principalClass="org.collectionspace.authentication.CSpacePrincipal"\r
principalsQuery="select passwd from users where username=?"\r
rolesQuery="select r.rolename, 'Role' from roles as r, accounts_roles as ar where ar.user_id=? and ar.role_id=r.csid"\r
- tenantsQuery="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id"\r
+ tenantsQueryWithDisabled="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id"\r
+ tenantsQueryNoDisabled="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id and NOT t.disabled"\r
debug=true;\r
};\r
\r
principalClass="org.collectionspace.authentication.CSpacePrincipal"\r
principalsQuery="select passwd from users where username=?"\r
rolesQuery="select r.rolename, 'Role' from roles as r, accounts_roles as ar where ar.user_id=? and ar.role_id=r.csid"\r
- tenantsQuery="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id"\r
+ tenantsQueryWithDisabled="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id"\r
+ tenantsQueryNoDisabled="select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id and NOT t.disabled"\r
debug=true;\r
};\r
</xs:appinfo>
</xs:annotation>
</xs:element>
+ <xs:element name="disabled" type="xs:boolean">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="disabled" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
<xs:element name="createdAt" type="xs:dateTime">
<xs:annotation>
<xs:appinfo>
drop table if exists tenants;
create table accounts_common (csid varchar(128) not null, created_at datetime not null, email varchar(255) not null, metadata_protection varchar(255), mobile varchar(255), person_ref_name varchar(255), phone varchar(255), roles_protection varchar(255), screen_name varchar(128) not null, status varchar(15) not null, updated_at datetime, userid varchar(128) not null, primary key (csid));
create table accounts_tenants (HJID bigint not null auto_increment, tenant_id varchar(128) not null, TENANTS_ACCOUNTSCOMMON_CSID varchar(128), primary key (HJID));
-create table tenants (id varchar(128) not null, created_at datetime not null, name varchar(255) not null, updated_at datetime, primary key (id));
+create table tenants (id varchar(128) not null, created_at datetime not null, name varchar(255) not null, disabled tinyint(1) not null, updated_at datetime, primary key (id));
alter table accounts_tenants add index FKFDA649B05A9CEEB5 (TENANTS_ACCOUNTSCOMMON_CSID), add constraint FKFDA649B05A9CEEB5 foreign key (TENANTS_ACCOUNTSCOMMON_CSID) references accounts_common (csid);
DROP SEQUENCE IF EXISTS hibernate_sequence;
create table accounts_common (csid varchar(128) not null, created_at timestamp not null, email varchar(255) not null, mobile varchar(255), person_ref_name varchar(255), phone varchar(255), screen_name varchar(128) not null, status varchar(15) not null, updated_at timestamp, userid varchar(128) not null, metadata_protection varchar(255), roles_protection varchar(255), primary key (csid));
create table accounts_tenants (HJID int8 not null, tenant_id varchar(128) not null, TENANTS_ACCOUNTSCOMMON_CSID varchar(128), primary key (HJID));
-create table tenants (id varchar(128) not null, created_at timestamp not null, name varchar(255) not null, updated_at timestamp, primary key (id));
+create table tenants (id varchar(128) not null, created_at timestamp not null, name varchar(255) not null, disabled boolean not null, updated_at timestamp, primary key (id));
alter table accounts_tenants add constraint FKFDA649B05A9CEEB5 foreign key (TENANTS_ACCOUNTSCOMMON_CSID) references accounts_common;
create sequence hibernate_sequence;
/**
* Obtain the tenants for the authenticated user.
