directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-217 - Option to disable role occupants
Date Mon, 26 Jun 2017 04:39:15 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 6262d516b -> d7da54442


FC-217 - Option to disable role occupants


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/d7da5444
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/d7da5444
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/d7da5444

Branch: refs/heads/master
Commit: d7da5444281b7722b406313ad464d8980bc2c7cc
Parents: 6262d51
Author: Shawn McKinney <smckinney@apache.org>
Authored: Sun Jun 25 23:39:11 2017 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Sun Jun 25 23:39:11 2017 -0500

----------------------------------------------------------------------
 build.properties.example                        |  2 +-
 slapd.properties.example                        |  2 +-
 .../fortress/core/impl/AdminMgrImpl.java        | 29 +++++++++++++++++++-
 .../fortress/core/impl/ReviewMgrImpl.java       |  8 ++----
 4 files changed, 33 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d7da5444/build.properties.example
----------------------------------------------------------------------
diff --git a/build.properties.example b/build.properties.example
index 0dc93c3..4998f70 100644
--- a/build.properties.example
+++ b/build.properties.example
@@ -75,7 +75,7 @@ cfg.root.pw=secret
 # This is the default:
 ldap.client.type=apache
 
-# Disable storing user membership on role object, default is true:
+# A value of 'false' disables storing user membership on role object, default is 'true':
 #role.occupants=false
 
 # These are used to construct suffix for DIT, i.e. dc=example,dc=com.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d7da5444/slapd.properties.example
----------------------------------------------------------------------
diff --git a/slapd.properties.example b/slapd.properties.example
index c87984f..c64dfc4 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -43,7 +43,7 @@ suffix.name=example
 suffix.dc=com
 suffix=dc=${suffix.name},dc=${suffix.dc}
 
-# Disable storing user membership on role object, default is true:
+# A value of 'false' disables storing user membership on role object, default is 'true':
 #role.occupants=false
 
 #For a multi-level suffix, e.g. dc=foo, dc=example, dc=com.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d7da5444/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 315c562..f194e2f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -292,7 +292,33 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
             groupP.deassign( group, outRole.getDn() );
         }
 
-        // If user membership associated with role, remove it here:
+        // If user membership associated with role, remove the role object:
+        if( Config.getInstance().isRoleOccupant() )
+        {
+            // this reads the role object itself:
+            List<User> users = userP.getAssignedUsers( role );
+            if ( users != null )
+            {
+                for ( User ue : users )
+                {
+                    UserRole uRole = new UserRole( ue.getUserId(), role.getName() );
+                    setAdminData( CLS_NM, methodName, uRole );
+                    deassignUser( uRole );
+                }
+            }
+        }
+        else
+        {
+            // search for all users assigned this role and deassign:
+            List<String> userIds = userP.getAssignedUserIds( role );
+            for ( String userId : userIds )
+            {
+                UserRole uRole = new UserRole( userId, role.getName() );
+                setAdminData( CLS_NM, methodName, uRole );
+                deassignUser( uRole );
+            }
+        }
+/*
         if( Config.getInstance().isRoleOccupant() )
         {
             List<String> userIds = userP.getAssignedUserIds( role );
@@ -317,6 +343,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
                 }
             }
         }
+*/
 
         permP.remove( role );
         // remove all parent relationships from the role graph:

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d7da5444/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
index dc2b364..897d4d1 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
@@ -329,10 +329,9 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
         checkAccess(CLS_NM, methodName);
         List<String> users = null;
 
-        // If role occupant is set on role, get it from there:
+        // If role occupant is set on role, get it from the role object itself:
         if( Config.getInstance().isRoleOccupant() )
         {
-
             Role entity = roleP.read( role );
             // this one retrieves from the role itself.
             users = entity.getOccupants();
@@ -341,7 +340,7 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
                 users = users.subList( 0, limit );
             }
         }
-        // otherwise search across people tree for users assigned to the role:
+        // otherwise, search across the people tree for all users assigned to this role:
         else
         {
             users = userP.getAssignedUserIds( role );
@@ -353,9 +352,8 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
         {
             users = new ArrayList<>();
         }
+
         return users;
-        // this one does a search across all users:
-        //return userP.getAuthorizedUsers(role, limit);
     }
 
     /**


Mime
View raw message