directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject [1/2] directory-fortress-core git commit: added arbac checks and permissions to pa set methods in admin mgr
Date Fri, 07 Oct 2016 12:30:32 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 63c04db00 -> bf5aa384b


added arbac checks and permissions to pa set methods in admin mgr


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/cdd2acfd
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/cdd2acfd
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/cdd2acfd

Branch: refs/heads/master
Commit: cdd2acfda2783d6bb47bc50a3c75ca3f45491a5b
Parents: c2cf140
Author: clp207 <clp207@psu.edu>
Authored: Fri Oct 7 08:07:38 2016 -0400
Committer: clp207 <clp207@psu.edu>
Committed: Fri Oct 7 08:07:38 2016 -0400

----------------------------------------------------------------------
 ldap/setup/DelegatedAdminManagerLoad.xml        | 14 +++++++++++--
 .../fortress/core/impl/AdminMgrImpl.java        | 22 +++++++++-----------
 2 files changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cdd2acfd/ldap/setup/DelegatedAdminManagerLoad.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/DelegatedAdminManagerLoad.xml b/ldap/setup/DelegatedAdminManagerLoad.xml
index d1fe5b8..3f6257d 100644
--- a/ldap/setup/DelegatedAdminManagerLoad.xml
+++ b/ldap/setup/DelegatedAdminManagerLoad.xml
@@ -122,7 +122,12 @@
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addDsdRoleMember" roleNm="fortress-core-super-admin" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deleteDsdRoleMember" roleNm="fortress-core-super-admin" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deleteDsdSet" roleNm="fortress-core-super-admin" admin="true"/>
-                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="setDsdSetCardinality" roleNm="fortress-core-super-admin" admin="true"/>
+                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="setDsdSetCardinality" roleNm="fortress-core-super-admin" admin="true"/>       
    	
+            	<permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addPermissionAttributeSet" roleNm="fortress-core-super-admin" admin="true"/>
+                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deletePermissionAttributeSet" roleNm="fortress-core-super-admin" admin="true"/>
+                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addPermissionAttributeToSet" roleNm="fortress-core-super-admin" admin="true"/>
+                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="removePermissionAttributeFromSet" roleNm="fortress-core-super-admin" admin="true"/>
+                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="updatePermissionAttributeInSet" roleNm="fortress-core-super-admin" admin="true"/>
 
                 <permgrant objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl"
opName="add" roleNm="fortress-core-super-admin" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl"
opName="update" roleNm="fortress-core-super-admin" admin="true"/>
@@ -270,7 +275,12 @@
                 <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addDsdRoleMember" admin="true"/>
                 <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deleteDsdRoleMember" admin="true"/>
                 <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deleteDsdSet" admin="true"/>
-                <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="setDsdSetCardinality" admin="true"/>
+                <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="setDsdSetCardinality" admin="true"/>            	
+            	<permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="addPermissionAttributeSet"
admin="true"/>
+                <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deletePermissionAttributeSet" admin="true"/>
+                <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addPermissionAttributeToSet" admin="true"/>
+                <permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="removePermissionAttributeFromSet" admin="true"/>
+            	<permop objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="updatePermissionAttributeInSet"
admin="true"/>
 
                 <permop objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl"
opName="add" admin="true"/>
                 <permop objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl"
opName="update" admin="true"/>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cdd2acfd/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 5256857..0eaf85c 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -353,13 +353,12 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     @Override
     public RoleConstraint addRoleConstraint( UserRole uRole, RoleConstraint roleConstraint
)
     	   	throws SecurityException
-    {
-        //TODO: need new arbac perm and/or add security check
+    {        
     	String methodName = "assignUser";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        AdminUtil.canAssign( uRole.getAdminSession(), new User( uRole.getUserId() ), new
Role( uRole.getName() ), contextId );
         
-        userP.assign( uRole, roleConstraint );
-        
+        userP.assign( uRole, roleConstraint );        
         return roleConstraint;
     }
 
@@ -369,10 +368,10 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     @Override
     public void removeRoleConstraint( UserRole uRole, RoleConstraint roleConstraint )
         	throws SecurityException
-    {
-        //TODO: need new arbac perm and/or add security check
+    {        
     	String methodName = "assignUser";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new
Role( uRole.getName() ), contextId );
         
         userP.deassign( uRole, roleConstraint );    	
     }
@@ -417,8 +416,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     {
         String methodName = "addPermissionAttributeSet";         
         assertContext( CLS_NM, methodName, permAttributeSet, GlobalErrIds.PERM_ATTRIBUTE_SET_NULL
);
-        //TODO: setup ARBAC permissions
-        //setEntitySession( CLS_NM, methodName, permAttributeSet );    
+        setEntitySession( CLS_NM, methodName, permAttributeSet );    
         return permP.add( permAttributeSet );
     }          
     
@@ -430,7 +428,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     {
         String methodName = "deletePermissionAttributeSet";         
         assertContext( CLS_NM, methodName, permAttributeSet, GlobalErrIds.PERM_ATTRIBUTE_SET_NULL
);
-        //TODO: verify with Shawn we don't need to set entity session here...        
+        setEntitySession( CLS_NM, methodName, permAttributeSet );   
         permP.delete( permAttributeSet );
     }
     
@@ -443,7 +441,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     {
     	String methodName = "addPermissionAttributeToSet";         
         assertContext( CLS_NM, methodName, permAttribute, GlobalErrIds.PERM_ATTRIBUTE_NULL
);
-        //TODO: verify with Shawn we don't need to set entity session here...        
+        setEntitySession( CLS_NM, methodName, permAttribute );
         return permP.add( permAttribute, attributeSetName );    	
     }
     
@@ -456,7 +454,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     {
     	String methodName = "removePermissionAttributeFromSet";         
         assertContext( CLS_NM, methodName, permAttribute, GlobalErrIds.PERM_ATTRIBUTE_NULL
);
-        //TODO: verify with Shawn we don't need to set entity session here...        
+        setEntitySession( CLS_NM, methodName, permAttribute );     
         permP.delete( permAttribute, attributeSetName );       	
     }
     
@@ -469,7 +467,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
     {
     	String methodName = "updatePermissionAttributeInSet"; 
     	assertContext( CLS_NM, methodName, permAttribute, GlobalErrIds.PERM_ATTRIBUTE_NULL );
-        //TODO: verify with Shawn we don't need to set entity session here...        
+    	setEntitySession( CLS_NM, methodName, permAttribute );     
         permP.update( permAttribute, attributeSetName, replaceValidValues );       	
     }
     


Mime
View raw message