use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.
the class AdminMgrImpl method removeRoleConstraint.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
// find role constraint that needs removed
boolean found = false;
List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
for (UserRole ur : userRoles) {
// find matching name
if (ur.getName().equals(uRole.getName())) {
// find matching constraint
List<RoleConstraint> rcs = ur.getRoleConstraints();
for (RoleConstraint rc : rcs) {
if (rc.getId().equals(roleConstraintId)) {
userP.deassign(uRole, rc);
found = true;
break;
}
}
}
}
if (!found) {
throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
}
}
use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.
the class AdminRoleDAO method findAssignedRoles.
/**
* @param userDn
* @return
* @throws FinderException
*/
List<String> findAssignedRoles(String userDn, String contextId) throws FinderException {
List<String> roleNameList = new ArrayList<>();
LdapConnection ld = null;
String roleRoot = getRootDn(contextId, GlobalIds.ADMIN_ROLE_ROOT);
try {
String filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")";
filter += "(" + ROLE_OCCUPANT + "=" + userDn + "))";
ld = getAdminConnection();
SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, ROLE_NM_ATR, false, GlobalIds.BATCH_SIZE);
while (searchResults.next()) {
roleNameList.add(getAttribute(searchResults.getEntry(), ROLE_NM));
}
} catch (LdapException e) {
String error = "findAssignedRoles userDn [" + userDn + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ARLE_OCCUPANT_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findAssignedRoles userDn [" + userDn + "] caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ARLE_OCCUPANT_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return roleNameList;
}
use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.
the class AdminRoleDAO method getAllDescendants.
/**
* @param contextId
* @return
* @throws FinderException
*/
List<Graphable> getAllDescendants(String contextId) throws FinderException {
String[] DESC_ATRS = { ROLE_NM, GlobalIds.PARENT_NODES };
List<Graphable> descendants = new ArrayList<>();
LdapConnection ld = null;
String roleRoot = getRootDn(contextId, GlobalIds.ADMIN_ROLE_ROOT);
String filter = null;
try {
filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" + GlobalIds.PARENT_NODES + "=*))";
ld = getAdminConnection();
SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, DESC_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
descendants.add(unloadDescendants(searchResults.getEntry(), sequence++));
}
} catch (LdapException e) {
String error = "getAllDescendants filter [" + filter + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "getAllDescendants filter [" + filter + "] caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return descendants;
}
use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.
the class AdminRoleP method removeOccupant.
/**
* Remove the User dn occupant attribute from the OrganizationalRole entity in ldap. This method is called by AdminMgrImpl
* when the User is being deleted.
*
* @param userDn contains the userId targeted for attribute removal.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws SecurityException in the event of DAO search error.
*/
void removeOccupant(String userDn, String contextId) throws SecurityException {
List<String> list;
try {
list = rDao.findAssignedRoles(userDn, contextId);
for (String roleNm : list) {
AdminRole role = new AdminRole(roleNm);
role.setContextId(contextId);
deassign(role, userDn);
}
} catch (FinderException fe) {
String error = "removeOccupant userDn [" + userDn + "] caught FinderException=" + fe;
throw new SecurityException(GlobalErrIds.ARLE_REMOVE_OCCUPANT_FAILED, error, fe);
}
}
use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.
the class PermDAO method findPermissionOperations.
List<Permission> findPermissionOperations(PermObj permObj) throws FinderException {
List<Permission> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(permObj.isAdmin(), permObj.getContextId());
try {
String permObjVal = encodeSafeText(permObj.getObjName(), GlobalIds.PERM_LEN);
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
filterbuf.append(")(");
filterbuf.append(GlobalIds.POBJ_NAME);
filterbuf.append("=");
filterbuf.append(permObjVal);
filterbuf.append("))");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, permObj.isAdmin()));
}
} catch (LdapException e) {
String error = "findPermissions caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Aggregations