Search in sources :

Example 6 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CommandLineInterpreter method processReviewCommand.

/**
 * @param commands
 * @param options
 */
private void processReviewCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(READ_USER)) {
            command = READ_USER;
            LOG.info(READ_USER);
            User inUser = options.getUser();
            User outUser = reviewMgr.readUser(inUser);
            printUser(outUser);
        } else if (commands.contains(FIND_USERS)) {
            command = FIND_USERS;
            LOG.info(command);
            User user = options.getUser();
            List<User> outUsers = reviewMgr.findUsers(user);
            if (CollectionUtils.isNotEmpty(outUsers)) {
                int ctr = 0;
                for (User outUser : outUsers) {
                    printRow("U", "CTR ", "" + ctr++);
                    printUser(outUser);
                }
            }
        } else if (commands.contains(ASSIGNED_USERS)) {
            command = ASSIGNED_USERS;
            LOG.info(command);
            Role inRole = options.getRole();
            List<User> outUsers = reviewMgr.assignedUsers(inRole);
            if (CollectionUtils.isNotEmpty(outUsers)) {
                for (User outUser : outUsers) {
                    printUser(outUser);
                }
            }
        } else if (commands.contains(READ_ROLE)) {
            command = READ_ROLE;
            LOG.info(command);
            Role inRole = options.getRole();
            Role outRole = reviewMgr.readRole(inRole);
            printRole(outRole);
        } else if (commands.contains(FIND_ROLES)) {
            command = FIND_ROLES;
            LOG.info(command);
            String inRoleNm = options.getName();
            List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
            if (CollectionUtils.isNotEmpty(outRoles)) {
                int ctr = 0;
                for (Role outRole : outRoles) {
                    printSeparator();
                    printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
                    printRole(outRole);
                }
            }
        } else if (commands.contains(ASSIGNED_ROLES)) {
            command = ASSIGNED_ROLES;
            LOG.info(command);
            String userId = options.getUserId();
            List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
            if (uRoles != null) {
                for (UserRole ur : uRoles) {
                    printTemporal("R", ur, "RBACROLE");
                    printSeparator();
                }
            }
        } else if (commands.contains(READ_POBJ)) {
            command = READ_POBJ;
            LOG.info(command);
            PermObj inPermObj = options.getPermObj();
            PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
            printPermObj(outPermObj);
        } else if (commands.contains(FIND_POBJS)) {
            command = FIND_POBJS;
            LOG.info(command);
            PermObj inPermObj = options.getPermObj();
            List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
            if (CollectionUtils.isNotEmpty(outPermObjs)) {
                int ctr = 0;
                for (PermObj outPermObj : outPermObjs) {
                    printSeparator();
                    printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
                    printPermObj(outPermObj);
                }
            }
        } else if (commands.contains(READ_PERM)) {
            command = READ_PERM;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            Permission outPerm = reviewMgr.readPermission(inPerm);
            printPermission(outPerm);
        } else if (commands.contains(FIND_PERMS)) {
            command = FIND_PERMS;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
            if (CollectionUtils.isNotEmpty(outPerms)) {
                int ctr = 0;
                for (Permission outPerm : outPerms) {
                    printSeparator();
                    printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
                    printPermission(outPerm);
                }
            }
        } else {
            LOG.warn("unknown review operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) PermObj(org.apache.directory.fortress.core.model.PermObj) User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) Permission(org.apache.directory.fortress.core.model.Permission) ArrayList(java.util.ArrayList) List(java.util.List) SecurityException(org.apache.directory.fortress.core.SecurityException) Constraint(org.apache.directory.fortress.core.model.Constraint)

Example 7 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CommandLineInterpreter method processDelegatedAdminCommand.

