private String[] updateUserRoles(Role role, List<String> selectedUsers, Realm realm) throws Exception { UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(realm); User[] usersInRole = userDatabase.getUsersInRole(role); Collection<String> usersNotRemoved = new TreeSet<String>(); for (User user : usersInRole) { String principalName = user.getPrincipalName(); if (selectedUsers.contains(principalName)) { // role is already assigned so make sure this don't happen again selectedUsers.remove(principalName); } else { Role[] updatedRoles = removeRole(role, user.getRoles()); try { userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles); } catch (GroupsRequiredForUserException e) { usersNotRemoved.add(principalName); } } } for (String principalName : selectedUsers) { User user = userDatabase.getAccount(principalName); Role[] updatedRoles = addRole(role, user.getRoles()); userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles); } return usersNotRemoved.toArray(new String[usersNotRemoved.size()]); }
/** * Edit an existing role. The role to edit must be placed in the request attribute * * @param mapping mapping * @param form form * @param request request * @param response response * @return forward * @throws Exception on any error */ public ActionForward edit( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { Role role = (Role) request.getAttribute(Constants.EDITING_ITEM); if (role == null) { throw new Exception("No role configured for editing."); } PolicyUtil.checkPermission( PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request); SessionInfo sessionInfo = getSessionInfo(request); UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm()); List<User> users = Arrays.asList(userDatabase.getUsersInRole(role)); RoleForm roleForm = (RoleForm) form; roleForm.initialize(users); roleForm.setRolename(role.getPrincipalName()); roleForm.setReferer(CoreUtil.getReferer(request)); roleForm.setEditing(); CoreUtil.addRequiredFieldMessage(this, request); return mapping.findForward("display"); }
private void createRole(RoleForm roleForm, SessionInfo sessionInfo) throws Exception { UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm()); try { Role role = userDatabase.createRole(roleForm.getRolename()); List<String> selectedUsers = roleForm.getUserList(); updateUserRoles(role, selectedUsers, userDatabase.getRealm()); fireSuccessfulEvent(sessionInfo, CoreEventConstants.GROUP_CREATED, role, selectedUsers); } catch (Exception expt) { fireUnsuccessfulEvent(roleForm, sessionInfo, CoreEventConstants.GROUP_CREATED, expt); throw expt; } }
/** * Create a new role. * * @param mapping mapping * @param form form * @param request request * @param response response * @return forward * @throws Exception on any error */ public ActionForward create( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { SessionInfo sessionInfo = getSessionInfo(request); UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm()); if (!userDatabase.supportsAccountCreation()) { throw new Exception("The underlying user database does not support role creation."); } PolicyUtil.checkPermission( PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request); RoleForm roleForm = (RoleForm) form; roleForm.initialize(Collections.<User>emptyList()); roleForm.setReferer(CoreUtil.getReferer(request)); CoreUtil.addRequiredFieldMessage(this, request); return mapping.findForward("display"); }