You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by cp...@apache.org on 2017/07/10 15:29:48 UTC
directory-fortress-core git commit: FC-221 add id to non temporal
role constraint and method to remove constraint by id
Repository: directory-fortress-core
Updated Branches:
refs/heads/master f1448abf0 -> 995073dac
FC-221 add id to non temporal role constraint and method to remove constraint by id
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/995073da
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/995073da
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/995073da
Branch: refs/heads/master
Commit: 995073dacd41cb804eb94b57195d8e9a3de6d6ee
Parents: f1448ab
Author: clp207 <cl...@psu.edu>
Authored: Mon Jul 10 11:29:34 2017 -0400
Committer: clp207 <cl...@psu.edu>
Committed: Mon Jul 10 11:29:34 2017 -0400
----------------------------------------------------------------------
.../directory/fortress/core/AdminMgr.java | 19 ++++++++++
.../directory/fortress/core/GlobalErrIds.java | 5 +++
.../fortress/core/impl/AdminMgrImpl.java | 37 ++++++++++++++++++
.../directory/fortress/core/impl/UserDAO.java | 2 +
.../fortress/core/model/RoleConstraint.java | 21 +++++++++-
.../directory/fortress/core/model/UserRole.java | 2 +-
.../fortress/core/rest/AdminMgrRestImpl.java | 8 ++++
.../fortress/core/impl/AdminMgrImplTest.java | 40 ++++++++++++++++++--
.../fortress/core/impl/FortressJUnitTest.java | 1 +
.../fortress/core/impl/ReviewMgrImplTest.java | 1 +
.../fortress/core/impl/URATestData.java | 14 +++++++
11 files changed, 144 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/AdminMgr.java b/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
index 0425bcb..abc75c1 100755
--- a/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/AdminMgr.java
@@ -488,6 +488,24 @@ public interface AdminMgr extends Manageable
throws SecurityException;
/**
+ * Thie method removes a roleConstraint (ftRC) from the user ldap entry.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link UserRole#name} - contains the name for already existing Role to be assigned</li>
+ * <li>{@link UserRole#userId} - contains the userId for existing User</li>
+ * <li>{@link RoleConstraint#type} - contains the type of role constraint (filter, other)</li>
+ * <li>{@link RoleConstraint#value} - contains the value of the role constraint which is currently not validated in any way</li>
+ * <li>{@link RoleConstraint#paSetName} - contains the userId for existing User, contains the name of the permission attribute set this constraint is applicable for</li>
+ * </ul>
+ *
+ * @param uRole must contain {@link UserRole#userId} and {@link UserRole#name}
+ * @param roleConstraintId id of the role constraint to remove
+ * @throws SecurityException in the event of validation or system error.
+ */
+ void removeRoleConstraint( UserRole uRole, String roleConstraintId )
+ throws SecurityException;
+
+ /**
* This command deletes the assignment of the User from the Role entities. The command is
* valid if and only if the user is a member of the USERS data set, the role is a member of
* the ROLES data set, and the user is assigned to the role.
@@ -1391,4 +1409,5 @@ public interface AdminMgr extends Manageable
*/
SDSet setDsdSetCardinality( SDSet dsdSet, int cardinality )
throws SecurityException;
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index 711e51e..8f5621c 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1728,6 +1728,11 @@ public final class GlobalErrIds
* The RoleConstraint entity was not supplied but is required.
