Package org.pentaho.platform.web.http.api.resources

Class UserRoleDaoResource

  • public class UserRoleDaoResource
extends AbstractJaxRSResource
    UserRoleDao manages Pentaho Security user and roles in the BA platform.

    • Constructor Detail

      • UserRoleDaoResource

        public UserRoleDaoResource()

      • UserRoleDaoResource

        public UserRoleDaoResource​(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
                           org.pentaho.platform.api.mt.ITenantManager tenantMgr,
                           ArrayList<String> systemRoles,
                           String adminRole)

      • UserRoleDaoResource

        public UserRoleDaoResource​(org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
                           org.pentaho.platform.api.mt.ITenantManager tenantMgr,
                           ArrayList<String> systemRoles,
                           String adminRole,
                           UserRoleDaoService service)

    • Method Detail

      • createUser

        public javax.ws.rs.core.Response createUser​(User user)
        Creates a new user with the specified name and password. This request is encapsulated inside a user object that has userName and password values. The user is created without any assigned roles, roles must be assigned separately. This endpoint is only accessible to an administrative user.

        Example Request:
        PUT pentaho/api/userroledao/createUser 

         
   Luke
   password

        Parameters:
        user - A user is an object the system uses to pass along a userName and password in the format: 
                  
            Joe
            password
        Returns:
        Response object containing the status code of the operation

      • deleteUsers

        public javax.ws.rs.core.Response deleteUsers​(String userNames)
        Delete user(s) from the platform using a query parameter that takes a list of tab separated user names. This endpoint is only available to users with administrative privledges.

        Example Request:
        PUT pentaho/api/userroledao/deleteUsers?userNames=user1%09user2%09

        Parameters:
        userNames - (List of tab (\t) separated user names)
        Returns:
        Response object containing the status code of the operation

      • changeUserPassword

        public javax.ws.rs.core.Response changeUserPassword​(ChangePasswordUser user)
        Allows a user to change their password. The information is encapsulated in a ChangeUserPassword object that contains these fields: userName, newPassword, oldPassword.

        Example Request:
        PUT pentaho/api/userroledao/user 

         
   Luke
   newPassword
   oldPassword

        Parameters:
        user - Encapsulates the fields required for a user to update their password. The object requires the name of the user whose password is being changed, the old password, and the new password. A ChangePasswordUser object can be constructed as follows: <
        >
 
   Luke
   newPassword
   oldPassword
        Returns:
        Response object containing the status code of the operation

      • getUsers

        public UserListWrapper getUsers()
                         throws javax.ws.rs.WebApplicationException
        Returns the list of users in the platform's repository.

        Example Request:
        GET pentaho/api/userroledao/users

        Returns:
        List of users in the platform.

        Example Response: 

          
    suzy
    pat
    tiffany
    admin
        Throws:
        javax.ws.rs.WebApplicationException

      • getRolesForUser

        public RoleListWrapper getRolesForUser​(String user)
                                throws Exception
        Gets the roles for the given user.

        Example Request:
        GET pentaho/api/userroledao/userRoles?userName=suzy

        Parameters:
        user - The username to get the roles for.
        Returns:
        List containing the roles for the given user.

        Example Response:

             <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Power User</roles></roleList>
        Throws:
        Exception

      • assignRolesToUser

        public javax.ws.rs.core.Response assignRolesToUser​(String userName,
                                                   String roleNames)
        Appends existing roles to an existing user passed to the system through query parameters.
        If the user name exists but the role name is not valid, the call will return 200. This means that the call itself was successful and able to find the user, but added no new roles to it. This prevents the call from failing in the instance of a set of other valid roles, with a single invalid role among them. This endpoint is only available to users with administrative privileges.

        Example Request:
        PUT pentaho/api/userroledao/assignRoleToUser?userName=admin&roleNames=power%20user%09cto%09

        Parameters:
        userName - The username that the list of roles will be appended to
        roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list
        Returns:
        Response object containing the status code of the operation

      • removeRolesFromUser

        public javax.ws.rs.core.Response removeRolesFromUser​(String userName,
                                                     String roleNames)
        Removes selected roles from an existing user passed to the system through query parameters. This endpoint is only available to users with administrative privileges.

