You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2015/11/14 18:33:08 UTC
[3/6] syncope git commit: [SYNCOPE-731] Implementation provided
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java
new file mode 100644
index 0000000..4596898
--- /dev/null
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.logic.init;
+
+import org.apache.syncope.core.misc.EntitlementsHolder;
+import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO;
+import org.apache.syncope.core.persistence.api.entity.AnyType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * Domain-sensible (via {@code @Transactional} access to any type data for {@link Entitlement} init.
+ *
+ * @see EntitlementLoader
+ */
+@Component
+public class EntitlementAccessor {
+
+ @Autowired
+ private AnyTypeDAO anyTypeDAO;
+
+ @Transactional(readOnly = true)
+ public void addEntitlementsForAnyTypes() {
+ for (AnyType anyType : anyTypeDAO.findAll()) {
+ EntitlementsHolder.getInstance().addFor(anyType.getKey());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java
new file mode 100644
index 0000000..eb0482f
--- /dev/null
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.logic.init;
+
+import java.util.Map;
+import javax.sql.DataSource;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
+import org.apache.syncope.core.misc.EntitlementsHolder;
+import org.apache.syncope.core.misc.security.AuthContextUtils;
+import org.apache.syncope.core.persistence.api.DomainsHolder;
+import org.apache.syncope.core.persistence.api.SyncopeLoader;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class EntitlementLoader implements SyncopeLoader {
+
+ @Autowired
+ private DomainsHolder domainsHolder;
+
+ @Autowired
+ private EntitlementAccessor entitlementAccessor;
+
+ @Override
+ public Integer getPriority() {
+ return 900;
+ }
+
+ @Override
+ public void load() {
+ EntitlementsHolder.getInstance().init(StandardEntitlement.values());
+
+ for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) {
+ AuthContextUtils.execWithAuthContext(entry.getKey(), new AuthContextUtils.Executable<Void>() {
+
+ @Override
+ public Void exec() {
+ entitlementAccessor.addEntitlementsForAnyTypes();
+ return null;
+ }
+ });
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java b/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java
new file mode 100644
index 0000000..9c6c00c
--- /dev/null
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * License); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.misc;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+public final class EntitlementsHolder {
+
+ public enum AnyEntitlement {
+ SEARCH,
+ LIST,
+ CREATE,
+ READ,
+ UPDATE,
+ DELETE;
+
+ }
+
+ private static final Object MONITOR = new Object();
+
+ private static EntitlementsHolder INSTANCE;
+
+ public static EntitlementsHolder getInstance() {
+ synchronized (MONITOR) {
+ if (INSTANCE == null) {
+ INSTANCE = new EntitlementsHolder();
+ }
+ }
+ return INSTANCE;
+ }
+
+ private final Set<String> values = Collections.synchronizedSet(new HashSet<String>());
+
+ private EntitlementsHolder() {
+ // private constructor for singleton
+ }
+
+ public void init(final Collection<String> values) {
+ this.values.addAll(values);
+ }
+
+ public String getFor(final String anyTypeKey, final AnyEntitlement operation) {
+ return anyTypeKey + "_" + operation.name();
+ }
+
+ public void addFor(final String anyType) {
+ for (AnyEntitlement operation : AnyEntitlement.values()) {
+ this.values.add(getFor(anyType, operation));
+ }
+ }
+
+ public void removeFor(final String anyType) {
+ for (AnyEntitlement operation : AnyEntitlement.values()) {
+ this.values.remove(getFor(anyType, operation));
+ }
+ }
+
+ public Set<String> getValues() {
+ return Collections.unmodifiableSet(values);
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
index 595dda3..e7b9fc0 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
@@ -28,7 +28,7 @@ import org.apache.commons.collections4.MapUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.core.misc.EntitlementsHolder;
import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -91,14 +91,14 @@ public final class AuthContextUtils {
}
private static void setFakeAuth(final String domain) {
- List<GrantedAuthority> authorities = CollectionUtils.collect(Entitlement.values(),
+ List<GrantedAuthority> authorities = CollectionUtils.collect(EntitlementsHolder.getInstance().getValues(),
new Transformer<String, GrantedAuthority>() {
- @Override
- public GrantedAuthority transform(final String entitlement) {
- return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
- }
- }, new ArrayList<GrantedAuthority>());
+ @Override
+ public GrantedAuthority transform(final String entitlement) {
+ return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
+ }
+ }, new ArrayList<GrantedAuthority>());
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
new User(ApplicationContextProvider.getBeanFactory().getBean("adminUser", String.class),
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
index f281fd3..1332404 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
@@ -34,8 +34,9 @@ import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.types.AuditElements;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.misc.AuditManager;
+import org.apache.syncope.core.misc.EntitlementsHolder;
import org.apache.syncope.core.misc.utils.MappingUtils;
import org.apache.syncope.core.misc.utils.RealmUtils;
import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO;
@@ -239,9 +240,11 @@ public class AuthDataAccessor {
public Set<SyncopeGrantedAuthority> load(final String username) {
final Set<SyncopeGrantedAuthority> authorities = new HashSet<>();
if (anonymousUser.equals(username)) {
- authorities.add(new SyncopeGrantedAuthority(Entitlement.ANONYMOUS));
+ authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.ANONYMOUS));
} else if (adminUser.equals(username)) {
- CollectionUtils.collect(Entitlement.values(), new Transformer<String, SyncopeGrantedAuthority>() {
+ CollectionUtils.collect(
