Example 6 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addDescendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addDescendant(AdminRole parentRole, AdminRole childRole) throws SecurityException {
String methodName = "addDescendantRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
setEntitySession(CLS_NM, methodName, childRole);
// ensure the parent AdminRole exists:
admRP.read(parentRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, false);
childRole.setParent(parentRole.getName());
admRP.add(childRole);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 7 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class DelAdminMgrImpl method deleteInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
String methodName = "deleteInheritanceRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, true);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
// need to remove the parent from the child role:
AdminRole cRole = new AdminRole(childRole.getName());
cRole.setContextId(this.contextId);
cRole = admRP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
AdminRole cRole2 = new AdminRole(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.delParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
// are there any parents left?
if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
// The updates only update non-empty multi-occurring attributes
// so if last parent assigned, so must remove the attribute completely:
admRP.deleteParent(cRole2);
} else {
admRP.update(cRole2);
}
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 8 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class CommandLineInterpreter method processAdminCommand.
/**
* @param commands
* @param options
*/
private void processAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_USER)) {
command = ADD_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.addUser(user);
} else if (commands.contains(UPDATE_USER)) {
command = UPDATE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.updateUser(user);
} else if (commands.contains(DELETE_USER)) {
command = DELETE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.deleteUser(user);
} else if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.assignUser(new UserRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.deassignUser(new UserRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
adminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.revokePermission(perm, role);
} else if (commands.contains(CREATE_SSD_SET)) {
command = CREATE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.createSsdSet(ssd);
} else if (commands.contains(DELETE_SSD_SET)) {
command = DELETE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.deleteSsdSet(ssd);
} else if (commands.contains(CREATE_DSD_SET)) {
command = CREATE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.createDsdSet(ssd);
} else if (commands.contains(DELETE_DSD_SET)) {
command = DELETE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.deleteDsdSet(ssd);
} else if (commands.contains(CHANGE_PASSWORD)) {
command = CHANGE_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.changePassword(user, newPassword);
} else if (commands.contains(RESET_PASSWORD)) {
command = RESET_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.resetPassword(user, newPassword);
} else if (commands.contains(LOCK_USER_ACCOUNT)) {
command = LOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.lockUserAccount(user);
} else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
command = UNLOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.unlockUserAccount(user);
} else {
LOG.warn("unknown admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SDSet(org.apache.directory.fortress.core.model.SDSet)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 9 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class CommandLineInterpreter method processDelegatedAdminCommand.
private void processDelegatedAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
delAdminMgr.assignUser(new UserAdminRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
delAdminMgr.deassignUser(new UserAdminRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
delAdminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
delAdminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
delAdminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
AdminRole role = options.getAdminRole();
role.setName(options.getRoleNm());
delAdminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
AdminRole role = options.getAdminRole();
role.setName(options.getRoleNm());
delAdminMgr.revokePermission(perm, role);
} else if (commands.contains(ADD_USERORG)) {
command = ADD_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.add(orgUnit);
} else if (commands.contains(UPDATE_USERORG)) {
command = UPDATE_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.update(orgUnit);
} else if (commands.contains(DELETE_USERORG)) {
command = DELETE_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.delete(orgUnit);
} else if (commands.contains(ADD_USERORG_INHERITANCE)) {
command = ADD_USERORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
} else if (commands.contains(DELETE_USERORG_INHERITANCE)) {
command = DELETE_USERORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
} else if (commands.contains(ADD_PERMORG)) {
command = ADD_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.add(orgUnit);
} else if (commands.contains(UPDATE_PERMORG)) {
command = UPDATE_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.update(orgUnit);
} else if (commands.contains(DELETE_PERMORG)) {
command = DELETE_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.delete(orgUnit);
} else if (commands.contains(ADD_PERMORG_INHERITANCE)) {
command = ADD_PERMORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
} else if (commands.contains(DELETE_PERMORG_INHERITANCE)) {
command = DELETE_PERMORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
} else {
LOG.warn("unknown delegated admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (org.apache.directory.fortress.core.SecurityException se) {
String error = "processDelegatedAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
OrgUnit(org.apache.directory.fortress.core.model.OrgUnit)
org.apache.directory.fortress.core(org.apache.directory.fortress.core)
PermObj(org.apache.directory.fortress.core.model.PermObj)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
Example 10 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class HierUtil method getAscendants.
/**
* Private utility to recursively traverse the hierarchical graph and return all of the ascendants of a given child node.
*
* @param vertex contains node name and acts as cursor for current location.
* @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
* @param parents contains the result set of parent nodes.
* @param stopName contains the name of node where traversal ends.
* @param isInclusive if set to true will include the parentName in the result set. False will not return specified parentName.
* @return Set of names that are parents of given child.
*/
private static String getAscendants(Map<String, String> vertex, SimpleDirectedGraph<String, Relationship> graph, Set<String> parents, String stopName, boolean isInclusive) {
String v = vertex.get(VERTEX);
if (v == null) {
// vertex is null
return null;
} else if (graph == null) {
// graph is null
return null;
}
LOG.debug("getAscendants [{}]", v);
Set<Relationship> edges;
try {
edges = graph.outgoingEdgesOf(v);
} catch (java.lang.IllegalArgumentException iae) {
// vertex is leaf.
return null;
}
for (Relationship edge : edges) {
if (edge.getParent().equalsIgnoreCase(stopName)) {
if (isInclusive) {
parents.add(edge.getParent());
}
break;
} else {
vertex.put(VERTEX, edge.getParent());
parents.add(edge.getParent());
v = getAscendants(vertex, graph, parents, stopName, isInclusive);
}
}
return v;
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
Aggregations
Relationship (org.apache.directory.fortress.core.model.Relationship)32
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15
AdminRole (org.apache.directory.fortress.core.model.AdminRole)10
SecurityException (org.apache.directory.fortress.core.SecurityException)9
Role (org.apache.directory.fortress.core.model.Role)7
UserRole (org.apache.directory.fortress.core.model.UserRole)7
Hier (org.apache.directory.fortress.core.model.Hier)6
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)6
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)6
Graphable (org.apache.directory.fortress.core.model.Graphable)5
User (org.apache.directory.fortress.core.model.User)4
PermObj (org.apache.directory.fortress.core.model.PermObj)3
HashSet (java.util.HashSet)2
Permission (org.apache.directory.fortress.core.model.Permission)2
SimpleDirectedGraph (org.jgrapht.graph.SimpleDirectedGraph)2
org.apache.directory.fortress.core (org.apache.directory.fortress.core)1
Constraint (org.apache.directory.fortress.core.model.Constraint)1
Group (org.apache.directory.fortress.core.model.Group)1
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)1
SDSet (org.apache.directory.fortress.core.model.SDSet)1