*/
public static final int RCON_NULL = 10401;
+
+ /**
+ * The RoleConstraint entity was not found
+ */
+ public static final int RCON_NOT_FOUND = 10402;
/**
* 10500's - Property Management Error Ids
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 7ef3516..390d39f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -27,6 +27,7 @@ import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.AdminMgr;
+import org.apache.directory.fortress.core.FinderException;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;
@@ -427,6 +428,42 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
*/
@Override
@AdminPermissionOperation
+ public void removeRoleConstraint( UserRole uRole, String roleConstraintId )
+ throws SecurityException
+ {
+ String methodName = "assignUser";
+ assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ), contextId );
+
+ //find role constraint that needs removed
+ boolean found = false;
+
+ List<UserRole> userRoles = userP.read( new User(uRole.getUserId()), true ).getRoles();
+ for( UserRole ur : userRoles ){
+ // find matching name
+ if( ur.getName().equals( uRole.getName() ) ){
+ //find matching constraint
+ List<RoleConstraint> rcs = ur.getRoleConstraints();
+ for( RoleConstraint rc : rcs ){
+ if( rc.getId().equals( roleConstraintId )){
+ userP.deassign( uRole, rc );
+ found = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if( !found ){
+ throw new FinderException( GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found" );
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ @AdminPermissionOperation
public void deassignUser( UserRole uRole ) throws SecurityException
{
String methodName = "deassignUser";
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index cb047b3..9644800 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -1735,6 +1735,8 @@ final class UserDAO extends LdapDataProvider
try
{
+ roleConstraint.setId();
+
List<Modification> mods = new ArrayList<Modification>();
szRoleConstraint = roleConstraint.getRawData(uRole);
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
index cdf6838..ca5987c 100644
--- a/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/RoleConstraint.java
@@ -20,6 +20,7 @@
package org.apache.directory.fortress.core.model;
import java.io.Serializable;
+import java.util.UUID;
import org.apache.directory.fortress.core.util.Config;
@@ -37,6 +38,7 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement( name = "fortRoleConstraint" )
@XmlAccessorType( XmlAccessType.FIELD )
@XmlType( name = "roleConstraint", propOrder = {
+ "id",
"paSetName",
"value",
"type"
@@ -62,22 +64,35 @@ public class RoleConstraint extends FortEntity implements Serializable
OTHER
}
+ private String id;
private RCType type;
private String value;
- private String paSetName;
+ private String paSetName;
public RoleConstraint()
{
}
- public RoleConstraint(String value, RCType type, String paSetName)
+ public RoleConstraint(String id, String value, RCType type, String paSetName)
{
+ this.id = id;
this.type = type;
this.value = value;
this.paSetName = paSetName;
}
+ public String getId()
+ {
+ return id;
+ }
+
+ public void setId()
+ {
+ UUID uuid = UUID.randomUUID();
+ this.id = uuid.toString();
+ }
+
public RCType getType()
{
return type;
@@ -122,6 +137,8 @@ public class RoleConstraint extends FortEntity implements Serializable
sb.append( paSetName );
sb.append( delimeter );
sb.append( value );
+ sb.append( delimeter );
+ sb.append( id );
return sb.toString();
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
index 486f00b..068677f 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
@@ -185,7 +185,7 @@ public class UserRole extends FortEntity implements Serializable, Constraint
//newer style constaint type
if(tokens[1].equals(RoleConstraint.RC_TYPE_NAME)){
- RoleConstraint rc = new RoleConstraint(tokens[4], RoleConstraint.RCType.valueOf( tokens[2] ),
+ RoleConstraint rc = new RoleConstraint(tokens[5], tokens[4], RoleConstraint.RCType.valueOf( tokens[2] ),
tokens[3]);
this.getRoleConstraints().add(rc);
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
index 2eaef6f..f9093f1 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
@@ -1400,4 +1400,12 @@ public final class AdminMgrRestImpl extends Manageable implements AdminMgr
throw new SecurityException( response.getErrorCode(), response.getErrorMessage() );
}
}
+
+
+ @Override
+ public void removeRoleConstraint( UserRole uRole, String roleConstraintId ) throws SecurityException
+ {
+ // TODO Auto-generated method stub
+
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 41bc491..33dd01d 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -1616,7 +1616,7 @@ public class AdminMgrImplTest extends TestCase
