You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2017/09/22 05:32:17 UTC

[2/2] syncope git commit: Reviewing the AssignableCond doc and implementation

Reviewing the AssignableCond doc and implementation


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9e24b8ee
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9e24b8ee
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9e24b8ee

Branch: refs/heads/master
Commit: 9e24b8eebdcdf78f55956cab8db99501f0d555a7
Parents: d4e098a
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Fri Sep 22 07:29:36 2017 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Fri Sep 22 07:32:04 2017 +0200

----------------------------------------------------------------------
 .../java/org/apache/syncope/core/logic/SyncopeLogic.java     | 4 +---
 .../core/persistence/api/dao/search/AssignableCond.java      | 6 +++---
 .../syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java    | 8 ++++----
 .../apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java | 2 +-
 .../core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java  | 8 ++++----
 src/main/asciidoc/reference-guide/concepts/realms.adoc       | 4 ++--
 6 files changed, 15 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
index ad3a86d..b5b2973 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java
@@ -361,9 +361,7 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> {
     }
 
     @PreAuthorize("isAuthenticated()")
-    public Pair<Integer, List<GroupTO>> searchAssignableGroups(
-            final String realm, final int page, final int size) {
-
+    public Pair<Integer, List<GroupTO>> searchAssignableGroups(final String realm, final int page, final int size) {
         AssignableCond assignableCond = new AssignableCond();
         assignableCond.setRealmFullPath(realm);
         SearchCond searchCond = SearchCond.getLeafCond(assignableCond);

http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
index 54587f3..93a4d1c 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/AssignableCond.java
@@ -25,11 +25,11 @@ public class AssignableCond extends AbstractSearchCond {
     private String realmFullPath;
 
     /**
-     * Whether this condition should be evaluated from the assignable group (default) - or instead the
-     * assignee - point of view.
+     * Whether this condition should be evaluated from the assignable group's or instead the
+     * assignee's point of view (default).
      * The converter from FIQL will ignore this setting, which is meant for internal usage.
      */
-    private boolean fromGroup = true;
+    private boolean fromGroup = false;
 
     public String getRealmFullPath() {
         return realmFullPath;

http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
index a7aae81..b6d37e6 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java
@@ -608,15 +608,15 @@ public class JPAAnySearchDAO extends AbstractAnySearchDAO {
         StringBuilder query = new StringBuilder("SELECT DISTINCT any_id FROM ").
                 append(svs.field().name).append(" WHERE (");
         if (cond.isFromGroup()) {
-            for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
+            for (Realm current : realmDAO.findDescendants(realm)) {
                 query.append("realm_id=?").append(setParameter(parameters, current.getKey())).append(" OR ");
             }
-            query.append("realm_id=?").append(setParameter(parameters, realmDAO.getRoot().getKey()));
+            query.setLength(query.length() - 4);
         } else {
-            for (Realm current : realmDAO.findDescendants(realm)) {
+            for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
                 query.append("realm_id=?").append(setParameter(parameters, current.getKey())).append(" OR ");
             }
-            query.setLength(query.length() - 4);
+            query.append("realm_id=?").append(setParameter(parameters, realmDAO.getRoot().getKey()));
         }
         query.append(')');
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
index ae85977..d777f70 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
@@ -276,7 +276,7 @@ public class JPAGroupDAO extends AbstractAnyDAO<Group> implements GroupDAO {
     private SearchCond buildDynMembershipCond(final String baseCondFIQL, final Realm groupRealm) {
         AssignableCond cond = new AssignableCond();
         cond.setRealmFullPath(groupRealm.getFullPath());
-        cond.setFromGroup(false);
+        cond.setFromGroup(true);
 
         return SearchCond.getAndCond(SearchCond.getLeafCond(cond), SearchCondConverter.convert(baseCondFIQL));
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
----------------------------------------------------------------------
diff --git a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
index b8a2d58..2a60c6a 100644
--- a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
+++ b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
@@ -289,14 +289,14 @@ public class ElasticsearchAnySearchDAO extends AbstractAnySearchDAO {
 
         DisMaxQueryBuilder builder = QueryBuilders.disMaxQuery();
         if (cond.isFromGroup()) {
+            realmDAO.findDescendants(realm).forEach(current -> {
+                builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
+            });
+        } else {
             for (Realm current = realm; current.getParent() != null; current = current.getParent()) {
                 builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
             }
             builder.add(QueryBuilders.termQuery("realm", realmDAO.getRoot().getFullPath()));
-        } else {
-            realmDAO.findDescendants(realm).forEach(current -> {
-                builder.add(QueryBuilders.termQuery("realm", current.getFullPath()));
-            });
         }
 
         return builder;

http://git-wip-us.apache.org/repos/asf/syncope/blob/9e24b8ee/src/main/asciidoc/reference-guide/concepts/realms.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/realms.adoc b/src/main/asciidoc/reference-guide/concepts/realms.adoc
index f118252..3742dcf 100644
--- a/src/main/asciidoc/reference-guide/concepts/realms.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/realms.adoc
@@ -36,8 +36,8 @@ smaller pools.
 
 This has consequences on <<memberships-relationships,memberships and relationships>>:
 
-* A User or an Any Object can be members of Groups in the same realm or in one of the sub-realms.
-* A User or an Any object can be in a relation with Any Objects in the same realm or in one of the sub-realms.
+* A User or an Any Object can be members of Groups in the same realm or in one of the parent realms.
+* A User or an Any object can be in a relation with Any Objects in the same realm or in one of parent realms.
 
 Moreover, this partition allows fine-grained control over policy enforcement and, alongside with
 <<entitlements,entitlements>> and <<roles,roles>>, helps to implement