in custos-services/custos-integration-services/group-management-service/src/main/java/org/apache/custos/group/management/interceptors/GroupManagementClientAuthInterceptorImpl.java [53:190]
public <ReqT> ReqT intercept(String method, Metadata headers, ReqT reqT) {
if (method.equals("findGroup") || method.equals("getAllGroups")
|| method.equals("updateGroup") || method.equals("deleteGroup")) {
GroupRequest request = (GroupRequest) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
String oauthId = cl.getIamAuthId();
String oauthSec = cl.getIamAuthSecret();
long tenantId = cl.getTenantId();
return (ReqT) ((org.apache.custos.user.profile.service.GroupRequest) reqT).toBuilder()
.setClientId(oauthId)
.setTenantId(tenantId)
.setPerformedBy(cl.getPerformedBy() != null ? cl.getPerformedBy() : Constants.SYSTEM)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("createGroup")) {
GroupRequest request = (GroupRequest) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
String oauthId = cl.getIamAuthId();
String oauthSec = cl.getIamAuthSecret();
long tenantId = cl.getTenantId();
return (ReqT) ((GroupRequest) reqT).toBuilder()
.setClientId(oauthId)
.setClientSec(oauthSec)
.setTenantId(tenantId)
.setPerformedBy(cl.getPerformedBy() != null ? cl.getPerformedBy() : Constants.SYSTEM)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addUserToGroup") || method.equals("removeUserFromGroup")) {
GroupMembership request = (GroupMembership) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
String oauthId = cl.getIamAuthId();
String oauthSec = cl.getIamAuthSecret();
long tenantId = cl.getTenantId();
return (ReqT) ((GroupMembership) reqT).toBuilder()
.setClientId(oauthId)
.setClientSec(oauthSec)
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addChildGroupToParentGroup") || method.equals("removeChildGroupFromParentGroup")) {
GroupToGroupMembership groupToGroupMembership = (GroupToGroupMembership) reqT;
Optional<AuthClaim> claim = authorize(headers, groupToGroupMembership.getClientId());
return claim.map(cl -> {
long tenantId = cl.getTenantId();
return (ReqT) ((GroupToGroupMembership) reqT).toBuilder()
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getAllGroupsOfUser")) {
UserProfileRequest request = (UserProfileRequest) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
long tenantId = cl.getTenantId();
return (ReqT) ((UserProfileRequest) reqT).toBuilder()
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getAllChildUsers") || method.equals("getAllChildGroups")
|| method.equals("getAllParentGroupsOfGroup")) {
org.apache.custos.user.profile.service.GroupRequest request =
(org.apache.custos.user.profile.service.GroupRequest) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
long tenantId = cl.getTenantId();
return (ReqT) ((org.apache.custos.user.profile.service.GroupRequest) reqT).toBuilder()
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("changeUserMembershipType") || method.equals("hasAccess")) {
GroupMembership request =
(GroupMembership) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
long tenantId = cl.getTenantId();
return (ReqT) ((GroupMembership) reqT).toBuilder()
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addGroupMembershipType") || method.equals("removeUserGroupMembershipType")) {
UserGroupMembershipTypeRequest request =
(UserGroupMembershipTypeRequest) reqT;
Optional<AuthClaim> claim = authorize(headers, request.getClientId());
return claim.map(cl -> {
long tenantId = cl.getTenantId();
return (ReqT) ((UserGroupMembershipTypeRequest) reqT).toBuilder()
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
}
return reqT;
}