directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-184 - group-role search improvements
Date Thu, 06 Oct 2016 19:57:27 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 3402f060e -> 27eb3d93f


 FC-184 - group-role search improvements


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/27eb3d93
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/27eb3d93
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/27eb3d93

Branch: refs/heads/master
Commit: 27eb3d93ff997d4f3d647a3b89c708766f43b339
Parents: 3402f06
Author: Shawn McKinney <smckinney@apache.org>
Authored: Thu Oct 6 13:09:09 2016 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Thu Oct 6 13:09:09 2016 -0500

----------------------------------------------------------------------
 .../directory/fortress/core/impl/GroupP.java    | 20 +++++-
 .../directory/fortress/core/impl/RoleDAO.java   | 68 ++++++++++++++++++++
 .../directory/fortress/core/impl/RoleP.java     | 21 ++++++
 .../fortress/core/impl/GroupMgrImplTest.java    | 20 +++++-
 4 files changed, 127 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/27eb3d93/src/main/java/org/apache/directory/fortress/core/impl/GroupP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/GroupP.java b/src/main/java/org/apache/directory/fortress/core/impl/GroupP.java
index f0bc6b6..47eedf7 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/GroupP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/GroupP.java
@@ -226,7 +226,6 @@ final class GroupP
     {
         Group outGroup = read(group);
         fillRoles( outGroup );
-
         return outGroup.getRoles();
     }
 
@@ -288,6 +287,24 @@ final class GroupP
         if ( Group.Type.ROLE.equals( group.getType() ) )
         {
             RoleP rp = new RoleP();
+            List<UserRole> uRoles = new ArrayList<>();
+            List<Role> roles = rp.search( group );
+            for ( Role inRole : roles )
+            {
+                UserRole ure = new UserRole( group.getName(), inRole.getName(), true );
+                ConstraintUtil.validateOrCopy( inRole, ure );
+                uRoles.add( ure );
+            }
+            group.setRoles( uRoles );
+        }
+    }
+
+
+/*
+    private void fillRoles( Group group ) throws SecurityException {
+        if ( Group.Type.ROLE.equals( group.getType() ) )
+        {
+            RoleP rp = new RoleP();
             List<UserRole> roles = new ArrayList<>();
             List<String> members = group.getMembers();
             for ( String roleDn : members )
@@ -315,6 +332,7 @@ final class GroupP
     }
 
 
+*/
     /**
      * Method will perform simple validations to ensure the integrity of the {@link Group}
entity targeted for insertion
      * or deletion in directory.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/27eb3d93/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
index 3d9e9a6..a79dc03 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
@@ -23,6 +23,7 @@ package org.apache.directory.fortress.core.impl;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -45,6 +46,7 @@ import org.apache.directory.fortress.core.UpdateException;
 import org.apache.directory.fortress.core.ldap.LdapDataProvider;
 import org.apache.directory.fortress.core.model.ConstraintUtil;
 import org.apache.directory.fortress.core.model.Graphable;
+import org.apache.directory.fortress.core.model.Group;
 import org.apache.directory.fortress.core.model.ObjectFactory;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.ldap.client.api.LdapConnection;
@@ -470,6 +472,72 @@ final class RoleDAO extends LdapDataProvider
 
 
     /**
+     * Pull back all roles that are assigned to a particular group.
+     * @param group
+     * @return
+     * @throws org.apache.directory.fortress.core.FinderException
+     *
+     */
+    List<Role> groupRoles ( Group group ) throws FinderException
+    {
+        List<Role> roleList = new ArrayList<>();
+        LdapConnection ld = null;
+        String roleRoot = getRootDn( group.getContextId(), GlobalIds.ROLE_ROOT );
+        StringBuilder filterbuf = null;
+
+        try
+        {
+            // loop for each group member....
+            // add role name to search filter
+            //
+            List<String> members = group.getMembers();
+            if ( CollectionUtils.isNotEmpty( members ) )
+            {
+                filterbuf = new StringBuilder();
+                filterbuf.append( GlobalIds.FILTER_PREFIX );
+                filterbuf.append( GlobalIds.ROLE_OBJECT_CLASS_NM );
+                filterbuf.append( ")(" );
+                filterbuf.append( "|" );
+                for ( String memberdn : members )
+                {
+                    filterbuf.append( "(" );
+                    filterbuf.append( SchemaConstants.ENTRY_DN_AT );
+                    filterbuf.append( "=" );
+                    filterbuf.append( memberdn );
+                    filterbuf.append( ")" );
+                }
+                filterbuf.append( "))" );
+            }
+            ld = getAdminConnection();
+            SearchCursor searchResults = search( ld, roleRoot,
+                SearchScope.ONELEVEL, filterbuf.toString(), ROLE_ATRS, false, GlobalIds.BATCH_SIZE
);
+            long sequence = 0;
+
+            while ( searchResults.next() )
+            {
+                roleList.add( unloadLdapEntry( searchResults.getEntry(), sequence++, group.getContextId()
) );
+            }
+        }
+        catch ( LdapException e )
+        {
+            String error = "groupRoles filter [" + filterbuf.toString() + "] caught LdapException="
+ e.getMessage();
+            throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e );
+        }
+        catch ( CursorException e )
+        {
+            String error = "groupRoles filter [" + filterbuf.toString() + "] caught CursorException="
+ e.getMessage();
+            throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e );
+        }
+        finally
+        {
+            closeAdminConnection( ld );
+        }
+
+        return roleList;
+    }
+
+
+    /**
      * @param role
      * @param limit
      * @return