+ EntitlementsHolder.getInstance().getValues(),
+ new Transformer<String, SyncopeGrantedAuthority>() {
@Override
public SyncopeGrantedAuthority transform(final String entitlement) {
@@ -255,7 +258,7 @@ public class AuthDataAccessor {
}
if (user.isMustChangePassword()) {
- authorities.add(new SyncopeGrantedAuthority(Entitlement.MUST_CHANGE_PASSWORD));
+ authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.MUST_CHANGE_PASSWORD));
} else {
// Give entitlements as assigned by roles (with realms, where applicable) - assigned either
// statically and dynamically
@@ -283,7 +286,9 @@ public class AuthDataAccessor {
// Give group entitlements for owned groups
for (Group group : groupDAO.findOwnedByUser(user.getKey())) {
for (String entitlement : Arrays.asList(
- Entitlement.GROUP_READ, Entitlement.GROUP_UPDATE, Entitlement.GROUP_DELETE)) {
+ StandardEntitlement.GROUP_READ,
+ StandardEntitlement.GROUP_UPDATE,
+ StandardEntitlement.GROUP_DELETE)) {
SyncopeGrantedAuthority authority = new SyncopeGrantedAuthority(entitlement);
authority.addRealm(
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
index 3aafb47..95e0116 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
@@ -28,7 +28,7 @@ import javax.servlet.ServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.commons.lang3.ArrayUtils;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -59,11 +59,11 @@ public class MustChangePasswordFilter implements Filter {
SecurityContextHolder.getContext().getAuthentication().getAuthorities(),
new Predicate<GrantedAuthority>() {
- @Override
- public boolean evaluate(final GrantedAuthority authority) {
- return Entitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority());
- }
- });
+ @Override
+ public boolean evaluate(final GrantedAuthority authority) {
+ return StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority());
+ }
+ });
SecurityContextHolderAwareRequestWrapper wrapper =
SecurityContextHolderAwareRequestWrapper.class.cast(request);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java
index cddda67..f3c0a46 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java
@@ -48,8 +48,10 @@ public final class RealmUtils {
public static Set<String> normalize(final Collection<String> realms) {
Set<String> normalized = new HashSet<>();
- for (String realm : realms) {
- normalizingAddTo(normalized, realm);
+ if (realms != null) {
+ for (String realm : realms) {
+ normalizingAddTo(normalized, realm);
+ }
}
return normalized;
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java
index 11d3c8e..32845a2 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java
@@ -20,8 +20,6 @@ package org.apache.syncope.core.persistence.api.dao;
import java.util.Collection;
import java.util.List;
-import java.util.Set;
-import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship;
import org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject;
import org.apache.syncope.core.persistence.api.entity.group.Group;
@@ -30,12 +28,6 @@ import org.apache.syncope.core.persistence.api.entity.user.URelationship;
public interface AnyObjectDAO extends AnyDAO<AnyObject> {
- List<AnyObject> findAll(String anyTypeName,
- Set<String> adminRealms, int page, int itemsPerPage);
-
- List<AnyObject> findAll(String anyTypeName,
- Set<String> adminRealms, int page, int itemsPerPage, List<OrderByClause> orderBy);
-
List<Group> findDynGroupMemberships(AnyObject anyObject);
List<ARelationship> findARelationships(AnyObject anyObject);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java
index 82da594..14641c1 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java
@@ -264,6 +264,37 @@ public class SearchCond extends AbstractSearchCond {
this.type = type;
}
+ public String hasAnyTypeCond() {
+ String anyTypeName = null;
+
+ if (type == null) {
+ return anyTypeName;
+ }
+
+ switch (type) {
+ case LEAF:
+ case NOT_LEAF:
+ if (anyTypeCond != null) {
+ anyTypeName = anyTypeCond.getAnyTypeName();
+ }
+ break;
+
+ case AND:
+ case OR:
+ if (leftNodeCond != null) {
+ anyTypeName = leftNodeCond.hasAnyTypeCond();
+ }
+ if (anyTypeName == null && rightNodeCond != null) {
+ anyTypeName = rightNodeCond.hasAnyTypeCond();
+ }
+ break;
+
+ default:
+ }
+
+ return anyTypeName;
+ }
+
@Override
public boolean isValid() {
boolean isValid = false;
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java
index 432efb1..dba65ae 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java
@@ -30,9 +30,9 @@ public interface Role extends Entity<Long> {
Set<String> getEntitlements();
- boolean addRealm(Realm realm);
+ boolean add(Realm realm);
- boolean removeReam(Realm realm);
+ boolean remove(Realm realm);
List<? extends Realm> getRealms();
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java
index f5d45b9..7a805f1 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.persistence.jpa.dao;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -29,14 +28,11 @@ import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.commons.collections4.Transformer;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.core.misc.EntitlementsHolder;
import org.apache.syncope.core.misc.security.AuthContextUtils;
import org.apache.syncope.core.misc.security.DelegatedAdministrationException;
import org.apache.syncope.core.persistence.api.dao.AnyObjectDAO;
import org.apache.syncope.core.persistence.api.dao.GroupDAO;
-import org.apache.syncope.core.persistence.api.dao.search.AnyTypeCond;
-import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
-import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
import org.apache.syncope.core.persistence.api.entity.AnyUtils;
import org.apache.syncope.core.persistence.api.entity.anyobject.AMembership;
import org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship;
@@ -66,7 +62,8 @@ public class JPAAnyObjectDAO extends AbstractAnyDAO<AnyObject> implements AnyObj
@Override
protected void securityChecks(final AnyObject anyObject) {
- Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_READ);
+ Set<String> authRealms = AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance().
