directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject directory-fortress-core git commit: FC-222 added method to find user role with constraint type and attribute set name
Date Tue, 11 Jul 2017 16:42:37 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 995073dac -> e834cc6c9


FC-222 added method to find user role with constraint type and attribute set name


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/e834cc6c
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/e834cc6c
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/e834cc6c

Branch: refs/heads/master
Commit: e834cc6c918831bb84666618acabd8a102d5d20c
Parents: 995073d
Author: clp207 <clp207@psu.edu>
Authored: Tue Jul 11 12:42:25 2017 -0400
Committer: clp207 <clp207@psu.edu>
Committed: Tue Jul 11 12:42:25 2017 -0400

----------------------------------------------------------------------
 .../directory/fortress/core/ReviewMgr.java      |  13 +++
 .../fortress/core/impl/ReviewMgrImpl.java       |  15 +++
 .../directory/fortress/core/impl/UserDAO.java   | 107 ++++++++++++++++---
 .../directory/fortress/core/impl/UserP.java     |  15 +++
 .../fortress/core/model/RoleConstraint.java     |   2 +-
 .../fortress/core/rest/ReviewMgrRestImpl.java   |   9 ++
 .../fortress/core/impl/ReviewMgrImplTest.java   |  34 ++++--
 7 files changed, 173 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
index a7f985a..dae8315 100755
--- a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
@@ -29,6 +29,7 @@ import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.PermissionAttributeSet;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
+import org.apache.directory.fortress.core.model.RoleConstraint.RCType;
 import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
@@ -390,6 +391,18 @@ public interface ReviewMgr extends Manageable
     List<User> assignedUsers( Role role, RoleConstraint roleConstraint ) throws SecurityException;
     
     /**
+     * This method returns the user roles for all users who have the given role, with a specified
constraint type
+     * and permission attribute set name.
+     *
+     * @param role
+     * @param rcType
+     * @param paSetName
+     * @return
+     * @throws SecurityException
+     */
+    List<UserRole> assignedUsers( Role role, RCType rcType, String paSetName ) throws
SecurityException;
+    
+    /**
      * This function returns the set of roles assigned to a given user. The function is valid
if and
      * only if the user is a member of the USERS data set.
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
index 9828ebf..0454e4a 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
@@ -39,6 +39,7 @@ import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.PermissionAttributeSet;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
+import org.apache.directory.fortress.core.model.RoleConstraint.RCType;
 import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
@@ -383,6 +384,20 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
         checkAccess(CLS_NM, methodName);
         return userP.getAssignedUsers(role, roleConstraint);
     }
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    @AdminPermissionOperation
+    public List<UserRole> assignedUsers(Role role, RCType rcType, String paSetName)
+        throws SecurityException
+    {
+        String methodName = "assignedUsers";
+        assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
+        checkAccess(CLS_NM, methodName);
+        return userP.getAssignedUsers(role, rcType, paSetName);
+    }
 
     /**
      * {@inheritDoc}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index 9644800..083425f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -70,6 +70,7 @@ import org.apache.directory.fortress.core.util.PropUtil;
 import org.apache.directory.fortress.core.model.PwMessage;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
+import org.apache.directory.fortress.core.model.RoleConstraint.RCType;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserAdminRole;
@@ -1190,8 +1191,80 @@ final class UserDAO extends LdapDataProvider
 
         return userList;
     }
+    
+    List<UserRole> getUserRoles( Role role, RCType rcType, String paSetName ) throws
FinderException
+    {
+        List<UserRole> userRoleList = new ArrayList<>();
+        LdapConnection ld = null;
+        String userRoot = getRootDn( role.getContextId(), GlobalIds.USER_ROOT );
 
+        try
+        {
+            String roleVal = encodeSafeText( role.getName(), GlobalIds.ROLE_LEN );
+            StringBuilder filterbuf = new StringBuilder();
+            filterbuf.append( GlobalIds.FILTER_PREFIX );
+            filterbuf.append( USERS_AUX_OBJECT_CLASS_NAME );
+            filterbuf.append( ")(" );
+            filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
+            filterbuf.append( "=" );
+            filterbuf.append( roleVal );
+            filterbuf.append( ")" );
+
+            filterbuf.append( "(" );
+            filterbuf.append( GlobalIds.USER_ROLE_DATA );
+            filterbuf.append( "=" );
+            filterbuf.append( this.getFilterForRoleConstraint( role.getName(), rcType, paSetName
) );
+            filterbuf.append( ")" );                
+            
+            filterbuf.append( ")" );
+            
+            ld = getAdminConnection();
+            SearchCursor searchResults = search( ld, userRoot, SearchScope.ONELEVEL, filterbuf.toString(),
defaultAtrs, false,
+                GlobalIds.BATCH_SIZE );
 
