Merge branch 'release/v1.8.0-1'

Author: sklein94

CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.8.0-1] - 2022-09-28
+### Changed
+- Prevent system groups (admin/cesManager) from being deleted (#65)
+  - This is implemented in both backend and frontend.
+
 ## [v1.7.0-1] - 2022-08-23
 ### Changed
 - The password rules are now set via global etcd keys. For more information see [docs](docs/operations/password-policy_en.md#Configuration-of-password-rules-in-etcd) (#63)

Dockerfile

@@ -8,7 +8,7 @@ RUN set -x \
 FROM registry.cloudogu.com/official/java:8u302-3
 
 LABEL NAME="official/usermgt" \
-   VERSION="1.7.0-1" \
+   VERSION="1.8.0-1" \
    maintainer="[email protected]"
 
 # mark as webapp for nginx

Makefile

@@ -1,6 +1,6 @@
 # Set these to the desired values
 ARTIFACT_ID=usermgt
-VERSION=1.7.0-1
+VERSION=1.8.0-1
 # overwrite ADDITIONAL_LDFLAGS to disable static compilation
 # this should fix https://github.com/golang/go/issues/13470
 ADDITIONAL_LDFLAGS=""

app/pom.xml

@@ -524,9 +524,9 @@
   <repositories>
 
     <repository>
-      <id>maven.scm-manager.org</id>
+      <id>packages.scm-manager.org</id>
       <name>scm-manager release repository</name>
-      <url>http://maven.scm-manager.org/nexus/content/groups/public</url>
+      <url>https://packages.scm-manager.org/repository/public</url>
     </repository>
 
     <repository>
@@ -546,9 +546,9 @@
   <pluginRepositories>
 
     <pluginRepository>
-      <id>maven.scm-manager.org</id>
+      <id>packages.scm-manager.org</id>
       <name>scm-manager release repository</name>
-      <url>http://maven.scm-manager.org/nexus/content/groups/public</url>
+      <url>http://packages.scm-manager.org/nexus/content/groups/public</url>
       <snapshots>
         <enabled>true</enabled>
       </snapshots>

app/src/main/java/de/triology/universeadm/AbstractManagerResource.java

@@ -151,12 +151,19 @@ public Response remove(@PathParam("id") String id) {
 
     if (object == null) {
       builder = Response.status(Response.Status.NOT_FOUND);
-    } else {
+      return builder.build();
+    }
+    try{
       manager.remove(object);
       builder = Response.noContent();
+    } catch (CannotRemoveException e) {
+      builder = Response.status(Response.Status.CONFLICT);
     }
 
-    return builder.build();
+   return builder.build();
+
+
+
   }
 
   //~--- get methods ----------------------------------------------------------

app/src/main/java/de/triology/universeadm/CannotRemoveException.java

@@ -0,0 +1,4 @@
+package de.triology.universeadm;
+
+public class CannotRemoveException extends RuntimeException {
+}

app/src/main/java/de/triology/universeadm/group/GroupManager.java

@@ -29,11 +29,12 @@
 
 import de.triology.universeadm.Manager;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  *
  * @author Sebastian Sdorra <[email protected]>
  */
-public interface GroupManager extends Manager<Group>
-{
-  
-}
+public interface GroupManager extends Manager<Group> {
+}

app/src/main/java/de/triology/universeadm/group/GroupResource.java

@@ -31,11 +31,15 @@
 import de.triology.universeadm.AbstractManagerResource;
 import de.triology.universeadm.user.User;
 import de.triology.universeadm.user.UserManager;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
+import org.json.simple.JSONArray;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.*;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  *
@@ -45,6 +49,8 @@
 public class GroupResource extends AbstractManagerResource<Group>
 {
 
+  private static final Logger logger = LoggerFactory.getLogger(GroupResource.class);
+
   private final GroupManager groupManager;
   private final UserManager userManager;
 
@@ -121,5 +127,20 @@ else if ( ! group.getMembers().contains(member) )
 
     return builder.build();
   }
-  
+
+  @GET
+  @Path("undeletable")
+  @Produces(MediaType.APPLICATION_JSON)
+  public Response getUndeletable(){
+    Response.ResponseBuilder builder;
+    try {
+      List<String> groups = UndeletableGroupManager.getNonDeleteClassList();
+      builder = Response.ok(groups, MediaType.APPLICATION_JSON);
+    } catch (Exception e) {
+      logger.error("call /api/groups/undeletable without prior authentication");
+      builder = Response.status(Response.Status.BAD_REQUEST);
+    }
+    return builder.build();
+  }
+
 }

app/src/main/java/de/triology/universeadm/group/LDAPGroupManager.java

@@ -31,6 +31,7 @@
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 import de.triology.universeadm.AbstractLDAPManager;
+import de.triology.universeadm.CannotRemoveException;
 import de.triology.universeadm.EventType;
 import de.triology.universeadm.LDAPConfiguration;
 import de.triology.universeadm.LDAPConnectionStrategy;
@@ -39,6 +40,8 @@
 import de.triology.universeadm.mapping.MapperFactory;
 import de.triology.universeadm.mapping.MappingHandler;
 import de.triology.universeadm.validation.Validator;
+
+import java.util.ArrayList;
 import java.util.List;
 import org.apache.shiro.SecurityUtils;
 import org.slf4j.Logger;
@@ -99,6 +102,9 @@ public void remove(Group group)
   {
     logger.debug("remove group {}", group.getName());
     SecurityUtils.getSubject().checkRole(Roles.ADMINISTRATOR);
+    if(UndeletableGroupManager.isGroupUndeletable(group.getName())){
+      throw new CannotRemoveException();
+    }
     mapping.remove(group);
     eventBus.post(new GroupEvent(group, EventType.REMOVE));
   }
@@ -116,7 +122,6 @@ public List<Group> getAll()
   {
     logger.debug("get all groups");
     SecurityUtils.getSubject().checkRole(Roles.ADMINISTRATOR);
-
     return mapping.getAll();
   }
 
@@ -128,5 +133,5 @@ public List<Group> search(String query)
 
     return mapping.search(query);
   }
-  
+
 }

app/src/main/java/de/triology/universeadm/group/UndeletableGroupManager.java

@@ -0,0 +1,36 @@
+package de.triology.universeadm.group;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.invoke.MethodHandles;
+import java.util.ArrayList;
+import java.util.List;
+
+public class UndeletableGroupManager {
+
+    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+    public static List<String> getNonDeleteClassList(){
+        List<String> groups = new ArrayList<>();
+        String adminGroup = System.getenv("ADMIN_GROUP");
+        String cesManagerGroup = System.getenv("CES_MANAGER_GROUP");
+        // fallback to defaults if not set
+        if(adminGroup == null || "".equals(adminGroup)){
+            logger.warn("Env variable ADMIN_GROUP not set. Falling back to default \"admin\"");
+            adminGroup = "admin";
+        }
+        if (cesManagerGroup == null || "".equals(cesManagerGroup)) {
+            logger.warn("Env variable CES_MANAGER_GROUP not set. Falling back to default \"cesManager\"");
+            cesManagerGroup = "cesManager";
+        }
+        groups.add(adminGroup);
+        groups.add(cesManagerGroup);
+        return groups;
+    }
+
+    public static boolean isGroupUndeletable(String group){
+        return getNonDeleteClassList().contains(group);
+    }
+
+}