use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class UserP method findRoleConstraints.
List<RoleConstraint> findRoleConstraints(Set<String> roles, User user, RoleConstraint.RCType rcType, Set<String> paSets) throws SecurityException {
List<RoleConstraint> matchingConstraints = new ArrayList<RoleConstraint>();
// TODO: can we do this in a query?
List<UserRole> userRoles = uDao.getUser(user, true).getRoles();
for (UserRole ur : userRoles) {
// only get constraints for passed in roles
if (roles.contains(ur.getName())) {
for (RoleConstraint rc : ur.getRoleConstraints()) {
if (rc.getType().equals(rcType) && paSets.contains(rc.getPaSetName())) {
matchingConstraints.add(rc);
}
}
}
}
return matchingConstraints;
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrImpl method addRoleConstraint.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public RoleConstraint addRoleConstraint(UserRole uRole, RoleConstraint roleConstraint) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
AdminUtil.canAssign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
// todo assert roleconstraint here
userP.assign(uRole, roleConstraint);
return roleConstraint;
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteRole.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteRole(Role role) throws SecurityException {
String methodName = "deleteRole";
assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
setEntitySession(CLS_NM, methodName, role);
int numChildren = RoleUtil.getInstance().numChildren(role.getName(), role.getContextId());
if (numChildren > 0) {
String error = methodName + " role [" + role.getName() + "] must remove [" + numChildren + "] descendants before deletion";
LOG.error(error);
throw new SecurityException(GlobalErrIds.HIER_DEL_FAILED_HAS_CHILD, error, null);
}
// Read the Role from LDAP:
Role outRole = roleP.read(role);
outRole.setContextId(role.getContextId());
// deassign all groups assigned to this role first (because of schema's configGroup class constraints)
List<Group> groups = groupP.roleGroups(outRole);
for (Group group : groups) {
group.setContextId(this.contextId);
groupP.deassign(group, outRole.getDn());
}
// If user membership associated with role, remove the role object:
if (Config.getInstance().isRoleOccupant()) {
// this reads the role object itself:
List<User> users = userP.getAssignedUsers(role);
if (users != null) {
for (User ue : users) {
UserRole uRole = new UserRole(ue.getUserId(), role.getName());
setAdminData(CLS_NM, methodName, uRole);
deassignUser(uRole);
}
}
} else {
// search for all users assigned this role and deassign:
List<String> userIds = userP.getAssignedUserIds(role);
for (String userId : userIds) {
UserRole uRole = new UserRole(userId, role.getName());
setAdminData(CLS_NM, methodName, uRole);
deassignUser(uRole);
}
}
// Now remove the role association from all permissions:
permP.remove(role);
// remove all parent relationships from the role graph:
Set<String> parents = RoleUtil.getInstance().getParents(role.getName(), this.contextId);
if (parents != null) {
for (String parent : parents) {
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(role.getName().toUpperCase(), parent.toUpperCase()), Hier.Op.REM);
}
}
// Finally, delete the role object:
roleP.delete(role);
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrImpl method assignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void assignUser(UserRole uRole) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
Role role = new Role(uRole.getName());
role.setContextId(contextId);
User user = new User(uRole.getUserId());
user.setContextId(contextId);
setEntitySession(CLS_NM, methodName, uRole);
AdminUtil.canAssign(uRole.getAdminSession(), user, role, contextId);
SDUtil.getInstance().validateSSD(user, role);
// Get the default constraints from role:
role.setContextId(this.contextId);
Role validRole = roleP.read(role);
// if the input role entity attribute doesn't have temporal constraints set, copy from the role declaration:
ConstraintUtil.validateOrCopy(validRole, uRole);
// Assign the Role data to User:
String dn = userP.assign(uRole);
// If user membership associated with role, set it here:
if (Config.getInstance().isRoleOccupant()) {
setAdminData(CLS_NM, methodName, role);
// Assign user dn attribute to the role, this will add a single, standard attribute value,
// called "roleOccupant", directly onto the role node:
roleP.assign(role, dn);
}
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrImpl method deassignUser.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deassignUser(UserRole uRole) throws SecurityException {
String methodName = "deassignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
Role role = new Role(uRole.getName());
role.setContextId(contextId);
User user = new User(uRole.getUserId());
setEntitySession(CLS_NM, methodName, uRole);
AdminUtil.canDeassign(user.getAdminSession(), user, role, contextId);
String dn = userP.deassign(uRole);
// If user membership is assocated with role, remove role occupants:
if (Config.getInstance().isRoleOccupant()) {
setAdminData(CLS_NM, methodName, role);
// Now "deassign" user dn attribute, this will remove a single, standard attribute value,
// called "roleOccupant", from the node:
roleP.deassign(role, dn);
}
}
Aggregations