        Example Request:
        PUT pentaho/api/userroledao/removeRoleFromUser?userName=admin&roleNames=Business%20User%09Power%20User%09

        Parameters:
        userName - The username that the list of roles will be removed from.
        roleNames - Rolenames must be associated to existing roles in a tab (\t) separated list.
        Returns:
        Response object containing the status code of the operation.

      • createRole

        public javax.ws.rs.core.Response createRole​(String roleName)
        Creates a new role that that does not have any permissions assigned to it. Permissions must be assigned after creating the role. This endpoint is only usable by an administrative user.

        Example Request:
        PUT pentaho/api/userroledao/createRole?roleName=rName

        Parameters:
        roleName - Name of the new role to create in the system.
        Returns:
        Response containing the result of the operation.

      • deleteRoles

        public javax.ws.rs.core.Response deleteRoles​(String roleNames)
        Delete role(s) from the platform. This endpoint is only available to users with administrative privileges.

        Example Request:
        PUT pentaho/api/userroledao/deleteRoles?roleNames=role1%09

        Parameters:
        roleNames - List of tab (\t) separated role names, must be valid roles.
        Returns:
        Response containing the result of the operation.

      • getRoles

        public RoleListWrapper getRoles()
                         throws Exception
        Returns the list of roles in the platform's repository.

        Example Request:
        GET pentaho/api/userroledao/roles

        Returns:
        List of roles in the platform.

        Example Response:

           <?xml version="1.0" encoding="UTF-8" standalone="yes"?><roleList><roles>Administrator</roles><roles>Power User</roles><roles>Report Author</roles><roles>Business Analyst</roles></roleList>>
        Throws:
        Exception

      • getRoleMembers

        public UserListWrapper getRoleMembers​(String roleName)
                               throws Exception
        Retrieves list of users for the selected role. The role must be a valid role in the system. Must have administrative privileges to access this.

        Example Request:
        GET pentaho/api/userroledao/roleMembers?roleName=Power%20User

        Parameters:
        roleName - The role name to get the list of users associated with it.
        Returns:
        List of users for the selected role.

        Example Response:

           <?xml version="1.0" encoding="UTF-8" standalone="yes"?><userList><users>suzy</users><users>admin</users></userList>
        Throws:
        Exception

      • setLogicalRoles

        public javax.ws.rs.core.Response setLogicalRoles​(LogicalRoleAssignments roleAssignments)
        Associate a particular role to a list of physical permissions available in the system. Setting the physical permissions to the roles is a way to add and delete permissions from the role. Any permissions the role had before that are not on this list will be deleted. Any permissions on this list that were not previously assigned will now be assigned.

        Example Request:
        PUT /pentaho/api/userroledao/roleAssignments 

           <systemRolesMap>
   <assignments>
   <roleName>Report Author</roleName>
   <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
   <logicalRoles>org.pentaho.repository.read</logicalRoles>
   <logicalRoles>org.pentaho.security.publish</logicalRoles>
   <logicalRoles>org.pentaho.repository.create</logicalRoles>
   <logicalRoles>org.pentaho.repository.execute</logicalRoles>
   </assignments>
   </systemRolesMap>
        Parameters:
        roleAssignments - Built from the Request payload, an example of the role assignments exists in the example request.
        Returns:
        Response code determining the success of the operation.

      • getRoleBindingStruct

        public SystemRolesMap getRoleBindingStruct​(String locale)
        Retrieves the list of roles in the platform and the mapping for operation permissions, along with a list of operation permissions. The logical role name mapping is determined by the locale. If the locale is empty, the system will use the default locale of "en".

        Example Request:
        GET pentaho/api/userroledao/logicalRoleMap?locale=en

        Parameters:
        locale - The locale paramter is optional and determines the localized role name for a physical permission in the system roles map.
        Returns:
        A role mapping for the current system. Each assignment contains the immutable flag and roles for immutable assignments cannot be edited. This is useful for roles such as administrator, who should never lose the administrative privilege. Logical roles in the assignment are the physical permissions currently mapped to the role. The role name is the name of the role that can be assigned to users. The system roles map also includes a list of all physical permissions in the system along with their localized role name. The localized role name is based on the locale passed into the call, defaulting to "en". These are the physical permissions that can be used to create roles.

