Search in sources :

Example 31 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class AdminMgrImpl method addSsdRoleMember.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public SDSet addSsdRoleMember(SDSet ssdSet, Role role) throws SecurityException {
    String methodName = "addSsdRoleMember";
    assertContext(CLS_NM, methodName, ssdSet, GlobalErrIds.SSD_NULL);
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
    setEntitySession(CLS_NM, methodName, ssdSet);
    SDSet entity = sdP.read(ssdSet);
    entity.setContextId(this.contextId);
    entity.addMember(role.getName());
    setAdminData(CLS_NM, methodName, entity);
    SDSet ssdOut = sdP.update(entity);
    // remove any references to the old SSD from cache:
    clearSSDCache(role);
    return ssdOut;
}
Also used : SDSet(org.apache.directory.fortress.core.model.SDSet) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 32 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class AdminMgrImpl method deleteRole.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deleteRole(Role role) throws SecurityException {
    String methodName = "deleteRole";
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
    setEntitySession(CLS_NM, methodName, role);
    int numChildren = RoleUtil.getInstance().numChildren(role.getName(), role.getContextId());
    if (numChildren > 0) {
        String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
        LOG.error(error);
        throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
    }
    // Read the Role from LDAP:
    Role outRole = roleP.read(role);
    outRole.setContextId(role.getContextId());
    // deassign all groups assigned to this role first (because of schema's configGroup class constraints)
    List<Group> groups = groupP.roleGroups(outRole);
    for (Group group : groups) {
        group.setContextId(this.contextId);
        groupP.deassign(group, outRole.getDn());
    }
    // If user membership associated with role, remove the role object:
    if (Config.getInstance().isRoleOccupant()) {
        // this reads the role object itself:
        List<User> users = userP.getAssignedUsers(role);
        if (users != null) {
            for (User ue : users) {
                UserRole uRole = new UserRole(ue.getUserId(), role.getName());
                setAdminData(CLS_NM, methodName, uRole);
                deassignUser(uRole);
            }
        }
    } else {
        // search for all users assigned this role and deassign:
        List<String> userIds = userP.getAssignedUserIds(role);
        for (String userId : userIds) {
            UserRole uRole = new UserRole(userId, role.getName());
            setAdminData(CLS_NM, methodName, uRole);
            deassignUser(uRole);
        }
    }
    // Now remove the role association from all permissions:
    permP.remove(role);
    // remove all parent relationships from the role graph:
    Set<String> parents = RoleUtil.getInstance().getParents(role.getName(), this.contextId);
    if (parents != null) {
        for (String parent : parents) {
            RoleUtil.getInstance().updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
        }
    }
    // Finally, delete the role object:
    roleP.delete(role);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) Group(org.apache.directory.fortress.core.model.Group) User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) Relationship(org.apache.directory.fortress.core.model.Relationship) SecurityException(org.apache.directory.fortress.core.SecurityException) RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 33 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class AdminMgrImpl method assignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void assignUser(UserRole uRole) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    Role role = new Role(uRole.getName());
    role.setContextId(contextId);
    User user = new User(uRole.getUserId());
    user.setContextId(contextId);
    setEntitySession(CLS_NM, methodName, uRole);
    AdminUtil.canAssign(uRole.getAdminSession(), user, role, contextId);
    SDUtil.getInstance().validateSSD(user, role);
    // Get the default constraints from role:
    role.setContextId(this.contextId);
    Role validRole = roleP.read(role);
    // if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
    ConstraintUtil.validateOrCopy(validRole, uRole);
    // Assign the Role data to User:
    String dn = userP.assign(uRole);
    // If user membership associated with role, set it here:
    if (Config.getInstance().isRoleOccupant()) {
        setAdminData(CLS_NM, methodName, role);
        // Assign user dn attribute to the role, this will add a single, standard attribute value,
        // called "roleOccupant", directly onto the role node:
        roleP.assign(role, dn);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) User(org.apache.directory.fortress.core.model.User) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 34 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class AdminMgrImpl method deassignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deassignUser(UserRole uRole) throws SecurityException {
    String methodName = "deassignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    Role role = new Role(uRole.getName());
    role.setContextId(contextId);
    User user = new User(uRole.getUserId());
    setEntitySession(CLS_NM, methodName, uRole);
    AdminUtil.canDeassign(user.getAdminSession(), user, role, contextId);
    String dn = userP.deassign(uRole);
    // If user membership is assocated with role, remove role occupants:
    if (Config.getInstance().isRoleOccupant()) {
        setAdminData(CLS_NM, methodName, role);
        // Now "deassign" user dn attribute, this will remove a single, standard attribute value,
        // called "roleOccupant", from the node:
        roleP.deassign(role, dn);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) User(org.apache.directory.fortress.core.model.User) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 35 with AdminPermissionOperation

use of org.apache.directory.fortress.annotation.AdminPermissionOperation in project directory-fortress-core by apache.

the class AdminMgrImpl method addDsdRoleMember.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public SDSet addDsdRoleMember(SDSet dsdSet, Role role) throws SecurityException {
    String methodName = "addDsdRoleMember";
    assertContext(CLS_NM, methodName, dsdSet, GlobalErrIds.DSD_NULL);
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
    setEntitySession(CLS_NM, methodName, dsdSet);
    SDSet entity = sdP.read(dsdSet);
    entity.setContextId(this.contextId);
    entity.addMember(role.getName());
    setAdminData(CLS_NM, methodName, entity);
    SDSet dsdOut = sdP.update(entity);
    // remove any references to the old DSD from cache:
    clearDSDCache(dsdSet);
    return dsdOut;
}
Also used : SDSet(org.apache.directory.fortress.core.model.SDSet) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)54 AdminRole (org.apache.directory.fortress.core.model.AdminRole)18 User (org.apache.directory.fortress.core.model.User)18 UserRole (org.apache.directory.fortress.core.model.UserRole)16 Relationship (org.apache.directory.fortress.core.model.Relationship)15 Role (org.apache.directory.fortress.core.model.Role)15 SDSet (org.apache.directory.fortress.core.model.SDSet)8 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)8 Permission (org.apache.directory.fortress.core.model.Permission)5 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)4 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)3 SecurityException (org.apache.directory.fortress.core.SecurityException)3 PwPolicy (org.apache.directory.fortress.core.model.PwPolicy)2 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)2 Method (java.lang.reflect.Method)1 ArrayList (java.util.ArrayList)1 AdminMgr (org.apache.directory.fortress.core.AdminMgr)1 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)1 FinderException (org.apache.directory.fortress.core.FinderException)1 Group (org.apache.directory.fortress.core.model.Group)1