Search in sources :

Example 26 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation(operationName = "deleteInheritanceOU")
public void deleteInheritance(OrgUnit parent, OrgUnit child) throws SecurityException {
    String methodName = "deleteInheritanceOU";
    assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
    VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parent);
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().validateRelationship(child, parent, true);
    } else {
        PsoUtil.getInstance().validateRelationship(child, parent, true);
    }
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
    } else {
        PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.REM);
    }
    OrgUnit cOrg = ouP.read(child);
    cOrg.setContextId(this.contextId);
    cOrg.delParent(parent.getName());
    setAdminData(CLS_NM, methodName, cOrg);
    // are there any parents left?
    if (!CollectionUtils.isNotEmpty(cOrg.getParents())) {
        // The updates only update non-empty multi-occurring attributes
        // so if last parent assigned, so must remove the attribute completely:
        ouP.deleteParent(cOrg);
    } else {
        ouP.update(cOrg);
    }
}
Also used : OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) Relationship(org.apache.directory.fortress.core.model.Relationship) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 27 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method deleteRole.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void deleteRole(AdminRole role) throws SecurityException {
    String methodName = "deleteRole";
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, role);
    int numChildren = AdminRoleUtil.numChildren(role.getName(), role.getContextId());
    if (numChildren > 0) {
        String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
        throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
    }
    // search for all users assigned this role and deassign:
    List<User> users = userP.getAssignedUsers(role);
    if (users != null) {
        for (User ue : users) {
            User user = new User(ue.getUserId());
            UserAdminRole uAdminRole = new UserAdminRole(ue.getUserId(), role.getName());
            uAdminRole.setContextId(contextId);
            setAdminData(CLS_NM, methodName, user);
            deassignUser(uAdminRole);
        }
    }
    permP.remove(role);
    // remove all parent relationships from the role graph:
    Set<String> parents = AdminRoleUtil.getParents(role.getName(), this.contextId);
    if (parents != null) {
        for (String parent : parents) {
            AdminRoleUtil.updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
        }
    }
    admRP.delete(role);
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) Relationship(org.apache.directory.fortress.core.model.Relationship) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 28 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void addInheritance(AdminRole parentRole, AdminRole childRole) throws SecurityException {
    String methodName = "addInheritanceRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    // make sure the parent role is already there:
    admRP.read(parentRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, false);
    // make sure the child role is already there:
    AdminRole cRole = new AdminRole(childRole.getName());
    cRole.setContextId(this.contextId);
    cRole = admRP.read(cRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(cRole.getParents());
    cRole2.setParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
    admRP.update(cRole2);
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 29 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addInheritance.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation(operationName = "addInheritanceOU")
public void addInheritance(OrgUnit parent, OrgUnit child) throws SecurityException {
    String methodName = "addInheritanceOU";
    assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
    VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, parent);
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().validateRelationship(child, parent, false);
    } else {
        PsoUtil.getInstance().validateRelationship(child, parent, false);
    }
    // validate that both orgs are present:
    ouP.read(parent);
    OrgUnit cOrg = ouP.read(child);
    cOrg.setParent(parent.getName());
    cOrg.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cOrg);
    ouP.update(cOrg);
    // we're still good, now set the hierarchical relationship:
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
    } else {
        PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
    }
}
Also used : OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) Relationship(org.apache.directory.fortress.core.model.Relationship) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 30 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addDescendant.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void addDescendant(OrgUnit parent, OrgUnit child) throws SecurityException {
    String methodName = "addDescendantOU";
    assertContext(CLS_NM, methodName, parent, GlobalErrIds.ORG_PARENT_NULL);
    VUtil.assertNotNull(parent.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    assertContext(CLS_NM, methodName, child, GlobalErrIds.ORG_CHILD_NULL);
    setEntitySession(CLS_NM, methodName, child);
    // ensure the parent OrgUnit exists:
    ouP.read(parent);
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().validateRelationship(child, parent, false);
    } else {
        PsoUtil.getInstance().validateRelationship(child, parent, false);
    }
    child.setParent(parent.getName());
    ouP.add(child);
    if (parent.getType() == OrgUnit.Type.USER) {
        UsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
    } else {
        PsoUtil.getInstance().updateHier(this.contextId, new Relationship(child.getName().toUpperCase(), parent.getName().toUpperCase()), Hier.Op.ADD);
    }
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

Relationship (org.apache.directory.fortress.core.model.Relationship)32 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15 AdminRole (org.apache.directory.fortress.core.model.AdminRole)10 SecurityException (org.apache.directory.fortress.core.SecurityException)9 Role (org.apache.directory.fortress.core.model.Role)7 UserRole (org.apache.directory.fortress.core.model.UserRole)7 Hier (org.apache.directory.fortress.core.model.Hier)6 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)6 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)6 Graphable (org.apache.directory.fortress.core.model.Graphable)5 User (org.apache.directory.fortress.core.model.User)4 PermObj (org.apache.directory.fortress.core.model.PermObj)3 HashSet (java.util.HashSet)2 Permission (org.apache.directory.fortress.core.model.Permission)2 SimpleDirectedGraph (org.jgrapht.graph.SimpleDirectedGraph)2 org.apache.directory.fortress.core (org.apache.directory.fortress.core)1 Constraint (org.apache.directory.fortress.core.model.Constraint)1 Group (org.apache.directory.fortress.core.model.Group)1 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)1 SDSet (org.apache.directory.fortress.core.model.SDSet)1