Search in sources :

Example 46 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelReviewMgrImpl method assignedRoles.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public List<UserAdminRole> assignedRoles(User user) throws SecurityException {
    String methodName = "assignedRoles";
    assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
    checkAccess(CLS_NM, methodName);
    User ue = userP.read(user, true);
    return ue.getAdminRoles();
}
Also used : User(org.apache.directory.fortress.core.model.User) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 47 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation(operationName = "deleteInheritanceOU")
public void deleteInheritance(OrgUnit parent, OrgUnit child) throws SecurityException {
    String methodName = "deleteInheritanceOU";
    assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
    VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parent);
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().validateRelationship(child, parent, true);
    } else {
        PsoUtil.getInstance().validateRelationship(child, parent, true);
    }
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
    } else {
        PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
    }
    OrgUnit cOrg = ouP.read(child);
    cOrg.setContextId(this.contextId);
    cOrg.delParent(parent.getName());
    setAdminData(CLS_NM, methodName, cOrg);
    // are there any parents left?
    if (!CollectionUtils.isNotEmpty(cOrg.getParents())) {
        // The updates only update non-empty multi-occurring attributes
        // so if last parent assigned, so must remove the attribute completely:
        ouP.deleteParent(cOrg);
    } else {
        ouP.update(cOrg);
    }
}
Also used : OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) Relationship(org.apache.directory.fortress.core.model.Relationship) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 48 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteRole.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deleteRole(AdminRole role) throws SecurityException {
    String methodName = "deleteRole";
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, role);
    int numChildren = AdminRoleUtil.numChildren(role.getName(), role.getContextId());
    if (numChildren > 0) {
        String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
        throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
    }
    // search for all users assigned this role and deassign:
    List<User> users = userP.getAssignedUsers(role);
    if (users != null) {
        for (User ue : users) {
            User user = new User(ue.getUserId());
            UserAdminRole uAdminRole = new UserAdminRole(ue.getUserId(), role.getName());
            uAdminRole.setContextId(contextId);
            setAdminData(CLS_NM, methodName, user);
            deassignUser(uAdminRole);
        }
    }
    permP.remove(role);
    // remove all parent relationships from the role graph:
    Set<String> parents = AdminRoleUtil.getParents(role.getName(), this.contextId);
    if (parents != null) {
        for (String parent : parents) {
            AdminRoleUtil.updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
        }
    }
    admRP.delete(role);
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) Relationship(org.apache.directory.fortress.core.model.Relationship) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 49 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void addInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
    String methodName = "addInheritanceRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    // make sure the parent role is already there:
    admRP.read(parentRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, false);
    // make sure the child role is already there:
    AdminRole cRole = new AdminRole(childRole.getName());
    cRole.setContextId(this.contextId);
    cRole = admRP.read(cRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(cRole.getParents());
    cRole2.setParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
    admRP.update(cRole2);
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 50 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method assignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void assignUser(UserAdminRole uAdminRole) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, uAdminRole);
    AdminRole adminRole = new AdminRole(uAdminRole.getName());
    adminRole.setContextId(uAdminRole.getContextId());
    // retrieve the admin role info:
    AdminRole validRole = admRP.read(adminRole);
    // if the UserAdminRole entity doesn't have temporal constraints set already, copy from the AdminRole declaration:
    // if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
    ConstraintUtil.validateOrCopy(validRole, uAdminRole);
    // copy the ARBAC AdminRole attributes to UserAdminRole:
    userP.copyAdminAttrs(validRole, uAdminRole);
    String dn = userP.assign(uAdminRole);
    // copy the admin session info to AdminRole:
    setAdminData(CLS_NM, methodName, validRole);
    // Assign user dn attribute to the adminRole, this will add a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
    admRP.assign(validRole, dn);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)54 AdminRole (org.apache.directory.fortress.core.model.AdminRole)18 User (org.apache.directory.fortress.core.model.User)18 UserRole (org.apache.directory.fortress.core.model.UserRole)16 Relationship (org.apache.directory.fortress.core.model.Relationship)15 Role (org.apache.directory.fortress.core.model.Role)15 SDSet (org.apache.directory.fortress.core.model.SDSet)8 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)8 Permission (org.apache.directory.fortress.core.model.Permission)5 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)4 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)3 SecurityException (org.apache.directory.fortress.core.SecurityException)3 PwPolicy (org.apache.directory.fortress.core.model.PwPolicy)2 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)2 Method (java.lang.reflect.Method)1 ArrayList (java.util.ArrayList)1 AdminMgr (org.apache.directory.fortress.core.AdminMgr)1 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)1 FinderException (org.apache.directory.fortress.core.FinderException)1 Group (org.apache.directory.fortress.core.model.Group)1