Examples with QualifiedCollection - com.iplanet.services.ldap.aci.QualifiedCollection

Example 1 with QualifiedCollection

use of com.iplanet.services.ldap.aci.QualifiedCollection in project OpenAM by OpenRock.

the class BaseRole method getAccessRight.

/**
     * Returns the attribute access rights associated with the role.
     * 
     * @return AccessRightObject associated with the role
     *
     * @supported.api
     */
public AccessRightObject getAccessRight() throws UMSException, ACIParseException {
    QualifiedCollection readPerm = null;
    QualifiedCollection writePerm = null;
    // get parent GUID
    if (parentObject == null) {
        parentObject = getParentObject();
    }
    // get ACIS from parent object
    Iterator acis = parentObject.getACI().iterator();
    // go throw each ACI to see if it sets the access right for the role
    if (acis != null) {
        String guid = getGuid().getDn().trim();
        while (acis.hasNext()) {
            ACI aci = (ACI) acis.next();
            if (debug.messageEnabled()) {
                debug.message("BaseRole.getAccessRight ACI.toString =" + aci.toString());
            }
            // try to find out if this ACI is for this role
            // checking the name of the aci,
            // better solution is to check the roledn, TBD
            String aciName = aci.getName();
            if (aciName.equalsIgnoreCase(READ_PERM_HEADER + guid)) {
                readPerm = aci.getTargetAttributes();
                if (writePerm != null)
                    break;
                else
                    continue;
            }
            if (aciName.equalsIgnoreCase(WRITE_PERM_HEADER + guid)) {
                writePerm = aci.getTargetAttributes();
                if (readPerm != null)
                    break;
                else
                    continue;
            }
        }
    }
    if (readPerm == null) {
        if (writePerm == null) {
            return new AccessRightObject(null, null);
        } else {
            return new AccessRightObject(null, writePerm.getCollection());
        }
    } else {
        if (writePerm == null) {
            return new AccessRightObject(readPerm.getCollection(), null);
        } else {
            return new AccessRightObject(readPerm.getCollection(), writePerm.getCollection());
        }
    }
}

Also used : QualifiedCollection(com.iplanet.services.ldap.aci.QualifiedCollection) ACI(com.iplanet.services.ldap.aci.ACI) Iterator(java.util.Iterator)

Example 2 with QualifiedCollection

use of com.iplanet.services.ldap.aci.QualifiedCollection in project OpenAM by OpenRock.

the class BaseRole method newAccessRight.

/**
     * Creates attribute access rights for the role;
     * existing attribute access rights for the role will be replaced.
     * 
     * @param accessRight
     *            New access right to be set to the role
     *
     * @supported.api
     */
public void newAccessRight(AccessRightObject accessRight) throws UMSException, ACIParseException {
    ACI readACI = null;
    ACI writeACI = null;
    // get parent GUID
    if (parentObject == null) {
        parentObject = getParentObject();
    }
    // get ACIS from parent object
    Iterator acis = parentObject.getACI().iterator();
    // go throw each ACI to see if it sets the access right for the role
    if (acis != null) {
        String guid = getGuid().getDn().trim();
        while (acis.hasNext()) {
            ACI aci = (ACI) acis.next();
            if (debug.messageEnabled()) {
                debug.message("BaseRole.newAccessRight ACI.toString =" + aci.toString());
            }
            // try to find out if this ACI is for this role
            // checking the name of the aci,
            // better solution is to check the roledn, TBD
            String aciName = aci.getName();
            if (aciName.equals(READ_PERM_HEADER + guid)) {
                readACI = aci;
                if (writeACI != null)
                    break;
                else
                    continue;
            }
            if (aciName.equals(WRITE_PERM_HEADER + guid)) {
                writeACI = aci;
                if (readACI != null)
                    break;
                else
                    continue;
            }
        }
    }
    if (readACI != null) {
        debug.message("modify existing read aci");
        // modify existing read ACI
        Attr attr = new Attr(ACI.ACI, readACI.getACIText());
        if (debug.messageEnabled()) {
            debug.message("readaci.ACIText :" + readACI.getACIText());
        }
        parentObject.modify(attr, ModificationType.DELETE);
        ACI newReadACI = ACI.valueOf(readACI.toString());
        QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
        newReadACI.setTargetAttributes(readAttrs);
        attr = new Attr(ACI.ACI, newReadACI.toString());
        parentObject.modify(attr, ModificationType.ADD);
    } else {
        debug.message("new read aci");
        // add new read ACI
        ACI newReadACI = new ACI(READ_PERM_HEADER + getGuid().getDn());
        newReadACI.setName(READ_PERM_HEADER + getGuid().getDn());
        QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
        newReadACI.setTargetAttributes(readAttrs);
        // set Allow "read" permission
        HashSet hs = new HashSet();
        hs.add(READ_PERM_STRING);
        QualifiedCollection perm = new QualifiedCollection(hs, false);
        newReadACI.setPermissions(perm);
        // set applied role
        hs = new HashSet();
        hs.add(getGuid().getDn());
        newReadACI.setRoles(hs);
        Attr attr = new Attr(ACI.ACI, newReadACI.toString());
        if (debug.messageEnabled()) {
            debug.message("READ " + getGuid().getDn() + "=" + newReadACI.toString());
        }
        parentObject.modify(attr, ModificationType.ADD);
    }
    if (writeACI != null) {
        debug.message("modify existing write aci");
        // modify existing read ACI
        Attr attr = new Attr(ACI.ACI, writeACI.getACIText());
        if (debug.messageEnabled()) {
            debug.message("writeaci.ACIText :" + writeACI.getACIText());
        }
        parentObject.modify(attr, ModificationType.DELETE);
        ACI newWriteACI = ACI.valueOf(writeACI.toString());
        QualifiedCollection qual = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
        newWriteACI.setTargetAttributes(qual);
        attr = new Attr(ACI.ACI, newWriteACI.toString());
        parentObject.modify(attr, ModificationType.ADD);
    } else {
        debug.message("new write aci");
        // add new write ACI
        ACI newWriteACI = new ACI(WRITE_PERM_HEADER + getGuid().getDn());
        newWriteACI.setName(WRITE_PERM_HEADER + getGuid().getDn());
        QualifiedCollection writeAttrs = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
        newWriteACI.setTargetAttributes(writeAttrs);
        // set Allow "write" permission
        HashSet hs = new HashSet();
        hs.add(WRITE_PERM_STRING);
        QualifiedCollection perm = new QualifiedCollection(hs, false);
        newWriteACI.setPermissions(perm);
        // set applied role
        hs = new HashSet();
        hs.add(getGuid().getDn());
        newWriteACI.setRoles(hs);
        Attr attr = new Attr(ACI.ACI, newWriteACI.toString());
        if (debug.messageEnabled()) {
            debug.message("Write " + getGuid().getDn() + "=" + newWriteACI.toString());
        }
        parentObject.modify(attr, ModificationType.ADD);
    }
    // save ACI changes to parent persistent store
    parentObject.save();
}

Also used : QualifiedCollection(com.iplanet.services.ldap.aci.QualifiedCollection) ACI(com.iplanet.services.ldap.aci.ACI) Iterator(java.util.Iterator) Attr(com.iplanet.services.ldap.Attr) HashSet(java.util.HashSet)

Aggregations

ACI (com.iplanet.services.ldap.aci.ACI)2 QualifiedCollection (com.iplanet.services.ldap.aci.QualifiedCollection)2 Iterator (java.util.Iterator)2 Attr (com.iplanet.services.ldap.Attr)1 HashSet (java.util.HashSet)1