Example 1 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "addInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
// make sure the parent role is already there:
Role pRole = new Role(parentRole.getName());
pRole.setContextId(this.contextId);
roleP.read(pRole);
// make sure the child role is already there:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, false);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
roleP.update(cRole2);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 2 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteDsdRoleMember.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public SDSet deleteDsdRoleMember(SDSet dsdSet, Role role) throws SecurityException {
String methodName = "deleteDsdRoleMember";
assertContext(CLS_NM, methodName, dsdSet, GlobalErrIds.DSD_NULL);
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, dsdSet);
SDSet entity = sdP.read(dsdSet);
entity.setContextId(this.contextId);
entity.delMember(role.getName());
// when removing last role member a placeholder must be left in data set:
if (entity.getMembers().isEmpty()) {
entity.addMember(GlobalIds.NONE);
}
setAdminData(CLS_NM, methodName, entity);
SDSet dsdOut = sdP.update(entity);
// remove any references to the old DSD from cache:
clearDSDCache(dsdSet);
return dsdOut;
}
Also used :
SDSet(org.apache.directory.fortress.core.model.SDSet)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 3 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "deleteInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, true);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
// need to remove the parent from the child role:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.delParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
// are there any parents left?
if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
// The updates only update non-empty multi-occurring attributes
// so if last parent assigned, so must remove the attribute completely:
roleP.deleteParent(cRole2);
} else {
roleP.update(cRole2);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 4 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method removeRoleConstraint.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
// find role constraint that needs removed
boolean found = false;
List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
for (UserRole ur : userRoles) {
// find matching name
if (ur.getName().equals(uRole.getName())) {
// find matching constraint
List<RoleConstraint> rcs = ur.getRoleConstraints();
for (RoleConstraint rc : rcs) {
if (rc.getId().equals(roleConstraintId)) {
userP.deassign(uRole, rc);
found = true;
break;
}
}
}
}
if (!found) {
throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
FinderException(org.apache.directory.fortress.core.FinderException)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 5 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method grantPermission.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void grantPermission(Permission perm, Role role) throws SecurityException {
String methodName = "grantPermission";
assertContext(CLS_NM, methodName, perm, GlobalErrIds.PERM_OPERATION_NULL);
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, perm);
// validate role
if (perm.isAdmin()) {
AdminRole adminRole = new AdminRole(role.getName());
adminRole.setContextId(this.contextId);
adminP.read(adminRole);
} else {
AdminUtil.canGrant(perm.getAdminSession(), role, perm, contextId);
roleP.read(role);
}
permP.grant(perm, role);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)54
AdminRole (org.apache.directory.fortress.core.model.AdminRole)18
User (org.apache.directory.fortress.core.model.User)18
UserRole (org.apache.directory.fortress.core.model.UserRole)16
Relationship (org.apache.directory.fortress.core.model.Relationship)15
Role (org.apache.directory.fortress.core.model.Role)15
SDSet (org.apache.directory.fortress.core.model.SDSet)8
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)8
Permission (org.apache.directory.fortress.core.model.Permission)5
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)4
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)3
SecurityException (org.apache.directory.fortress.core.SecurityException)3
PwPolicy (org.apache.directory.fortress.core.model.PwPolicy)2
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)2
Method (java.lang.reflect.Method)1
ArrayList (java.util.ArrayList)1
AdminMgr (org.apache.directory.fortress.core.AdminMgr)1
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)1
FinderException (org.apache.directory.fortress.core.FinderException)1
Group (org.apache.directory.fortress.core.model.Group)1
