Examples with AdminPermissionOperation org.apache.directory.fortress.annotation.AdminPermissionOperation used on opensource projects

Example 11 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deassignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deassignUser(UserAdminRole uAdminRole) throws SecurityException {
    String methodName = "deassignUser";
    assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, uAdminRole);
    String dn = userP.deassign(uAdminRole);
    AdminRole adminRole = new AdminRole(uAdminRole.getName());
    // copy the ARBAC attributes to AdminRole:
    setAdminData(CLS_NM, methodName, adminRole);
    // Deassign user dn attribute to the adminRole, this will remove a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
    admRP.deassign(adminRole, dn);
}

Example 12 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deleteInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
    String methodName = "deleteInheritanceRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, true);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
    // need to remove the parent from the child role:
    AdminRole cRole = new AdminRole(childRole.getName());
    cRole.setContextId(this.contextId);
    cRole = admRP.read(cRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(cRole.getParents());
    cRole2.delParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    // are there any parents left?
    if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
        // The updates only update non-empty multi-occurring attributes
        // so if last parent assigned, so must remove the attribute completely:
        admRP.deleteParent(cRole2);
    } else {
        admRP.update(cRole2);
    }
}

Example 13 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelReviewMgrImpl method search.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation(operationName = "searchOU")
public List<OrgUnit> search(OrgUnit.Type type, String searchVal) throws SecurityException {
    String methodName = "searchOU";
    // VUtil.assertNotNullOrEmpty(searchVal, GlobalErrIds.ORG_NULL, CLS_NM + "." + methodName);
    VUtil.assertNotNull(type, GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    checkAccess(CLS_NM, methodName);
    OrgUnit orgUnit = new OrgUnit(searchVal);
    orgUnit.setType(type);
    orgUnit.setContextId(this.contextId);
    return ouP.search(orgUnit);
}

Example 14 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class DelReviewMgrImpl method findRoles.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public List<AdminRole> findRoles(String searchVal) throws SecurityException {
    String methodName = "findRoles";
    VUtil.assertNotNull(searchVal, GlobalErrIds.ARLE_NM_NULL, CLS_NM + "." + methodName);
    checkAccess(CLS_NM, methodName);
    AdminRole adminRole = new AdminRole(searchVal);
    adminRole.setContextId(this.contextId);
    return admRP.search(adminRole);
}

Example 15 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class GroupMgrImpl method assign.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public Group assign(Group group, String member) throws SecurityException {
    String methodName = "assign";
    assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
    checkAccess(CLS_NM, methodName);
    ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
    String dn;
    if (group.getType() == Group.Type.ROLE) {
        Role inRole = new Role(member);
        inRole.setContextId(group.getContextId());
        Role role = reviewMgr.readRole(inRole);
        dn = role.getDn();
        // Validate SSD constraints
        SDUtil.getInstance().validateSSD(group, role);
    } else {
        User inUser = new User(member);
        inUser.setContextId(group.getContextId());
        User user = reviewMgr.readUser(inUser);
        dn = user.getDn();
    }
    return groupP.assign(group, dn);
}