- * @return collection containing the roles
+ * @return collection containing the tenants
*/
public Collection<Group> getTenants(String username, String groupClassName) throws LoginException;
+ /**
+ * Obtain the tenants for the authenticated user, allowing access to disable tenants
+ * @return collection containing the tenants
+ */
+ public Collection<Group> getTenants(String username, String groupClassName, boolean includeDisabledTenants) throws LoginException;
+
}
private String datasourceName;
private String principalsQuery;
private String rolesQuery;
- private String tenantsQuery;
+ private String tenantsQueryNoDisabled;
+ private String tenantsQueryWithDisabled;
private boolean suspendResume;
/**
if (tmp != null) {
rolesQuery = tmp.toString();
}
- tmp = options.get("tenantsQuery");
+ tmp = options.get("tenantsQueryNoDisabled");
if (tmp != null) {
- tenantsQuery = tmp.toString();
+ tenantsQueryNoDisabled = tmp.toString();
+ }
+ tmp = options.get("tenantsQueryWithDisabled");
+ if (tmp != null) {
+ tenantsQueryWithDisabled = tmp.toString();
}
tmp = options.get("suspendResume");
if (tmp != null) {
return groupsMap.values();
}
-
+ @Override
+ public Collection<Group> getTenants(String username, String groupClassName) throws LoginException {
+ return getTenants(username, groupClassName, false);
+ }
+
/**
* Execute the tenantsQuery against the datasourceName to obtain the tenants for
* the authenticated user.
* @return collection containing the roles
*/
@Override
- public Collection<Group> getTenants(String username, String groupClassName) throws LoginException {
+ public Collection<Group> getTenants(String username, String groupClassName, boolean includeDisabledTenants) throws LoginException {
+ String tenantsQuery = getTenantQuery(includeDisabledTenants);
+
if (logger.isDebugEnabled()) {
logger.debug("getTenants using tenantsQuery: " + tenantsQuery + ", username: " + username);
}
try {
conn = getConnection();
- // Get the user role names
- if (logger.isDebugEnabled()) {
- logger.debug("Executing query: " + tenantsQuery + ", with username: " + username);
- }
ps = conn.prepareStatement(tenantsQuery);
try {
/**
* @return the tenantQuery
*/
- public String getTenantQuery() {
- return tenantsQuery;
+ public String getTenantQuery(boolean includeDisabledTenants) {
+ return includeDisabledTenants?tenantsQueryWithDisabled:tenantsQueryNoDisabled;
}
/**
* @param tenantQuery the tenantQuery to set
- */
public void setTenantQuery(String tenantQuery) {
- this.tenantsQuery = tenantQuery;
+ this.tenantsQueryNoDisabled = tenantQuery;
}
+ */
}
<module-option name="rolesQuery">
select r.rolename, 'Role' from roles as r, accounts_roles as ar where ar.user_id=? and ar.role_id=r.csid
</module-option>
- <module-option name="tenantsQuery">
+ <module-option name="tenantsQueryNoDisabled">
+ select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id and NOT t.disabled
+ </module-option>
+ <module-option name="tenantsQueryWithDisabled">
select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
</module-option>
</login-module>
rs.close();\r
\r
String insertTenantSQL = \r
- "INSERT INTO tenants (id,name,created_at) VALUES (?,?, now())";\r
+ "INSERT INTO tenants (id,name,disabled,created_at) VALUES (?,?,FALSE,now())";\r
pstmt = conn.prepareStatement(insertTenantSQL); // create a statement\r
for(String tId : tenantInfo.keySet()) {\r
if(existingTenants.contains(tId)) {\r
*/
private void checkActive() throws WebApplicationException {
String userId = AuthN.get().getUserId();
- String tenantId = AuthN.get().getCurrentTenantId(); //FIXME: REM - This variable 'tenantId' is never used. Why?
+ try {
+ // Need to ensure that user is associated to a tenant
+ String tenantId = AuthN.get().getCurrentTenantId();
+ } catch (IllegalStateException ise) {
+ String msg = "User's account is not associated to any active tenants, userId=" + userId;
+ // Note the RFC on return types:
+ // If the request already included Authorization credentials, then the 401 response
+ // indicates that authorization has been refused for those credentials.
+ Response response = Response.status(
+ Response.Status.UNAUTHORIZED).entity(msg).type("text/plain").build();
+ throw new WebApplicationException(ise, response);
+ }
try {
//can't use JAXB here as this runs from the common jar which cannot
//depend upon the account service
projects / tmp / jakarta-migration.git / commitdiff