Search in sources :

Example 36 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelegatedAdminMgrConsole method removeRoleInheritance.

/**
 */
void removeRoleInheritance() {
    try {
        AdminRole cre = new AdminRole();
        AdminRole pre = new AdminRole();
        ReaderUtil.clearScreen();
        System.out.println("Enter child adminRole name:");
        cre.setName(ReaderUtil.readLn());
        System.out.println("Enter parent adminRole name:");
        pre.setName(ReaderUtil.readLn());
        dAmgr.deleteInheritance(pre, cre);
        System.out.println("child adminRole [" + cre.getName() + "]");
        System.out.println("parent adminRole [" + pre.getName() + "]");
        System.out.println("inheritance relationship has been removed");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("removeRoleInheritance caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 37 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelegatedReviewMgrConsole method readRole.

/**
 */
void readRole() {
    ReaderUtil.clearScreen();
    try {
        System.out.println("Enter AdminRole name to read:");
        AdminRole role = new AdminRole();
        role.setName(ReaderUtil.readLn());
        AdminRole re = rm.readRole(role);
        if (re != null) {
            System.out.println("ADMIN ROLE OBJECT:");
            System.out.println("    name      [" + re.getName() + "]");
            System.out.println("    internalId  [" + re.getId() + "]");
            System.out.println("    description [" + re.getDescription() + "]");
            System.out.println("    osU [" + re.getOsUSet() + "]");
            System.out.println("    osP [" + re.getOsPSet() + "]");
            ReviewMgrConsole.printTemporal(re, "ADMINROLE");
        } else {
            System.out.println("    name [" + role.getName() + "] was not found");
        }
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("readRole caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 38 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class PermP method validate.

/**
 * Method will perform various validations to ensure the integrity of the Permission Operation entity targeted for insertion
 * or updating in directory.  Data reasonability checks will be performed on all non-null attributes.
 *
 * @param pOp      Permission Operation entity contains data targeted for insertion or update.
 * @param isUpdate if true update operation is being performed which specifies a different set of targeted attributes.
 * @throws SecurityException in the event of data validation error or DAO error.
 */
private void validate(Permission pOp, boolean isUpdate) throws SecurityException {
    if (!isUpdate) {
        // operation
        if (pOp.getOpName() != null && pOp.getOpName().length() > 0) {
            VUtil.description(pOp.getOpName());
        }
    }
    if (StringUtils.isNotEmpty(pOp.getType())) {
        VUtil.description(pOp.getType());
    }
    if (StringUtils.isNotEmpty(pOp.getDescription())) {
        VUtil.description(pOp.getDescription());
    }
    // Validate Role Grants:
    if (CollectionUtils.isNotEmpty(pOp.getRoles())) {
        Set<String> roles = pOp.getRoles();
        if (pOp.isAdmin()) {
            AdminRoleP arp = new AdminRoleP();
            for (String roleNm : roles) {
                AdminRole adminRole = new AdminRole(roleNm);
                adminRole.setContextId(pOp.getContextId());
                arp.read(adminRole);
            }
        } else {
            RoleP rp = new RoleP();
            for (String roleNm : roles) {
                Role role = new Role(roleNm);
                role.setContextId(pOp.getContextId());
                rp.read(role);
            }
        }
    }
    // Validate User Grants:
    if (CollectionUtils.isNotEmpty(pOp.getUsers())) {
        Set<String> users = pOp.getUsers();
        UserP up = new UserP();
        for (String userId : users) {
            User user = new User(userId);
            user.setContextId(pOp.getContextId());
            up.read(user, false);
        }
    }
    // Validate Perm Attr Set Name
    if (CollectionUtils.isNotEmpty(pOp.getPaSets())) {
        for (String paSetName : pOp.getPaSets()) {
            validatePaSet(paSetName, pOp.getContextId());
        }
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) User(org.apache.directory.fortress.core.model.User) AdminRole(org.apache.directory.fortress.core.model.AdminRole)

Example 39 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleDAO method findRoles.

/**
 * @param adminRole
 * @return
 * @throws FinderException
 */
List<AdminRole> findRoles(AdminRole adminRole) throws FinderException {
    List<AdminRole> roleList = new ArrayList<AdminRole>();
    LdapConnection ld = null;
    String roleRoot = getRootDn(adminRole.getContextId(), GlobalIds.ADMIN_ROLE_ROOT);
    String filter;
    try {
        String searchVal = encodeSafeText(adminRole.getName(), GlobalIds.ROLE_LEN);
        filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" + ROLE_NM + "=" + searchVal + "*))";
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, ROLE_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            roleList.add(unloadLdapEntry(searchResults.getEntry(), sequence++, adminRole.getContextId()));
        }
    } catch (LdapException e) {
        String error = "findRoles name [" + adminRole.getName() + "] caught LdapException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "findRoles name [" + adminRole.getName() + "] caught CursorException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return roleList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) AdminRole(org.apache.directory.fortress.core.model.AdminRole) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 40 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleDAO method unloadLdapEntry.

/**
 * @param le
 * @return
 * @throws LdapInvalidAttributeValueException
 * @throws LdapException
 */
private AdminRole unloadLdapEntry(Entry le, long sequence, String contextId) throws LdapInvalidAttributeValueException {
    AdminRole entity = new ObjectFactory().createAdminRole();
    entity.setSequenceId(sequence);
    entity.setId(getAttribute(le, GlobalIds.FT_IID));
    entity.setDescription(getAttribute(le, SchemaConstants.DESCRIPTION_AT));
    entity.setOccupants(getAttributes(le, ROLE_OCCUPANT));
    entity.setOsPSet(getAttributeSet(le, ROLE_OSP));
    entity.setOsUSet(getAttributeSet(le, ROLE_OSU));
    entity.setName(getAttribute(le, SchemaConstants.CN_AT));
    unloadTemporal(le, entity);
    entity.setRoleRangeRaw(getAttribute(le, ROLE_RANGE));
    entity.setParents(getAttributeSet(le, GlobalIds.PARENT_NODES));
    entity.setChildren(AdminRoleUtil.getChildren(entity.getName().toUpperCase(), contextId));
    return entity;
}
Also used : ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory) AdminRole(org.apache.directory.fortress.core.model.AdminRole)

Aggregations

AdminRole (org.apache.directory.fortress.core.model.AdminRole)46 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)37 SecurityException (org.apache.directory.fortress.core.SecurityException)18 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)10 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)8 DelReviewMgr (org.apache.directory.fortress.core.DelReviewMgr)5 Role (org.apache.directory.fortress.core.model.Role)5 FortRequest (org.apache.directory.fortress.core.model.FortRequest)4 FortResponse (org.apache.directory.fortress.core.model.FortResponse)4 Relationship (org.apache.directory.fortress.core.model.Relationship)4 FinderException (org.apache.directory.fortress.core.FinderException)3 User (org.apache.directory.fortress.core.model.User)3 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)2 PermObj (org.apache.directory.fortress.core.model.PermObj)2 Permission (org.apache.directory.fortress.core.model.Permission)2 UserRole (org.apache.directory.fortress.core.model.UserRole)2 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)2 ArrayList (java.util.ArrayList)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1