diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/AuthenticatorHandler.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/AuthenticatorHandler.java index 37830e82c0c..b514b264e68 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/AuthenticatorHandler.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/AuthenticatorHandler.java @@ -1,5 +1,6 @@ package org.openmetadata.service.security.auth; +import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty; import static org.openmetadata.service.exception.CatalogExceptionMessage.NOT_IMPLEMENTED_METHOD; import static org.openmetadata.service.util.UserUtil.getRoleListFromUser; @@ -106,7 +107,7 @@ public interface AuthenticatorHandler { .generateJWTToken( storedUser.getName(), getRoleListFromUser(storedUser), - storedUser.getIsAdmin(), + !nullOrEmpty(storedUser.getIsAdmin()) && storedUser.getIsAdmin(), storedUser.getEmail(), expireInSeconds, false, diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java index 2e17253977e..bc535ba9f26 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java @@ -16,6 +16,7 @@ package org.openmetadata.service.security.auth; import static javax.ws.rs.core.Response.Status.BAD_REQUEST; import static javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR; import static javax.ws.rs.core.Response.Status.NOT_IMPLEMENTED; +import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty; import static org.openmetadata.schema.api.teams.CreateUser.CreatePasswordType.ADMIN_CREATE; import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.SELF; import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.USER; @@ -389,7 +390,7 @@ public class BasicAuthenticator implements AuthenticatorHandler { .generateJWTToken( storedUser.getName(), getRoleListFromUser(storedUser), - storedUser.getIsAdmin(), + !nullOrEmpty(storedUser.getIsAdmin()) && storedUser.getIsAdmin(), storedUser.getEmail(), loginConfiguration.getJwtTokenExpiryTime(), false, diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java index 066432650d4..a17842e129f 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java @@ -13,6 +13,7 @@ package org.openmetadata.service.security.saml; +import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty; import static org.openmetadata.service.util.UserUtil.getRoleListFromUser; import com.onelogin.saml2.Auth; @@ -90,7 +91,7 @@ public class SamlAssertionConsumerServlet extends HttpServlet { .generateJWTToken( username, getRoleListFromUser(user), - user.getIsAdmin(), + !nullOrEmpty(user.getIsAdmin()) && user.getIsAdmin(), email, SamlSettingsHolder.getInstance().getTokenValidity(), false, diff --git a/openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/UserResourceTest.java b/openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/UserResourceTest.java index 417aaa5a6ee..6eee619f986 100644 --- a/openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/UserResourceTest.java +++ b/openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/UserResourceTest.java @@ -1146,29 +1146,30 @@ public class UserResourceTest extends EntityResourceTest { String user = "userImportExport,d,s,userImportExport@domain.com,America/Los_Angeles,true,teamImportExport,"; String user1 = - "userImportExport1,,,userImportExport1@domain.com,,,teamImportExport1,DataConsumer"; - String user11 = "userImportExport11,,,userImportExport11@domain.com,,,teamImportExport11,"; + "userImportExport1,,,userImportExport1@domain.com,,false,teamImportExport1,DataConsumer"; + String user11 = "userImportExport11,,,userImportExport11@domain.com,,false,teamImportExport11,"; List createRecords = listOf(user, user1, user11); // Update user descriptions - user = "userImportExport,displayName,,userImportExport@domain.com,,,teamImportExport,"; - user1 = "userImportExport1,displayName1,,userImportExport1@domain.com,,,teamImportExport1,"; + user = "userImportExport,displayName,,userImportExport@domain.com,,false,teamImportExport,"; + user1 = + "userImportExport1,displayName1,,userImportExport1@domain.com,,false,teamImportExport1,"; user11 = - "userImportExport11,displayName11,,userImportExport11@domain.com,,,teamImportExport11,"; + "userImportExport11,displayName11,,userImportExport11@domain.com,,false,teamImportExport11,"; List updateRecords = listOf(user, user1, user11); // Add new users String user2 = - "userImportExport2,displayName2,,userImportExport2@domain.com,,,teamImportExport1,"; + "userImportExport2,displayName2,,userImportExport2@domain.com,,false,teamImportExport1,"; String user21 = - "userImportExport21,displayName21,,userImportExport21@domain.com,,,teamImportExport11,"; + "userImportExport21,displayName21,,userImportExport21@domain.com,,false,teamImportExport11,"; List newRecords = listOf(user2, user21); testImportExport("teamImportExport", UserCsv.HEADERS, createRecords, updateRecords, newRecords); // Import to team11 a user in team1 - since team1 is not under team11 hierarchy, import should // fail String user3 = - "userImportExport3,displayName3,,userImportExport3@domain.com,,,teamImportExport1,"; + "userImportExport3,displayName3,,userImportExport3@domain.com,,false,teamImportExport1,"; csv = EntityCsvTest.createCsv(UserCsv.HEADERS, listOf(user3), null); result = importCsv("teamImportExport11", csv, false); String error = diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/teams/user.json b/openmetadata-spec/src/main/resources/json/schema/entity/teams/user.json index fd020b4a0eb..dd2a81447f6 100644 --- a/openmetadata-spec/src/main/resources/json/schema/entity/teams/user.json +++ b/openmetadata-spec/src/main/resources/json/schema/entity/teams/user.json @@ -85,7 +85,8 @@ }, "isAdmin": { "description": "When true indicates user is an administrator for the system with superuser privileges.", - "type": "boolean" + "type": "boolean", + "default": false }, "authenticationMechanism": { "$ref": "#/definitions/authenticationMechanism"