Search in sources :

Example 31 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method addAscendant.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void addAscendant(AdminRole childRole, AdminRole parentRole) throws SecurityException {
    String methodName = "addAscendantRole";
    assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
    setEntitySession(CLS_NM, methodName, parentRole);
    assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
    // ensure the child AdminRole exists:
    AdminRole newChild = admRP.read(childRole);
    AdminRoleUtil.validateRelationship(childRole, parentRole, false);
    admRP.add(parentRole);
    // Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
    AdminRole cRole2 = new AdminRole(childRole.getName());
    cRole2.setParents(newChild.getParents());
    cRole2.setParent(parentRole.getName());
    cRole2.setContextId(this.contextId);
    setAdminData(CLS_NM, methodName, cRole2);
    admRP.update(cRole2);
    AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used : Relationship(org.apache.directory.fortress.core.model.Relationship) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 32 with Relationship

use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.

the class DelAdminMgrImpl method delete.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public OrgUnit delete(OrgUnit entity) throws SecurityException {
    String methodName = "deleteOU";
    assertContext(CLS_NM, methodName, entity, GlobalErrIds.ORG_NULL);
    setEntitySession(CLS_NM, methodName, entity);
    VUtil.assertNotNull(entity.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
    int numChildren;
    if (entity.getType() == OrgUnit.Type.USER) {
        numChildren = UsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
    } else {
        numChildren = PsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
    }
    if (numChildren > 0) {
        String error = methodName + " orgunit [" + entity.getName() + "] must remove [" + numChildren + "] descendants before deletion";
        throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
    }
    if (entity.getType() == OrgUnit.Type.USER) {
        // Ensure the org unit is not assigned to any users, but set the sizeLimit to "true" to limit result set size.
        List<User> assignedUsers = userP.search(entity, true);
        if (CollectionUtils.isNotEmpty(assignedUsers)) {
            String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedUsers.size() + "] users before deletion";
            throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_USER, error, null);
        }
    } else {
        // Ensure the org unit is not assigned to any permission objects but set the sizeLimit to "true" to limit result set size..
        // pass a "false" which places no restrictions on how many records server returns.
        List<PermObj> assignedPerms = permP.search(entity, false);
        if (CollectionUtils.isNotEmpty(assignedPerms)) {
            String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedPerms.size() + "] perm objs before deletion";
            throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_PERM, error, null);
        }
    }
    // remove all parent relationships from this org graph:
    Set<String> parents;
    if (entity.getType() == OrgUnit.Type.USER) {
        parents = UsoUtil.getInstance().getParents(entity.getName(), this.contextId);
    } else {
        parents = PsoUtil.getInstance().getParents(entity.getName(), this.contextId);
    }
    if (parents != null) {
        for (String parent : parents) {
            if (entity.getType() == OrgUnit.Type.USER) {
                UsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
            } else {
                PsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
            }
        }
    }
    // everything checked out good - remove the org unit from the OrgUnit data set:
    return ouP.delete(entity);
}
Also used : PermObj(org.apache.directory.fortress.core.model.PermObj) User(org.apache.directory.fortress.core.model.User) Relationship(org.apache.directory.fortress.core.model.Relationship) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

Relationship (org.apache.directory.fortress.core.model.Relationship)32 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15 AdminRole (org.apache.directory.fortress.core.model.AdminRole)10 SecurityException (org.apache.directory.fortress.core.SecurityException)9 Role (org.apache.directory.fortress.core.model.Role)7 UserRole (org.apache.directory.fortress.core.model.UserRole)7 Hier (org.apache.directory.fortress.core.model.Hier)6 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)6 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)6 Graphable (org.apache.directory.fortress.core.model.Graphable)5 User (org.apache.directory.fortress.core.model.User)4 PermObj (org.apache.directory.fortress.core.model.PermObj)3 HashSet (java.util.HashSet)2 Permission (org.apache.directory.fortress.core.model.Permission)2 SimpleDirectedGraph (org.jgrapht.graph.SimpleDirectedGraph)2 org.apache.directory.fortress.core (org.apache.directory.fortress.core)1 Constraint (org.apache.directory.fortress.core.model.Constraint)1 Group (org.apache.directory.fortress.core.model.Group)1 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)1 SDSet (org.apache.directory.fortress.core.model.SDSet)1