Example 31 with UserAdminRole
use of org.apache.directory.fortress.core.model.UserAdminRole in project directory-fortress-core by apache.
the class AdminRoleP method addOccupant.
/**
* Add the User dn occupant attribute to the OrganizationalRole entity in ldap. This method is called by AdminMgrImpl
* when the User is being added.
*
* @param uRoles contains a collection of UserAdminRole being targeted for assignment.
* @param userDn contains the userId targeted for attribute addition.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws SecurityException in the event of DAO search error.
*/
void addOccupant(List<UserAdminRole> uRoles, String userDn, String contextId) throws SecurityException {
if (CollectionUtils.isNotEmpty(uRoles)) {
for (UserAdminRole uRole : uRoles) {
AdminRole role = new AdminRole(uRole.getName());
role.setContextId(contextId);
assign(role, userDn);
}
}
}
Also used :
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
Example 32 with UserAdminRole
use of org.apache.directory.fortress.core.model.UserAdminRole in project directory-fortress-core by apache.
the class AdminRoleUtil method getInheritedRoles.
/**
* Return Set of {@link org.apache.directory.fortress.core.model.AdminRole#name}s ascendants. Used by {@link org.apache.directory.fortress.core.impl.PermDAO#checkPermission}
* for computing authorized {@link org.apache.directory.fortress.core.model.UserAdminRole#name}s.
* @param uRoles contains list of adminRoles activated within a {@link org.apache.directory.fortress.core.model.User}'s {@link org.apache.directory.fortress.core.model.Session}.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @return contains Set of all authorized adminRoles for a given User.
*/
public static Set<String> getInheritedRoles(List<UserAdminRole> uRoles, String contextId) {
// create Set with case insensitive comparator:
Set<String> iRoles = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
if (CollectionUtils.isNotEmpty(uRoles)) {
for (UserAdminRole uRole : uRoles) {
String rleName = uRole.getName();
iRoles.add(rleName);
Set<String> parents = HierUtil.getAscendants(rleName, getGraph(contextId));
if (CollectionUtils.isNotEmpty(parents)) {
iRoles.addAll(parents);
}
}
}
return iRoles;
}
Also used :
TreeSet(java.util.TreeSet)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
Example 33 with UserAdminRole
use of org.apache.directory.fortress.core.model.UserAdminRole in project directory-fortress-core by apache.
the class DelAdminMgrImpl method deleteRole.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteRole(AdminRole role) throws SecurityException {
String methodName = "deleteRole";
assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
setEntitySession(CLS_NM, methodName, role);
int numChildren = AdminRoleUtil.numChildren(role.getName(), role.getContextId());
if (numChildren > 0) {
String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
// search for all users assigned this role and deassign:
List<User> users = userP.getAssignedUsers(role);
if (users != null) {
for (User ue : users) {
User user = new User(ue.getUserId());
UserAdminRole uAdminRole = new UserAdminRole(ue.getUserId(), role.getName());
uAdminRole.setContextId(contextId);
setAdminData(CLS_NM, methodName, user);
deassignUser(uAdminRole);
}
}
permP.remove(role);
// remove all parent relationships from the role graph:
Set<String> parents = AdminRoleUtil.getParents(role.getName(), this.contextId);
if (parents != null) {
for (String parent : parents) {
AdminRoleUtil.updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
admRP.delete(role);
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 34 with UserAdminRole
use of org.apache.directory.fortress.core.model.UserAdminRole in project directory-fortress-core by apache.
the class DelAdminMgrImpl method assignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void assignUser(UserAdminRole uAdminRole) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uAdminRole, GlobalErrIds.ARLE_NULL);
setEntitySession(CLS_NM, methodName, uAdminRole);
AdminRole adminRole = new AdminRole(uAdminRole.getName());
adminRole.setContextId(uAdminRole.getContextId());
// retrieve the admin role info:
AdminRole validRole = admRP.read(adminRole);
// if the UserAdminRole entity doesn't have temporal constraints set already, copy from the AdminRole declaration:
// if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
ConstraintUtil.validateOrCopy(validRole, uAdminRole);
// copy the ARBAC AdminRole attributes to UserAdminRole:
userP.copyAdminAttrs(validRole, uAdminRole);
String dn = userP.assign(uAdminRole);
// copy the admin session info to AdminRole:
setAdminData(CLS_NM, methodName, validRole);
// Assign user dn attribute to the adminRole, this will add a single, standard attribute value, called "roleOccupant", directly onto the adminRole node:
admRP.assign(validRole, dn);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)34
User (org.apache.directory.fortress.core.model.User)16
SecurityException (org.apache.directory.fortress.core.SecurityException)12
UserRole (org.apache.directory.fortress.core.model.UserRole)10
AdminRole (org.apache.directory.fortress.core.model.AdminRole)8
Constraint (org.apache.directory.fortress.core.model.Constraint)6
Enumeration (java.util.Enumeration)5
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)5
ArrayList (java.util.ArrayList)4
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)4
Role (org.apache.directory.fortress.core.model.Role)4
Session (org.apache.directory.fortress.core.model.Session)4
TreeSet (java.util.TreeSet)3
AccessMgr (org.apache.directory.fortress.core.AccessMgr)3
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)3
PermObj (org.apache.directory.fortress.core.model.PermObj)3
Attribute (org.apache.directory.api.ldap.model.entry.Attribute)2
DefaultAttribute (org.apache.directory.api.ldap.model.entry.DefaultAttribute)2
DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
