You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/11/11 21:38:47 UTC
[08/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
new file mode 100644
index 0000000..336e921
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
@@ -0,0 +1,4375 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.rest.HttpIds;
+import org.springframework.stereotype.Service;
+
+/**
+ * Implementation for EnMasse Service methods forwards to delegate. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+@Service("fortressService")
+public class FortressServiceImpl implements FortressService
+{
+ // Instantiate the implementation classes where the actual work is done:
+ private final ReviewMgrImpl reviewMgrImpl = new ReviewMgrImpl();
+ private final AdminMgrImpl adminMgrImpl = new AdminMgrImpl();
+ private final PswdPolicyMgrImpl pswdPolicyMgrImpl = new PswdPolicyMgrImpl();
+ private final DelegatedAccessMgrImpl delegatedAccessMgrImpl = new DelegatedAccessMgrImpl();
+ private final DelegatedReviewMgrImpl delegatedReviewMgrImpl = new DelegatedReviewMgrImpl();
+ private final DelegatedAdminMgrImpl delegatedAdminMgrImpl = new DelegatedAdminMgrImpl();
+ private final AccessMgrImpl accessMgrImpl = new AccessMgrImpl();
+ private final AuditMgrImpl auditMgrImpl = new AuditMgrImpl();
+ private final ConfigMgrImpl configMgrImpl = new ConfigMgrImpl();
+
+ // These are the allowed roles for the Fortress Rest services:
+ private static final String SUPER_USER = "fortress-rest-super-user";
+ private static final String ACCESS_MGR_USER = "fortress-rest-access-user";
+ private static final String ADMIN_MGR_USER = "fortress-rest-admin-user";
+ private static final String REVIEW_MGR_USER = "fortress-rest-review-user";
+ private static final String DELEGATED_ACCESS_MGR_USER = "fortress-rest-delaccess-user";
+ private static final String DELEGATED_ADMIN_MGR_USER = "fortress-rest-deladmin-user";
+ private static final String DELEGATED_REVIEW_MGR_USER = "fortress-rest-delreview-user";
+ private static final String PASSWORD_MGR_USER = "fortress-rest-pwmgr-user";
+ private static final String AUDIT_MGR_USER = "fortress-rest-audit-user";
+ private static final String CONFIG_MGR_USER = "fortress-rest-config-user";
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN ADMINMGR
+ * **************************************************************************************************************************************
+ */
+
+ /**
+ * This command creates a new RBAC user. The command is valid only if the new user is
+ * not already a member of the USERS data set. The USER data set is updated. The new user
+ * does not own any session at the time of its creation.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addUser(FortRequest request)
+ {
+ return adminMgrImpl.addUser(request);
+ }
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
+ * User entity must exist in directory prior to making this call else exception will be thrown.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteUser(FortRequest request)
+ {
+ return adminMgrImpl.deleteUser(request);
+ }
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * Method performs a "soft" delete. It performs the following:
+ * - sets the user status to "deleted"
+ * - deassigns all roles from the user
+ * - locks the user's password in LDAP
+ * - revokes all perms that have been granted to user entity.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_DISABLE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse disableUser(FortRequest request)
+ {
+ return adminMgrImpl.disableUser(request);
+ }
+
+ /**
+ * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
+ * directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateUser(FortRequest request)
+ {
+ return adminMgrImpl.updateUser(request);
+ }
+
+ /**
+ * Method will change user's password. This method will evaluate user's password policies.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - contains the User's old password</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_CHGPW + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse changePassword(FortRequest request)
+ {
+ return adminMgrImpl.changePassword(request);
+ }
+
+ /**
+ * Method will lock user's password which will prevent the user from authenticating with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_LOCK + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse lockUserAccount(FortRequest request)
+ {
+ return adminMgrImpl.lockUserAccount(request);
+ }
+
+ /**
+ * Method will unlock user's password which will enable user to authenticate with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_UNLOCK + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse unlockUserAccount(FortRequest request)
+ {
+ return adminMgrImpl.unlockUserAccount(request);
+ }
+
+ /**
+ * Method will reset user's password which will require user to change password before successful authentication with directory.
