directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject directory-fortress-core git commit: FC-221 add id to non temporal role constraint and method to remove constraint by id
Date Mon, 10 Jul 2017 15:29:48 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master f1448abf0 -> 995073dac


FC-221 add id to non temporal role constraint and method to remove constraint by id


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/995073da
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/995073da
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/995073da

Branch: refs/heads/master
Commit: 995073dacd41cb804eb94b57195d8e9a3de6d6ee
Parents: f1448ab
Author: clp207 <clp207@psu.edu>
Authored: Mon Jul 10 11:29:34 2017 -0400
Committer: clp207 <clp207@psu.edu>
Committed: Mon Jul 10 11:29:34 2017 -0400

----------------------------------------------------------------------
 .../directory/fortress/core/AdminMgr.java       | 19 ++++++++++
 .../directory/fortress/core/GlobalErrIds.java   |  5 +++
 .../fortress/core/impl/AdminMgrImpl.java        | 37 ++++++++++++++++++
 .../directory/fortress/core/impl/UserDAO.java   |  2 +
 .../fortress/core/model/RoleConstraint.java     | 21 +++++++++-
 .../directory/fortress/core/model/UserRole.java |  2 +-
 .../fortress/core/rest/AdminMgrRestImpl.java    |  8 ++++
 .../fortress/core/impl/AdminMgrImplTest.java    | 40 ++++++++++++++++++--
 .../fortress/core/impl/FortressJUnitTest.java   |  1 +
 .../fortress/core/impl/ReviewMgrImplTest.java   |  1 +
 .../fortress/core/impl/URATestData.java         | 14 +++++++
 11 files changed, 144 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/AdminMgr.java b/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
index 0425bcb..abc75c1 100755
--- a/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
@@ -488,6 +488,24 @@ public interface AdminMgr extends Manageable
     	throws SecurityException;
     
     /**
+     * Thie method removes a roleConstraint (ftRC) from the user ldap entry.
+     * <h4>required parameters</h4>
+     * <ul>
+     *   <li>{@link UserRole#name} - contains the name for already existing Role to
be assigned</li>
+     *   <li>{@link UserRole#userId} - contains the userId for existing User</li>
+     *   <li>{@link RoleConstraint#type} - contains the type of role constraint (filter,
other)</li>
+     *   <li>{@link RoleConstraint#value} - contains the value of the role constraint
which is currently not validated in any way</li>
+     *   <li>{@link RoleConstraint#paSetName} - contains the userId for existing User,
contains the name of the permission attribute set this constraint is applicable for</li>
+     * </ul>
+     * 
+     * @param uRole must contain {@link UserRole#userId} and {@link UserRole#name}
+     * @param roleConstraintId id of the role constraint to remove
+     * @throws SecurityException in the event of validation or system error.
+     */
+    void removeRoleConstraint( UserRole uRole, String roleConstraintId ) 
+        throws SecurityException;
+    
+    /**
      * This command deletes the assignment of the User from the Role entities. The command
is
      * valid if and only if the user is a member of the USERS data set, the role is a member
of
      * the ROLES data set, and the user is assigned to the role.
@@ -1391,4 +1409,5 @@ public interface AdminMgr extends Manageable
      */
     SDSet setDsdSetCardinality( SDSet dsdSet, int cardinality )
         throws SecurityException;
+    
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index 711e51e..8f5621c 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1728,6 +1728,11 @@ public final class GlobalErrIds
      * The RoleConstraint entity was not supplied but is required.
      */
     public static final int RCON_NULL = 10401;
+    
+    /**
+     * The RoleConstraint entity was not found
+     */
+    public static final int RCON_NOT_FOUND = 10402;
 
     /**
      * 10500's - Property Management Error Ids

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 7ef3516..390d39f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.directory.fortress.annotation.AdminPermissionOperation;
 import org.apache.directory.fortress.core.AdminMgr;
+import org.apache.directory.fortress.core.FinderException;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
@@ -427,6 +428,42 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr,
Serializ
      */
     @Override
     @AdminPermissionOperation
+    public void removeRoleConstraint( UserRole uRole, String roleConstraintId )
+            throws SecurityException
+    {        
+        String methodName = "assignUser";
+        assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new
Role( uRole.getName() ), contextId );
+        
+        //find role constraint that needs removed
+        boolean found = false;
+        
+        List<UserRole> userRoles = userP.read( new User(uRole.getUserId()), true ).getRoles();
+        for( UserRole ur : userRoles ){
+            // find matching name
+            if( ur.getName().equals( uRole.getName() ) ){
+                //find matching constraint
+                List<RoleConstraint> rcs = ur.getRoleConstraints();
+                for( RoleConstraint rc : rcs ){
+                    if( rc.getId().equals( roleConstraintId )){
+                        userP.deassign( uRole, rc );
+                        found = true;
+                        break;
+                    }
+                }
+            }
+        }
+
+        if( !found ){
+            throw new FinderException( GlobalErrIds.RCON_NOT_FOUND, "Role constraint with
id " + roleConstraintId + " not found" );
+        }
+    }
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    @AdminPermissionOperation
     public void deassignUser( UserRole uRole ) throws SecurityException
     {
         String methodName = "deassignUser";

