use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelReviewMgrImpl method assignedRoles.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public List<UserAdminRole> assignedRoles(User user) throws SecurityException {
String methodName = "assignedRoles";
assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
checkAccess(CLS_NM, methodName);
User ue = userP.read(user, true);
return ue.getAdminRoles();
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method deleteInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation(operationName = "deleteInheritanceOU")
public void deleteInheritance(OrgUnit parent, OrgUnit child) throws SecurityException {
String methodName = "deleteInheritanceOU";
assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
setEntitySession(CLS_NM, methodName, parent);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().validateRelationship(child, parent, true);
} else {
PsoUtil.getInstance().validateRelationship(child, parent, true);
}
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
}
OrgUnit cOrg = ouP.read(child);
cOrg.setContextId(this.contextId);
cOrg.delParent(parent.getName());
setAdminData(CLS_NM, methodName, cOrg);
// are there any parents left?
if (!CollectionUtils.isNotEmpty(cOrg.getParents())) {
// The updates only update non-empty multi-occurring attributes
// so if last parent assigned, so must remove the attribute completely:
ouP.deleteParent(cOrg);
} else {
ouP.update(cOrg);
}
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method deleteRole.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteRole(AdminRole role) throws SecurityException {
String methodName = "deleteRole";
assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
setEntitySession(CLS_NM, methodName, role);
int numChildren = AdminRoleUtil.numChildren(role.getName(), role.getContextId());
if (numChildren > 0) {
String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
// search for all users assigned this role and deassign:
List<User> users = userP.getAssignedUsers(role);
if (users != null) {
for (User ue : users) {
User user = new User(ue.getUserId());
UserAdminRole uAdminRole = new UserAdminRole(ue.getUserId(), role.getName());
uAdminRole.setContextId(contextId);
setAdminData(CLS_NM, methodName, user);
deassignUser(uAdminRole);
}
}
permP.remove(role);
// remove all parent relationships from the role graph:
Set<String> parents = AdminRoleUtil.getParents(role.getName(), this.contextId);
if (parents != null) {
for (String parent : parents) {
AdminRoleUtil.updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
admRP.delete(role);
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
String methodName = "addInheritanceRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
// make sure the parent role is already there:
admRP.read(parentRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, false);
// make sure the child role is already there:
AdminRole cRole = new AdminRole(childRole.getName());
cRole.setContextId(this.contextId);
cRole = admRP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
AdminRole cRole2 = new AdminRole(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
admRP.update(cRole2);
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method assignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void assignUser(UserAdminRole uAdminRole) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
setEntitySession(CLS_NM, methodName, uAdminRole);
AdminRole adminRole = new AdminRole(uAdminRole.getName());
adminRole.setContextId(uAdminRole.getContextId());
// retrieve the admin role info:
AdminRole validRole = admRP.read(adminRole);
// if the UserAdminRole entity doesn't have temporal constraints set already, copy from the AdminRole declaration:
// if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
ConstraintUtil.validateOrCopy(validRole, uAdminRole);
// copy the ARBAC AdminRole attributes to UserAdminRole:
userP.copyAdminAttrs(validRole, uAdminRole);
String dn = userP.assign(uAdminRole);
// copy the admin session info to AdminRole:
setAdminData(CLS_NM, methodName, validRole);
// Assign user dn attribute to the adminRole, this will add a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
admRP.assign(validRole, dn);
}
Aggregations