        Example Response:

          <systemRolesMap>
  <assignments>
  <immutable>false</immutable>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <roleName>Power User</roleName>
  </assignments>
  <assignments>
  <immutable>true</immutable>
  <logicalRoles>org.pentaho.repository.execute</logicalRoles>
  <logicalRoles>
    org.pentaho.platform.dataaccess.datasource.security.manage
  </logicalRoles>
  <logicalRoles>org.pentaho.repository.read</logicalRoles>
  <logicalRoles>org.pentaho.repository.create</logicalRoles>
  <logicalRoles>org.pentaho.scheduler.manage</logicalRoles>
  <logicalRoles>org.pentaho.security.administerSecurity</logicalRoles>
  <logicalRoles>org.pentaho.security.publish</logicalRoles>
  <roleName>Administrator</roleName>
  </assignments>
  <localizedRoleNames>
  <localizedName>Administer Security</localizedName>
  <roleName>org.pentaho.security.administerSecurity</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Schedule Content</localizedName>
  <roleName>org.pentaho.scheduler.manage</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Read Content</localizedName>
  <roleName>org.pentaho.repository.read</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Publish Content</localizedName>
  <roleName>org.pentaho.security.publish</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Create Content</localizedName>
  <roleName>org.pentaho.repository.create</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Execute</localizedName>
  <roleName>org.pentaho.repository.execute</roleName>
  </localizedRoleNames>
  <localizedRoleNames>
  <localizedName>Manage Data Sources</localizedName>
  <roleName>
  org.pentaho.platform.dataaccess.datasource.security.manage
  </roleName>
  </localizedRoleNames>
  </systemRolesMap>

      • assignAllRolesToUser

        public javax.ws.rs.core.Response assignAllRolesToUser​(String tenantPath,
                                                      String userName)
        Associate all roles to the selected user
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        userName - (username)
        Returns:

      • removeAllRolesFromUser

        public javax.ws.rs.core.Response removeAllRolesFromUser​(String tenantPath,
                                                        String userName)
        Remove all roles from the selected user
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        userName - (username)
        Returns:

      • assignUserToRole

        public javax.ws.rs.core.Response assignUserToRole​(String tenantPath,
                                                  String userNames,
                                                  String roleName)
        Associate list of users to the selected role
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        userNames - (list of tab (\t) separated user names
        roleName - (role name)
        Returns:

      • removeUserFromRole

        public javax.ws.rs.core.Response removeUserFromRole​(String tenantPath,
                                                    String userNames,
                                                    String roleName)
        Remove user(s) from a particular role
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        userNames - (list of tab (\t) separated user names
        roleName - (role name)
        Returns:

      • assignAllUsersToRole

        public javax.ws.rs.core.Response assignAllUsersToRole​(String tenantPath,
                                                      String roleName)
        Associates all user to a particular role
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        roleName - (role name)
        Returns:

      • removeAllUsersFromRole

        public javax.ws.rs.core.Response removeAllUsersFromRole​(String tenantPath,
                                                        String roleName)
        Removes all users from a particular role
        Parameters:
        tenantPath - (tenant path where the user exist, null of empty string assumes default tenant)
        roleName - (role name)
        Returns:

      • updatePassword

        public javax.ws.rs.core.Response updatePassword​(UserChangePasswordDTO user)
        This is an administrative tool, that allows an administrator the ability to change any users password by passing in the username and the new password. Additionally the current administrator password is needed to authorize the change. The fields are encapsulated in a user object containing a userName, password and administratorPassword.

        Example Request:
        PUT pentaho/api/userroledao/updatePassword 

         
   Joe
   password
   administratorPassword

        Parameters:
        user - A user is an object the system uses to pass along a userName, password and administratorPassword in the format: 
                  
            Joe
            password
            administratorPassword
        Returns:
        response object containing the status code of the operation

      • getTenant

        protected org.pentaho.platform.api.mt.ITenant getTenant​(String tenantId)
                                                 throws com.sun.jersey.api.NotFoundException
        Throws:
        com.sun.jersey.api.NotFoundException

      • canAdminister

        protected boolean canAdminister()

      • updateRolesForCurrentSession

        protected void updateRolesForCurrentSession()

      • getSession

        protected org.pentaho.platform.api.engine.IPentahoSession getSession()

      • getUserRoleDao

        protected org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao getUserRoleDao()
        For testing