private void processDelegatedAdminCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(ADD_ROLE)) {
            command = ADD_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.addRole(role);
        } else if (commands.contains(UPDATE_ROLE)) {
            command = UPDATE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.updateRole(role);
        } else if (commands.contains(DELETE_ROLE)) {
            command = DELETE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.deleteRole(role);
        } else if (commands.contains(ASSIGN_ROLE)) {
            command = ASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.assignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(DEASSIGN_ROLE)) {
            command = DEASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.deassignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(ADD_ROLE_INHERITANCE)) {
            command = ADD_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
            command = DELETE_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(ADD_POBJ)) {
            command = ADD_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.addPermObj(permObj);
        } else if (commands.contains(UPDATE_POBJ)) {
            command = UPDATE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.updatePermObj(permObj);
        } else if (commands.contains(DELETE_POBJ)) {
            command = DELETE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.deletePermObj(permObj);
        } else if (commands.contains(ADD_PERM)) {
            command = ADD_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.addPermission(perm);
        } else if (commands.contains(UPDATE_PERM)) {
            command = UPDATE_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.updatePermission(perm);
        } else if (commands.contains(DELETE_PERM)) {
            command = DELETE_PERM;
            LOG.info(command);
            Permission permObj = options.getPermission();
            delAdminMgr.deletePermission(permObj);
        } else if (commands.contains(GRANT)) {
            command = GRANT;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.grantPermission(perm, role);
        } else if (commands.contains(REVOKE)) {
            command = REVOKE;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.revokePermission(perm, role);
        } else if (commands.contains(ADD_USERORG)) {
            command = ADD_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_USERORG)) {
            command = UPDATE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_USERORG)) {
            command = DELETE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_USERORG_INHERITANCE)) {
            command = ADD_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(DELETE_USERORG_INHERITANCE)) {
            command = DELETE_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(ADD_PERMORG)) {
            command = ADD_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_PERMORG)) {
            command = UPDATE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_PERMORG)) {
            command = DELETE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_PERMORG_INHERITANCE)) {
            command = ADD_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else if (commands.contains(DELETE_PERMORG_INHERITANCE)) {
            command = DELETE_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else {
            LOG.warn("unknown delegated admin operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (org.apache.directory.fortress.core.SecurityException se) {
        String error = "processDelegatedAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) org.apache.directory.fortress.core(org.apache.directory.fortress.core) PermObj(org.apache.directory.fortress.core.model.PermObj) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) Relationship(org.apache.directory.fortress.core.model.Relationship) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 8 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class GroupMgrImpl method assign.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public Group assign(Group group, String member) throws SecurityException {
    String methodName = "assign";
    assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
    checkAccess(CLS_NM, methodName);
    ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
    String dn;
    if (group.getType() == Group.Type.ROLE) {
        Role inRole = new Role(member);
        inRole.setContextId(group.getContextId());
        Role role = reviewMgr.readRole(inRole);
        dn = role.getDn();
        // Validate SSD constraints
        SDUtil.getInstance().validateSSD(group, role);
    } else {
        User inUser = new User(member);
        inUser.setContextId(group.getContextId());
        User user = reviewMgr.readUser(inUser);
        dn = user.getDn();
    }
    return groupP.assign(group, dn);
}
Also used : Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 9 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class GroupMgrImpl method deassign.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public Group deassign(Group group, String member) throws SecurityException {
    String methodName = "deassign";
    assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
    checkAccess(CLS_NM, methodName);
    ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
    String dn;
    if (group.getType() == Group.Type.ROLE) {
        Role role = reviewMgr.readRole(new Role(member));
        dn = role.getDn();
    } else {
        User user = reviewMgr.readUser(new User(member));
        dn = user.getDn();
    }
    return groupP.deassign(group, dn);
}
Also used : Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 10 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class GroupMgrImpl method loadRoleDns.

private void loadRoleDns(Group group) throws SecurityException {
    if (CollectionUtils.isNotEmpty(group.getMembers())) {
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
        List<String> roleDns = new ArrayList<String>();
        for (String member : group.getMembers()) {
            Role role = reviewMgr.readRole(new Role(member));
            roleDns.add(role.getDn());
        }
        group.setMembers(roleDns);
    }
}
Also used : Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) ArrayList(java.util.ArrayList)

Aggregations

Role (org.apache.directory.fortress.core.model.Role)117 UserRole (org.apache.directory.fortress.core.model.UserRole)83 SecurityException (org.apache.directory.fortress.core.SecurityException)66 AdminMgr (org.apache.directory.fortress.core.AdminMgr)40 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)30 User (org.apache.directory.fortress.core.model.User)30 AdminRole (org.apache.directory.fortress.core.model.AdminRole)25 Permission (org.apache.directory.fortress.core.model.Permission)24 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)17 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)15 Relationship (org.apache.directory.fortress.core.model.Relationship)7 SDSet (org.apache.directory.fortress.core.model.SDSet)7 FinderException (org.apache.directory.fortress.core.FinderException)6 PermObj (org.apache.directory.fortress.core.model.PermObj)6 ArrayList (java.util.ArrayList)5 Group (org.apache.directory.fortress.core.model.Group)5 Constraint (org.apache.directory.fortress.core.model.Constraint)4 FortRequest (org.apache.directory.fortress.core.model.FortRequest)4 FortResponse (org.apache.directory.fortress.core.model.FortResponse)4