Example 1 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class AdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "addInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
// make sure the parent role is already there:
Role pRole = new Role(parentRole.getName());
pRole.setContextId(this.contextId);
roleP.read(pRole);
// make sure the child role is already there:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, false);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
roleP.update(cRole2);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 2 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "deleteInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, true);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
// need to remove the parent from the child role:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.delParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
// are there any parents left?
if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
// The updates only update non-empty multi-occurring attributes
// so if last parent assigned, so must remove the attribute completely:
roleP.deleteParent(cRole2);
} else {
roleP.update(cRole2);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 3 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class AdminMgrImpl method addAscendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addAscendant(Role childRole, Role parentRole) throws SecurityException {
String methodName = "addAscendant";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
// make sure the child role is already there:
Role role = new Role(childRole.getName());
role.setContextId(this.contextId);
role = roleP.read(role);
role.setContextId(this.contextId);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, false);
roleP.add(parentRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(role.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
roleP.update(cRole2);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 4 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class AdminRoleUtil method loadGraph.
/**
* Read this ldap record,{@code cn=Hierarchies, ou=OS-P} into this entity, {@link Hier}, before loading into this collection class,{@code org.jgrapht.graph.SimpleDirectedGraph}
* using 3rd party lib, <a href="http://www.jgrapht.org/">JGraphT</a>.
*
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @return handle to simple digraph containing adminRole hierarchies.
*/
private static synchronized SimpleDirectedGraph<String, Relationship> loadGraph(String contextId) {
Hier inHier = new Hier(Hier.Type.ROLE);
inHier.setContextId(contextId);
LOG.info("loadGraph initializing ADMIN ROLE context [{}]", inHier.getContextId());
List<Graphable> descendants = null;
try {
descendants = adminRoleP.getAllDescendants(inHier.getContextId());
} catch (SecurityException se) {
LOG.info("loadGraph caught SecurityException={}", se);
}
Hier hier = HierUtil.loadHier(contextId, descendants);
SimpleDirectedGraph<String, Relationship> graph;
graph = HierUtil.buildGraph(hier);
adminRoleCache.put(getKey(contextId), graph);
return graph;
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Graphable(org.apache.directory.fortress.core.model.Graphable)
Hier(org.apache.directory.fortress.core.model.Hier)
Example 5 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addAscendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation(operationName = "addAscendantOU")
public void addAscendant(OrgUnit child, OrgUnit parent) throws SecurityException {
String methodName = "addAscendantOU";
assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
setEntitySession(CLS_NM, methodName, parent);
assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
// ensure the child OrgUnit exists:
OrgUnit newChild = ouP.read(child);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().validateRelationship(child, parent, false);
} else {
PsoUtil.getInstance().validateRelationship(child, parent, false);
}
ouP.add(parent);
newChild.setParent(parent.getName());
newChild.setContextId(this.contextId);
ouP.update(newChild);
if (parent.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
}
}
Also used :
OrgUnit(org.apache.directory.fortress.core.model.OrgUnit)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
Relationship (org.apache.directory.fortress.core.model.Relationship)32
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15
AdminRole (org.apache.directory.fortress.core.model.AdminRole)10
SecurityException (org.apache.directory.fortress.core.SecurityException)9
Role (org.apache.directory.fortress.core.model.Role)7
UserRole (org.apache.directory.fortress.core.model.UserRole)7
Hier (org.apache.directory.fortress.core.model.Hier)6
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)6
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)6
Graphable (org.apache.directory.fortress.core.model.Graphable)5
User (org.apache.directory.fortress.core.model.User)4
PermObj (org.apache.directory.fortress.core.model.PermObj)3
HashSet (java.util.HashSet)2
Permission (org.apache.directory.fortress.core.model.Permission)2
SimpleDirectedGraph (org.jgrapht.graph.SimpleDirectedGraph)2
org.apache.directory.fortress.core (org.apache.directory.fortress.core)1
Constraint (org.apache.directory.fortress.core.model.Constraint)1
Group (org.apache.directory.fortress.core.model.Group)1
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)1
SDSet (org.apache.directory.fortress.core.model.SDSet)1
