Examples with User org.apache.directory.fortress.core.model.User used on opensource projects

Example 1 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class AdminMgrImpl method removeRoleConstraint.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
    // find role constraint that needs removed
    boolean found = false;
    List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
    for (UserRole ur : userRoles) {
        // find matching name
        if (ur.getName().equals(uRole.getName())) {
            // find matching constraint
            List<RoleConstraint> rcs = ur.getRoleConstraints();
            for (RoleConstraint rc : rcs) {
                if (rc.getId().equals(roleConstraintId)) {
                    userP.deassign(uRole, rc);
                    found = true;
                    break;
                }
            }
        }
    }
    if (!found) {
        throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
    }
}

Example 2 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class AuditMgrImpl method searchAdminMods.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public List<Mod> searchAdminMods(UserAudit uAudit) throws SecurityException {
    String methodName = "searchAdminMods";
    assertContext(CLS_NM, methodName, uAudit, GlobalErrIds.AUDT_INPUT_NULL);
    checkAccess(CLS_NM, methodName);
    if (StringUtils.isNotEmpty(uAudit.getUserId())) {
        ReviewMgr rMgr = ReviewMgrFactory.createInstance(this.contextId);
        User user = rMgr.readUser(new User(uAudit.getUserId()));
        uAudit.setInternalUserId(user.getInternalId());
    }
    return auditP.searchAdminMods(uAudit);
}

Example 3 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAccessMgrImpl method checkUserRole.

/**
 * This helper function processes ARBAC URA "can assign".
 * @param session
 * @param user
 * @param role
 * @return boolean
 * @throws SecurityException
 */
private boolean checkUserRole(Session session, User user, Role role) throws SecurityException {
    boolean result = false;
    List<UserAdminRole> uaRoles = session.getAdminRoles();
    if (CollectionUtils.isNotEmpty(uaRoles)) {
        // validate user and retrieve user' ou:
        User ue = userP.read(user, false);
        for (UserAdminRole uaRole : uaRoles) {
            if (uaRole.getName().equalsIgnoreCase(SUPER_ADMIN)) {
                result = true;
                break;
            }
            Set<String> osUs = uaRole.getOsUSet();
            if (CollectionUtils.isNotEmpty(osUs)) {
                // create Set with case insensitive comparator:
                Set<String> osUsFinal = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
                for (String osU : osUs) {
                    // Add osU children to the set:
                    osUsFinal.add(osU);
                    Set<String> children = UsoUtil.getInstance().getDescendants(osU, this.contextId);
                    osUsFinal.addAll(children);
                }
                // does the admin role have authority over the user object?
                if (osUsFinal.contains(ue.getOu())) {
                    // Get the Role range for admin role:
                    Set<String> range;
                    if (uaRole.getBeginRange() != null && uaRole.getEndRange() != null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange())) {
                        range = RoleUtil.getInstance().getAscendants(uaRole.getBeginRange(), uaRole.getEndRange(), uaRole.isEndInclusive(), this.contextId);
                        if (uaRole.isBeginInclusive()) {
                            range.add(uaRole.getBeginRange());
                        }
                        if (CollectionUtils.isNotEmpty(range)) {
                            // Does admin role have authority over a role contained with the allowable role range?
                            if (range.contains(role.getName())) {
                                result = true;
                                break;
                            }
                        }
                    } else // Does admin role have authority over the role?
                    if (uaRole.getBeginRange() != null && uaRole.getBeginRange().equalsIgnoreCase(role.getName())) {
                        result = true;
                        break;
                    }
                }
            }
        }
    }
    return result;
}

Example 4 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAccessMgrImpl method addActiveRole.

/**
 * {@inheritDoc}
 */
@Override
public void addActiveRole(Session session, UserAdminRole role) throws SecurityException {
    String methodName = "addActiveRole";
    assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    role.setUserId(session.getUserId());
    List<UserAdminRole> sRoles = session.getAdminRoles();
    // If session already has admin role activated log an error and throw an exception:
    if (sRoles != null && sRoles.contains(role)) {
        String info = getFullMethodName(CLS_NM, methodName) + " User [" + session.getUserId() + "] Role [" + role.getName() + "] role already activated.";
        throw new SecurityException(GlobalErrIds.ARLE_ALREADY_ACTIVE, info);
    }
    User ue = userP.read(session.getUser(), true);
    List<UserAdminRole> uRoles = ue.getAdminRoles();
    int indx;
    // Is the admin role activation target valid for this user?
    if (!CollectionUtils.isNotEmpty(uRoles) || ((indx = uRoles.indexOf(role)) == -1)) {
        String info = getFullMethodName(CLS_NM, methodName) + " Admin Role [" + role.getName() + "] User [" + session.getUserId() + "] adminRole not authorized for user.";
        throw new SecurityException(GlobalErrIds.ARLE_ACTIVATE_FAILED, info);
    }
    SDUtil.getInstance().validateDSD(session, role);
    // now activate the role to the session:
    session.setRole(uRoles.get(indx));
}

Example 5 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAdminMgrImpl method updateRole.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public AdminRole updateRole(AdminRole role) throws SecurityException {
    String methodName = "updateRole";
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    setEntitySession(CLS_NM, methodName, role);
    AdminRole re = admRP.update(role);
    // search for all users assigned this role and update:
    List<User> users = userP.getAssignedUsers(role);
    if (CollectionUtils.isNotEmpty(users)) {
        final AdminMgr aMgr = AdminMgrFactory.createInstance(this.contextId);
        for (User ue : users) {
            User upUe = new User(ue.getUserId());
            setAdminData(CLS_NM, methodName, upUe);
            List<UserAdminRole> uaRoles = ue.getAdminRoles();
            UserAdminRole chgRole = new UserAdminRole();
            chgRole.setName(role.getName());
            chgRole.setUserId(ue.getUserId());
            chgRole.setOsPSet(role.getOsPSet());
            chgRole.setOsUSet(role.getOsUSet());
            uaRoles.remove(chgRole);
            ConstraintUtil.copy(re, chgRole);
            uaRoles.add(chgRole);
            upUe.setUserId(ue.getUserId());
            upUe.setAdminRole(chgRole);
            aMgr.updateUser(upUe);
        }
    }
    return re;
}