You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2020/04/11 18:30:16 UTC
[directory-fortress-core] branch master updated: FC-280 - Verify
role constraint exists before assignment
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git
The following commit(s) were added to refs/heads/master by this push:
new 615c38a FC-280 - Verify role constraint exists before assignment
615c38a is described below
commit 615c38ab6acb7ef1485f219fa7601dc9dc23a3d9
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Sat Apr 11 13:30:09 2020 -0500
FC-280 - Verify role constraint exists before assignment
---
.../directory/fortress/core/GlobalErrIds.java | 4 ++++
.../directory/fortress/core/impl/AdminMgrImpl.java | 26 +++++++++++++++++-----
2 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index f0e2da2..04a8c5a 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1121,6 +1121,10 @@ public final class GlobalErrIds
* The validation for Role Constraint key is required.
*/
public static final int ROLE_CONSTRAINT_KEY_NULL = 5103;
+ /**
+ * An attempt to add a user-role constraint when the role constraint has not been enabled (added).
+ */
+ public static final int ROLE_CONSTRAINT_NOT_ENABLED = 5104;
/**
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 6d2a28b..78e1cc5 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -367,6 +367,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
{
String methodName = "assignUser";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
Role role = new Role( uRole.getName() );
role.setContextId( contextId );
User user = new User( uRole.getUserId() );
@@ -403,8 +404,8 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
{
String methodName = "enableRoleConstraint";
VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
- VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, role );
// This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
@@ -430,10 +431,10 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
throws SecurityException
{
String methodName = "disableRoleConstraint";
+ setEntitySession( CLS_NM, methodName, role );
VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
- VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
- setEntitySession( CLS_NM, methodName, role );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
// This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
String propValue = roleConstraint.getKey();
@@ -457,8 +458,19 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
{
String methodName = "addRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
+ if ( roleConstraint.getType() == RoleConstraint.RCType.USER )
+ {
+ // Validate the user-role constraint has been enabled:
+ // This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
+ String propKey = Config.getInstance().getConstraintKey( uRole.getName(), contextId );
+ String propValue = Config.getInstance().getProperty( propKey );
+ VUtil.assertNotNull( propValue, GlobalErrIds.ROLE_CONSTRAINT_NOT_ENABLED, CLS_NM + methodName );
+ }
+
// Validate the user-role assignment exists:
User user = new User( uRole.getUserId());
user.setContextId( contextId );
@@ -473,7 +485,6 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
}
AdminUtil.canAssign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ),
contextId );
- // todo assert roleconstraint here
userP.assign( uRole, roleConstraint );
return roleConstraint;
}
@@ -488,6 +499,8 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
{
String methodName = "removeRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
userP.deassign( uRole, roleConstraint );
}
@@ -500,8 +513,11 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializ
public void removeRoleConstraint( UserRole uRole, String roleConstraintId )
throws SecurityException
{
- String methodName = "deassignUser";
+ String methodName = "removeRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraintId, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ), contextId );