use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.
the class AdminRoleDAO method getRole.
/**
* This method will retrieve the AdminRole from {@link GlobalIds#ADMIN_ROLE_ROOT} container by name.
*
* @param adminRole maps to {@link AdminRole#name}.
* @return AdminRole back to client.
* @throws FinderException in the event LDAP errors occur.
*/
AdminRole getRole(AdminRole adminRole) throws FinderException {
AdminRole entity = null;
LdapConnection ld = null;
String dn = getDn(adminRole);
try {
ld = getAdminConnection();
Entry findEntry = read(ld, dn, ROLE_ATRS);
if (findEntry != null) {
entity = unloadLdapEntry(findEntry, 0, adminRole.getContextId());
}
if (entity == null) {
String warning = "getRole name [" + adminRole.getName() + "] no entry found dn [" + dn + "]";
throw new FinderException(GlobalErrIds.ARLE_NOT_FOUND, warning);
}
} catch (LdapNoSuchObjectException e) {
String warning = "getRole name [" + adminRole.getName() + "] Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
throw new FinderException(GlobalErrIds.ARLE_NOT_FOUND, warning, e);
} catch (LdapException e) {
String error = "getRole dn [" + dn + "] LEXCD=" + e.getMessage();
throw new FinderException(GlobalErrIds.ARLE_READ_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.
the class AdminRoleP method addOccupant.
/**
* Add the User dn occupant attribute to the OrganizationalRole entity in ldap. This method is called by AdminMgrImpl
* when the User is being added.
*
* @param uRoles contains a collection of UserAdminRole being targeted for assignment.
* @param userDn contains the userId targeted for attribute addition.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws SecurityException in the event of DAO search error.
*/
void addOccupant(List<UserAdminRole> uRoles, String userDn, String contextId) throws SecurityException {
if (CollectionUtils.isNotEmpty(uRoles)) {
for (UserAdminRole uRole : uRoles) {
AdminRole role = new AdminRole(uRole.getName());
role.setContextId(contextId);
assign(role, userDn);
}
}
}
use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.
the class AdminRoleP method update.
/**
* Updates existing AdminRole entity in directory. e.g., the AdminRole description and temporal constraints
* updated.
*
* @param entity Admin Role entity contains data targeted for updating.
* @return AdminRole entity contains fully populated updated entity.
* @throws SecurityException in the event of data validation or DAO system error.
*/
AdminRole update(AdminRole entity) throws SecurityException {
validate(entity);
AdminRole updateEntity = rDao.update(entity);
return read(updateEntity);
}
use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
String methodName = "addInheritanceRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
// make sure the parent role is already there:
admRP.read(parentRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, false);
// make sure the child role is already there:
AdminRole cRole = new AdminRole(childRole.getName());
cRole.setContextId(this.contextId);
cRole = admRP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
AdminRole cRole2 = new AdminRole(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
admRP.update(cRole2);
}
use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.
the class DelAdminMgrImpl method assignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void assignUser(UserAdminRole uAdminRole) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
setEntitySession(CLS_NM, methodName, uAdminRole);
AdminRole adminRole = new AdminRole(uAdminRole.getName());
adminRole.setContextId(uAdminRole.getContextId());
// retrieve the admin role info:
AdminRole validRole = admRP.read(adminRole);
// if the UserAdminRole entity doesn't have temporal constraints set already, copy from the AdminRole declaration:
// if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
ConstraintUtil.validateOrCopy(validRole, uAdminRole);
// copy the ARBAC AdminRole attributes to UserAdminRole:
userP.copyAdminAttrs(validRole, uAdminRole);
String dn = userP.assign(uAdminRole);
// copy the admin session info to AdminRole:
setAdminData(CLS_NM, methodName, validRole);
// Assign user dn attribute to the adminRole, this will add a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
admRP.assign(validRole, dn);
}
Aggregations