Example 91 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermDAO method findPermissions.
/**
* @param user
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<Permission> findPermissions(User user) throws FinderException {
List<Permission> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(user.getContextId(), GlobalIds.PERM_ROOT);
try {
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
filterbuf.append(")(|");
Set<String> roles = RoleUtil.getInstance().getInheritedRoles(user.getRoles(), user.getContextId());
if (CollectionUtils.isNotEmpty(roles)) {
for (String uRole : roles) {
filterbuf.append("(");
filterbuf.append(ROLES);
filterbuf.append("=");
filterbuf.append(encodeSafeText(uRole, GlobalIds.ROLE_LEN));
filterbuf.append(")");
}
}
filterbuf.append("(");
filterbuf.append(USERS);
filterbuf.append("=");
filterbuf.append(user.getUserId());
filterbuf.append(")))");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, false));
}
} catch (LdapException e) {
String error = "findPermissions user [" + user.getUserId() + "] caught LdapException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions user [" + user.getUserId() + "] caught CursorException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 92 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermDAO method findUserPermissions.
/**
* @param user
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<Permission> findUserPermissions(User user) throws FinderException {
List<Permission> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(user.getContextId(), GlobalIds.PERM_ROOT);
try {
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
filterbuf.append(")(");
filterbuf.append(USERS);
filterbuf.append("=");
filterbuf.append(user.getUserId());
filterbuf.append("))");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, false));
}
} catch (LdapException e) {
String error = "findUserPermissions user [" + user.getUserId() + "] caught LdapException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findUserPermissions user [" + user.getUserId() + "] caught CursorException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 93 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermDAO method unloadPopLdapEntry.
/**
* @param le
* @param sequence
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private Permission unloadPopLdapEntry(Entry le, long sequence, boolean isAdmin) throws LdapInvalidAttributeValueException {
Permission entity = new ObjectFactory().createPermission();
entity.setSequenceId(sequence);
entity.setAbstractName(getAttribute(le, PERM_NAME));
entity.setObjName(getAttribute(le, GlobalIds.POBJ_NAME));
entity.setObjId(getAttribute(le, GlobalIds.POBJ_ID));
entity.setOpName(getAttribute(le, GlobalIds.POP_NAME));
entity.setInternalId(getAttribute(le, GlobalIds.FT_IID));
entity.setRoles(getAttributeSet(le, ROLES));
entity.setUsers(getAttributeSet(le, USERS));
entity.setType(getAttribute(le, GlobalIds.TYPE));
entity.setDescription(getAttribute(le, SchemaConstants.DESCRIPTION_AT));
entity.addProperties(PropUtil.getProperties(getAttributes(le, GlobalIds.PROPS)));
entity.setAdmin(isAdmin);
entity.setPaSets(getAttributeSet(le, GlobalIds.FT_PERMISSION_ATTRIBUTE_SET));
if (le != null) {
entity.setDn(le.getDn().getNormName());
}
return entity;
}
Also used :
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
Permission(org.apache.directory.fortress.core.model.Permission)
Example 94 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermDAO method findPermissions.
/**
* Search will return a list of matching permissions that are assigned to a given RBAC or Admin role name.
* Will search the Admin perms if the "isAdmin" boolean flag is "true", otherwise it will search RBAC perm tree.
*
* @param role contains the RBAC or Admin Role name targeted for search.
* @param noInheritance if true will NOT include inherited roles in the search.
* @return List of type Permission containing fully populated matching Permission entities.
* @throws org.apache.directory.fortress.core.FinderException in the event of DAO search error.
*/
List<Permission> findPermissions(Role role, boolean noInheritance) throws FinderException {
List<Permission> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot;
boolean isAdmin = false;
if (role.getClass().equals(AdminRole.class)) {
permRoot = getRootDn(role.getContextId(), GlobalIds.ADMIN_PERM_ROOT);
isAdmin = true;
} else {
permRoot = getRootDn(role.getContextId(), GlobalIds.PERM_ROOT);
}
try {
String roleVal = encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
filterbuf.append(")(");
Set<String> roles = null;
if (!noInheritance) {
if (role.getClass().equals(AdminRole.class)) {
roles = AdminRoleUtil.getAscendants(role.getName(), role.getContextId());
} else {
roles = RoleUtil.getInstance().getAscendants(role.getName(), role.getContextId());
}
}
if (CollectionUtils.isNotEmpty(roles)) {
filterbuf.append("|(");
filterbuf.append(ROLES);
filterbuf.append("=");
filterbuf.append(roleVal);
filterbuf.append(")");
for (String uRole : roles) {
filterbuf.append("(");
filterbuf.append(ROLES);
filterbuf.append("=");
filterbuf.append(uRole);
filterbuf.append(")");
}
filterbuf.append(")");
} else {
filterbuf.append(ROLES);
filterbuf.append("=");
filterbuf.append(roleVal);
filterbuf.append(")");
}
filterbuf.append(")");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, isAdmin));
}
} catch (LdapException e) {
String error = "findPermissions caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_ROLE_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_ROLE_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
FinderException(org.apache.directory.fortress.core.FinderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
Permission(org.apache.directory.fortress.core.model.Permission)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 95 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class ReviewMgrImpl method authorizedPermissionUsers.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public Set<String> authorizedPermissionUsers(Permission perm) throws SecurityException {
Set<String> authorizedUsers = null;
String methodName = "authorizedPermissionUsers";
assertContext(CLS_NM, methodName, perm, GlobalErrIds.PERM_OPERATION_NULL);
checkAccess(CLS_NM, methodName);
// Pull the permission from ldap:
Permission pe = permP.read(perm);
// Get all roles that this permission is authorized for:
Set<String> authorizedRoles = authorizeRoles(pe.getRoles());
if (authorizedRoles != null) {
// Pull the set of users assigned to descendant or assigned roles from ldap:
authorizedUsers = userP.getAssignedUsers(authorizedRoles, this.contextId);
}
// Now add any users who have been directly assigned to this permission entity:
Set<String> assignedUsers = pe.getUsers();
if (assignedUsers != null) {
// It is possible this dataset has not yet been instantiated (if perm has no assigned roles):
if (authorizedUsers == null) {
authorizedUsers = new HashSet<>();
}
authorizedUsers.addAll(assignedUsers);
}
// The returned list includes all assigned users plus any users assigned via authorized roles.
return authorizedUsers;
}
Also used :
Permission(org.apache.directory.fortress.core.model.Permission)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
Permission (org.apache.directory.fortress.core.model.Permission)99
SecurityException (org.apache.directory.fortress.core.SecurityException)58
Role (org.apache.directory.fortress.core.model.Role)24
User (org.apache.directory.fortress.core.model.User)24
AdminMgr (org.apache.directory.fortress.core.AdminMgr)18
UserRole (org.apache.directory.fortress.core.model.UserRole)17
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)16
Session (org.apache.directory.fortress.core.model.Session)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)11
FortResponse (org.apache.directory.fortress.core.model.FortResponse)11
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)11
ArrayList (java.util.ArrayList)10
FinderException (org.apache.directory.fortress.core.FinderException)10
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)9
AdminRole (org.apache.directory.fortress.core.model.AdminRole)9
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)9
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)9
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)7
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)7
