directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-128 - ReviewMgr.rolePermissions needs non-hierarchical option
Date Mon, 14 Dec 2015 17:13:40 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 681c99921 -> 0caa7dd0c


 FC-128 - ReviewMgr.rolePermissions needs non-hierarchical option


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/0caa7dd0
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/0caa7dd0
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/0caa7dd0

Branch: refs/heads/master
Commit: 0caa7dd0c72a9bfbdca65081bf00c3984e3725be
Parents: 681c999
Author: Shawn McKinney <smckinney@apache.org>
Authored: Sun Dec 13 05:28:30 2015 -0600
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Sun Dec 13 05:28:30 2015 -0600

----------------------------------------------------------------------
 .../directory/fortress/core/ReviewMgr.java      | 18 ++++++
 .../directory/fortress/core/impl/PermDAO.java   | 32 +++++-----
 .../directory/fortress/core/impl/PermP.java     | 21 ++++++-
 .../fortress/core/impl/ReviewMgrImpl.java       | 63 +++++++++++++-------
 .../fortress/core/rest/ReviewMgrRestImpl.java   | 35 ++++++++---
 5 files changed, 124 insertions(+), 45 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0caa7dd0/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
index 48ea30b..0a16bbb 100755
--- a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
@@ -378,6 +378,24 @@ public interface ReviewMgr extends Manageable
 
 
     /**
+     * This function returns the set of all permissions (op, obj), granted to or inherited
by a
+     * given role. The function is valid if and only if the role is a member of the ROLES
data
+     * set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+     * </ul>
+     *
+     * @param role contains role name, {@link Role#name} of Role entity Permission is granted
to.
+     * @param noInheritance if true will NOT include inherited roles in the search.
+     * @return List of type Permission that contains all perms granted to a role.
+     * @throws SecurityException In the event system error occurs.
+     */
+    List<Permission> rolePermissions( Role role, boolean noInheritance )
+        throws SecurityException;
+
+
+    /**
      * This function returns the set of permissions a given user gets through his/her authorized
      * roles. The function is valid if and only if the user is a member of the USERS data
set.
      * <h4>required parameters</h4>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0caa7dd0/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
index 377b895..fa7ccb7 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
@@ -1234,12 +1234,16 @@ final class PermDAO extends ApacheDsDataProvider
 
 
     /**
-     * @param role
-     * @return
-     * @throws org.apache.directory.fortress.core.FinderException
+     * Search will return a list of matching permissions that are assigned to a given RBAC
or Admin role name.
+     * Will search the Admin perms if the "isAdmin" boolean flag is "true", otherwise it
will search RBAC perm tree.
+     *
+     * @param role contains the RBAC or Admin Role name targeted for search.
+     * @param noInheritance if true will NOT include inherited roles in the search.
+     * @return List of type Permission containing fully populated matching Permission entities.
+     * @throws org.apache.directory.fortress.core.FinderException in the event of DAO search
error.
      *
      */
-    List<Permission> findPermissions( Role role ) throws FinderException
+    List<Permission> findPermissions( Role role, boolean noInheritance ) throws FinderException
     {
         List<Permission> permList = new ArrayList<>();
         LdapConnection ld = null;
@@ -1255,7 +1259,6 @@ final class PermDAO extends ApacheDsDataProvider
         {
             permRoot = getRootDn( role.getContextId(), GlobalIds.PERM_ROOT );
         }
-
         try
         {
             String roleVal = encodeSafeText( role.getName(), GlobalIds.ROLE_LEN );
@@ -1263,17 +1266,18 @@ final class PermDAO extends ApacheDsDataProvider
             filterbuf.append( GlobalIds.FILTER_PREFIX );
             filterbuf.append( PERM_OP_OBJECT_CLASS_NAME );
             filterbuf.append( ")(" );
-            Set<String> roles;
-
-            if ( role.getClass().equals( AdminRole.class ) )
+            Set<String> roles = null;
+            if( !noInheritance )
             {
-                roles = AdminRoleUtil.getAscendants( role.getName(), role.getContextId()
);
-            }
-            else
-            {
-                roles = RoleUtil.getAscendants( role.getName(), role.getContextId() );
+                if ( role.getClass().equals( AdminRole.class ) )
+                {
+                    roles = AdminRoleUtil.getAscendants( role.getName(), role.getContextId()
);
+                }
+                else
+                {
+                    roles = RoleUtil.getAscendants( role.getName(), role.getContextId() );
+                }
             }
-
             if ( CollectionUtils.isNotEmpty( roles ) )
             {
                 filterbuf.append( "|(" );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0caa7dd0/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/PermP.java b/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
index b03107f..6d70ada 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
@@ -140,12 +140,27 @@ final class PermP
      * DAO class will search the Admin perms if the "isAdmin" boolean flag is "true", otherwise
it will search RBAC perm tree.
      *
      * @param role contains the RBAC or Admin Role name targeted for search.
+     * @param noInheritance if true will NOT include inherited roles in the search.
+     * @return List of type Permission containing fully populated matching Permission entities.
+     * @throws SecurityException in the event of DAO search error.
+     */
+    List<Permission> search( Role role, boolean noInheritance ) throws SecurityException
+    {
+        return pDao.findPermissions( role, noInheritance );
+    }
+
+
+    /**
+     * Search will return a list of matching permissions that are assigned to a given RBAC
or Admin role name.  The
+     * DAO class will search the Admin perms if the "isAdmin" boolean flag is "true", otherwise
it will search RBAC perm tree.
+     *
+     * @param role contains the RBAC or Admin Role name targeted for search.
      * @return List of type Permission containing fully populated matching Permission entities.
      * @throws SecurityException in the event of DAO search error.
      */
     List<Permission> search( Role role ) throws SecurityException
     {
-        return pDao.findPermissions( role );
+        return search( role, false );
     }
 
