You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by cp...@apache.org on 2017/07/06 20:21:46 UTC
directory-fortress-core git commit: FC-219 added method to get
assigned user for a role with a role constraint filter
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 807e6819f -> 4bb32a9be
FC-219 added method to get assigned user for a role with a role constraint filter
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/4bb32a9b
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/4bb32a9b
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/4bb32a9b
Branch: refs/heads/master
Commit: 4bb32a9be2c227701a6f5197f1c1a48085d649e3
Parents: 807e681
Author: clp207 <cl...@psu.edu>
Authored: Thu Jul 6 16:20:41 2017 -0400
Committer: clp207 <cl...@psu.edu>
Committed: Thu Jul 6 16:20:41 2017 -0400
----------------------------------------------------------------------
.../apache/directory/fortress/core/ReviewMgr.java | 18 +++++++++++++++++-
.../fortress/core/impl/ReviewMgrImpl.java | 14 ++++++++++++++
.../directory/fortress/core/impl/UserDAO.java | 15 +++++++++++++--
.../directory/fortress/core/impl/UserP.java | 17 +++++++++++++++--
.../fortress/core/rest/ReviewMgrRestImpl.java | 8 ++++++++
.../fortress/core/impl/AdminMgrImplTest.java | 9 +++++++--
6 files changed, 74 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
index e298b98..a7f985a 100755
--- a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
@@ -373,7 +373,22 @@ public interface ReviewMgr extends Manageable
List<User> assignedUsers( Role role )
throws SecurityException;
-
+ /**
+ * This method returns the data set of all users who are assigned the given role. This searches the User data set for
+ * Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.
+ * <h3></h3>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role contains the role name, {@link Role#name} used to search the User data set.
+ * @param roleConstraint constraint to filter the roles return
+ * @return List of type User containing the users assigned data.
+ * @throws SecurityException If system error occurs.
+ */
+ List<User> assignedUsers( Role role, RoleConstraint roleConstraint ) throws SecurityException;
+
/**
* This function returns the set of roles assigned to a given user. The function is valid if and
* only if the user is a member of the USERS data set.
@@ -740,4 +755,5 @@ public interface ReviewMgr extends Manageable
*/
List<RoleConstraint> findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType)
throws SecurityException;
+
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
index 897d4d1..9828ebf 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ReviewMgrImpl.java
@@ -369,6 +369,20 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
checkAccess(CLS_NM, methodName);
return userP.getAssignedUsers(role);
}
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ @AdminPermissionOperation
+ public List<User> assignedUsers(Role role, RoleConstraint roleConstraint)
+ throws SecurityException
+ {
+ String methodName = "assignedUsers";
+ assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
+ checkAccess(CLS_NM, methodName);
+ return userP.getAssignedUsers(role, roleConstraint);
+ }
/**
* {@inheritDoc}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index 5e1cc1c..1f20196 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -1129,10 +1129,11 @@ final class UserDAO extends LdapDataProvider
/**
* @param role
+ * @param roleConstraint
* @return
* @throws FinderException
*/
- List<User> getAssignedUsers( Role role ) throws FinderException
+ List<User> getAssignedUsers( Role role, RoleConstraint roleConstraint ) throws FinderException
{
List<User> userList = new ArrayList<>();
LdapConnection ld = null;
@@ -1148,8 +1149,18 @@ final class UserDAO extends LdapDataProvider
filterbuf.append( GlobalIds.USER_ROLE_ASSIGN );
filterbuf.append( "=" );
filterbuf.append( roleVal );
- filterbuf.append( "))" );
+ filterbuf.append( ")" );
+ if( roleConstraint != null ){
+ filterbuf.append( "(" );
+ filterbuf.append( GlobalIds.USER_ROLE_DATA );
+ filterbuf.append( "=" );
+ filterbuf.append( roleConstraint.getRawData( new UserRole( role.getName() ) ) );
+ filterbuf.append( ")" );
+ }
+
+ filterbuf.append( ")" );
+
ld = getAdminConnection();
SearchCursor searchResults = search( ld, userRoot, SearchScope.ONELEVEL, filterbuf.toString(), defaultAtrs, false,
GlobalIds.BATCH_SIZE );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
index 49b7bf5..d8cfd9a 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
@@ -162,10 +162,23 @@ final class UserP
*/
List<User> getAssignedUsers( Role role ) throws SecurityException
{
- return uDao.getAssignedUsers( role );
+ return uDao.getAssignedUsers( role, null );
}
-
+ /**
+ * Return a list of Users assigned the given RBAC role.
+ * "Assigned" implies the hierarchical role relation graph will NOT be considered in result set.
+ *
+ * @param role contains name of RBAC role used for search.
+ * @param roleConstraint filter roles that have this role constraint
+ * @return List of fully populated User entities matching target search. If no records found this will be empty.
+ * @throws SecurityException in the event of DAO search error.
+ */
+ List<User> getAssignedUsers( Role role, RoleConstraint roleConstraint ) throws SecurityException
+ {
+ return uDao.getAssignedUsers( role, roleConstraint );
+ }
+
/**
* Return a list of Users assigned the given RBAC role.
* "Assigned" implies the hierarchical role relation graph will NOT be considered in result set.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
index 4e4b910..cfe0527 100755
--- a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
@@ -1344,4 +1344,12 @@ public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
}
return retConstraints;
}
+
+
+ @Override
+ public List<User> assignedUsers( Role role, RoleConstraint roleConstraint ) throws SecurityException
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4bb32a9b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 7699943..41bc491 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -1989,9 +1989,14 @@ public class AdminMgrImplTest extends TestCase
Role role = RoleTestData.getRole( rle );
adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
-
+
LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" + role.getName() + "] " +
- " rcvalue [" + rc.getValue() + "]");
+ " rcvalue [" + rc.getValue() + "]");
+
+ //get user with consratint filter
+ List<User> usersWithRc = reviewMgr.assignedUsers( role, rc );
+ assertTrue( usersWithRc.size() == 1 );
+ assertEquals( user.getUserId(), usersWithRc.get( 0 ).getUserId() );
}