You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2022/07/25 21:20:07 UTC
[directory-site] branch master updated: format the arguments

This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 26927314 format the arguments
26927314 is described below

commit 2692731443d9919cc0d10c9ff46953e2a29ffc17
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Mon Jul 25 16:19:42 2022 -0500

    format the arguments
---
 source/fortress/user-guide/4.1-create-session.md    | 10 ++++++----
 source/fortress/user-guide/4.2-check-access.md      | 21 ++++++++++++++-------
 .../fortress/user-guide/4.3-session-permissions.md  | 12 ++++++++----
 source/fortress/user-guide/4.4-activate-role.md     | 19 ++++++++++---------
 source/fortress/user-guide/4.5-deactivate-role.md   | 15 +++++++++++----
 source/fortress/user-guide/4.6-authorized-roles.md  | 12 ++++++++----
 6 files changed, 57 insertions(+), 32 deletions(-)

diff --git a/source/fortress/user-guide/4.1-create-session.md b/source/fortress/user-guide/4.1-create-session.md
index 5d5e0f50..2185b65d 100644
--- a/source/fortress/user-guide/4.1-create-session.md
+++ b/source/fortress/user-guide/4.1-create-session.md
@@ -19,12 +19,14 @@ This method must be called once per user prior to calling other methods within t
 In addition to checking user password validity it will apply configured password policy checks.
 
 Parameters:
-user - Contains User.userId, User.password (optional if isTrusted is 'true'), optional User.roles, optional User.adminRoles
-isTrusted - if true password is not required.
+- user - Contains User.userId, User.password (optional if isTrusted is 'true'), optional User.roles, optional User.adminRoles
+- isTrusted - if true password is not required.
+
 Returns:
-Session object will contain authentication result code Session.errorId, RBAC role activations Session.getRoles(), Admin Role activations Session.getAdminRoles(), Password policy codes Session.warnings, Session.expirationSeconds, Session.graceLogins and more.
+- Session object will contain authentication result code Session.errorId, RBAC role activations Session.getRoles(), Admin Role activations Session.getAdminRoles(), Password policy codes Session.warnings, Session.expirationSeconds, Session.graceLogins and more.
+
 Throws:
-SecurityException - in the event of data validation failure, security policy violation or DAO error.
+- SecurityException - in the event of data validation failure, security policy violation or DAO error.
 
 ## Simple createSession
 
diff --git a/source/fortress/user-guide/4.2-check-access.md b/source/fortress/user-guide/4.2-check-access.md
index 7d280be7..a7172959 100644
--- a/source/fortress/user-guide/4.2-check-access.md
+++ b/source/fortress/user-guide/4.2-check-access.md
@@ -15,18 +15,25 @@ boolean checkAccess(Session session, Permission perm) throws SecurityException
 ```
 
 Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed 
-not to perform a given operation on a given object. The function is valid if and only if the session is a valid Fortress session, 
-the object is a member of the OBJS data set, and the operation is a member of the OPS data set. The session's subject has the permission 
-to perform the operation on that object if and only if that permission is assigned to (at least) one of the session's active roles. 
+not to perform a given operation on a given object.
+
+The function is valid if and only if:
+- the session is a valid Fortress session
+- the object is a member of the OBJS data set
+- the operation is a member of the OPS data set.
+
+The session's subject has the permission to perform the operation on that object if and only if that permission is assigned to (at least) one of the session's active roles. 
 This implementation will verify the roles or userId correspond to the subject's active roles are registered in the object's access control list.
 
 Parameters:
-perm - must contain the object, Permission.objName, and operation, Permission.opName, of permission User is trying to access.
-session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
+- perm - must contain the object, Permission.objName, and operation, Permission.opName, of permission User is trying to access.
+- session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
+
 Returns:
-True if user has access, false otherwise.
+- True if user has access, False otherwise.
+
 Throws:
-SecurityException - in the event of data validation failure, security policy violation or DAO error.
+- SecurityException - in the event of data validation failure, security policy violation or DAO error.
 
 ## checkAccess
 
diff --git a/source/fortress/user-guide/4.3-session-permissions.md b/source/fortress/user-guide/4.3-session-permissions.md
index b371bed0..f87c905e 100644
--- a/source/fortress/user-guide/4.3-session-permissions.md
+++ b/source/fortress/user-guide/4.3-session-permissions.md
@@ -14,14 +14,18 @@ navNextText: 4.4 - Add Active Role
 List<Permission> sessionPermissions( Session session ) throws SecurityException
 ```
 
-This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles. The function is valid if and only if the session is a valid Fortress session.
+This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles. 
+
+The function is valid if and only if the session is a valid Fortress session.
 