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/27eb3d93/src/main/java/org/apache/directory/fortress/core/impl/RoleP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/RoleP.java b/src/main/java/org/apache/directory/fortress/core/impl/RoleP.java
index da01dbb..99e98d9 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/RoleP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/RoleP.java
@@ -31,6 +31,7 @@ import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ValidationException;
 import org.apache.directory.fortress.core.model.ConstraintValidator;
 import org.apache.directory.fortress.core.model.Graphable;
+import org.apache.directory.fortress.core.model.Group;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.VUtil;
@@ -112,6 +113,26 @@ final class RoleP
 
 
     /**
+     * Given a particular group, containing a set of members, return all Roles with a matching
member.
+     *
+     * @param group contains a list of member names pertaining to roles.
+     * @return List of type Role containing fully populated matching RBAC Role entities.
 If no records found this will be empty.
+     * @throws SecurityException in the event not the right type of Group or DAO search error.
+     */
+    List<Role> search( Group group ) throws SecurityException
+    {
+        if ( group.getType() != Group.Type.ROLE )
+        {
+            String info = "search failed for Group ["
+                + group.getName() + "], group must be of type ROLE.";
+
+            throw new ValidationException( GlobalErrIds.GROUP_TYPE_INVLD, info );
+        }
+        return rDao.groupRoles( group );
+    }
+
+
+    /**
      * Return all Roles that have a parent assignment.  This used for hierarchical processing.
      *
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/27eb3d93/src/test/java/org/apache/directory/fortress/core/impl/GroupMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/GroupMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/GroupMgrImplTest.java
index e1a4a1d..d9a1a9c 100644
--- a/src/test/java/org/apache/directory/fortress/core/impl/GroupMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/GroupMgrImplTest.java
@@ -1,6 +1,6 @@
 package org.apache.directory.fortress.core.impl;
 
-import junit.framework.TestCase;
+import junit.framework.*;
 import org.apache.directory.fortress.core.*;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.Group;
@@ -9,6 +9,7 @@ import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.LogUtil;
 import org.junit.*;
+import org.junit.Assert;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,6 +32,23 @@ public class GroupMgrImplTest extends TestCase {
         super( name );
     }
 
+    public static junit.framework.Test suite()
+    {
+        TestSuite suite = new TestSuite();
+        // GroupMgr
+        suite.addTest( new GroupMgrImplTest( "testDeassignGroupRoleMember" ) );
+        suite.addTest( new GroupMgrImplTest( "testDeassignGroupUserMember" ) );
+        suite.addTest( new GroupMgrImplTest( "testDeleteGroup" ) );
+
+        // GroupMgr APIs
+        suite.addTest( new GroupMgrImplTest( "testAddGroup" ) );
+        suite.addTest( new GroupMgrImplTest( "testAssignGroupUserMember" ) );
+        suite.addTest( new GroupMgrImplTest( "testAssignGroupRoleMember" ) );
+        suite.addTest( new GroupMgrImplTest( "testGroupRoles" ) );
+        suite.addTest( new GroupMgrImplTest( "testRoleGroups" ) );
+        return suite;
+    }
+
     public void testAddGroup()
     {
         addGroups( "ADD-GRP TG1", GroupTestData.TEST_GROUP1 );


Mime
View raw message