use of com.iplanet.services.ldap.aci.QualifiedCollection in project OpenAM by OpenRock.
the class BaseRole method getAccessRight.
/**
* Returns the attribute access rights associated with the role.
*
* @return AccessRightObject associated with the role
*
* @supported.api
*/
public AccessRightObject getAccessRight() throws UMSException, ACIParseException {
QualifiedCollection readPerm = null;
QualifiedCollection writePerm = null;
// get parent GUID
if (parentObject == null) {
parentObject = getParentObject();
}
// get ACIS from parent object
Iterator acis = parentObject.getACI().iterator();
// go throw each ACI to see if it sets the access right for the role
if (acis != null) {
String guid = getGuid().getDn().trim();
while (acis.hasNext()) {
ACI aci = (ACI) acis.next();
if (debug.messageEnabled()) {
debug.message("BaseRole.getAccessRight ACI.toString =" + aci.toString());
}
// try to find out if this ACI is for this role
// checking the name of the aci,
// better solution is to check the roledn, TBD
String aciName = aci.getName();
if (aciName.equalsIgnoreCase(READ_PERM_HEADER + guid)) {
readPerm = aci.getTargetAttributes();
if (writePerm != null)
break;
else
continue;
}
if (aciName.equalsIgnoreCase(WRITE_PERM_HEADER + guid)) {
writePerm = aci.getTargetAttributes();
if (readPerm != null)
break;
else
continue;
}
}
}
if (readPerm == null) {
if (writePerm == null) {
return new AccessRightObject(null, null);
} else {
return new AccessRightObject(null, writePerm.getCollection());
}
} else {
if (writePerm == null) {
return new AccessRightObject(readPerm.getCollection(), null);
} else {
return new AccessRightObject(readPerm.getCollection(), writePerm.getCollection());
}
}
}
use of com.iplanet.services.ldap.aci.QualifiedCollection in project OpenAM by OpenRock.
the class BaseRole method newAccessRight.
/**
* Creates attribute access rights for the role;
* existing attribute access rights for the role will be replaced.
*
* @param accessRight
* New access right to be set to the role
*
* @supported.api
*/
public void newAccessRight(AccessRightObject accessRight) throws UMSException, ACIParseException {
ACI readACI = null;
ACI writeACI = null;
// get parent GUID
if (parentObject == null) {
parentObject = getParentObject();
}
// get ACIS from parent object
Iterator acis = parentObject.getACI().iterator();
// go throw each ACI to see if it sets the access right for the role
if (acis != null) {
String guid = getGuid().getDn().trim();
while (acis.hasNext()) {
ACI aci = (ACI) acis.next();
if (debug.messageEnabled()) {
debug.message("BaseRole.newAccessRight ACI.toString =" + aci.toString());
}
// try to find out if this ACI is for this role
// checking the name of the aci,
// better solution is to check the roledn, TBD
String aciName = aci.getName();
if (aciName.equals(READ_PERM_HEADER + guid)) {
readACI = aci;
if (writeACI != null)
break;
else
continue;
}
if (aciName.equals(WRITE_PERM_HEADER + guid)) {
writeACI = aci;
if (readACI != null)
break;
else
continue;
}
}
}
if (readACI != null) {
debug.message("modify existing read aci");
// modify existing read ACI
Attr attr = new Attr(ACI.ACI, readACI.getACIText());
if (debug.messageEnabled()) {
debug.message("readaci.ACIText :" + readACI.getACIText());
}
parentObject.modify(attr, ModificationType.DELETE);
ACI newReadACI = ACI.valueOf(readACI.toString());
QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
newReadACI.setTargetAttributes(readAttrs);
attr = new Attr(ACI.ACI, newReadACI.toString());
parentObject.modify(attr, ModificationType.ADD);
} else {
debug.message("new read aci");
// add new read ACI
ACI newReadACI = new ACI(READ_PERM_HEADER + getGuid().getDn());
newReadACI.setName(READ_PERM_HEADER + getGuid().getDn());
QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
newReadACI.setTargetAttributes(readAttrs);
// set Allow "read" permission
HashSet hs = new HashSet();
hs.add(READ_PERM_STRING);
QualifiedCollection perm = new QualifiedCollection(hs, false);
newReadACI.setPermissions(perm);
// set applied role
hs = new HashSet();
hs.add(getGuid().getDn());
newReadACI.setRoles(hs);
Attr attr = new Attr(ACI.ACI, newReadACI.toString());
if (debug.messageEnabled()) {
debug.message("READ " + getGuid().getDn() + "=" + newReadACI.toString());
}
parentObject.modify(attr, ModificationType.ADD);
}
if (writeACI != null) {
debug.message("modify existing write aci");
// modify existing read ACI
Attr attr = new Attr(ACI.ACI, writeACI.getACIText());
if (debug.messageEnabled()) {
debug.message("writeaci.ACIText :" + writeACI.getACIText());
}
parentObject.modify(attr, ModificationType.DELETE);
ACI newWriteACI = ACI.valueOf(writeACI.toString());
QualifiedCollection qual = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
newWriteACI.setTargetAttributes(qual);
attr = new Attr(ACI.ACI, newWriteACI.toString());
parentObject.modify(attr, ModificationType.ADD);
} else {
debug.message("new write aci");
// add new write ACI
ACI newWriteACI = new ACI(WRITE_PERM_HEADER + getGuid().getDn());
newWriteACI.setName(WRITE_PERM_HEADER + getGuid().getDn());
QualifiedCollection writeAttrs = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
newWriteACI.setTargetAttributes(writeAttrs);
// set Allow "write" permission
HashSet hs = new HashSet();
hs.add(WRITE_PERM_STRING);
QualifiedCollection perm = new QualifiedCollection(hs, false);
newWriteACI.setPermissions(perm);
// set applied role
hs = new HashSet();
hs.add(getGuid().getDn());
newWriteACI.setRoles(hs);
Attr attr = new Attr(ACI.ACI, newWriteACI.toString());
if (debug.messageEnabled()) {
debug.message("Write " + getGuid().getDn() + "=" + newWriteACI.toString());
}
parentObject.modify(attr, ModificationType.ADD);
}
// save ACI changes to parent persistent store
parentObject.save();
}
Aggregations