Example 31 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class DelAdminMgrImpl method addAscendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addAscendant(AdminRole childRole, AdminRole parentRole) throws SecurityException {
String methodName = "addAscendantRole";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.ARLE_PARENT_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.ARLE_CHILD_NULL);
// ensure the child AdminRole exists:
AdminRole newChild = admRP.read(childRole);
AdminRoleUtil.validateRelationship(childRole, parentRole, false);
admRP.add(parentRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
AdminRole cRole2 = new AdminRole(childRole.getName());
cRole2.setParents(newChild.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
admRP.update(cRole2);
AdminRoleUtil.updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used :
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 32 with Relationship
use of org.apache.directory.fortress.core.model.Relationship in project directory-fortress-core by apache.
the class DelAdminMgrImpl method delete.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public OrgUnit delete(OrgUnit entity) throws SecurityException {
String methodName = "deleteOU";
assertContext(CLS_NM, methodName, entity, GlobalErrIds.ORG_NULL);
setEntitySession(CLS_NM, methodName, entity);
VUtil.assertNotNull(entity.getType(), GlobalErrIds.ORG_TYPE_NULL, CLS_NM + "." + methodName);
int numChildren;
if (entity.getType() == OrgUnit.Type.USER) {
numChildren = UsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
} else {
numChildren = PsoUtil.getInstance().numChildren(entity.getName(), entity.getContextId());
}
if (numChildren > 0) {
String error = methodName + " orgunit [" + entity.getName() + "] must remove [" + numChildren + "] descendants before deletion";
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
if (entity.getType() == OrgUnit.Type.USER) {
// Ensure the org unit is not assigned to any users, but set the sizeLimit to "true" to limit result set size.
List<User> assignedUsers = userP.search(entity, true);
if (CollectionUtils.isNotEmpty(assignedUsers)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedUsers.size() + "] users before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_USER, error, null);
}
} else {
// Ensure the org unit is not assigned to any permission objects but set the sizeLimit to "true" to limit result set size..
// pass a "false" which places no restrictions on how many records server returns.
List<PermObj> assignedPerms = permP.search(entity, false);
if (CollectionUtils.isNotEmpty(assignedPerms)) {
String error = methodName + " orgunit [" + entity.getName() + "] must unassign [" + assignedPerms.size() + "] perm objs before deletion";
throw new SecurityException(GlobalErrIds.ORG_DEL_FAILED_PERM, error, null);
}
}
// remove all parent relationships from this org graph:
Set<String> parents;
if (entity.getType() == OrgUnit.Type.USER) {
parents = UsoUtil.getInstance().getParents(entity.getName(), this.contextId);
} else {
parents = PsoUtil.getInstance().getParents(entity.getName(), this.contextId);
}
if (parents != null) {
for (String parent : parents) {
if (entity.getType() == OrgUnit.Type.USER) {
UsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
} else {
PsoUtil.getInstance().updateHier(this.contextId, new Relationship(entity.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
}
// everything checked out good - remove the org unit from the OrgUnit data set:
return ouP.delete(entity);
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
Relationship(org.apache.directory.fortress.core.model.Relationship)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
Relationship (org.apache.directory.fortress.core.model.Relationship)32
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15
AdminRole (org.apache.directory.fortress.core.model.AdminRole)10
SecurityException (org.apache.directory.fortress.core.SecurityException)9
Role (org.apache.directory.fortress.core.model.Role)7
UserRole (org.apache.directory.fortress.core.model.UserRole)7
Hier (org.apache.directory.fortress.core.model.Hier)6
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)6
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)6
Graphable (org.apache.directory.fortress.core.model.Graphable)5
User (org.apache.directory.fortress.core.model.User)4
PermObj (org.apache.directory.fortress.core.model.PermObj)3
HashSet (java.util.HashSet)2
Permission (org.apache.directory.fortress.core.model.Permission)2
SimpleDirectedGraph (org.jgrapht.graph.SimpleDirectedGraph)2
org.apache.directory.fortress.core (org.apache.directory.fortress.core)1
Constraint (org.apache.directory.fortress.core.model.Constraint)1
Group (org.apache.directory.fortress.core.model.Group)1
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)1
SDSet (org.apache.directory.fortress.core.model.SDSet)1