public void testDeassignUser()
{
// public void deassignUser(User user, Role role)
- deassignUsers( "DEASGN-USRS TU1 TR1", UserTestData.USERS_TU1, RoleTestData.ROLES_TR1 );
+ //deassignUsers( "DEASGN-USRS TU1 TR1", UserTestData.USERS_TU1, RoleTestData.ROLES_TR1 );
deassignUsers( "DEASGN-USRS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 );
deassignUsers( "DEASGN-USRS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 );
deassignUsersH( "DEASGN-USRS_H TU7 TR5 HIER", UserTestData.USERS_TU7_HIER, RoleTestData.ROLES_TR5_HIER );
@@ -1978,7 +1978,7 @@ public class AdminMgrImplTest extends TestCase
}
- public static void assignUserRoleConstraint( String msg, String[] usr, String[] rle, RoleConstraint rc ) throws SecurityException
+ public static RoleConstraint assignUserRoleConstraint( String msg, String[] usr, String[] rle, RoleConstraint rc ) throws SecurityException
{
LogUtil.logIt( msg );
@@ -1988,7 +1988,7 @@ public class AdminMgrImplTest extends TestCase
User user = UserTestData.getUser( usr );
Role role = RoleTestData.getRole( rle );
- adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
+ RoleConstraint createdRoleConstraint = adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" + role.getName() + "] " +
" rcvalue [" + rc.getValue() + "]");
@@ -1997,9 +1997,43 @@ public class AdminMgrImplTest extends TestCase
List<User> usersWithRc = reviewMgr.assignedUsers( role, rc );
assertTrue( usersWithRc.size() == 1 );
assertEquals( user.getUserId(), usersWithRc.get( 0 ).getUserId() );
+
+ return createdRoleConstraint;
}
+ public void testRemoveUserRoleConstraint() throws SecurityException
+ {
+ this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 1 );
+
+ RoleConstraint rc1 = assignUserRoleConstraint( "ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0], RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T2) );
+ RoleConstraint rc2 = assignUserRoleConstraint( "ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0], RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T3) );
+
+ this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 3 );
+
+ AdminMgr adminMgr = getManagedAdminMgr();
+ adminMgr.removeRoleConstraint( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0] ), rc1 );
+ this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 2 );
+
+ adminMgr.removeRoleConstraint( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0] ), rc2.getId() );
+ this.assertRoleConstraintSize( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 1 );
+ }
+ private void assertRoleConstraintSize(String userId, String roleName, int size) throws SecurityException{
+ boolean roleFound = false;
+
+ ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
+ List<UserRole> userRoles = reviewMgr.readUser( new User( userId ) ).getRoles();
+ for(UserRole ur : userRoles){
+ if( ur.getName().equals( roleName )){
+ assertEquals( size, ur.getRoleConstraints().size() );
+ roleFound = true;
+ }
+ }
+
+ if( !roleFound ){
+ fail("Role with name " + roleName + " not found");
+ }
+ }
/**
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
index f6c6c60..14fd18e 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
@@ -211,6 +211,7 @@ public class FortressJUnitTest extends TestCase
suite.addTest( new AdminMgrImplTest( "testAddPASetToPermission" ) );
suite.addTest( new AdminMgrImplTest( "testAddUserRoleConstraint" ) );
+ suite.addTest( new AdminMgrImplTest( "testRemoveUserRoleConstraint" ) );
// GroupMgr APIs
suite.addTest( new GroupMgrImplTest( "testAddGroup" ) );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
index db4d86a..7848741 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
@@ -1636,6 +1636,7 @@ public class ReviewMgrImplTest extends TestCase
urcFound = true;
assertEquals(rc.getType(), r.getType());
assertEquals(rc.getValue(), r.getValue());
+ assertNotNull( r.getId() );
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/995073da/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
index 35432af..c208a7d 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
@@ -952,6 +952,20 @@ public class URATestData extends TestCase
"TPASET1AttributeName1=testattributevalue" //CONSTAIN_VALUE
};
+ public static final String[] URC_T2 =
+ {
+ "TPASET1", // CONSTRAINT_PASET_NM
+ "FILTER", //CONSTAINT_TYPE
+ "TPASET1AttributeName1=testattributevalue2" //CONSTAIN_VALUE
+ };
+
+ public static final String[] URC_T3 =
+ {
+ "TPASET1", // CONSTRAINT_PASET_NM
+ "FILTER", //CONSTAINT_TYPE
+ "TPASET1AttributeName1=testattributevalue3" //CONSTAIN_VALUE
+ };
+
public static final String[] URC_T1_INVALID =
{
"TPASETNAMENOTEXIST", // CONSTRAINT_PASET_NM