You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2017/09/22 05:32:17 UTC
[2/2] syncope git commit: Reviewing the AssignableCond doc and
implementation
Reviewing the AssignableCond doc and implementation
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9e24b8ee
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9e24b8ee
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9e24b8ee
Branch: refs/heads/master
Commit: 9e24b8eebdcdf78f55956cab8db99501f0d555a7
Parents: d4e098a
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Fri Sep 22 07:29:36 2017 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Fri Sep 22 07:32:04 2017 +0200
----------------------------------------------------------------------
.../java/org/apache/syncope/core/logic/SyncopeLogic.java | 4 +---
.../core/persistence/api/dao/search/AssignableCond.java | 6 +++---
.../syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java | 8 ++++----
.../apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java | 2 +-
.../core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java | 8 ++++----
src/main/asciidoc/reference-guide/concepts/realms.adoc | 4 ++--
6 files changed, 15 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
index ad3a86d..b5b2973 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
@@ -361,9 +361,7 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> {
}
@PreAuthorize("isAuthenticated()")
- public Pair<Integer, List<GroupTO>> searchAssignableGroups(
- final String realm, final int page, final int size) {
-
+ public Pair<Integer, List<GroupTO>> searchAssignableGroups(final String realm, final int page, final int size) {
AssignableCond assignableCond = new AssignableCond();
assignableCond.setRealmFullPath(realm);
SearchCond searchCond = SearchCond.getLeafCond(assignableCond);
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
index 54587f3..93a4d1c 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
@@ -25,11 +25,11 @@ public class AssignableCond extends AbstractSearchCond {
private String realmFullPath;
/**
- * Whether this condition should be evaluated from the assignable group (default) - or instead the
- * assignee - point of view.
+ * Whether this condition should be evaluated from the assignable group's or instead the
+ * assignee's point of view (default).
* The converter from FIQL will ignore this setting, which is meant for internal usage.
*/
- private boolean fromGroup = true;
+ private boolean fromGroup = false;
public String getRealmFullPath() {
return realmFullPath;
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
index a7aae81..b6d37e6 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
@@ -608,15 +608,15 @@ public class JPAAnySearchDAO extends AbstractAnySearchDAO {
StringBuilder query = new StringBuilder("SELECT DISTINCT any_id FROM ").
append(svs.field().name).append(" WHERE (");
if (cond.isFromGroup()) {
- for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
+ for (Realm current : realmDAO.findDescendants(realm)) {
query.append("realm_id=?").append(setParameter(parameters, current.getKey())).append(" OR ");
}
- query.append("realm_id=?").append(setParameter(parameters, realmDAO.getRoot().getKey()));
+ query.setLength(query.length() - 4);
} else {
- for (Realm current : realmDAO.findDescendants(realm)) {
+ for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
query.append("realm_id=?").append(setParameter(parameters, current.getKey())).append(" OR ");
}
- query.setLength(query.length() - 4);
+ query.append("realm_id=?").append(setParameter(parameters, realmDAO.getRoot().getKey()));
}
query.append(')');
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
index ae85977..d777f70 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
@@ -276,7 +276,7 @@ public class JPAGroupDAO extends AbstractAnyDAO<Group> implements GroupDAO {
private SearchCond buildDynMembershipCond(final String baseCondFIQL, final Realm groupRealm) {
AssignableCond cond = new AssignableCond();
cond.setRealmFullPath(groupRealm.getFullPath());
- cond.setFromGroup(false);
+ cond.setFromGroup(true);
return SearchCond.getAndCond(SearchCond.getLeafCond(cond), SearchCondConverter.convert(baseCondFIQL));
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
----------------------------------------------------------------------
diff --git a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
index b8a2d58..2a60c6a 100644
--- a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
+++ b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
@@ -289,14 +289,14 @@ public class ElasticsearchAnySearchDAO extends AbstractAnySearchDAO {
DisMaxQueryBuilder builder = QueryBuilders.disMaxQuery();
if (cond.isFromGroup()) {
+ realmDAO.findDescendants(realm).forEach(current -> {
+ builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
+ });
+ } else {
for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
}
builder.add(QueryBuilders.termQuery("realm", realmDAO.getRoot().getFullPath()));
- } else {
- realmDAO.findDescendants(realm).forEach(current -> {
- builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
- });
}
return builder;
http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/src/main/asciidoc/reference-guide/concepts/realms.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/realms.adoc b/src/main/asciidoc/reference-guide/concepts/realms.adoc
index f118252..3742dcf 100644
--- a/src/main/asciidoc/reference-guide/concepts/realms.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/realms.adoc
@@ -36,8 +36,8 @@ smaller pools.
This has consequences on <<memberships-relationships,memberships and relationships>>:
-* A User or an Any Object can be members of Groups in the same realm or in one of the sub-realms.
-* A User or an Any object can be in a relation with Any Objects in the same realm or in one of the sub-realms.
+* A User or an Any Object can be members of Groups in the same realm or in one of the parent realms.
+* A User or an Any object can be in a relation with Any Objects in the same realm or in one of parent realms.
Moreover, this partition allows fine-grained control over policy enforcement and, alongside with
<<entitlements,entitlements>> and <<roles,roles>>, helps to implement