Per Gustavo's code review request, added commands for granting and re…

…voking the superuser status. The commands are used by the dashboard user list page. But not the admin API. Please ask Gustavo if you have any questions about this change. Hopefully this is the last commit for #3614-#3612.
IQSS · Jun 29, 2017 · d24fa0a · d24fa0a
1 parent 2bcef31
commit d24fa0a
Show file tree

Hide file tree

Showing 3 changed files with 133 additions and 10 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/dashboard/DashboardUsersPage.java b/src/main/java/edu/harvard/iq/dataverse/dashboard/DashboardUsersPage.java
@@ -1,11 +1,15 @@
 package edu.harvard.iq.dataverse.dashboard;
 
+import edu.harvard.iq.dataverse.DataverseRequestServiceBean;
 import edu.harvard.iq.dataverse.DataverseSession;
+import edu.harvard.iq.dataverse.EjbDataverseEngine;
 import edu.harvard.iq.dataverse.PermissionsWrapper;
 import edu.harvard.iq.dataverse.UserServiceBean;
 import edu.harvard.iq.dataverse.api.Admin;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.impl.GrantSuperuserStatusCommand;
+import edu.harvard.iq.dataverse.engine.command.impl.RevokeSuperuserStatusCommand;
 import edu.harvard.iq.dataverse.mydata.Pager;
 import edu.harvard.iq.dataverse.userdata.UserListMaker;
 import edu.harvard.iq.dataverse.userdata.UserListResult;
@@ -30,6 +34,10 @@ public class DashboardUsersPage implements java.io.Serializable {
     DataverseSession session;
     @Inject
     PermissionsWrapper permissionsWrapper;
+    @EJB
+    EjbDataverseEngine commandEngine;
+    @EJB
+    DataverseRequestServiceBean dvRequestService;
 
     private static final Logger logger = Logger.getLogger(DashboardUsersPage.class.getCanonicalName());
 
@@ -173,23 +181,35 @@ public void setUserToToggleSuperuserStatus(AuthenticatedUser user) {
         selectedUserDetached = user; 
     }
 
-    public void saveSuperuserStatus(){
-                
+    public void saveSuperuserStatus() {
+
         // Retrieve the persistent version for saving to db
         logger.info("Get persisent AuthenticatedUser for id: " + selectedUserDetached.getId());
         selectedUserPersistent = userService.find(selectedUserDetached.getId());
-
-        if (selectedUserPersistent != null){
-            logger.info("Toggling user's "+selectedUserDetached.getIdentifier()+" superuser status; (current status: "+selectedUserDetached.isSuperuser()+")");
-            logger.info("Attempting to save user "+selectedUserDetached.getIdentifier());
 
-            logger.info("selectedUserPersistent info: "+selectedUserPersistent.getId() + " set to: " + selectedUserDetached.isSuperuser());
+        if (selectedUserPersistent != null) {
+            logger.info("Toggling user's " + selectedUserDetached.getIdentifier() + " superuser status; (current status: " + selectedUserDetached.isSuperuser() + ")");
+            logger.info("Attempting to save user " + selectedUserDetached.getIdentifier());
+
+            logger.info("selectedUserPersistent info: " + selectedUserPersistent.getId() + " set to: " + selectedUserDetached.isSuperuser());
             selectedUserPersistent.setSuperuser(selectedUserDetached.isSuperuser());
-            selectedUserPersistent = authenticationService.update(selectedUserPersistent);
-        }else{
+
+            // Using the new commands for granting and revoking the superuser status: 
+            try {
+                if (!selectedUserPersistent.isSuperuser()) {
+                    // We are revoking the status:
+                    commandEngine.submit(new RevokeSuperuserStatusCommand(selectedUserPersistent, dvRequestService.getDataverseRequest()));
+                } else {
+                    // granting the status:
+                    commandEngine.submit(new GrantSuperuserStatusCommand(selectedUserPersistent, dvRequestService.getDataverseRequest()));
+                }
+            } catch (Exception ex) {
+                logger.warning("Failed to permanently toggle the superuser status for user " + selectedUserDetached.getIdentifier() + ": " + ex.getMessage());
+            }
+        } else {
             logger.warning("selectedUserPersistent is null.  AuthenticatedUser not found for id: " + selectedUserDetached.getId());
         }
-        
+
     }
 
     public void cancelSuperuserStatusChange(){

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GrantSuperuserStatusCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GrantSuperuserStatusCommand.java
@@ -0,0 +1,51 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.IdServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.AbstractVoidCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
+
+/**
+ *
+ * @author Leonid Andreev
+ */
+// the permission annotation is open, since this is a superuser-only command - 
+// and that's enforced in the command body:
+@RequiredPermissions({})
+public class GrantSuperuserStatusCommand extends AbstractVoidCommand  {
+
+    private final AuthenticatedUser targetUser;
+
+    public GrantSuperuserStatusCommand (AuthenticatedUser targetUser, DataverseRequest aRequest) {
+        super(aRequest, (Dataset)null);
+        this.targetUser = targetUser;
+    }
+
+    @Override
+    protected void executeImpl(CommandContext ctxt) throws CommandException {
+
+        if (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser()) {
+            throw new PermissionException("Revoke Superuser status command can only be called by superusers.",
+                    this, null, null);
+        }
+
+        try {
+            targetUser.setSuperuser(true);
+            ctxt.em().merge(targetUser);
+            ctxt.em().flush();
+        } catch (Exception e) {
+            throw new CommandException("Failed to grant the superuser status to user "+targetUser.getIdentifier(), this);
+        }
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeSuperuserStatusCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeSuperuserStatusCommand.java
@@ -0,0 +1,52 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.IdServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.AbstractVoidCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
+
+/**
+ *
+ * @author Leonid Andreev
+ */
+// the permission annotation is open, since this is a superuser-only command - 
+// and that's enforced in the command body:
+@RequiredPermissions({})
+public class RevokeSuperuserStatusCommand extends AbstractVoidCommand  {
+
+    private final AuthenticatedUser targetUser;
+
+    public RevokeSuperuserStatusCommand (AuthenticatedUser targetUser, DataverseRequest aRequest) {
+        super(aRequest, (Dataset)null);
+        this.targetUser = targetUser;
+    }
+
+    @Override
+    protected void executeImpl(CommandContext ctxt) throws CommandException {
+
+        if (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser()) {
+            throw new PermissionException("Revoke Superuser status command can only be called by superusers.",
+                    this, null, null);
+        }
+
+        try {
+            targetUser.setSuperuser(false);
+            ctxt.em().merge(targetUser);
+            ctxt.em().flush();
+        } catch (Exception e) {
+            throw new CommandException("Failed to revoke the superuser status for user "+targetUser.getIdentifier(), this);
+        }
+    }
+
+}