directory-fortress-core git commit: FC-119 remove role constraint when deassigning role

[cp...@apache.org]

Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 4bb32a9be -> f1448abf0


FC-119 remove role constraint when deassigning role


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/f1448abf
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/f1448abf
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/f1448abf

Branch: refs/heads/master
Commit: f1448abf0e2c0dfea183d2e9d24a13eaf2c50edd
Parents: 4bb32a9
Author: clp207 <cl...@psu.edu>
Authored: Fri Jul 7 08:23:44 2017 -0400
Committer: clp207 <cl...@psu.edu>
Committed: Fri Jul 7 08:23:44 2017 -0400

----------------------------------------------------------------------
 .../apache/directory/fortress/core/impl/UserDAO.java  | 14 ++++++++++----
 .../fortress/core/impl/FortressJUnitTest.java         |  1 +
 .../fortress/core/impl/ReviewMgrImplTest.java         |  9 +++++++++
 3 files changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f1448abf/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index 1f20196..cb047b3 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -1825,13 +1825,19 @@ final class UserDAO extends LdapDataProvider
                     // delete the name assignment attribute using the raw name data:
                     List<Modification> mods = new ArrayList<Modification>();
 
+                    // Remove user role constraints
+                    for( RoleConstraint rc : fRole.getRoleConstraints() ){
+                        this.deassign( fRole, rc );
+                    }
+                    
                     mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds
-                        .USER_ROLE_DATA, fRole.getRawData() ) );
-
+                        .USER_ROLE_DATA, fRole.getRawData() ) );                    
+                    
                     mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds
                         .USER_ROLE_ASSIGN, fRole.getName() ) );
-                    ld = getAdminConnection();
-                    modify( ld, userDn, mods, uRole );
+                    ld = getAdminConnection();                    
+                    
+                    modify( ld, userDn, mods, uRole );                                        
                 }
             }
             // target name not found:

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f1448abf/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
index 2419782..f6c6c60 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java
@@ -267,6 +267,7 @@ public class FortressJUnitTest extends TestCase
         
         suite.addTest( new ReviewMgrImplTest( "testReadUserRoleConstraint" ) );
         suite.addTest( new ReviewMgrImplTest( "testFindRoleConstraints" ) );
+        suite.addTest( new ReviewMgrImplTest( "testDeassignRoleWithRoleConstraint" ) );
         
         /***********************************************************/
         /* 4. Security Checks                                      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f1448abf/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
index fa701a5..db4d86a 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/ReviewMgrImplTest.java
@@ -25,6 +25,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.directory.fortress.core.AdminMgr;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.ReviewMgr;
 import org.apache.directory.fortress.core.ReviewMgrFactory;
@@ -1681,6 +1682,14 @@ public class ReviewMgrImplTest extends TestCase
     				+ "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
     		fail( ex.getMessage() );
     	}
+    }        
+    
+    public void testDeassignRoleWithRoleConstraint() throws SecurityException{
+        AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
+        adminMgr.deassignUser( new UserRole( UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0] ) );
+        
+        ReviewMgr reviewMgr = getManagedReviewMgr();
+        reviewMgr.assignedRoles( new User( UserTestData.USERS_TU1[0][0] ) );
     }
     
     /**