[Engine-patches] Change in ovirt-engine[master]: aaa: reactivate user

Fri, 11 Jul 2014 23:51:07 -0700 

Yair Zaslavsky has uploaded a new change for review.

Change subject: aaa: reactivate user
......................................................................

aaa: reactivate user

Reactive users in the following flow:
1. Login
2. AddUser

reactivate will occur with syncing the directory groups

Change-Id: I556d8da48a858ce193865e84fb6c7cb4043a8e5b
Topic: AAA
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
3 files changed, 26 insertions(+), 22 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/74/29974/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
index 46634fe..5952c24 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
@@ -8,17 +8,21 @@
 
 import org.ovirt.engine.api.extensions.ExtKey;
 import org.ovirt.engine.api.extensions.ExtMap;
+import org.ovirt.engine.api.extensions.aaa.Authz;
 import org.ovirt.engine.api.extensions.aaa.Authz.GroupRecord;
 import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord;
-import org.ovirt.engine.api.extensions.aaa.Authz;
 import org.ovirt.engine.core.common.businessentities.DbGroup;
 import org.ovirt.engine.core.common.businessentities.DbUser;
 import org.ovirt.engine.core.compat.Guid;
 import org.ovirt.engine.core.dal.dbbroker.DbFacade;
 import org.ovirt.engine.core.dao.DbGroupDAO;
 import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
+import org.ovirt.engine.core.utils.log.Log;
+import org.ovirt.engine.core.utils.log.LogFactory;
 
 public class DirectoryUtils {
+
+    protected static final Log log = LogFactory.getLog(DirectoryUser.class);
 
     public static HashSet<Guid> getGroupIdsFromPrincipal(String authz, ExtMap 
principal) {
         HashSet<Guid> results = new HashSet<Guid>();
@@ -174,6 +178,21 @@
         return directoryGroup;
     }
 
+    public static void syncAndReactivatePrincipal(ExtMap principal, DbUser 
dbUser, String reactivateReason) {
+        DirectoryUtils.flatGroups(principal);
+        HashSet<Guid> groupIds = 
DirectoryUtils.getGroupIdsFromPrincipal(dbUser.getDomain(), principal);
+        dbUser.setGroupIds(groupIds);
+        if (!dbUser.isActive()) {
+            log.info(String.format("User %1$s from authz provider %2$s was 
inactive. it Will be reactivated. The reactivation reason is: %3$s",
+                    dbUser.getLoginName(),
+                    dbUser.getDomain(),
+                    reactivateReason));
+            dbUser.setActive(true);
+        }
+        DbFacade.getInstance().getDbUserDao().saveOrUpdate(dbUser);
+
+    }
+
     public static DbGroup mapGroupRecordToDbGroup(String directory, ExtMap 
groupRecord) {
         return new DbGroup(mapGroupRecordToDirectoryGroup(directory, 
groupRecord));
     }
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
index 182d5d2..aaa235b 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
@@ -2,7 +2,6 @@
 
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
 
 import org.ovirt.engine.api.extensions.ExtMap;
@@ -108,25 +107,13 @@
         DbUserDAO dao = getDbUserDAO();
 
         // First check if the user is already in the database, if it is we 
need to update, if not we need to insert:
-        DirectoryUtils.flatGroups(principal);
-        HashSet<Guid> groupIds = 
DirectoryUtils.getGroupIdsFromPrincipal(getParameters().getDirectory(), 
principal);
         DbUser dbUser = dao.getByExternalId(getParameters().getDirectory(), 
principal.<String> get(PrincipalRecord.ID));
-        if (dbUser == null) {
-            dbUser = 
DirectoryUtils.mapPrincipalRecordToDbUser(getParameters().getDirectory(), 
principal);
-            dbUser.setId(Guid.newGuid());
-            dbUser.setGroupIds(groupIds);
-            dao.save(dbUser);
-        }
-        else {
-            Guid id = dbUser.getId();
-            dbUser = 
DirectoryUtils.mapPrincipalRecordToDbUser(getParameters().getDirectory(), 
principal);
-            dbUser.setId(id);
-            dbUser.setGroupIds(groupIds);
-            dao.update(dbUser);
-        }
+        DbUser mappedDbUser = 
DirectoryUtils.mapPrincipalRecordToDbUser(getParameters().getDirectory(), 
principal);
+        mappedDbUser.setId(dbUser != null ? dbUser.getId() : Guid.newGuid());
+        mappedDbUser.setActive(dbUser != null ? dbUser.isActive() : true);
 
-        // Return the identifier of the created user:
-        setActionReturnValue(dbUser.getId());
+        DirectoryUtils.syncAndReactivatePrincipal(principal, mappedDbUser, 
"the user is rectivated as it was added again to the system");
+        setActionReturnValue(mappedDbUser.getId());
         setSucceeded(true);
     }
 
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
index 3d145f2..4a00942 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
@@ -264,10 +264,8 @@
             dbUser = 
DirectoryUtils.mapPrincipalRecordToDbUser(AuthzUtils.getName(profile.getAuthz()),
 principalRecord);
             dbUser.setId(Guid.newGuid());
         }
-        DirectoryUtils.flatGroups(principalRecord);
-        
dbUser.setGroupIds(DirectoryUtils.getGroupIdsFromPrincipal(AuthzUtils.getName(profile.getAuthz()),
 principalRecord));
-        getDbUserDAO().saveOrUpdate(dbUser);
 
+        DirectoryUtils.syncAndReactivatePrincipal(principalRecord, dbUser, 
"the user is re-activated as it is used for login");
         // Check login permissions. We do it here and not via the
         // getPermissionCheckSubjects mechanism, because we need the user to 
be logged in to
         // the system in order to perform this check. The user is indeed 
logged in when running every command


-- 
To view, visit http://gerrit.ovirt.org/29974
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I556d8da48a858ce193865e84fb6c7cb4043a8e5b
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to