use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class CommandLineInterpreter method processReviewCommand.
/**
* @param commands
* @param options
*/
private void processReviewCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(READ_USER)) {
command = READ_USER;
LOG.info(READ_USER);
User inUser = options.getUser();
User outUser = reviewMgr.readUser(inUser);
printUser(outUser);
} else if (commands.contains(FIND_USERS)) {
command = FIND_USERS;
LOG.info(command);
User user = options.getUser();
List<User> outUsers = reviewMgr.findUsers(user);
if (CollectionUtils.isNotEmpty(outUsers)) {
int ctr = 0;
for (User outUser : outUsers) {
printRow("U", "CTR ", "" + ctr++);
printUser(outUser);
}
}
} else if (commands.contains(ASSIGNED_USERS)) {
command = ASSIGNED_USERS;
LOG.info(command);
Role inRole = options.getRole();
List<User> outUsers = reviewMgr.assignedUsers(inRole);
if (CollectionUtils.isNotEmpty(outUsers)) {
for (User outUser : outUsers) {
printUser(outUser);
}
}
} else if (commands.contains(READ_ROLE)) {
command = READ_ROLE;
LOG.info(command);
Role inRole = options.getRole();
Role outRole = reviewMgr.readRole(inRole);
printRole(outRole);
} else if (commands.contains(FIND_ROLES)) {
command = FIND_ROLES;
LOG.info(command);
String inRoleNm = options.getName();
List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
if (CollectionUtils.isNotEmpty(outRoles)) {
int ctr = 0;
for (Role outRole : outRoles) {
printSeparator();
printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
printRole(outRole);
}
}
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
String userId = options.getUserId();
List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(READ_POBJ)) {
command = READ_POBJ;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
printPermObj(outPermObj);
} else if (commands.contains(FIND_POBJS)) {
command = FIND_POBJS;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
if (CollectionUtils.isNotEmpty(outPermObjs)) {
int ctr = 0;
for (PermObj outPermObj : outPermObjs) {
printSeparator();
printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
printPermObj(outPermObj);
}
}
} else if (commands.contains(READ_PERM)) {
command = READ_PERM;
LOG.info(command);
Permission inPerm = options.getPermission();
Permission outPerm = reviewMgr.readPermission(inPerm);
printPermission(outPerm);
} else if (commands.contains(FIND_PERMS)) {
command = FIND_PERMS;
LOG.info(command);
Permission inPerm = options.getPermission();
List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
if (CollectionUtils.isNotEmpty(outPerms)) {
int ctr = 0;
for (Permission outPerm : outPerms) {
printSeparator();
printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
printPermission(outPerm);
}
}
} else {
LOG.warn("unknown review operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class CommandLineInterpreter method processDelegatedAdminCommand.
private void processDelegatedAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
AdminRole role = options.getAdminRole();
delAdminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
delAdminMgr.assignUser(new UserAdminRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
delAdminMgr.deassignUser(new UserAdminRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
delAdminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
delAdminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
delAdminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
delAdminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
AdminRole role = options.getAdminRole();
role.setName(options.getRoleNm());
delAdminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
AdminRole role = options.getAdminRole();
role.setName(options.getRoleNm());
delAdminMgr.revokePermission(perm, role);
} else if (commands.contains(ADD_USERORG)) {
command = ADD_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.add(orgUnit);
} else if (commands.contains(UPDATE_USERORG)) {
command = UPDATE_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.update(orgUnit);
} else if (commands.contains(DELETE_USERORG)) {
command = DELETE_USERORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.USER);
delAdminMgr.delete(orgUnit);
} else if (commands.contains(ADD_USERORG_INHERITANCE)) {
command = ADD_USERORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
} else if (commands.contains(DELETE_USERORG_INHERITANCE)) {
command = DELETE_USERORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
} else if (commands.contains(ADD_PERMORG)) {
command = ADD_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.add(orgUnit);
} else if (commands.contains(UPDATE_PERMORG)) {
command = UPDATE_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.update(orgUnit);
} else if (commands.contains(DELETE_PERMORG)) {
command = DELETE_PERMORG;
LOG.info(command);
OrgUnit orgUnit = options.getOrgUnit();
orgUnit.setType(OrgUnit.Type.PERM);
delAdminMgr.delete(orgUnit);
} else if (commands.contains(ADD_PERMORG_INHERITANCE)) {
command = ADD_PERMORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
} else if (commands.contains(DELETE_PERMORG_INHERITANCE)) {
command = DELETE_PERMORG_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
} else {
LOG.warn("unknown delegated admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (org.apache.directory.fortress.core.SecurityException se) {
String error = "processDelegatedAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class GroupMgrImpl method assign.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public Group assign(Group group, String member) throws SecurityException {
String methodName = "assign";
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
String dn;
if (group.getType() == Group.Type.ROLE) {
Role inRole = new Role(member);
inRole.setContextId(group.getContextId());
Role role = reviewMgr.readRole(inRole);
dn = role.getDn();
// Validate SSD constraints
SDUtil.getInstance().validateSSD(group, role);
} else {
User inUser = new User(member);
inUser.setContextId(group.getContextId());
User user = reviewMgr.readUser(inUser);
dn = user.getDn();
}
return groupP.assign(group, dn);
}
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class GroupMgrImpl method deassign.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public Group deassign(Group group, String member) throws SecurityException {
String methodName = "deassign";
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
String dn;
if (group.getType() == Group.Type.ROLE) {
Role role = reviewMgr.readRole(new Role(member));
dn = role.getDn();
} else {
User user = reviewMgr.readUser(new User(member));
dn = user.getDn();
}
return groupP.deassign(group, dn);
}
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class GroupMgrImpl method loadRoleDns.
private void loadRoleDns(Group group) throws SecurityException {
if (CollectionUtils.isNotEmpty(group.getMembers())) {
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
List<String> roleDns = new ArrayList<String>();
for (String member : group.getMembers()) {
Role role = reviewMgr.readRole(new Role(member));
roleDns.add(role.getDn());
}
group.setMembers(roleDns);
}
}
Aggregations