+ * This method will not evaluate password policies on the new user password as it must be changed before use.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_RESET + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse resetPassword(FortRequest request)
+ {
+ return adminMgrImpl.resetPassword(request);
+ }
+
+ /**
+ * This command creates a new role. The command is valid if and only if the new role is not
+ * already a member of the ROLES data set. The ROLES data set is updated.
+ * Initially, no user or permission is assigned to the new role.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+ * </ul>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addRole(FortRequest request)
+ {
+ return adminMgrImpl.addRole(request);
+ }
+
+ /**
+ * This command deletes an existing role from the RBAC database. The command is valid
+ * if and only if the role to be deleted is a member of the ROLES data set. This command will
+ * also deassign role from all users.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
+ * </ul>
+ * <ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteRole(FortRequest request)
+ {
+ return adminMgrImpl.deleteRole(request);
+ }
+
+ /**
+ * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateRole(FortRequest request)
+ {
+ return adminMgrImpl.updateRole(request);
+ }
+
+ /**
+ * This command assigns a user to a role.
+ * <p>
+ * <ul>
+ * <li> The command is valid if and only if:
+ * <li> The user is a member of the USERS data set
+ * <li> The role is a member of the ROLES data set
+ * <li> The user is not already assigned to the role
+ * <li> The SSD constraints are satisfied after assignment.
+ * </ul>
+ * </p>
+ * <p>
+ * Successful completion of this op, the following occurs:
+ * </p>
+ * <ul>
+ * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
+ * <li> Role entity (resides in role container) has userId added as role occupant.
+ * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+ * <ul>
+ * <li> timeout - number in seconds of session inactivity time allowed.
+ * <li> beginDate - YYYYMMDD - determines date when role may be activated.
+ * <li> endDate - YYMMDD - indicates latest date role may be activated.
+ * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+ * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
+ * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
+ * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
+ * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
+ * </ul>
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>UserRole optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ASGN + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse assignUser(FortRequest request)
+ {
+ return adminMgrImpl.assignUser(request);
+ }
+
+ /**
+ * This command deletes the assignment of the User from the Role entities. The command is
+ * valid if and only if the user is a member of the USERS data set, the role is a member of
+ * the ROLES data set, and the user is assigned to the role.
+ * Any sessions that currently have this role activated will not be effected.
+ * Successful completion includes:
+ * User entity in USER data set has role assignment removed.
+ * Role entity in ROLE data set has userId removed as role occupant.
+ * (optional) Temporal constraints will be removed from user aux object if set prior to call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DEASGN + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deassignUser(FortRequest request)
+ {
+ return adminMgrImpl.deassignUser(request);
+ }
+
+ /**
+ * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations. The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+ * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission add</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addPermission(FortRequest request)
+ {
+ return adminMgrImpl.addPermission(request);
+ }
+
+ /**
+ * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations to add or remove using this function.
+ * The perm operation must exist before making this call. Only non-null attributes will be updated.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updatePermission(FortRequest request)
+ {
+ return adminMgrImpl.updatePermission(request);
+ }
+
+ /**
+ * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
+ * The perm operation must exist before making this call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission removal</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deletePermission(FortRequest request)
+ {
+ return adminMgrImpl.deletePermission(request);
+ }
+
+ /**
+ * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being added</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addPermObj(FortRequest request)
+ {
+ return adminMgrImpl.addPermObj(request);
+ }
+
+ /**
+ * This method will update permission object in perms container in directory. The perm object must exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being updated</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updatePermObj(FortRequest request)
+ {
+ return adminMgrImpl.updatePermObj(request);
+ }
+
+ /**
+ * This method will remove permission object to perms container in directory. This method will also remove
+ * in associated permission objects that are attached to this object.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being removed</li>
+ * </ul>
+ * </ul>
+ * <h5>optional parameters</h5>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deletePermObj(FortRequest request)
+ {
+ return adminMgrImpl.deletePermObj(request);
+ }
+
+ /**
+ * This command grants a role the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_GRANT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse grant(FortRequest request)
+ {
+ return adminMgrImpl.grant(request, this);
+ }
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a role. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the role is a member of the ROLES data set, and the permission is assigned to that role.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_REVOKE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse revoke(FortRequest request)
+ {
+ return adminMgrImpl.revoke(request, this);
+ }
+
+ /**
+ * This command grants a user the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_GRANT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse grantUser(FortRequest request)
+ {
+ return adminMgrImpl.grantUser(request, this);
+ }
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a user. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the user is a member of the USERS data set, and the permission is assigned to that user.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_REVOKE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse revokeUser(FortRequest request)
+ {
+ return adminMgrImpl.revokeUser(request, this);
+ }
+
+ /**
+ * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
+ * the existing role parentRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The childRole is not a member of the ROLES data set.
