Example 51 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation(operationName = "addInheritanceOU")
public void addInheritance(OrgUnit parent, OrgUnit child) throws SecurityException {
String methodName = "addInheritanceOU";
assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
setEntitySession(CLS_NM, methodName, parent);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().validateRelationship(child, parent, false);
} else {
PsoUtil.getInstance().validateRelationship(child, parent, false);
}
// validate that both orgs are present:
ouP.read(parent);
OrgUnit cOrg = ouP.read(child);
cOrg.setParent(parent.getName());
cOrg.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cOrg);
ouP.update(cOrg);
// we're still good, now set the hierarchical relationship:
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
}
}
Also used :
OrgUnit(org.apache.directory.fortress.core.model.OrgUnit)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 52 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addDescendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addDescendant(OrgUnit parent, OrgUnit child) throws SecurityException {
String methodName = "addDescendantOU";
assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
setEntitySession(CLS_NM, methodName, child);
// ensure the parent OrgUnit exists:
ouP.read(parent);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().validateRelationship(child, parent, false);
} else {
PsoUtil.getInstance().validateRelationship(child, parent, false);
}
child.setParent(parent.getName());
ouP.add(child);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
}
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 53 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addAscendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addAscendant(AdminRole childRole, AdminRole parentRole) throws SecurityException {
String methodName = "addAscendantRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
// ensure the child AdminRole exists:
AdminRole newChild = admRP.read(childRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, false);
admRP.add(parentRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
AdminRole cRole2 = new AdminRole(childRole.getName());
cRole2.setParents(newChild.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
admRP.update(cRole2);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 54 with AdminPermissionOperation
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class DelAdminMgrImpl method delete.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public OrgUnit delete(OrgUnit entity) throws SecurityException {
String methodName = "deleteOU";
assertContext(CLS_NM, methodName, entity, GlobalErrIds.ORG_NULL);
setEntitySession(CLS_NM, methodName, entity);
VUtil.assertNotNull(entity.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
int numChildren;
if (entity.getType() == OrgUnit.Type.USER) {
numChildren = UsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
} else {
numChildren = PsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
}
if (numChildren > 0) {
String error = methodName + " orgunit [" + entity.getName() + "] must remove [" + numChildren + "] descendants before deletion";
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
if (entity.getType() == OrgUnit.Type.USER) {
// Ensure the org unit is not assigned to any users, but set the sizeLimit to "true" to limit result set size.
List<User> assignedUsers = userP.search(entity, true);
if (CollectionUtils.isNotEmpty(assignedUsers)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedUsers.size() + "] users before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_USER, error, null);
}
} else {
// Ensure the org unit is not assigned to any permission objects but set the sizeLimit to "true" to limit result set size..
// pass a "false" which places no restrictions on how many records server returns.
List<PermObj> assignedPerms = permP.search(entity, false);
if (CollectionUtils.isNotEmpty(assignedPerms)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedPerms.size() + "] perm objs before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_PERM, error, null);
}
}
// remove all parent relationships from this org graph:
Set<String> parents;
if (entity.getType() == OrgUnit.Type.USER) {
parents = UsoUtil.getInstance().getParents(entity.getName(), this.contextId);
} else {
parents = PsoUtil.getInstance().getParents(entity.getName(), this.contextId);
}
if (parents != null) {
for (String parent : parents) {
if (entity.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
}
// everything checked out good - remove the org unit from the OrgUnit data set:
return ouP.delete(entity);
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
Relationship(org.apache.directory.fortress.core.model.Relationship)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)54
AdminRole (org.apache.directory.fortress.core.model.AdminRole)18
User (org.apache.directory.fortress.core.model.User)18
UserRole (org.apache.directory.fortress.core.model.UserRole)16
Relationship (org.apache.directory.fortress.core.model.Relationship)15
Role (org.apache.directory.fortress.core.model.Role)15
SDSet (org.apache.directory.fortress.core.model.SDSet)8
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)8
Permission (org.apache.directory.fortress.core.model.Permission)5
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)4
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)3
SecurityException (org.apache.directory.fortress.core.SecurityException)3
PwPolicy (org.apache.directory.fortress.core.model.PwPolicy)2
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)2
Method (java.lang.reflect.Method)1
ArrayList (java.util.ArrayList)1
AdminMgr (org.apache.directory.fortress.core.AdminMgr)1
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)1
FinderException (org.apache.directory.fortress.core.FinderException)1
Group (org.apache.directory.fortress.core.model.Group)1
