directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [3/5] directory-fortress-enmasse git commit: FC-144 Use Groups of Roles to create Sessions
Date Mon, 26 Sep 2016 18:26:56 GMT
FC-144 Use Groups of Roles to create Sessions

Added GroupMgrImpl assign/deassign role methods, modified existing
methods to map to core manager's one


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/commit/cdcc4e4d
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/tree/cdcc4e4d
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/diff/cdcc4e4d

Branch: refs/heads/master
Commit: cdcc4e4d751ffd229dace34a8180b442261f6d35
Parents: 817842a
Author: Vyacheslav Vakhlyuev <vvakhlyuev@mirantis.com>
Authored: Wed Sep 14 20:32:38 2016 +0300
Committer: Vyacheslav Vakhlyuev <vvakhlyuev@mirantis.com>
Committed: Wed Sep 14 20:32:38 2016 +0300

----------------------------------------------------------------------
 pom.xml                                         |  2 +-
 .../directory/fortress/rest/AccessMgrImpl.java  | 14 +---
 .../directory/fortress/rest/AdminMgrImpl.java   | 40 ++--------
 .../fortress/rest/FortressService.java          | 81 +++++++++++++++++++-
 .../fortress/rest/FortressServiceImpl.java      | 30 +++++++-
 .../directory/fortress/rest/GroupMgrImpl.java   | 40 ++++++++++
 .../apache/directory/fortress/rest/EmTest.java  | 14 ++--
 7 files changed, 164 insertions(+), 57 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7a884e9..390933a 100755
--- a/pom.xml
+++ b/pom.xml
@@ -93,7 +93,7 @@
     <title>${project.name} ${project.version}</title>
     
     <!-- Dependencies version -->
-    <fortress.realm.version>1.0.1</fortress.realm.version>
+    <fortress.realm.version>1.0.2-SNAPSHOT</fortress.realm.version>
     <cxf.version>3.1.6</cxf.version>
     <httpclient.version>3.1</httpclient.version>
     <java.version>1.7</java.version>

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
index 712cb70..bb69932 100644
--- a/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
@@ -100,19 +100,7 @@ class AccessMgrImpl extends AbstractMgrImpl
      * @param request The request We want to create a session for
      * @return The created response
      */
-    /* no qualifier*/ FortResponse createGroupSessionTrusted( FortRequest request )
-    {
-        return createGroupSession( request );
-    }
-
-
-    /**
-     * Creates a Group-type session
-     *
-     * @param request The request We want to create a session for
-     * @return The created response
-     */
-    private FortResponse createGroupSession( FortRequest request )
+    /* no qualifier*/ FortResponse createGroupSession( FortRequest request )
     {
         FortResponse response = createResponse();
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
index af1745f..dac8fc5 100644
--- a/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
@@ -279,70 +279,46 @@ class AdminMgrImpl extends AbstractMgrImpl
         
         return response;
     }
-    
-    
+
+
     /* No qualifier */ FortResponse assignUser( FortRequest request )
     {
         FortResponse response = createResponse();
 
-        
         try
         {
             AdminMgr adminMgr = AdminMgrFactory.createInstance( request.getContextId() );
-            GroupMgr groupMgr = GroupMgrFactory.createInstance( request.getContextId() );
             adminMgr.setAdmin( request.getSession() );
-            groupMgr.setAdmin( request.getSession() );
             UserRole inRole = (UserRole) request.getEntity();
-
-            if ( inRole.isGroupRole() )
-            {
-                Group inGroup = new Group( inRole.getUserId(), Group.Type.ROLE);
-                groupMgr.assign( inGroup, inRole.getName() );
-            }
-            else
-            {
-                adminMgr.assignUser(inRole);
-            }
-            response.setEntity(inRole);
+            adminMgr.assignUser( inRole );
+            response.setEntity( inRole );
         }
         catch ( SecurityException se )
         {
             createError( response, log, se );
         }
-        
+
         return response;
     }
 
-    
+
     /* No qualifier */ FortResponse deassignUser( FortRequest request )
     {
         FortResponse response = createResponse();
 
-        
         try
         {
             AdminMgr adminMgr = AdminMgrFactory.createInstance( request.getContextId() );
-            GroupMgr groupMgr = GroupMgrFactory.createInstance( request.getContextId() );
             adminMgr.setAdmin( request.getSession() );
-            groupMgr.setAdmin( request.getSession() );
             UserRole inRole = (UserRole) request.getEntity();
-
-            if ( inRole.isGroupRole() )
-            {
-                Group inGroup = new Group( inRole.getUserId(), Group.Type.ROLE);
-                groupMgr.deassign( inGroup, inRole.getName() );
-            }
-            else
-            {
-                adminMgr.deassignUser( inRole );
-            }
+            adminMgr.deassignUser( inRole );
             response.setEntity( inRole );
         }
         catch ( SecurityException se )
         {
             createError( response, log, se );
         }
-        
+
         return response;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/main/java/org/apache/directory/fortress/rest/FortressService.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressService.java b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
index f938684..1d4917a 100644
--- a/src/main/java/org/apache/directory/fortress/rest/FortressService.java
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
@@ -3780,7 +3780,7 @@ public interface FortressService
      * @throws SecurityException
      *          in the event of data validation failure, security policy violation or DAO
error.
      */
-    FortResponse createGroupSessionTrusted( FortRequest request );
+    FortResponse createGroupSession(FortRequest request );
 