+ getFor(anyObject.getType().getKey(), EntitlementsHolder.AnyEntitlement.READ));
boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() {
@Override
@@ -80,24 +77,6 @@ public class JPAAnyObjectDAO extends AbstractAnyDAO<AnyObject> implements AnyObj
}
@Override
- public final List<AnyObject> findAll(final String anyTypeName,
- final Set<String> adminRealms, final int page, final int itemsPerPage) {
-
- return findAll(anyTypeName, adminRealms, page, itemsPerPage, Collections.<OrderByClause>emptyList());
- }
-
- @Override
- public final List<AnyObject> findAll(final String anyTypeName,
- final Set<String> adminRealms, final int page, final int itemsPerPage, final List<OrderByClause> orderBy) {
-
- AnyTypeCond anyTypeCond = new AnyTypeCond();
- anyTypeCond.setAnyTypeName(anyTypeName);
-
- return searchDAO.search(adminRealms, SearchCond.getLeafCond(anyTypeCond), page, itemsPerPage, orderBy,
- getAnyUtils().getAnyTypeKind());
- }
-
- @Override
public List<ARelationship> findARelationships(final AnyObject anyObject) {
TypedQuery<ARelationship> query = entityManager().createQuery(
"SELECT e FROM " + JPAARelationship.class.getSimpleName()
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
index 66f7290..e421863 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
@@ -29,7 +29,6 @@ import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
import org.apache.syncope.common.lib.types.ResourceOperation;
import org.apache.syncope.core.persistence.api.dao.GroupDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
@@ -38,6 +37,7 @@ import org.apache.syncope.core.persistence.api.entity.group.Group;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.persistence.jpa.entity.group.JPAGroup;
import org.apache.syncope.common.lib.types.PropagationByResource;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.misc.utils.RealmUtils;
import org.apache.syncope.core.misc.search.SearchCondConverter;
import org.apache.syncope.core.misc.security.AuthContextUtils;
@@ -72,7 +72,7 @@ public class JPAGroupDAO extends AbstractAnyDAO<Group> implements GroupDAO {
@Override
protected void securityChecks(final Group group) {
- Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_READ);
+ Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_READ);
boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() {
@Override
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java
index b8f2c47..3e5214f 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java
@@ -34,8 +34,8 @@ import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.policy.AccountRuleConf;
import org.apache.syncope.common.lib.policy.PasswordRuleConf;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
import org.apache.syncope.common.lib.types.EntityViolationType;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.misc.policy.AccountPolicyException;
import org.apache.syncope.core.misc.policy.PasswordPolicyException;
import org.apache.syncope.core.misc.security.AuthContextUtils;
@@ -103,7 +103,7 @@ public class JPAUserDAO extends AbstractAnyDAO<User> implements UserDAO {
if (!AuthContextUtils.getUsername().equals(anonymousUser)
&& !AuthContextUtils.getUsername().equals(user.getUsername())) {
- Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.USER_READ);
+ Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_READ);
boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() {
@Override
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java
index 4969497..529a606 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java
@@ -98,13 +98,13 @@ public class JPARole extends AbstractEntity<Long> implements Role {
}
@Override
- public boolean addRealm(final Realm realm) {
+ public boolean add(final Realm realm) {
checkType(realm, JPARealm.class);
return realms.add((JPARealm) realm);
}
@Override
- public boolean removeReam(final Realm realm) {
+ public boolean remove(final Realm realm) {
checkType(realm, JPARealm.class);
return realms.remove((JPARealm) realm);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java
index 943a94f..a695e85 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java
@@ -21,7 +21,6 @@ package org.apache.syncope.core.persistence.jpa.inner;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
import java.util.List;
import org.apache.syncope.common.lib.SyncopeConstants;
@@ -53,15 +52,6 @@ public class AnyObjectTest extends AbstractTest {
}
@Test
- public void findAllByType() {
- List<AnyObject> list = anyObjectDAO.findAll("PRINTER", SyncopeConstants.FULL_ADMIN_REALMS, 1, 100);
- assertFalse(list.isEmpty());
-
- list = anyObjectDAO.findAll("UNEXISTING", SyncopeConstants.FULL_ADMIN_REALMS, 1, 100);
- assertTrue(list.isEmpty());
- }
-
- @Test
public void find() {
AnyObject anyObject = anyObjectDAO.find(2L);
assertNotNull(anyObject);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java
index 7d1dfea..073b661 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java
@@ -29,7 +29,7 @@ import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.misc.security.SyncopeAuthenticationDetails;
import org.apache.syncope.core.misc.security.SyncopeGrantedAuthority;
import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
@@ -60,14 +60,14 @@ public class MultitenancyTest extends AbstractTest {
@BeforeClass
public static void setAuthContext() {
- List<GrantedAuthority> authorities = CollectionUtils.collect(Entitlement.values(),
+ List<GrantedAuthority> authorities = CollectionUtils.collect(StandardEntitlement.values(),
new Transformer<String, GrantedAuthority>() {
- @Override
- public GrantedAuthority transform(final String entitlement) {
- return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
- }
- }, new ArrayList<GrantedAuthority>());
+ @Override
+ public GrantedAuthority transform(final String entitlement) {
+ return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
+ }
+ }, new ArrayList<GrantedAuthority>());
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
new org.springframework.security.core.userdetails.User(
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java
index 2368e38..b57e713 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java
@@ -25,7 +25,7 @@ import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.util.List;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
import org.apache.syncope.core.persistence.api.dao.RoleDAO;
import org.apache.syncope.core.persistence.api.entity.Role;
@@ -50,7 +50,7 @@ public class RoleTest extends AbstractTest {
assertNotNull(role1.getName());
assertFalse(role1.getRealms().isEmpty());
assertFalse(role1.getEntitlements().isEmpty());
- assertTrue(role1.getEntitlements().contains(Entitlement.USER_LIST));
+ assertTrue(role1.getEntitlements().contains(StandardEntitlement.USER_LIST));
Role role2 = roleDAO.find(role1.getName());
assertEquals(role1, role2);
@@ -70,10 +70,10 @@ public class RoleTest extends AbstractTest {
public void save() {
Role role = entityFactory.newEntity(Role.class);
role.setName("new");
- role.addRealm(realmDAO.getRoot());
- role.addRealm(realmDAO.find("/even/two"));
- role.getEntitlements().add(Entitlement.LOG_LIST);
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.add(realmDAO.getRoot());
+ role.add(realmDAO.find("/even/two"));
+ role.getEntitlements().add(StandardEntitlement.LOG_LIST);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
Role actual = roleDAO.save(role);
assertNotNull(actual);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java
index 6c59ad0..24a4e7e 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java
@@ -27,7 +27,7 @@ import java.util.List;
import java.util.Set;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.persistence.api.dao.GroupDAO;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
import org.apache.syncope.core.persistence.api.dao.RoleDAO;
@@ -86,10 +86,10 @@ public class AnySearchTest extends AbstractTest {
// 1. create role with dynamic membership
Role role = entityFactory.newEntity(Role.class);
role.setName("new");
- role.addRealm(realmDAO.getRoot());
- role.addRealm(realmDAO.find("/even/two"));
- role.getEntitlements().add(Entitlement.LOG_LIST);
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.add(realmDAO.getRoot());
+ role.add(realmDAO.find("/even/two"));
+ role.getEntitlements().add(StandardEntitlement.LOG_LIST);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
DynRoleMembership dynMembership = entityFactory.newEntity(DynRoleMembership.class);
dynMembership.setFIQLCond("cool==true");
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java
index 2ca08bb..bff367e 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java
@@ -30,7 +30,7 @@ import javax.persistence.TypedQuery;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO;
import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
@@ -99,10 +99,10 @@ public class RoleTest extends AbstractTest {
// 1. create role with dynamic membership
Role role = entityFactory.newEntity(Role.class);
role.setName("new");
- role.addRealm(realmDAO.getRoot());
- role.addRealm(realmDAO.find("/even/two"));
- role.getEntitlements().add(Entitlement.LOG_LIST);
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.add(realmDAO.getRoot());
+ role.add(realmDAO.find("/even/two"));
+ role.getEntitlements().add(StandardEntitlement.LOG_LIST);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
DynRoleMembership dynMembership = entityFactory.newEntity(DynRoleMembership.class);
dynMembership.setFIQLCond("cool==true");
@@ -166,10 +166,10 @@ public class RoleTest extends AbstractTest {
// 0. create role
Role role = entityFactory.newEntity(Role.class);
role.setName("new");
- role.addRealm(realmDAO.getRoot());
- role.addRealm(realmDAO.find("/even/two"));
- role.getEntitlements().add(Entitlement.LOG_LIST);
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.add(realmDAO.getRoot());
+ role.add(realmDAO.find("/even/two"));
+ role.getEntitlements().add(StandardEntitlement.LOG_LIST);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
role = roleDAO.save(role);
assertNotNull(role);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java
index 124bb7f..542b07c 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java
@@ -86,7 +86,7 @@ public class RoleDataBinderImpl implements RoleDataBinder {
if (realm == null) {
LOG.debug("Invalid realm full path {}, ignoring", realmFullPath);
} else {
- role.addRealm(realm);
+ role.add(realm);
}
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java
----------------------------------------------------------------------
diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java
index 357db77..0be3f0d 100644
--- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java
+++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java
@@ -18,17 +18,17 @@
*/
package org.apache.syncope.core.rest.cxf.service;
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.patch.AnyObjectPatch;
+import org.apache.syncope.common.lib.search.AnyObjectFiqlSearchConditionBuilder;
import org.apache.syncope.common.lib.to.AnyObjectTO;
import org.apache.syncope.common.lib.to.PagedResult;
import org.apache.syncope.common.rest.api.beans.AnyListQuery;
+import org.apache.syncope.common.rest.api.beans.AnySearchQuery;
import org.apache.syncope.common.rest.api.service.AnyObjectService;
import org.apache.syncope.core.logic.AbstractAnyLogic;
import org.apache.syncope.core.logic.AnyObjectLogic;
+import org.apache.syncope.core.persistence.api.entity.AnyType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -51,29 +51,25 @@ public class AnyObjectServiceImpl extends AbstractAnyService<AnyObjectTO, AnyObj
}
@Override
+ public PagedResult<AnyObjectTO> list(final AnyListQuery listQuery) {
+ throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName());
+ }
+
+ @Override
public PagedResult<AnyObjectTO> list(final String type, final AnyListQuery listQuery) {
if (StringUtils.isBlank(type)) {
return super.list(listQuery);
}
- CollectionUtils.transform(listQuery.getRealms(), new Transformer<String, String>() {
+ AnySearchQuery searchQuery = new AnySearchQuery();
+ searchQuery.setFiql(new AnyObjectFiqlSearchConditionBuilder().type(type).query());
+ searchQuery.setDetails(listQuery.isDetails());
+ searchQuery.setOrderBy(listQuery.getOrderBy());
+ searchQuery.setPage(listQuery.getPage());
+ searchQuery.setSize(listQuery.getSize());
+ searchQuery.setRealms(listQuery.getRealms());
- @Override
- public String transform(final String input) {
- return StringUtils.prependIfMissing(input, SyncopeConstants.ROOT_REALM);
- }
- });
-
- return buildPagedResult(
- logic.list(
- type,
- listQuery.getPage(),
- listQuery.getSize(),
- getOrderByClauses(listQuery.getOrderBy()),
- listQuery.getRealms(),
- listQuery.isDetails()),
- listQuery.getPage(),
- listQuery.getSize(),
- getAnyLogic().count(listQuery.getRealms()));
+ return search(searchQuery);
}
+
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java
----------------------------------------------------------------------
diff --git a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java
index 27b8f91..2e0a7c6 100644
--- a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java
+++ b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java
@@ -24,7 +24,7 @@ import org.apache.syncope.client.console.rest.CamelRouteRestClient;
import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.CamelRouteTO;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.CamelEntitlement;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxButton;
@@ -84,7 +84,7 @@ public class CamelRouteModalPage extends AbstractModalPanel {
};
- MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, Entitlement.ROUTE_UPDATE);
+ MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, CamelEntitlement.ROUTE_UPDATE);
routeForm.add(submit);
this.add(routeForm);
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java
----------------------------------------------------------------------
diff --git a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java
index c1a2d0f..bcd5e7a 100644
--- a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java
+++ b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java
@@ -27,7 +27,7 @@ import org.apache.syncope.client.console.commons.SortableDataProviderComparator;
import org.apache.syncope.client.console.rest.CamelRouteRestClient;
import org.apache.syncope.common.lib.to.CamelRouteTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.CamelEntitlement;
import org.apache.wicket.PageReference;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
@@ -119,7 +119,7 @@ public class CamelRoutePanel extends AbstractExtensionPanel {
WebMarkupContainer routeContainer = new WebMarkupContainer("camelRoutesContainer");
routeContainer.add(routeTable);
routeContainer.setOutputMarkupId(true);
- MetaDataRoleAuthorizationStrategy.authorize(routeContainer, ENABLE, Entitlement.ROUTE_LIST);
+ MetaDataRoleAuthorizationStrategy.authorize(routeContainer, ENABLE, CamelEntitlement.ROUTE_LIST);
add(routeContainer);
}
@@ -129,7 +129,7 @@ public class CamelRoutePanel extends AbstractExtensionPanel {
private final SortableDataProviderComparator<CamelRouteTO> comparator;
- CamelRouteProvider() {
+ CamelRouteProvider() {
setSort("key", SortOrder.ASCENDING);
comparator = new SortableDataProviderComparator<>(this);
}
@@ -155,8 +155,8 @@ public class CamelRoutePanel extends AbstractExtensionPanel {
? restClient.list(AnyTypeKind.USER).size()
: 0)
+ (restClient.isCamelEnabledFor(AnyTypeKind.GROUP)
- ? restClient.list(AnyTypeKind.GROUP).size()
- : 0);
+ ? restClient.list(AnyTypeKind.GROUP).size()
+ : 0);
}
@Override
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java
----------------------------------------------------------------------
diff --git a/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java b/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java
new file mode 100644
index 0000000..f9763a7
--- /dev/null
+++ b/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.Collections;
+import java.util.Set;
+import java.util.TreeSet;
+
+public final class CamelEntitlement {
+
+ public static final String ROUTE_READ = "ROUTE_READ";
+
+ public static final String ROUTE_LIST = "ROUTE_LIST";
+
+ public static final String ROUTE_UPDATE = "ROUTE_UPDATE";
+
+ private static final Set<String> VALUES;
+
+ static {
+ Set<String> values = new TreeSet<>();
+ for (Field field : CamelEntitlement.class.getDeclaredFields()) {
+ if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) {
+ values.add(field.getName());
+ }
+ }
+ VALUES = Collections.unmodifiableSet(values);
+ }
+
+ public static Set<String> values() {
+ return VALUES;
+ }
+
+ private CamelEntitlement() {
+ // private constructor for static utility class
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java
----------------------------------------------------------------------
diff --git a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java
index ec25e29..ea0767f 100644
--- a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java
+++ b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java
@@ -24,7 +24,7 @@ import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.lib.to.CamelRouteTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.CamelEntitlement;
import org.apache.syncope.core.persistence.api.dao.CamelRouteDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.entity.CamelRoute;
@@ -47,7 +47,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> {
@Autowired
private SyncopeCamelContext context;
- @PreAuthorize("hasRole('" + Entitlement.ROUTE_LIST + "')")
+ @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_LIST + "')")
@Transactional(readOnly = true)
public List<CamelRouteTO> list(final AnyTypeKind anyTypeKind) {
List<CamelRouteTO> routes = new ArrayList<>();
@@ -58,7 +58,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> {
return routes;
}
- @PreAuthorize("hasRole('" + Entitlement.ROUTE_READ + "')")
+ @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_READ + "')")
@Transactional(readOnly = true)
public CamelRouteTO read(final String key) {
CamelRoute route = routeDAO.find(key);
@@ -69,7 +69,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> {
return binder.getRouteTO(route);
}
- @PreAuthorize("hasRole('" + Entitlement.ROUTE_UPDATE + "')")
+ @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_UPDATE + "')")
public void update(final CamelRouteTO routeTO) {
CamelRoute route = routeDAO.find(routeTO.getKey());
if (route == null) {
@@ -82,7 +82,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> {
context.updateContext(routeTO.getKey());
}
- @PreAuthorize("hasRole('" + Entitlement.ROUTE_UPDATE + "')")
+ @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_UPDATE + "')")
public void restartContext() {
context.restartContext();
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
----------------------------------------------------------------------
diff --git a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
index 4ee6c50..05cf79f 100644
--- a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
+++ b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
@@ -22,6 +22,8 @@ import java.io.StringWriter;
import java.util.Map;
import javax.sql.DataSource;
import org.apache.syncope.common.lib.types.AnyTypeKind;
+import org.apache.syncope.common.lib.types.CamelEntitlement;
+import org.apache.syncope.core.misc.EntitlementsHolder;
import org.apache.syncope.core.misc.spring.ResourceWithFallbackLoader;
import org.apache.syncope.core.persistence.api.DomainsHolder;
import org.apache.syncope.core.persistence.api.SyncopeLoader;
@@ -59,8 +61,6 @@ public class CamelRouteLoader implements SyncopeLoader {
@Autowired
private DomainsHolder domainsHolder;
- private boolean loaded = false;
-
@Override
public Integer getPriority() {
return 1000;
@@ -68,19 +68,16 @@ public class CamelRouteLoader implements SyncopeLoader {
@Override
public void load() {
- synchronized (this) {
- if (!loaded) {
- for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) {
- loadRoutes(entry.getKey(), entry.getValue(),
- userRoutesLoader.getResource(), AnyTypeKind.USER);
- loadRoutes(entry.getKey(), entry.getValue(),
- groupRoutesLoader.getResource(), AnyTypeKind.GROUP);
- loadRoutes(entry.getKey(), entry.getValue(),
- anyObjectRoutesLoader.getResource(), AnyTypeKind.ANY_OBJECT);
- }
- loaded = true;
- }
+ for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) {
+ loadRoutes(entry.getKey(), entry.getValue(),
+ userRoutesLoader.getResource(), AnyTypeKind.USER);
+ loadRoutes(entry.getKey(), entry.getValue(),
+ groupRoutesLoader.getResource(), AnyTypeKind.GROUP);
+ loadRoutes(entry.getKey(), entry.getValue(),
+ anyObjectRoutesLoader.getResource(), AnyTypeKind.ANY_OBJECT);
}
+
+ EntitlementsHolder.getInstance().init(CamelEntitlement.values());
}
private String nodeToString(final Node content, final DOMImplementationLS domImpl) {
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
index 811b429..a9dda8d 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
@@ -38,10 +38,14 @@ import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.patch.DeassociationPatch;
+import org.apache.syncope.common.lib.patch.LongPatchItem;
import org.apache.syncope.common.lib.patch.PasswordPatch;
import org.apache.syncope.common.lib.patch.StatusPatch;
import org.apache.syncope.common.lib.patch.StringReplacePatchItem;
import org.apache.syncope.common.lib.patch.UserPatch;
+import org.apache.syncope.common.lib.to.AnyObjectTO;
+import org.apache.syncope.common.lib.to.AnyTypeClassTO;
+import org.apache.syncope.common.lib.to.AnyTypeTO;
import org.apache.syncope.common.lib.to.BulkActionResult;
import org.apache.syncope.common.lib.to.MembershipTO;
import org.apache.syncope.common.lib.to.PagedResult;
@@ -51,16 +55,20 @@ import org.apache.syncope.common.lib.to.RoleTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.to.WorkflowFormPropertyTO;
import org.apache.syncope.common.lib.to.WorkflowFormTO;
+import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.AttrSchemaType;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.common.lib.types.ClientExceptionType;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.PatchOperation;
import org.apache.syncope.common.lib.types.ResourceDeassociationAction;
import org.apache.syncope.common.lib.types.SchemaType;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.common.lib.types.StatusPatchType;
import org.apache.syncope.common.rest.api.RESTHeaders;
+import org.apache.syncope.common.rest.api.service.AnyObjectService;
import org.apache.syncope.common.rest.api.service.SchemaService;
import org.apache.syncope.common.rest.api.service.UserService;
+import org.apache.syncope.core.misc.security.DelegatedAdministrationException;
import org.apache.syncope.core.misc.security.Encryptor;
import org.junit.Assume;
import org.junit.FixMethodOrder;
@@ -100,19 +108,19 @@ public class AuthenticationITCase extends AbstractITCase {
// 2. as anonymous
Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).self();
assertEquals(1, self.getKey().size());
- assertTrue(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+ assertTrue(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS));
assertEquals(ANONYMOUS_UNAME, self.getValue().getUsername());
// 3. as admin
self = adminClient.self();
- assertEquals(Entitlement.values().size(), self.getKey().size());
- assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+ assertEquals(syncopeService.info().getEntitlements().size(), self.getKey().size());
+ assertFalse(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS));
assertEquals(ADMIN_UNAME, self.getValue().getUsername());
// 4. as user
self = clientFactory.create("bellini", ADMIN_PWD).self();
assertFalse(self.getKey().isEmpty());
- assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+ assertFalse(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS));
assertEquals("bellini", self.getValue().getUsername());
}
@@ -202,11 +210,11 @@ public class AuthenticationITCase extends AbstractITCase {
Set<Long> matchedUserKeys = CollectionUtils.collect(matchedUsers.getResult(),
new Transformer<UserTO, Long>() {
- @Override
- public Long transform(final UserTO input) {
- return input.getKey();
- }
- }, new HashSet<Long>());
+ @Override
+ public Long transform(final UserTO input) {
+ return input.getKey();
+ }
+ }, new HashSet<Long>());
assertTrue(matchedUserKeys.contains(1L));
assertFalse(matchedUserKeys.contains(2L));
assertFalse(matchedUserKeys.contains(5L));
@@ -235,11 +243,11 @@ public class AuthenticationITCase extends AbstractITCase {
// 1. create role for full user administration, under realm /even/two
RoleTO role = new RoleTO();
role.setName("Delegated user admin");
- role.getEntitlements().add(Entitlement.USER_CREATE);
- role.getEntitlements().add(Entitlement.USER_UPDATE);
- role.getEntitlements().add(Entitlement.USER_DELETE);
- role.getEntitlements().add(Entitlement.USER_LIST);
- role.getEntitlements().add(Entitlement.USER_READ);
+ role.getEntitlements().add(StandardEntitlement.USER_CREATE);
+ role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
+ role.getEntitlements().add(StandardEntitlement.USER_DELETE);
+ role.getEntitlements().add(StandardEntitlement.USER_LIST);
+ role.getEntitlements().add(StandardEntitlement.USER_READ);
role.getRealms().add("/even/two");
roleKey = Long.valueOf(roleService.create(role).getHeaderString(RESTHeaders.RESOURCE_KEY));
@@ -386,6 +394,79 @@ public class AuthenticationITCase extends AbstractITCase {
}
@Test
+ public void anyTypeEntitlement() {
+ final String anyTypeKey = "FOLDER " + getUUIDString();
+
+ // 1. no entitlement exists (yet) for the any type to be created
+ assertFalse(CollectionUtils.exists(syncopeService.info().getEntitlements(), new Predicate<String>() {
+
+ @Override
+ public boolean evaluate(final String entitlement) {
+ return entitlement.contains(anyTypeKey);
+ }
+ }));
+
+ // 2. create plain schema, any type class and any type
+ PlainSchemaTO path = new PlainSchemaTO();
+ path.setKey("path" + getUUIDString());
+ path.setType(AttrSchemaType.String);
+ path = createSchema(SchemaType.PLAIN, path);
+
+ AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
+ anyTypeClass.setKey("folder" + getUUIDString());
+ anyTypeClass.getPlainSchemas().add(path.getKey());
+ anyTypeClassService.create(anyTypeClass);
+
+ AnyTypeTO anyTypeTO = new AnyTypeTO();
+ anyTypeTO.setKey(anyTypeKey);
+ anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
+ anyTypeTO.getClasses().add(anyTypeClass.getKey());
+ anyTypeService.create(anyTypeTO);
+
+ // 2. now entitlement exists for the any type just created
+ assertTrue(CollectionUtils.exists(syncopeService.info().getEntitlements(), new Predicate<String>() {
+
+ @Override
+ public boolean evaluate(final String entitlement) {
+ return entitlement.contains(anyTypeKey);
+ }
+ }));
+
+ // 3. attempt to create an instance of the type above: fail because no entitlement was assigned
+ AnyObjectTO folder = new AnyObjectTO();
+ folder.setRealm(SyncopeConstants.ROOT_REALM);
+ folder.setType(anyTypeKey);
+ folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
+
+ SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
+ try {
+ belliniClient.getService(AnyObjectService.class).create(folder);
+ fail();
+ } catch (SyncopeClientException e) {
+ assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
+ }
+
+ // 4. give create entitlement for the any type just created
+ RoleTO role = new RoleTO();
+ role.setName("role" + getUUIDString());
+ role.getRealms().add(SyncopeConstants.ROOT_REALM);
+ role.getEntitlements().add(anyTypeKey + "_READ");
+ role.getEntitlements().add(anyTypeKey + "_CREATE");
+ role = createRole(role);
+
+ UserTO bellini = readUser("bellini");
+ UserPatch patch = new UserPatch();
+ patch.setKey(bellini.getKey());
+ patch.getRoles().add(new LongPatchItem.Builder().
+ operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
+ bellini = updateUser(patch).getAny();
+ assertTrue(bellini.getRoles().contains(role.getKey()));
+
+ // 5. now the instance of the type above can be created successfully
+ belliniClient.getService(AnyObjectService.class).create(folder);
+ }
+
+ @Test
public void issueSYNCOPE434() {
Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java
index 81b0796..c745324 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java
@@ -30,7 +30,7 @@ import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.RoleTO;
import org.apache.syncope.common.lib.types.ClientExceptionType;
-import org.apache.syncope.common.lib.types.Entitlement;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.common.rest.api.service.RoleService;
import org.junit.FixMethodOrder;
import org.junit.Test;
@@ -43,7 +43,7 @@ public class RoleITCase extends AbstractITCase {
RoleTO role = new RoleTO();
role.setName(name + getUUIDString());
role.getRealms().add("/even");
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
return role;
}
@@ -62,44 +62,46 @@ public class RoleITCase extends AbstractITCase {
public void read() {
RoleTO roleTO = roleService.read(3L);
assertNotNull(roleTO);
- assertTrue(roleTO.getEntitlements().contains(Entitlement.GROUP_READ));
+ assertTrue(roleTO.getEntitlements().contains(StandardEntitlement.GROUP_READ));
}
@Test
public void create() {
RoleTO role = new RoleTO();
- role.setName("new" + getUUIDString());
role.getRealms().add(SyncopeConstants.ROOT_REALM);
role.getRealms().add("/even/two");
- role.getEntitlements().add(Entitlement.LOG_LIST);
- role.getEntitlements().add(Entitlement.LOG_SET_LEVEL);
+ role.getEntitlements().add(StandardEntitlement.LOG_LIST);
+ role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL);
- Response response = roleService.create(role);
+ try {
+ createRole(role);
+ fail();
+ } catch (SyncopeClientException e) {
+ assertEquals(ClientExceptionType.InvalidRole, e.getType());
+ }
- RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class);
- assertNotNull(actual);
+ role.setName("new" + getUUIDString());
+ role = createRole(role);
+ assertNotNull(role);
}
@Test
public void update() {
RoleTO role = getSampleRoleTO("update");
- Response response = roleService.create(role);
-
- RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class);
- assertNotNull(actual);
+ role = createRole(role);
+ assertNotNull(role);
- role = actual;
- assertFalse(role.getEntitlements().contains(Entitlement.WORKFLOW_TASK_LIST));
+ assertFalse(role.getEntitlements().contains(StandardEntitlement.WORKFLOW_TASK_LIST));
assertFalse(role.getRealms().contains("/even/two"));
- role.getEntitlements().add(Entitlement.WORKFLOW_TASK_LIST);
+ role.getEntitlements().add(StandardEntitlement.WORKFLOW_TASK_LIST);
role.getRealms().add("/even/two");
roleService.update(role);
- actual = roleService.read(role.getKey());
- assertTrue(actual.getEntitlements().contains(Entitlement.WORKFLOW_TASK_LIST));
- assertTrue(actual.getRealms().contains("/even/two"));
+ role = roleService.read(role.getKey());
+ assertTrue(role.getEntitlements().contains(StandardEntitlement.WORKFLOW_TASK_LIST));
+ assertTrue(role.getRealms().contains("/even/two"));
}
@Test