Examples with RoleConstraint org.apache.directory.fortress.core.model.RoleConstraint used on opensource projects

Example 1 with RoleConstraint

use of org.apache.directory.fortress.core.model.RoleConstraint in project directory-fortress-core by apache.

the class AdminMgrImpl method removeRoleConstraint.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
    // find role constraint that needs removed
    boolean found = false;
    List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
    for (UserRole ur : userRoles) {
        // find matching name
        if (ur.getName().equals(uRole.getName())) {
            // find matching constraint
            List<RoleConstraint> rcs = ur.getRoleConstraints();
            for (RoleConstraint rc : rcs) {
                if (rc.getId().equals(roleConstraintId)) {
                    userP.deassign(uRole, rc);
                    found = true;
                    break;
                }
            }
        }
    }
    if (!found) {
        throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
    }
}

Example 2 with RoleConstraint

use of org.apache.directory.fortress.core.model.RoleConstraint in project directory-fortress-core by apache.

the class UserDAO method deassign.

/**
 * @param uRole
 * @return
 * @throws UpdateException
 * @throws FinderException
 */
String deassign(UserRole uRole) throws UpdateException, FinderException {
    LdapConnection ld = null;
    String userDn = getDn(uRole.getUserId(), uRole.getContextId());
    try {
        // read the user's RBAC role assignments to locate target record.  Need the raw data before attempting
        // removal:
        List<UserRole> roles = getUserRoles(uRole.getUserId(), uRole.getContextId());
        int indx = -1;
        // Does the user have any roles assigned?
        if (roles != null) {
            // function call will set indx to -1 if name not found:
            indx = roles.indexOf(uRole);
            // Is the targeted name assigned to user?
            if (indx > -1) {
                // Retrieve the targeted name:
                UserRole fRole = roles.get(indx);
                // delete the name assignment attribute using the raw name data:
                List<Modification> mods = new ArrayList<Modification>();
                // Remove user role constraints
                for (RoleConstraint rc : fRole.getRoleConstraints()) {
                    this.deassign(fRole, rc);
                }
                mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ROLE_DATA, fRole.getRawData()));
                mods.add(new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.USER_ROLE_ASSIGN, fRole.getName()));
                ld = getAdminConnection();
                modify(ld, userDn, mods, uRole);
            }
        }
        // target name not found:
        if (indx == -1) {
            // The user does not have the target name assigned,
            String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] " + "assignment does not exist.";
            throw new FinderException(GlobalErrIds.URLE_ASSIGN_NOT_EXIST, warning);
        }
    } catch (LdapException e) {
        String warning = "deassign userId [" + uRole.getUserId() + "] name [" + uRole.getName() + "] caught " + "LDAPException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.URLE_DEASSIGN_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userDn;
}

Example 3 with RoleConstraint

use of org.apache.directory.fortress.core.model.RoleConstraint in project directory-fortress-core by apache.

the class ReviewMgrRestImpl method findRoleConstraints.

/**
 * {@inheritDoc}
 */
@Override
public List<RoleConstraint> findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType) throws SecurityException {
    VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".findRoleConstraints");
    VUtil.assertNotNull(user, GlobalErrIds.PERM_NULL, CLS_NM + ".findRoleConstraints");
    List<RoleConstraint> retConstraints;
    FortRequest request = new FortRequest();
    request.setContextId(this.contextId);
    request.setEntity(user);
    request.setEntity2(permission);
    request.setValue(rcType.toString());
    if (this.adminSess != null) {
        request.setSession(adminSess);
    }
    String szRequest = RestUtils.marshal(request);
    String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ROLE_FIND_CONSTRAINTS);
    FortResponse response = RestUtils.unmarshall(szResponse);
    if (response.getErrorCode() == 0) {
        retConstraints = response.getEntities();
    } else {
        throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
    }
    return retConstraints;
}

Example 4 with RoleConstraint

use of org.apache.directory.fortress.core.model.RoleConstraint in project directory-fortress-core by apache.

the class ReviewMgrImplTest method readUserRoleConstraint.

public static void readUserRoleConstraint(String msg, String[] usr, String[] rle, RoleConstraint rc) {
    LogUtil.logIt(msg);
    try {
        ReviewMgr reviewMgr = getManagedReviewMgr();
        User user = UserTestData.getUser(usr);
        Role role = RoleTestData.getRole(rle);
        List<UserRole> urs = reviewMgr.assignedRoles(user);
        boolean uraFound = false;
        boolean urcFound = false;
        for (UserRole ur : urs) {
            if (ur.getName().equals(role.getName())) {
                uraFound = true;
                List<RoleConstraint> rcs = ur.getRoleConstraints();
                for (RoleConstraint r : rcs) {
                    if (r.getPaSetName().equals(rc.getPaSetName())) {
                        urcFound = true;
                        assertEquals(rc.getType(), r.getType());
                        assertEquals(rc.getValue(), r.getValue());
                        assertNotNull(r.getId());
                    }
                }
            }
        }
        if (!uraFound) {
            fail("User Role Assignment Not Found");
        }
        if (!urcFound) {
            fail("User Role Constraint Not Found");
        }
        LOG.debug("readUserRoleConstraint value [" + rc.getValue() + "] successful");
    } catch (SecurityException ex) {
        LOG.error("readUserRoleConstraint value [" + rc.getValue() + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 5 with RoleConstraint

use of org.apache.directory.fortress.core.model.RoleConstraint in project directory-fortress-core by apache.

the class AdminMgrImplTest method assignUserRoleConstraint.

public static RoleConstraint assignUserRoleConstraint(String msg, String[] usr, String[] rle, RoleConstraint rc) throws SecurityException {
    LogUtil.logIt(msg);
    AdminMgr adminMgr = getManagedAdminMgr();
    ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
    User user = UserTestData.getUser(usr);
    Role role = RoleTestData.getRole(rle);
    RoleConstraint createdRoleConstraint = adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
    LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" + role.getName() + "] " + " rcvalue [" + rc.getValue() + "]");
    // get user with consratint filter
    List<User> usersWithRc = reviewMgr.assignedUsers(role, rc);
    assertTrue(usersWithRc.size() == 1);
    assertEquals(user.getUserId(), usersWithRc.get(0).getUserId());
    return createdRoleConstraint;
}