3 * Copyright (C) 2009-2024 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.v2.api.user.controller;
22 import java.util.Optional;
23 import javax.annotation.Nullable;
24 import org.sonar.server.common.PaginationInformation;
25 import org.sonar.server.common.SearchResults;
26 import org.sonar.server.common.user.service.UserCreateRequest;
27 import org.sonar.server.common.user.service.UserInformation;
28 import org.sonar.server.common.user.service.UserService;
29 import org.sonar.server.common.user.service.UsersSearchRequest;
30 import org.sonar.server.exceptions.ForbiddenException;
31 import org.sonar.server.user.UpdateUser;
32 import org.sonar.server.user.UserSession;
33 import org.sonar.server.v2.api.model.RestPage;
34 import org.sonar.server.v2.api.user.converter.UsersSearchRestResponseGenerator;
35 import org.sonar.server.v2.api.user.request.UserCreateRestRequest;
36 import org.sonar.server.v2.api.user.request.UserUpdateRestRequest;
37 import org.sonar.server.v2.api.user.request.UsersSearchRestRequest;
38 import org.sonar.server.v2.api.user.response.UserRestResponse;
39 import org.sonar.server.v2.api.user.response.UsersSearchRestResponse;
41 import static org.sonar.server.common.PaginationInformation.forPageIndex;
42 import static org.sonar.server.exceptions.BadRequestException.checkRequest;
44 public class DefaultUserController implements UserController {
45 private final UsersSearchRestResponseGenerator usersSearchResponseGenerator;
46 private final UserService userService;
47 private final UserSession userSession;
49 public DefaultUserController(
50 UserSession userSession,
51 UserService userService,
52 UsersSearchRestResponseGenerator usersSearchResponseGenerator) {
53 this.userSession = userSession;
54 this.usersSearchResponseGenerator = usersSearchResponseGenerator;
55 this.userService = userService;
59 public UsersSearchRestResponse search(UsersSearchRestRequest usersSearchRestRequest, @Nullable String excludedGroupId, RestPage page) {
60 throwIfAdminOnlyParametersAreUsed(usersSearchRestRequest, excludedGroupId);
62 SearchResults<UserInformation> userSearchResults = userService.findUsers(toUserSearchRequest(usersSearchRestRequest, excludedGroupId, page));
63 PaginationInformation paging = forPageIndex(page.pageIndex()).withPageSize(page.pageSize()).andTotal(userSearchResults.total());
65 return usersSearchResponseGenerator.toUsersForResponse(userSearchResults.searchResults(), paging);
68 private void throwIfAdminOnlyParametersAreUsed(UsersSearchRestRequest usersSearchRestRequest, @Nullable String excludedGroupId) {
69 if (!userSession.isSystemAdministrator()) {
70 throwIfValuePresent("groupId", usersSearchRestRequest.groupId());
71 throwIfValuePresent("groupId!", excludedGroupId);
72 throwIfValuePresent("externalIdentity", usersSearchRestRequest.externalIdentity());
73 throwIfValuePresent("sonarLintLastConnectionDateFrom", usersSearchRestRequest.sonarLintLastConnectionDateFrom());
74 throwIfValuePresent("sonarLintLastConnectionDateTo", usersSearchRestRequest.sonarLintLastConnectionDateTo());
75 throwIfValuePresent("sonarQubeLastConnectionDateFrom", usersSearchRestRequest.sonarQubeLastConnectionDateFrom());
76 throwIfValuePresent("sonarQubeLastConnectionDateTo", usersSearchRestRequest.sonarQubeLastConnectionDateTo());
80 private static void throwIfValuePresent(String parameter, @Nullable Object value) {
81 Optional.ofNullable(value).ifPresent(v -> throwForbiddenFor(parameter));
84 private static void throwForbiddenFor(String parameterName) {
85 throw new ForbiddenException("Parameter " + parameterName + " requires Administer System permission.");
88 private static UsersSearchRequest toUserSearchRequest(UsersSearchRestRequest usersSearchRestRequest, @Nullable String excludedGroupId, RestPage page) {
89 return UsersSearchRequest.builder()
90 .setDeactivated(Optional.ofNullable(usersSearchRestRequest.active()).map(active -> !active).orElse(false))
91 .setManaged(usersSearchRestRequest.managed())
92 .setQuery(usersSearchRestRequest.q())
93 .setExternalLogin(usersSearchRestRequest.externalIdentity())
94 .setLastConnectionDateFrom(usersSearchRestRequest.sonarQubeLastConnectionDateFrom())
95 .setLastConnectionDateTo(usersSearchRestRequest.sonarQubeLastConnectionDateTo())
96 .setSonarLintLastConnectionDateFrom(usersSearchRestRequest.sonarLintLastConnectionDateFrom())
97 .setSonarLintLastConnectionDateTo(usersSearchRestRequest.sonarLintLastConnectionDateTo())
98 .setGroupUuid(usersSearchRestRequest.groupId())
99 .setExcludedGroupUuid(excludedGroupId)
100 .setPage(page.pageIndex())
101 .setPageSize(page.pageSize())
106 public void deactivate(String id, Boolean anonymize) {
107 userSession.checkLoggedIn().checkIsSystemAdministrator();
108 checkRequest(!id.equals(userSession.getUuid()), "Self-deactivation is not possible");
109 userService.deactivate(id, anonymize);
113 public UserRestResponse fetchUser(String id) {
114 return usersSearchResponseGenerator.toRestUser(userService.fetchUser(id));
118 public UserRestResponse updateUser(String id, UserUpdateRestRequest updateRequest) {
119 userSession.checkLoggedIn().checkIsSystemAdministrator();
120 UpdateUser update = toUpdateUser(updateRequest);
121 UserInformation updatedUser = userService.updateUser(id, update);
122 return usersSearchResponseGenerator.toRestUser(updatedUser);
125 private static UpdateUser toUpdateUser(UserUpdateRestRequest updateRequest) {
126 UpdateUser update = new UpdateUser();
127 updateRequest.getLogin().applyIfDefined(update::setLogin);
128 updateRequest.getName().applyIfDefined(update::setName);
129 updateRequest.getEmail().applyIfDefined(update::setEmail);
130 updateRequest.getScmAccounts().applyIfDefined(update::setScmAccounts);
131 updateRequest.getExternalProvider().applyIfDefined(update::setExternalIdentityProvider);
132 updateRequest.getExternalLogin().applyIfDefined(update::setExternalIdentityProviderLogin);
137 public UserRestResponse create(UserCreateRestRequest userCreateRestRequest) {
138 userSession.checkLoggedIn().checkIsSystemAdministrator();
139 UserCreateRequest userCreateRequest = toUserCreateRequest(userCreateRestRequest);
140 return usersSearchResponseGenerator.toRestUser(userService.createUser(userCreateRequest));
143 private static UserCreateRequest toUserCreateRequest(UserCreateRestRequest userCreateRestRequest) {
144 return UserCreateRequest.builder()
145 .setEmail(userCreateRestRequest.email())
146 .setLocal(userCreateRestRequest.local())
147 .setLogin(userCreateRestRequest.login())
148 .setName(userCreateRestRequest.name())
149 .setPassword(userCreateRestRequest.password())
150 .setScmAccounts(userCreateRestRequest.scmAccounts())