     
     /**
@@ -6823,4 +6823,83 @@ public interface FortressService
      * type {@link org.apache.directory.fortress.core.model.UserRole}
      */
     FortResponse assignedGroupRoles( FortRequest request );
+
+    /**
+     * This command assigns a group to a role.
+     * <ul>
+     *   <li> The command is valid if and only if:
+     *   <li> The group is a member of the GROUPS data set
+     *   <li> The role is a member of the ROLES data set
+     *   <li> The group is not already assigned to the role
+     * </ul>
+     * <h3></h3>
+     * <h4>required parameters</h4>
+     * <ul>
+     *   <li>
+     *     {@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.model.UserRole}
+     *     object
+     *   </li>
+     * </ul>
+     * <ul style="list-style-type:none">
+     *   <li>
+     *     <ul style="list-style-type:none">
+     *       <li>
+     *         <h5>UserRole required parameters</h5>
+     *         <ul>
+     *           <li>
+     *             {@link org.apache.directory.fortress.core.model.UserRole#name} - contains
the name for already existing
+     *             Role to be assigned
+     *           </li>
+     *           <li>{@link org.apache.directory.fortress.core.model.UserRole#userId}
- contains the group name for
+     *           existing Group</li>
+     *         </ul>
+     *       </li>
+     *     </ul>
+     *   </li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    FortResponse assignGroupRole( FortRequest request );
+
+    /**
+     * This command deletes the assignment of the User from the Role entities. The command
is
+     * valid if and only if the group is a member of the GROUPS data set, the role is a member
of
+     * the ROLES data set, the group is assigned to the role and group have at least one
role assigned.
+     * Any sessions that currently have this role activated will not be effected.
+     * Successful completion includes:
+     * Group entity in GROUP data set has role assignment removed.
+     * <h3></h3>
+     * <h4>required parameters</h4>
+     * <ul>
+     *   <li>
+     *     {@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.model.UserRole}
+     *     object
+     *   </li>
+     * </ul>
+     * <ul style="list-style-type:none">
+     *   <li>
+     *     <ul style="list-style-type:none">
+     *       <li>
+     *         <h5>UserRole required parameters</h5>
+     *         <ul>
+     *           <li>
+     *             {@link org.apache.directory.fortress.core.model.UserRole#name} - contains
the name for already existing
+     *             Role to be deassigned
+     *           </li>
+     *           <li>
+     *             {@link org.apache.directory.fortress.core.model.UserRole#userId} - contains
the group name for existing
+     *             Group
+     *           </li>
+     *         </ul>
+     *       </li>
+     *     </ul>
+     *   </li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    FortResponse deassignGroupRole( FortRequest request );
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
index ce3d831..b6dcb70 100644
--- a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
@@ -1015,12 +1015,12 @@ public class FortressServiceImpl implements FortressService
      * {@inheritDoc}
      */
     @POST
-    @Path("/" + HttpIds.RBAC_CREATE_GROUP_TRUSTED + "/")
+    @Path("/" + HttpIds.RBAC_CREATE_GROUP_SESSION + "/")
     @RolesAllowed({SUPER_USER, ACCESS_MGR_USER})
     @Override
-    public FortResponse createGroupSessionTrusted( FortRequest request )
+    public FortResponse createGroupSession(FortRequest request )
     {
-        return accessMgrImpl.createGroupSessionTrusted( request );
+        return accessMgrImpl.createGroupSession( request );
     }
 
 
@@ -1873,4 +1873,28 @@ public class FortressServiceImpl implements FortressService
     {
         return groupMgrImpl.assignedGroups( request );
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @POST
+    @Path("/" + HttpIds.GROUP_ROLE_ASGN + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse assignGroupRole(FortRequest request)
+    {
+        return groupMgrImpl.assignGroupRole( request );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @POST
+    @Path("/" + HttpIds.GROUP_ROLE_DEASGN + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse deassignGroupRole(FortRequest request)
+    {
+        return groupMgrImpl.deassignGroupRole( request );
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/main/java/org/apache/directory/fortress/rest/GroupMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/GroupMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/GroupMgrImpl.java
index 522ac9a..49653d8 100644
--- a/src/main/java/org/apache/directory/fortress/rest/GroupMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/rest/GroupMgrImpl.java
@@ -179,5 +179,45 @@ class GroupMgrImpl extends AbstractMgrImpl
         return response;
     }
 
