use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method addSsdRoleMember.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public SDSet addSsdRoleMember(SDSet ssdSet, Role role) throws SecurityException {
String methodName = "addSsdRoleMember";
assertContext(CLS_NM, methodName, ssdSet, GlobalErrIds.SSD_NULL);
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, ssdSet);
SDSet entity = sdP.read(ssdSet);
entity.setContextId(this.contextId);
entity.addMember(role.getName());
setAdminData(CLS_NM, methodName, entity);
SDSet ssdOut = sdP.update(entity);
// remove any references to the old SSD from cache:
clearSSDCache(role);
return ssdOut;
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteRole.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteRole(Role role) throws SecurityException {
String methodName = "deleteRole";
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, role);
int numChildren = RoleUtil.getInstance().numChildren(role.getName(), role.getContextId());
if (numChildren > 0) {
String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
LOG.error(error);
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
// Read the Role from LDAP:
Role outRole = roleP.read(role);
outRole.setContextId(role.getContextId());
// deassign all groups assigned to this role first (because of schema's configGroup class constraints)
List<Group> groups = groupP.roleGroups(outRole);
for (Group group : groups) {
group.setContextId(this.contextId);
groupP.deassign(group, outRole.getDn());
}
// If user membership associated with role, remove the role object:
if (Config.getInstance().isRoleOccupant()) {
// this reads the role object itself:
List<User> users = userP.getAssignedUsers(role);
if (users != null) {
for (User ue : users) {
UserRole uRole = new UserRole(ue.getUserId(), role.getName());
setAdminData(CLS_NM, methodName, uRole);
deassignUser(uRole);
}
}
} else {
// search for all users assigned this role and deassign:
List<String> userIds = userP.getAssignedUserIds(role);
for (String userId : userIds) {
UserRole uRole = new UserRole(userId, role.getName());
setAdminData(CLS_NM, methodName, uRole);
deassignUser(uRole);
}
}
// Now remove the role association from all permissions:
permP.remove(role);
// remove all parent relationships from the role graph:
Set<String> parents = RoleUtil.getInstance().getParents(role.getName(), this.contextId);
if (parents != null) {
for (String parent : parents) {
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
// Finally, delete the role object:
roleP.delete(role);
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method assignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void assignUser(UserRole uRole) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
Role role = new Role(uRole.getName());
role.setContextId(contextId);
User user = new User(uRole.getUserId());
user.setContextId(contextId);
setEntitySession(CLS_NM, methodName, uRole);
AdminUtil.canAssign(uRole.getAdminSession(), user, role, contextId);
SDUtil.getInstance().validateSSD(user, role);
// Get the default constraints from role:
role.setContextId(this.contextId);
Role validRole = roleP.read(role);
// if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
ConstraintUtil.validateOrCopy(validRole, uRole);
// Assign the Role data to User:
String dn = userP.assign(uRole);
// If user membership associated with role, set it here:
if (Config.getInstance().isRoleOccupant()) {
setAdminData(CLS_NM, methodName, role);
// Assign user dn attribute to the role, this will add a single, standard attribute value,
// called "roleOccupant", directly onto the role node:
roleP.assign(role, dn);
}
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method deassignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deassignUser(UserRole uRole) throws SecurityException {
String methodName = "deassignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
Role role = new Role(uRole.getName());
role.setContextId(contextId);
User user = new User(uRole.getUserId());
setEntitySession(CLS_NM, methodName, uRole);
AdminUtil.canDeassign(user.getAdminSession(), user, role, contextId);
String dn = userP.deassign(uRole);
// If user membership is assocated with role, remove role occupants:
if (Config.getInstance().isRoleOccupant()) {
setAdminData(CLS_NM, methodName, role);
// Now "deassign" user dn attribute, this will remove a single, standard attribute value,
// called "roleOccupant", from the node:
roleP.deassign(role, dn);
}
}
use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.
the class AdminMgrImpl method addDsdRoleMember.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public SDSet addDsdRoleMember(SDSet dsdSet, Role role) throws SecurityException {
String methodName = "addDsdRoleMember";
assertContext(CLS_NM, methodName, dsdSet, GlobalErrIds.DSD_NULL);
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, dsdSet);
SDSet entity = sdP.read(dsdSet);
entity.setContextId(this.contextId);
entity.addMember(role.getName());
setAdminData(CLS_NM, methodName, entity);
SDSet dsdOut = sdP.update(entity);
// remove any references to the old DSD from cache:
clearDSDCache(dsdSet);
return dsdOut;
}
Aggregations