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index cb047b3..9644800 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -1735,6 +1735,8 @@ final class UserDAO extends LdapDataProvider
 
         try
         {
+            roleConstraint.setId();
+            
             List<Modification> mods = new ArrayList<Modification>();
             szRoleConstraint = roleConstraint.getRawData(uRole);
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
index cdf6838..ca5987c 100644
--- a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
@@ -20,6 +20,7 @@
 package org.apache.directory.fortress.core.model;
 
 import java.io.Serializable;
+import java.util.UUID;
 
 import org.apache.directory.fortress.core.util.Config;
 
@@ -37,6 +38,7 @@ import javax.xml.bind.annotation.XmlType;
 @XmlRootElement( name = "fortRoleConstraint" )
 @XmlAccessorType( XmlAccessType.FIELD )
 @XmlType( name = "roleConstraint", propOrder = {
+    "id",
     "paSetName",
     "value",
     "type"
@@ -62,22 +64,35 @@ public class RoleConstraint extends FortEntity implements Serializable
         OTHER
     }
 
+    private String id;
     private RCType type;
     private String value;
-    private String paSetName;
+    private String paSetName;    
 
     public RoleConstraint()
     {
 
     }
 
-    public RoleConstraint(String value, RCType type, String paSetName)
+    public RoleConstraint(String id, String value, RCType type, String paSetName)    
     {
+        this.id = id;
         this.type = type;
         this.value = value;
         this.paSetName = paSetName;
     }
 
+    public String getId()
+    {
+        return id;
+    }
+    
+    public void setId()
+    {
+        UUID uuid = UUID.randomUUID();
+        this.id = uuid.toString();
+    }
+    
     public RCType getType()
     {
         return type;
@@ -122,6 +137,8 @@ public class RoleConstraint extends FortEntity implements Serializable
         sb.append( paSetName );
         sb.append( delimeter );
         sb.append( value );
+        sb.append( delimeter );
+        sb.append( id );        
 
         return sb.toString();
     }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
index 486f00b..068677f 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
@@ -185,7 +185,7 @@ public class UserRole extends FortEntity implements Serializable, Constraint
             
             //newer style constaint type
             if(tokens[1].equals(RoleConstraint.RC_TYPE_NAME)){
-            	RoleConstraint rc = new RoleConstraint(tokens[4], RoleConstraint.RCType.valueOf(
tokens[2] ),
+            	RoleConstraint rc = new RoleConstraint(tokens[5], tokens[4], RoleConstraint.RCType.valueOf(
tokens[2] ),
                     tokens[3]);
             	this.getRoleConstraints().add(rc);
             }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
index 2eaef6f..f9093f1 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
@@ -1400,4 +1400,12 @@ public final class AdminMgrRestImpl extends Manageable implements AdminMgr
             throw new SecurityException( response.getErrorCode(), response.getErrorMessage()
);
         }
 	}
+
+
+    @Override
+    public void removeRoleConstraint( UserRole uRole, String roleConstraintId ) throws SecurityException
+    {
+        // TODO Auto-generated method stub
+        
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 41bc491..33dd01d 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -1616,7 +1616,7 @@ public class AdminMgrImplTest extends TestCase
     public void testDeassignUser()
     {
         //     public void deassignUser(User user, Role role)
-        deassignUsers( "DEASGN-USRS TU1 TR1", UserTestData.USERS_TU1, RoleTestData.ROLES_TR1
);
+        //deassignUsers( "DEASGN-USRS TU1 TR1", UserTestData.USERS_TU1, RoleTestData.ROLES_TR1
);
         deassignUsers( "DEASGN-USRS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2
);
         deassignUsers( "DEASGN-USRS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3
);
         deassignUsersH( "DEASGN-USRS_H TU7 TR5 HIER", UserTestData.USERS_TU7_HIER, RoleTestData.ROLES_TR5_HIER
);
@@ -1978,7 +1978,7 @@ public class AdminMgrImplTest extends TestCase
     