+    /* No qualifier */  FortResponse assignGroupRole( FortRequest request )
+    {
+        FortResponse response = createResponse();
+
+        try
+        {
+            GroupMgr groupMgr = GroupMgrFactory.createInstance( request.getContextId() );
+            groupMgr.setAdmin( request.getSession() );
+            UserRole inRole = (UserRole) request.getEntity();
+
+            Group inGroup = new Group( inRole.getUserId(), Group.Type.ROLE );
+            groupMgr.assign( inGroup, inRole.getName() );
+        }
+        catch ( SecurityException se )
+        {
+            createError( response, log, se );
+        }
+
+        return response;
+    }
 
+    /* No qualifier */  FortResponse deassignGroupRole( FortRequest request )
+    {
+        FortResponse response = createResponse();
+
+        try
+        {
+            GroupMgr groupMgr = GroupMgrFactory.createInstance( request.getContextId() );
+            groupMgr.setAdmin( request.getSession() );
+            UserRole inRole = (UserRole) request.getEntity();
+
+            Group inGroup = new Group( inRole.getUserId(), Group.Type.ROLE);
+            groupMgr.deassign( inGroup, inRole.getName() );
+        }
+        catch ( SecurityException se )
+        {
+            createError( response, log, se );
+        }
+
+        return response;
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/cdcc4e4d/src/test/java/org/apache/directory/fortress/rest/EmTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/rest/EmTest.java b/src/test/java/org/apache/directory/fortress/rest/EmTest.java
index 67f0726..89f002f 100644
--- a/src/test/java/org/apache/directory/fortress/rest/EmTest.java
+++ b/src/test/java/org/apache/directory/fortress/rest/EmTest.java
@@ -73,15 +73,15 @@ public final class EmTest
             testFunction("addPermGrant1.xml", HttpIds.ROLE_REVOKE, false);
             testFunction("delEmGroup1.xml", HttpIds.GROUP_DELETE, false);
             testFunction("addEmTestPermission.xml", HttpIds.PERM_DELETE, false);
-                    testFunction("addEmTestObj1.xml", HttpIds.OBJ_DELETE, false);
+            testFunction("addEmTestObj1.xml", HttpIds.OBJ_DELETE, false);
             testFunction("emTestPermOrg1.xml", HttpIds.ORG_DELETE, false);
             testFunction("emTestPermOrg1.xml", HttpIds.ORG_ADD, true);
-                    testFunction("assignEmUser1.xml", HttpIds.ROLE_DEASGN, false);
+            testFunction("assignEmUser1.xml", HttpIds.ROLE_DEASGN, false);
             testFunction("delEmUser1.xml", HttpIds.USER_DELETE, false);
             testFunction("emTestOrg1.xml", HttpIds.ORG_DELETE, false);
 
             testFunction("emTestOrg1.xml", HttpIds.ORG_ADD, true);
-                    testFunction("emRoleDelInheritance.xml", HttpIds.ROLE_DELINHERIT, false);
+            testFunction("emRoleDelInheritance.xml", HttpIds.ROLE_DELINHERIT, false);
             testFunction("addEmRole1.xml", HttpIds.ROLE_DELETE, false);
             testFunction("delEmRole2.xml", HttpIds.ROLE_DELETE, false);
             testFunction("addEmRole3.xml", HttpIds.ROLE_DELETE, false);
@@ -106,10 +106,10 @@ public final class EmTest
             testFunction("groupRead.xml", HttpIds.GROUP_READ, true);
 
             // Assign 'emrole3' role for group to check api
-            testFunction("assignEmGroup1.xml", HttpIds.ROLE_ASGN, true);
+            testFunction("assignEmGroup1.xml", HttpIds.GROUP_ROLE_ASGN, true);
 
             // Deassign existing 'emrole3' from group
-            testFunction("assignEmGroup1.xml", HttpIds.ROLE_DEASGN, true);
+            testFunction("assignEmGroup1.xml", HttpIds.GROUP_ROLE_DEASGN, true);
 
             // Read group roles
             testFunction("groupRead.xml", HttpIds.GROUP_ROLE_ASGNED, true);
@@ -118,7 +118,7 @@ public final class EmTest
             testFunction("addEmRole1.xml", HttpIds.GROUP_ASGNED, true);
 
             // Create trusted group-based session
-            testFunction("createGroupSession.xml", HttpIds.RBAC_CREATE_GROUP_TRUSTED, true);
+            testFunction("createGroupSession.xml", HttpIds.RBAC_CREATE_GROUP_SESSION, true);
 
             // Use this group session to check access (URL is the same as for user, but session
has 'isGroupSession' == true)
             testFunction("emTestCheckAccessGroupSession.xml", HttpIds.RBAC_AUTHZ, true);
@@ -146,7 +146,7 @@ public final class EmTest
         FortResponse response = RestUtils.unmarshall(szResponse);
         int rc = response.getErrorCode();
         String szErrorMsg = response.getErrorMessage();
-        String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_REVOKE + "
rc=" + rc + " error message=" + szErrorMsg;
+        String warn = CLS_NM + ".testServices FAILED calling " + function + " rc=" + rc +
" error message=" + szErrorMsg;
         if(rc != 0)
         {
             log.info(warn);


Mime
View raw message