+            while ( searchResults.next() )
+            {
+                userRoleList.addAll( this.unloadUserRoles( searchResults.getEntry(), getAttribute(
searchResults.getEntry(), SchemaConstants.UID_AT ), role.getContextId(), role.getName() )
);
+            }
+        }
+        catch ( LdapException e )
+        {
+            String warning = "getAssignedUsers role name [" + role.getName() + "] caught
LDAPException=" + e
+                .getMessage();
+            throw new FinderException( GlobalErrIds.URLE_SEARCH_FAILED, warning, e );
+        }
+        catch ( CursorException e )
+        {
+            String warning = "getAssignedUsers role name [" + role.getName() + "] caught
LDAPException=" + e
+                .getMessage();
+            throw new FinderException( GlobalErrIds.URLE_SEARCH_FAILED, warning, e );
+        }
+        finally
+        {
+            closeAdminConnection( ld );
+        }
+
+        return userRoleList;
+    }
+
+    private String getFilterForRoleConstraint(String roleName, RCType rcType, String paSetName)
+    {
+        StringBuilder sb = new StringBuilder();
+        String delimeter = Config.getInstance().getDelimiter();
+
+        sb.append( roleName );
+        sb.append( delimeter );
+        sb.append( RoleConstraint.RC_TYPE_NAME );
+        sb.append( delimeter );
+        sb.append( rcType );
+        sb.append( delimeter );
+        sb.append( paSetName );
+        sb.append( delimeter );
+        sb.append( "*" );
+
+        return sb.toString();
+    }
+    
     /**
      * @param role
      * @return
@@ -2047,7 +2120,7 @@ final class UserDAO extends LdapDataProvider
         entity.setTitle( getAttribute( entry, SchemaConstants.TITLE_AT ) );
         entity.setEmployeeType( getAttribute( entry, EMPLOYEE_TYPE ) );
         unloadTemporal( entry, entity );
-        entity.setRoles( unloadUserRoles( entry, entity.getUserId(), contextId ) );
+        entity.setRoles( unloadUserRoles( entry, entity.getUserId(), contextId, null ) );
         entity.setAdminRoles( unloadUserAdminRoles( entry, entity.getUserId(), contextId
) );
         entity.setAddress( unloadAddress( entry ) );
         entity.setPhones( getAttributes( entry, SchemaConstants.TELEPHONE_NUMBER_AT ) );
@@ -2111,7 +2184,7 @@ final class UserDAO extends LdapDataProvider
         {
             ld = getAdminConnection();
             Entry findEntry = read( ld, userDn, ROLE_ATR );
-            roles = unloadUserRoles( findEntry, userId, contextId );
+            roles = unloadUserRoles( findEntry, userId, contextId, null );
         }
         catch ( LdapNoSuchObjectException e )
         {
@@ -2478,9 +2551,10 @@ final class UserDAO extends LdapDataProvider
      * @param entry     contains ldap entry to retrieve roles from.
      * @param userId    attribute maps to {@link UserRole#userId}.
      * @param contextId
+     * @param roleNameFilter optional filter to only unload specified roles
      * @return List of type {@link UserRole} containing RBAC roles assigned to a particular
user.
      */
-    private List<UserRole> unloadUserRoles( Entry entry, String userId, String contextId
)
+    private List<UserRole> unloadUserRoles( Entry entry, String userId, String contextId,
String roleNameFilter )
     {
     	Map<String, UserRole> uRoles = new HashMap<String, UserRole>();    	
         List<String> roles = getAttributes( entry, GlobalIds.USER_ROLE_DATA );
@@ -2494,18 +2568,21 @@ final class UserDAO extends LdapDataProvider
             	//get role name
             	String roleName = raw.substring(0, raw.indexOf( Config.getInstance().getDelimiter()
)).toUpperCase();
             	
-            	//if already found, add to user role
-            	if(uRoles.containsKey(roleName)){
-            		UserRole ure = uRoles.get(roleName);
-            		ure.load( raw, contextId, RoleUtil.getInstance() );
-            	}
-            	//else create new
-            	else{            	
-	                UserRole ure = new ObjectFactory().createUserRole();
-	                ure.load( raw, contextId, RoleUtil.getInstance() );
-	                ure.setUserId( userId );
-	                ure.setSequenceId( sequence++ );
-	                uRoles.put(roleName, ure );
+            	//if role name filter provided, only unload role if it has that name
+            	if(roleNameFilter == null || roleNameFilter.toUpperCase().equals( roleName )){
           	