 Parameters:
-session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
+- session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
+
 Returns:
-List<Permission> containing permissions (op, obj) active for user's session.
+- List<Permission> containing permissions (op, obj) active for user's session.
+
 Throws:
-SecurityException - is thrown if runtime error occurs with system.
+- SecurityException - is thrown if runtime error occurs with system.
 
 ## sessionPermissions
 
diff --git a/source/fortress/user-guide/4.4-activate-role.md b/source/fortress/user-guide/4.4-activate-role.md
index fa990510..97379d5a 100644
--- a/source/fortress/user-guide/4.4-activate-role.md
+++ b/source/fortress/user-guide/4.4-activate-role.md
@@ -17,18 +17,19 @@ void addActiveRole(Session session, UserRole role) throws SecurityException
 This function adds a role as an active role of a session whose owner is a given user.
 
 The function is valid if and only if:
-    the user is a member of the USERS data set
-    the role is a member of the ROLES data set
-    the role inclusion does not violate Dynamic Separation of Duty Relationships
-    the session is a valid Fortress session
-    the user is authorized to that role
-    the session is owned by that user.
+- the user is a member of the USERS data set
+- the role is a member of the ROLES data set
+- the role inclusion does not violate Dynamic Separation of Duty Relationships
+- the session is a valid Fortress session
+- the user is authorized to that role
+- the session is owned by that user
 
 Parameters:
-    session - object contains the user's returned RBAC session from the createSession method.
-    role - object contains the role name, UserRole.name, to be activated into session.
+- session - object contains the user's returned RBAC session from the createSession method.
+- role - object contains the role name, UserRole.name, to be activated into session.
+
 Throws:
-    SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.
+- SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.
 
 ## addActiveRole
 
diff --git a/source/fortress/user-guide/4.5-deactivate-role.md b/source/fortress/user-guide/4.5-deactivate-role.md
index 63754a4b..5238bc3f 100644
--- a/source/fortress/user-guide/4.5-deactivate-role.md
+++ b/source/fortress/user-guide/4.5-deactivate-role.md
@@ -14,13 +14,20 @@ navNextText: 4.6 - Authorized Roles
 void dropActiveRole(Session session, UserRole role) throws SecurityException
 ```
 
-This function deletes a role from the active role set of a session owned by a given user. The function is valid if and only if the user is a member of the USERS data set, the session object contains a valid Fortress session, the session is owned by the user, and the role is an active role of that session.
+This function deletes a role from the active role set of a session owned by a given user. 
+
+The function is valid if and only if:
+- the user is a member of the USERS data set
+- the session object contains a valid Fortress session
+- the session is owned by the user
+- the role is an active role of that session
 
 Parameters:
-session - object contains the user's returned RBAC session from the createSession method.
-role - object contains the role name, UserRole.name, to be deactivated.
+- session - object contains the user's returned RBAC session from the createSession method.
+- role - object contains the role name, UserRole.name, to be deactivated.
+
 Throws:
-SecurityException - is thrown if user is not allowed to deactivate or runtime error occurs with system.
+- SecurityException - is thrown if user is not allowed to deactivate or runtime error occurs with system.
 
 ## dropActiveRole
 
diff --git a/source/fortress/user-guide/4.6-authorized-roles.md b/source/fortress/user-guide/4.6-authorized-roles.md
index 41036daa..afd4abee 100644
--- a/source/fortress/user-guide/4.6-authorized-roles.md
+++ b/source/fortress/user-guide/4.6-authorized-roles.md
@@ -12,14 +12,18 @@ navUpText: 4 - Fortress Code Samples
 Set<String> authorizedRoles(Session session) throws SecurityException
 ```
 
-This function returns the authorized roles associated with a session based on hierarchical relationships. The function is valid if and only if the session is a valid Fortress session.
+This function returns the authorized roles associated with a session based on hierarchical relationships. 
+
+The function is valid if and only if the session is a valid Fortress session.
 
 Parameters:
-    session - object contains the user's returned RBAC session from the createSession method.
+- session - object contains the user's returned RBAC session from the createSession method.
+
 Returns:
-    Set<String> containing all roles active in user's session. This will contain inherited roles.
+- Set<String> containing all roles active in user's session. This will contain inherited roles.
+
 Throws:
-    SecurityException - is thrown if session invalid or system. error.
+- SecurityException - is thrown if session invalid or system. error.
 
 ## authorizedRoles