     }
     
-    public static void assignUserRoleConstraint( String msg, String[] usr, String[] rle,
RoleConstraint rc ) throws SecurityException
+    public static RoleConstraint assignUserRoleConstraint( String msg, String[] usr, String[]
rle, RoleConstraint rc ) throws SecurityException
     {
     	LogUtil.logIt( msg );
 
@@ -1988,7 +1988,7 @@ public class AdminMgrImplTest extends TestCase
     	User user = UserTestData.getUser( usr );
     	Role role = RoleTestData.getRole( rle );
 
-    	adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
+    	RoleConstraint createdRoleConstraint = adminMgr.addRoleConstraint(new UserRole(user.getUserId(),
role.getName()), rc);
     	    
     	LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" + role.getName()
+ "] " +
     			" rcvalue [" + rc.getValue() + "]");
@@ -1997,9 +1997,43 @@ public class AdminMgrImplTest extends TestCase
     	List<User> usersWithRc = reviewMgr.assignedUsers( role, rc );
     	assertTrue( usersWithRc.size() == 1 );
     	assertEquals( user.getUserId(), usersWithRc.get( 0 ).getUserId() );
+    	
+    	return createdRoleConstraint;
     }
     
+    public void testRemoveUserRoleConstraint() throws SecurityException
+    {
+        this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0],
1 );
+        
+        RoleConstraint rc1 = assignUserRoleConstraint( "ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0],
RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T2) );
+        RoleConstraint rc2 = assignUserRoleConstraint( "ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0],
RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T3) ); 
+        
+        this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0],
3 );
+        
+        AdminMgr adminMgr = getManagedAdminMgr();
+        adminMgr.removeRoleConstraint( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]
), rc1 );
+        this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0],
2 );
+        
+        adminMgr.removeRoleConstraint( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]
), rc2.getId() );
+        this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0],
1 );
+    }
     
+    private void assertRoleConstraintSize(String userId, String roleName, int size) throws
SecurityException{
+        boolean roleFound = false;
+        
+        ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
+        List<UserRole> userRoles = reviewMgr.readUser( new User( userId ) ).getRoles();
+        for(UserRole ur : userRoles){
+            if( ur.getName().equals( roleName )){
+                assertEquals( size, ur.getRoleConstraints().size() );
+                roleFound = true;
+            }
+        }
+        
+        if( !roleFound ){
+            fail("Role with name " + roleName + " not found");
+        }
+    }
     
     /**
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
index f6c6c60..14fd18e 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
@@ -211,6 +211,7 @@ public class FortressJUnitTest extends TestCase
         suite.addTest( new AdminMgrImplTest( "testAddPASetToPermission" ) );
         
         suite.addTest( new AdminMgrImplTest( "testAddUserRoleConstraint" ) );
+        suite.addTest( new AdminMgrImplTest( "testRemoveUserRoleConstraint" ) );
         
         // GroupMgr APIs
         suite.addTest( new GroupMgrImplTest( "testAddGroup" ) );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
index db4d86a..7848741 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
@@ -1636,6 +1636,7 @@ public class ReviewMgrImplTest extends TestCase
     						urcFound = true;
     						assertEquals(rc.getType(), r.getType());
     						assertEquals(rc.getValue(), r.getValue());
+    						assertNotNull( r.getId() );
     					}
     				}
     			}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
index 35432af..c208a7d 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
@@ -952,6 +952,20 @@ public class URATestData extends TestCase
     	"TPASET1AttributeName1=testattributevalue" //CONSTAIN_VALUE
     };
     
+    public static final String[] URC_T2 =
+    {
+        "TPASET1", // CONSTRAINT_PASET_NM
+        "FILTER", //CONSTAINT_TYPE
+        "TPASET1AttributeName1=testattributevalue2" //CONSTAIN_VALUE
+    };
+    
+    public static final String[] URC_T3 =
+    {
+        "TPASET1", // CONSTRAINT_PASET_NM
+        "FILTER", //CONSTAINT_TYPE
+        "TPASET1AttributeName1=testattributevalue3" //CONSTAIN_VALUE
+    };
+    
     public static final String[] URC_T1_INVALID =
     {
     	"TPASETNAMENOTEXIST", // CONSTRAINT_PASET_NM


Mime
View raw message