+                	//if already found, add to user role
+                	if(uRoles.containsKey(roleName)){
+                		UserRole ure = uRoles.get(roleName);
+                		ure.load( raw, contextId, RoleUtil.getInstance() );
+                	}
+                	//else create new
+                	else{            	
+    	                UserRole ure = new ObjectFactory().createUserRole();
+    	                ure.load( raw, contextId, RoleUtil.getInstance() );
+    	                ure.setUserId( userId );
+    	                ure.setSequenceId( sequence++ );
+    	                uRoles.put(roleName, ure );
+                	}            	
             	}
             }
         }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
index d8cfd9a..dd4cf0e 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
@@ -39,6 +39,7 @@ import org.apache.directory.fortress.core.model.OrgUnit;
 import org.apache.directory.fortress.core.model.PwPolicy;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
+import org.apache.directory.fortress.core.model.RoleConstraint.RCType;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserAdminRole;
@@ -180,6 +181,20 @@ final class UserP
     }
     
     /**
+     * Return a list of user roles for the provided role name, role constraint type and pa
set name
+     *
+     * @param role
+     * @param rcType
+     * @param paSetName
+     * @return
+     * @throws SecurityException
+     */
+    List<UserRole> getAssignedUsers( Role role, RCType rcType, String paSetName ) throws
SecurityException
+    {
+        return uDao.getUserRoles( role, rcType, paSetName );
+    }
+    
+    /**
      * Return a list of Users assigned the given RBAC role.
      * "Assigned" implies the hierarchical role relation graph will NOT be considered in
result set.
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
index ca5987c..2c96e67 100644
--- a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
@@ -142,5 +142,5 @@ public class RoleConstraint extends FortEntity implements Serializable
 
         return sb.toString();
     }
-
+    
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
index cfe0527..d02a535 100755
--- a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
@@ -36,6 +36,7 @@ import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.PermissionAttributeSet;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
+import org.apache.directory.fortress.core.model.RoleConstraint.RCType;
 import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
@@ -1352,4 +1353,12 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
         // TODO Auto-generated method stub
         return null;
     }
+
+
+    @Override
+    public List<UserRole> assignedUsers( Role role, RCType rcType, String paSetName
) throws SecurityException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e834cc6c/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
index 7848741..aafe024 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
@@ -1662,29 +1662,51 @@ public class ReviewMgrImplTest extends TestCase
     public void testFindRoleConstraints()
     {
     	findRoleConstraints( "SRCH-RCS TU1 TR1", UserTestData.USERS_TU1[0][0], PermTestData.getOp("TOB1_1",
PermTestData.OPS_TOP1_UPD[0]), URATestData.getRC(URATestData.URC_T1).getType() );
+    	findUserRoleWithConstraints( "SRCH-RCS TU1 TR1", UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0],
URATestData.getRC(URATestData.URC_T1).getType(), URATestData.getRC(URATestData.URC_T1).getPaSetName()
);
     }
     
-    public static void findRoleConstraints( String msg, String usr, Permission permission,
RoleConstraint.RCType rcType )
+    public static void findUserRoleWithConstraints( String msg, String usr, String role,
RoleConstraint.RCType rcType, String paSetName )
     {
     	LogUtil.logIt(msg);
     	try
     	{
     		ReviewMgr reviewMgr = getManagedReviewMgr();   		
 
-    		List<RoleConstraint> rcs = reviewMgr.findRoleConstraints(new User(usr), permission,
rcType);
-    		assertTrue(rcs.size() > 0);
-    		assertTrue(rcs.get(0).getType().equals(rcType));
+    		List<UserRole> urs = reviewMgr.assignedUsers( new Role(role), rcType, paSetName);
+    		assertTrue(urs.size() > 0);
+    		assertTrue(urs.get(0).getRoleConstraints().size() > 0);
    
-    		LOG.debug( "findRoleConstraints permission [" + permission.getObjName() + "." + permission.getOpName()
+ "] successful" );
+    		LOG.debug( "findUserRoleWithConstraints paSetName [" + paSetName + "] successful" );
     	}
     	catch ( SecurityException ex )
     	{
-    		LOG.error( "findRoleConstraints permission [" + permission.getObjName() + "." + permission.getOpName()
+    		LOG.error( "findUserRoleWithConstraints paSetName [" + paSetName
     				+ "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
ex );
     		fail( ex.getMessage() );
     	}
     }        
     
+    public static void findRoleConstraints( String msg, String usr, Permission permission,
RoleConstraint.RCType rcType )
+    {
+        LogUtil.logIt(msg);
+        try
+        {
+            ReviewMgr reviewMgr = getManagedReviewMgr();        
+
+            List<RoleConstraint> rcs = reviewMgr.findRoleConstraints(new User(usr),
permission, rcType);
+            assertTrue(rcs.size() > 0);
+            assertTrue(rcs.get(0).getType().equals(rcType));
+   
+            LOG.debug( "findRoleConstraints permission [" + permission.getObjName() + "."
+ permission.getOpName() + "] successful" );
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "findRoleConstraints permission [" + permission.getObjName() + "."
+ permission.getOpName()
+                    + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
ex );
+            fail( ex.getMessage() );
+        }
+    }   
+    
     public void testDeassignRoleWithRoleConstraint() throws SecurityException{
         AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
         adminMgr.deassignUser( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]
) );


Mime
View raw message