 
@@ -201,7 +216,7 @@ final class PermP
         List<Permission> list;
         try
         {
-            list = pDao.findPermissions( role );
+            list = search( role );
             for ( Permission perm : list )
             {
                 revoke( perm, role );
@@ -227,7 +242,7 @@ final class PermP
         List<Permission> list;
         try
         {
-            list = pDao.findPermissions( role );
+            list = search( role );
             for ( Permission perm : list )
             {
                 perm.setAdmin( true );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0caa7dd0/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
index a0ccefb..b538850 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
@@ -120,8 +120,8 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "readPermObj";
-        assertContext(CLS_NM, methodName, permObj, GlobalErrIds.PERM_OBJECT_NULL);
-        VUtil.assertNotNull(permObj.getObjName(), GlobalErrIds.PERM_OBJECT_NM_NULL, CLS_NM
+ "." + methodName);
+        assertContext( CLS_NM, methodName, permObj, GlobalErrIds.PERM_OBJECT_NULL );
+        VUtil.assertNotNull( permObj.getObjName(), GlobalErrIds.PERM_OBJECT_NM_NULL, CLS_NM
+ "." + methodName );
         checkAccess(CLS_NM, methodName);
         return permP.read(permObj);
     }
@@ -144,9 +144,9 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "findPermissions";
-        assertContext(CLS_NM, methodName, permission, GlobalErrIds.PERM_OPERATION_NULL);
+        assertContext( CLS_NM, methodName, permission, GlobalErrIds.PERM_OPERATION_NULL );
         checkAccess(CLS_NM, methodName);
-        return permP.search(permission);
+        return permP.search( permission );
     }
 
     /**
@@ -211,9 +211,9 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
     {
         String methodName = "readRole";
         assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
-        VUtil.assertNotNullOrEmpty(role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + "."
+ methodName);
+        VUtil.assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + "."
+ methodName );
         checkAccess(CLS_NM, methodName);
-        return roleP.read(role);
+        return roleP.read( role );
     }
 
     /**
@@ -229,11 +229,11 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "findRoles";
-        VUtil.assertNotNull(searchVal, GlobalErrIds.ROLE_NM_NULL, CLS_NM + "." + methodName);
-        checkAccess(CLS_NM, methodName);
+        VUtil.assertNotNull( searchVal, GlobalErrIds.ROLE_NM_NULL, CLS_NM + "." + methodName
);
+        checkAccess( CLS_NM, methodName );
         Role role = new Role(searchVal);
-        role.setContextId(this.contextId);
-        return roleP.search(role);
+        role.setContextId( this.contextId );
+        return roleP.search( role );
     }
 
     /**
@@ -276,10 +276,10 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "readUser";
-        assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
-        VUtil.assertNotNullOrEmpty(user.getUserId(), GlobalErrIds.USER_ID_NULL, CLS_NM +
"." + methodName);
-        checkAccess(CLS_NM, methodName);
-        return userP.read(user, true);
+        assertContext( CLS_NM, methodName, user, GlobalErrIds.USER_NULL );
+        VUtil.assertNotNullOrEmpty( user.getUserId(), GlobalErrIds.USER_ID_NULL, CLS_NM +
"." + methodName );
+        checkAccess( CLS_NM, methodName );
+        return userP.read( user, true );
     }
 
