Example 31 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class PermDAO method findPermissions.
/**
* @param ou
* @return
* @throws FinderException
*/
List<PermObj> findPermissions(OrgUnit ou, boolean limitSize) throws FinderException {
List<PermObj> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(ou.getContextId(), GlobalIds.PERM_ROOT);
try {
String ouVal = encodeSafeText(ou.getName(), GlobalIds.OU_LEN);
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OBJ_OBJECT_CLASS_NAME);
filterbuf.append(")(");
filterbuf.append(SchemaConstants.OU_AT);
filterbuf.append("=");
filterbuf.append(ouVal);
filterbuf.append("*))");
int maxLimit;
if (limitSize) {
maxLimit = 10;
} else {
maxLimit = 0;
}
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISION_OBJ_ATRS, false, maxLimit);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPobjLdapEntry(searchResults.getEntry(), sequence++, false));
}
} catch (LdapException e) {
String error = "findPermissions caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
PermObj(org.apache.directory.fortress.core.model.PermObj)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 32 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class PermDAO method findPermissions.
/**
* @param permObj
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<PermObj> findPermissions(PermObj permObj) throws FinderException {
List<PermObj> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(permObj.isAdmin(), permObj.getContextId());
try {
String permObjVal = encodeSafeText(permObj.getObjName(), GlobalIds.PERM_LEN);
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OBJ_OBJECT_CLASS_NAME);
filterbuf.append(")(");
filterbuf.append(GlobalIds.POBJ_NAME);
filterbuf.append("=");
filterbuf.append(permObjVal);
filterbuf.append("*))");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISION_OBJ_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPobjLdapEntry(searchResults.getEntry(), sequence++, permObj.isAdmin()));
}
} catch (LdapException e) {
String error = "findPermissions caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
PermObj(org.apache.directory.fortress.core.model.PermObj)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 33 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class DelAdminMgrImpl method delete.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public OrgUnit delete(OrgUnit entity) throws SecurityException {
String methodName = "deleteOU";
assertContext(CLS_NM, methodName, entity, GlobalErrIds.ORG_NULL);
setEntitySession(CLS_NM, methodName, entity);
VUtil.assertNotNull(entity.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
int numChildren;
if (entity.getType() == OrgUnit.Type.USER) {
numChildren = UsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
} else {
numChildren = PsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
}
if (numChildren > 0) {
String error = methodName + " orgunit [" + entity.getName() + "] must remove [" + numChildren + "] descendants before deletion";
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
if (entity.getType() == OrgUnit.Type.USER) {
// Ensure the org unit is not assigned to any users, but set the sizeLimit to "true" to limit result set size.
List<User> assignedUsers = userP.search(entity, true);
if (CollectionUtils.isNotEmpty(assignedUsers)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedUsers.size() + "] users before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_USER, error, null);
}
} else {
// Ensure the org unit is not assigned to any permission objects but set the sizeLimit to "true" to limit result set size..
// pass a "false" which places no restrictions on how many records server returns.
List<PermObj> assignedPerms = permP.search(entity, false);
if (CollectionUtils.isNotEmpty(assignedPerms)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedPerms.size() + "] perm objs before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_PERM, error, null);
}
}
// remove all parent relationships from this org graph:
Set<String> parents;
if (entity.getType() == OrgUnit.Type.USER) {
parents = UsoUtil.getInstance().getParents(entity.getName(), this.contextId);
} else {
parents = PsoUtil.getInstance().getParents(entity.getName(), this.contextId);
}
if (parents != null) {
for (String parent : parents) {
if (entity.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
}
// everything checked out good - remove the org unit from the OrgUnit data set:
return ouP.delete(entity);
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
Relationship(org.apache.directory.fortress.core.model.Relationship)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
PermObj (org.apache.directory.fortress.core.model.PermObj)33
SecurityException (org.apache.directory.fortress.core.SecurityException)22
AdminMgr (org.apache.directory.fortress.core.AdminMgr)7
FortRequest (org.apache.directory.fortress.core.model.FortRequest)7
FortResponse (org.apache.directory.fortress.core.model.FortResponse)7
Permission (org.apache.directory.fortress.core.model.Permission)6
Role (org.apache.directory.fortress.core.model.Role)6
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)5
AdminRole (org.apache.directory.fortress.core.model.AdminRole)5
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)5
User (org.apache.directory.fortress.core.model.User)4
ArrayList (java.util.ArrayList)3
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)3
FinderException (org.apache.directory.fortress.core.FinderException)3
Relationship (org.apache.directory.fortress.core.model.Relationship)3
UserRole (org.apache.directory.fortress.core.model.UserRole)3
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)3
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)2
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)2
Constraint (org.apache.directory.fortress.core.model.Constraint)2
