Search in sources :

Example 41 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleDAO method getRole.

/**
 * This method will retrieve the AdminRole from {@link GlobalIds#ADMIN_ROLE_ROOT} container by name.
 *
 * @param adminRole maps to {@link AdminRole#name}.
 * @return AdminRole back to client.
 * @throws FinderException in the event LDAP errors occur.
 */
AdminRole getRole(AdminRole adminRole) throws FinderException {
    AdminRole entity = null;
    LdapConnection ld = null;
    String dn = getDn(adminRole);
    try {
        ld = getAdminConnection();
        Entry findEntry = read(ld, dn, ROLE_ATRS);
        if (findEntry != null) {
            entity = unloadLdapEntry(findEntry, 0, adminRole.getContextId());
        }
        if (entity == null) {
            String warning = "getRole name [" + adminRole.getName() + "] no entry found dn [" + dn + "]";
            throw new FinderException(GlobalErrIds.ARLE_NOT_FOUND, warning);
        }
    } catch (LdapNoSuchObjectException e) {
        String warning = "getRole name [" + adminRole.getName() + "] Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
        throw new FinderException(GlobalErrIds.ARLE_NOT_FOUND, warning, e);
    } catch (LdapException e) {
        String error = "getRole dn [" + dn + "] LEXCD=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_READ_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return entity;
}
Also used : LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException) FinderException(org.apache.directory.fortress.core.FinderException) DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry) Entry(org.apache.directory.api.ldap.model.entry.Entry) AdminRole(org.apache.directory.fortress.core.model.AdminRole) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 42 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleP method addOccupant.

/**
 * Add the User dn occupant attribute to the OrganizationalRole entity in ldap.  This method is called by AdminMgrImpl
 * when the User is being added.
 *
 * @param uRoles contains a collection of UserAdminRole being targeted for assignment.
 * @param userDn contains the userId targeted for attribute addition.
 * @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
 * @throws SecurityException in the event of DAO search error.
 */
void addOccupant(List<UserAdminRole> uRoles, String userDn, String contextId) throws SecurityException {
    if (CollectionUtils.isNotEmpty(uRoles)) {
        for (UserAdminRole uRole : uRoles) {
            AdminRole role = new AdminRole(uRole.getName());
            role.setContextId(contextId);
            assign(role, userDn);
        }
    }
}
Also used : UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 43 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class AdminRoleP method update.

/**
 * Updates existing AdminRole entity in directory.   e.g., the AdminRole description and temporal constraints
 * updated.
 *
 * @param entity Admin Role entity contains data targeted for updating.
 * @return AdminRole entity contains fully populated updated entity.
 * @throws SecurityException in the event of data validation or DAO system error.
 */
AdminRole update(AdminRole entity) throws SecurityException {
    validate(entity);
    AdminRole updateEntity = rDao.update(entity);
    return read(updateEntity);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 44 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void addInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
    String methodName = "addInheritanceRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    // make sure the parent role is already there:
    admRP.read(parentRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, false);
    // make sure the child role is already there:
    AdminRole cRole = new AdminRole(childRole.getName());
    cRole.setContextId(this.contextId);
    cRole = admRP.read(cRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(cRole.getParents());
    cRole2.setParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
    admRP.update(cRole2);
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 45 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrImpl method assignUser.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void assignUser(UserAdminRole uAdminRole) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, uAdminRole);
    AdminRole adminRole = new AdminRole(uAdminRole.getName());
    adminRole.setContextId(uAdminRole.getContextId());
    // retrieve the admin role info:
    AdminRole validRole = admRP.read(adminRole);
    // if the UserAdminRole entity doesn't have temporal constraints set already, copy from the AdminRole declaration:
    // if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
    ConstraintUtil.validateOrCopy(validRole, uAdminRole);
    // copy the ARBAC AdminRole attributes to UserAdminRole:
    userP.copyAdminAttrs(validRole, uAdminRole);
    String dn = userP.assign(uAdminRole);
    // copy the admin session info to AdminRole:
    setAdminData(CLS_NM, methodName, validRole);
    // Assign user dn attribute to the adminRole, this will add a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
    admRP.assign(validRole, dn);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

AdminRole (org.apache.directory.fortress.core.model.AdminRole)46 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)37 SecurityException (org.apache.directory.fortress.core.SecurityException)18 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)10 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)8 DelReviewMgr (org.apache.directory.fortress.core.DelReviewMgr)5 Role (org.apache.directory.fortress.core.model.Role)5 FortRequest (org.apache.directory.fortress.core.model.FortRequest)4 FortResponse (org.apache.directory.fortress.core.model.FortResponse)4 Relationship (org.apache.directory.fortress.core.model.Relationship)4 FinderException (org.apache.directory.fortress.core.FinderException)3 User (org.apache.directory.fortress.core.model.User)3 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)2 PermObj (org.apache.directory.fortress.core.model.PermObj)2 Permission (org.apache.directory.fortress.core.model.Permission)2 UserRole (org.apache.directory.fortress.core.model.UserRole)2 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)2 ArrayList (java.util.ArrayList)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1