   <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
   <logicalRoles>org.pentaho.repository.read</logicalRoles>
   <logicalRoles>org.pentaho.security.publish</logicalRoles>
   <logicalRoles>org.pentaho.repository.create</logicalRoles>
   <logicalRoles>org.pentaho.repository.execute</logicalRoles>
   </assignments>
   </systemRolesMap>
 

Parameters:

roleAssignments - Built from the Request payload, an example of the role assignments exists in the example request.

Returns:

Response code determining the success of the operation.