Examples with AdminRole org.apache.directory.fortress.core.model.AdminRole used on opensource projects

Search in sources :

Example 1 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminMgrImpl method grantPermission.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void grantPermission(Permission perm, Role role) throws SecurityException {
    String methodName = "grantPermission";
    assertContext(CLS_NM, methodName, perm, GlobalErrIds.PERM_OPERATION_NULL);
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
    setEntitySession(CLS_NM, methodName, perm);
    // validate role
    if (perm.isAdmin()) {
        AdminRole adminRole = new AdminRole(role.getName());
        adminRole.setContextId(this.contextId);
        adminP.read(adminRole);
    } else {
        AdminUtil.canGrant(perm.getAdminSession(), role, perm, contextId);
        roleP.read(role);
    }
    permP.grant(perm, role);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 2 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleP method removeOccupant.

/**
 * Remove the User dn occupant attribute from the OrganizationalRole entity in ldap.  This method is called by AdminMgrImpl
 * when the User is being deleted.
 *
 * @param userDn contains the userId targeted for attribute removal.
 * @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
 * @throws SecurityException in the event of DAO search error.
 */
void removeOccupant(String userDn, String contextId) throws SecurityException {
    List<String> list;
    try {
        list = rDao.findAssignedRoles(userDn, contextId);
        for (String roleNm : list) {
            AdminRole role = new AdminRole(roleNm);
            role.setContextId(contextId);
            deassign(role, userDn);
        }
    } catch (FinderException fe) {
        String error = "removeOccupant userDn [" + userDn + "] caught FinderException=" + fe;
        throw new SecurityException(GlobalErrIds.ARLE_REMOVE_OCCUPANT_FAILED, error, fe);
    }
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 3 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrImpl method updateRole.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public AdminRole updateRole(AdminRole role) throws SecurityException {
    String methodName = "updateRole";
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, role);
    AdminRole re = admRP.update(role);
    // search for all users assigned this role and update:
    List<User> users = userP.getAssignedUsers(role);
    if (CollectionUtils.isNotEmpty(users)) {
        final AdminMgr aMgr = AdminMgrFactory.createInstance(this.contextId);
        for (User ue : users) {
            User upUe = new User(ue.getUserId());
            setAdminData(CLS_NM, methodName, upUe);
            List<UserAdminRole> uaRoles = ue.getAdminRoles();
            UserAdminRole chgRole = new UserAdminRole();
            chgRole.setName(role.getName());
            chgRole.setUserId(ue.getUserId());
            chgRole.setOsPSet(role.getOsPSet());
            chgRole.setOsUSet(role.getOsUSet());
            uaRoles.remove(chgRole);
            ConstraintUtil.copy(re, chgRole);
            uaRoles.add(chgRole);
            upUe.setUserId(ue.getUserId());
            upUe.setAdminRole(chgRole);
            aMgr.updateUser(upUe);
        }
    }
    return re;
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminMgr(org.apache.directory.fortress.core.AdminMgr) DelAdminMgr(org.apache.directory.fortress.core.DelAdminMgr) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 4 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deassignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deassignUser(UserAdminRole uAdminRole) throws SecurityException {
    String methodName = "deassignUser";
    assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, uAdminRole);
    String dn = userP.deassign(uAdminRole);
    AdminRole adminRole = new AdminRole(uAdminRole.getName());
    // copy the ARBAC attributes to AdminRole:
    setAdminData(CLS_NM, methodName, adminRole);
    // Deassign user dn attribute to the adminRole, this will remove a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
    admRP.deassign(adminRole, dn);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 5 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deleteInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
    String methodName = "deleteInheritanceRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, true);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
    // need to remove the parent from the child role:
    AdminRole cRole = new AdminRole(childRole.getName());
    cRole.setContextId(this.contextId);
    cRole = admRP.read(cRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(cRole.getParents());
    cRole2.delParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    // are there any parents left?
    if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
        // The updates only update non-empty multi-occurring attributes
        // so if last parent assigned, so must remove the attribute completely:
        admRP.deleteParent(cRole2);
    } else {
        admRP.update(cRole2);
    }
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

AdminRole (org.apache.directory.fortress.core.model.AdminRole)46 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)37 SecurityException (org.apache.directory.fortress.core.SecurityException)18 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)10 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)8 DelReviewMgr (org.apache.directory.fortress.core.DelReviewMgr)5 Role (org.apache.directory.fortress.core.model.Role)5 FortRequest (org.apache.directory.fortress.core.model.FortRequest)4 FortResponse (org.apache.directory.fortress.core.model.FortResponse)4 Relationship (org.apache.directory.fortress.core.model.Relationship)4 FinderException (org.apache.directory.fortress.core.FinderException)3 User (org.apache.directory.fortress.core.model.User)3 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)2 PermObj (org.apache.directory.fortress.core.model.PermObj)2 Permission (org.apache.directory.fortress.core.model.Permission)2 UserRole (org.apache.directory.fortress.core.model.UserRole)2 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)2 ArrayList (java.util.ArrayList)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial