You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2020/04/11 18:30:16 UTC

[directory-fortress-core] branch master updated: FC-280 - Verify role constraint exists before assignment

This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git


The following commit(s) were added to refs/heads/master by this push:
     new 615c38a  FC-280 - Verify role constraint exists before assignment
615c38a is described below

commit 615c38ab6acb7ef1485f219fa7601dc9dc23a3d9
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Sat Apr 11 13:30:09 2020 -0500

    FC-280 - Verify role constraint exists before assignment
---
 .../directory/fortress/core/GlobalErrIds.java      |  4 ++++
 .../directory/fortress/core/impl/AdminMgrImpl.java | 26 +++++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index f0e2da2..04a8c5a 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1121,6 +1121,10 @@ public final class GlobalErrIds
      * The validation for Role Constraint key is required.
      */
     public static final int ROLE_CONSTRAINT_KEY_NULL = 5103;
+    /**
+     * An attempt to add a user-role constraint when the role constraint has not been enabled (added).
+     */
+    public static final int ROLE_CONSTRAINT_NOT_ENABLED = 5104;
 
     
     /**
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 6d2a28b..78e1cc5 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -367,6 +367,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     {
         String methodName = "assignUser";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
         Role role = new Role( uRole.getName() );
         role.setContextId( contextId );
         User user = new User( uRole.getUserId() );
@@ -403,8 +404,8 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     {        
     	String methodName = "enableRoleConstraint";
         VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
-        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
         VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
         setEntitySession( CLS_NM, methodName, role );
         // This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
         String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
@@ -430,10 +431,10 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     	   	throws SecurityException
     {
         String methodName = "disableRoleConstraint";
+        setEntitySession( CLS_NM, methodName, role );
         VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
-        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
         VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
-        setEntitySession( CLS_NM, methodName, role );
+        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
         // This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
         String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
         String propValue = roleConstraint.getKey();
@@ -457,8 +458,19 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     {
     	String methodName = "addRoleConstraint";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
         setEntitySession( CLS_NM, methodName, uRole );
 
+        if ( roleConstraint.getType() == RoleConstraint.RCType.USER )
+        {
+            // Validate the user-role constraint has been enabled:
+            // This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
+            String propKey = Config.getInstance().getConstraintKey( uRole.getName(), contextId );
+            String propValue = Config.getInstance().getProperty( propKey );
+            VUtil.assertNotNull( propValue, GlobalErrIds.ROLE_CONSTRAINT_NOT_ENABLED, CLS_NM + methodName );
+        }
+
         // Validate the user-role assignment exists:
         User user = new User( uRole.getUserId());
         user.setContextId( contextId );
@@ -473,7 +485,6 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
         }
         AdminUtil.canAssign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ),
             contextId );
-        // todo assert roleconstraint here
         userP.assign( uRole, roleConstraint );
         return roleConstraint;
     }
@@ -488,6 +499,8 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     {        
     	String methodName = "removeRoleConstraint";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+        VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
         setEntitySession( CLS_NM, methodName, uRole );
         userP.deassign( uRole, roleConstraint );
     }
@@ -500,8 +513,11 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
     public void removeRoleConstraint( UserRole uRole, String roleConstraintId )
             throws SecurityException
     {        
-        String methodName = "deassignUser";
+        String methodName = "removeRoleConstraint";
         assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+        VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+        VUtil.assertNotNull( roleConstraintId, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+        VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
         setEntitySession( CLS_NM, methodName, uRole );
         AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ), contextId );