+ * <li> The parentRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new childRole and pre-existing parentRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#child}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DESC + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addDescendant(FortRequest request)
+ {
+ return adminMgrImpl.addDescendant(request);
+ }
+
+ /**
+ * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
+ * the existing role childRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole is not a member of the ROLES data set.
+ * <li> The childRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new parentRole and pre-existing childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>childRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
+ * <li>parentRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#parent}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ASC + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addAscendant(FortRequest request)
+ {
+ return adminMgrImpl.addAscendant(request);
+ }
+
+ /**
+ * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
+ * roles parentRole, childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is not an immediate ascendant of childRole.
+ * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ADDINHERIT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addInheritance(FortRequest request)
+ {
+ return adminMgrImpl.addInheritance(request);
+ }
+
+ /**
+ * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The roles parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is an immediate ascendant of childRole.
+ * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+ * relation resulted after deleting the relationship parentRole <<-- childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DELINHERIT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteInheritance(FortRequest request)
+ {
+ return adminMgrImpl.deleteInheritance(request);
+ }
+
+ /**
+ * This command creates a named SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set is not already in use.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse createSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.createSsdSet(request);
+ }
+
+ /**
+ * This command updates existing SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set exists in directory.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.updateSsdSet(request);
+ }
+
+
+ /**
+ * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
+ * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_ADD_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addSsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.addSsdRoleMember(request);
+ }
+
+ /**
+ * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be removed is a member of the SSD role set.
+ * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
+ * </ul>
+ * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_DEL_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteSsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.deleteSsdRoleMember(request);
+ }
+
+ /**
+ * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.deleteSsdSet(request);
+ }
+
+ /**
+ * This command sets the cardinality associated with a given SSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
+ * <li> The SSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_CARD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse setSsdSetCardinality(FortRequest request)
+ {
+ return adminMgrImpl.setSsdSetCardinality(request);
+ }
+
+ /**
+ * This command creates a named DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set is not already in use.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse createDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.createDsdSet(request);
+ }
+
+ /**
+ * This command updates existing DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set exists in directory.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.updateDsdSet(request);
+ }
+
+ /**
+ * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
+ * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_ADD_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addDsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.addDsdRoleMember(request);
+ }
+
+ /**
+ * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be removed is a member of the DSD role set.
+ * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
+ * </ul>
+ * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_DEL_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteDsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.deleteDsdRoleMember(request);
+ }
+
+ /**
+ * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.deleteDsdSet(request);
+ }
+
+ /**
+ * This command sets the cardinality associated with a given DSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
+ * <li> The DSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_CARD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse setDsdSetCardinality(FortRequest request)
+ {
+ return adminMgrImpl.setDsdSetCardinality(request);
+ }
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN REVIEWMGR
+ * **************************************************************************************************************************************
+ */
+
+ /**
+ * This method returns a matching permission entity to caller.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_READ + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse readPermission(FortRequest request)
+ {
+ return reviewMgrImpl.readPermission(request);
+ }
+
+ /**
+ * Method reads permission object from perm container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_READ + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse readPermObj(FortRequest request)
+ {
+ return reviewMgrImpl.readPermObj(request);
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains one or more characters of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_SEARCH + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse findPermissions(FortRequest request)
+ {
+ return reviewMgrImpl.findPermissions(request);
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains one or more characters of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_SEARCH + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse findPermObjs(FortRequest request)
+ {
+ return reviewMgrImpl.findPermObjs(request);
+ }
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required p
<TRUNCATED>