     /**
@@ -298,9 +298,9 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "findUsers";
-        assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
+        assertContext( CLS_NM, methodName, user, GlobalErrIds.USER_NULL );
         checkAccess(CLS_NM, methodName);
-        return userP.search(user);
+        return userP.search( user );
     }
 
     /**
@@ -449,11 +449,11 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "assignedRoles";
-        VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + "." + methodName);
+        VUtil.assertNotNullOrEmpty( userId, GlobalErrIds.USER_NULL, CLS_NM + "." + methodName
);
         checkAccess(CLS_NM, methodName);
         User user = new User(userId);
         user.setContextId(this.contextId);
-        return userP.getAssignedRoles(user);
+        return userP.getAssignedRoles( user );
     }
 
     /**
@@ -473,9 +473,9 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
         throws SecurityException
     {
         String methodName = "authorizedUsers";
-        assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
-        checkAccess(CLS_NM, methodName);
-        return userP.getAuthorizedUsers(role);
+        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
+        checkAccess( CLS_NM, methodName );
+        return userP.getAuthorizedUsers( role );
     }
 
     /**
@@ -524,6 +524,27 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
     public List<Permission> rolePermissions(Role role)
         throws SecurityException
     {
+        return rolePermissions( role, false );
+    }
+
+    /**
+     * This function returns the set of all permissions (op, obj), granted to or inherited
by a
+     * given role. The function is valid if and only if the role is a member of the ROLES
data
+     * set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+     * </ul>
+     *
+     * @param role contains role name, {@link Role#name} of Role entity Permission is granted
to.
+     * @param noInheritance if true will NOT include inherited roles in the search.
+     * @return List of type Permission that contains all perms granted to a role.
+     * @throws SecurityException In the event system error occurs.
+     */
+    @Override
+    public List<Permission> rolePermissions(Role role, boolean noInheritance )
+        throws SecurityException
+    {
         String methodName = "rolePermissions";
         assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
         checkAccess(CLS_NM, methodName);

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0caa7dd0/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
index 4ea350d..6ac0cb7 100755
--- a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
@@ -486,7 +486,7 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
         FortRequest request = new FortRequest();
         request.setContextId(this.contextId);
         User inUser = new User();
-        inUser.setOu(ou.getName());
+        inUser.setOu( ou.getName() );
         request.setEntity(inUser);
         if (this.adminSess != null)
         {
@@ -528,7 +528,7 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
         List<String> retUsers;
         FortRequest request = new FortRequest();
         request.setContextId(this.contextId);
-        request.setLimit(limit);
+        request.setLimit( limit );
         request.setEntity(user);
         if (this.adminSess != null)
         {
@@ -617,7 +617,7 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
         VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".assignedUsers");
         List<User> retUsers;
         FortRequest request = new FortRequest();
-        request.setContextId(this.contextId);
+        request.setContextId( this.contextId );
         request.setEntity(role);
         if (this.adminSess != null)
         {
@@ -688,11 +688,11 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
     public List<String> assignedRoles(String userId)
         throws SecurityException
     {
-        VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
+        VUtil.assertNotNullOrEmpty( userId, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles"
);
         List<String> retUserRoles;
         FortRequest request = new FortRequest();
         request.setContextId(this.contextId);
-        request.setValue(userId);
+        request.setValue( userId );
         if (this.adminSess != null)
         {
             request.setSession(adminSess);
@@ -727,11 +727,11 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
     public List<User> authorizedUsers(Role role)
         throws SecurityException
     {
-        VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".authorizedUsers");
+        VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + ".authorizedUsers" );
         List<User> retUsers;
         FortRequest request = new FortRequest();
         request.setContextId(this.contextId);
-        request.setEntity(role);
+        request.setEntity( role );
         if (this.adminSess != null)
         {
             request.setSession(adminSess);
@@ -812,6 +812,27 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
     public List<Permission> rolePermissions(Role role)
         throws SecurityException
     {
+        return rolePermissions( role, false );
+    }
+
+    /**
+     * This function returns the set of all permissions (op, obj), granted to or inherited
by a
+     * given role. The function is valid if and only if the role is a member of the ROLES
data
+     * set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+     * </ul>
+     *
+     * @param role contains role name, {@link Role#name} of Role entity Permission is granted
to.
+     * @param noInheritance if true will NOT include inherited roles in the search.
+     * @return List of type Permission that contains all perms granted to a role.
+     * @throws SecurityException In the event system error occurs.
+     */
+    @Override
+    public List<Permission> rolePermissions( Role role, boolean noInheritance )
+        throws SecurityException
+    {
         VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".rolePermissions");
         List<Permission> retPerms;
         FortRequest request = new FortRequest();


Mime
View raw message