Merge pull request #861 from utmstack/bugfix/v10.5.10/system-requires-at-least-one-admin-user

Bugfix/v10.5.10/system requires at least one admin user

Author: c3s4rfred

backend/src/main/java/com/park/utmstack/repository/UserRepository.java

@@ -37,14 +37,8 @@ public interface UserRepository extends JpaRepository<User, Long> {
 
     @Query(nativeQuery = true, value = "SELECT jhi_user.* FROM jhi_user WHERE jhi_user.id IN (SELECT jhi_user_authority.user_id FROM jhi_user_authority WHERE jhi_user_authority.authority_name = 'ROLE_ADMIN')")
     List<User> findAllAdmins();
-    @Query(nativeQuery = true, value = "SELECT jhi_user.* \n" +
-            "FROM jhi_user \n" +
-            "WHERE jhi_user.id IN (\n" +
-            "    SELECT jhi_user_authority.user_id \n" +
-            "    FROM jhi_user_authority \n" +
-            "    WHERE jhi_user_authority.authority_name = 'ROLE_ADMIN' AND jhi_user.activated = true\n" +
-            ") \n" +
-            "LIMIT 1")
+
+    @Query("SELECT u FROM User u JOIN FETCH u.authorities a WHERE a.name = 'ROLE_ADMIN' AND u.activated = true")
     Optional<User> findAnyAdminUser();
 
     @EntityGraph(attributePaths = "authorities")

backend/src/main/java/com/park/utmstack/web/rest/UserResource.java

@@ -30,6 +30,7 @@
 import javax.validation.Valid;
 import java.net.URI;
 import java.util.List;
+import java.util.NoSuchElementException;
 import java.util.Optional;
 import java.util.stream.Collectors;
 
@@ -137,28 +138,49 @@ public ResponseEntity<UserDTO> updateUser(@Valid @RequestBody UserDTO userDTO) {
         try {
             Optional<User> existingUser = userRepository.findOneByEmailIgnoreCase(userDTO.getEmail());
             if (existingUser.isPresent() && (!existingUser.get()
-                .getId()
-                .equals(userDTO.getId()))) {
+                    .getId()
+                    .equals(userDTO.getId()))) {
                 throw new EmailAlreadyUsedException();
             }
             existingUser = userRepository.findOneByLogin(userDTO.getLogin()
-                .toLowerCase());
+                    .toLowerCase());
             if (existingUser.isPresent() && (!existingUser.get()
-                .getId()
-                .equals(userDTO.getId()))) {
+                    .getId()
+                    .equals(userDTO.getId()))) {
                 throw new LoginAlreadyUsedException();
             }
+
+            User user = userRepository.findOneWithAuthoritiesById(userDTO.getId())
+                    .orElseThrow(() -> new NoSuchElementException(String.format("User %1$s not found", userDTO.getId().toString())));
+            if (!userDTO.getAuthorities().contains("ROLE_ADMIN") &&
+                    user.getAuthorities().stream().anyMatch(authority -> authority.getName().equals("ROLE_ADMIN")) && userRepository.countAdmins() == 1) {
+                throw new BadRequestAlertException(ctx, "Cannot update roles for the last remaining admin user.", UserService.class.toString());
+            }
+
             Optional<UserDTO> updatedUser = userService.updateUser(userDTO);
 
             return ResponseUtil.wrapOrNotFound(updatedUser,
-                HeaderUtil.createAlert("A user is updated with identifier " + userDTO.getLogin(),
-                    userDTO.getLogin()));
+                    HeaderUtil.createAlert("A user is updated with identifier " + userDTO.getLogin(),
+                            userDTO.getLogin()));
+
+        } catch (NoSuchElementException e) {
+            String msg = ctx + ": " + e.getMessage();
+            log.error(msg);
+            applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).headers(
+                    HeaderUtil.createFailureAlert("", "", msg)).body(null);
+        } catch (BadRequestAlertException e) {
+            String msg = ctx + ": " + e.getMessage();
+            log.error(msg);
+            applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).headers(
+                    HeaderUtil.createFailureAlert("", "", msg)).body(null);
         } catch (Exception e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
             applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).headers(
-                HeaderUtil.createFailureAlert("", "", msg)).body(null);
+                    HeaderUtil.createFailureAlert("", "", msg)).body(null);
         }
     }
 
@@ -239,7 +261,7 @@ public ResponseEntity<Void> deleteUser(@PathVariable String login) {
             return ResponseEntity.ok()
                     .headers(HeaderUtil.createAlert("A user is deleted with identifier " + login, login))
                     .build();
-        } catch (NoSuchMethodException e) {
+        } catch (NoSuchElementException e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
             applicationEventService.createEvent(msg, ApplicationEventType.ERROR);

frontend/src/app/admin/user/user-update/user-management-update.component.ts

@@ -75,6 +75,11 @@ export class UserMgmtUpdateComponent implements OnInit {
 
   private onSaveError(error, type) {
     this.isSaving = false;
-    this.utmToast.showError('Problem', 'The login or email is already in use, please check');
+
+    if (error.status === 400) {
+      this.utmToast.showError('Error', 'Admin role removal is prohibited for the last remaining administrator user.');
+    } else {
+      this.utmToast.showError('Problem', 'The login or email is already in use, please check');
+    }
   }
 }