private String[] updateUserRoles(Role role, List<String> selectedUsers, Realm realm)
throws Exception {
UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(realm);
User[] usersInRole = userDatabase.getUsersInRole(role);
Collection<String> usersNotRemoved = new TreeSet<String>();
for (User user : usersInRole) {
String principalName = user.getPrincipalName();
if (selectedUsers.contains(principalName)) {
// role is already assigned so make sure this don't happen again
selectedUsers.remove(principalName);
} else {
Role[] updatedRoles = removeRole(role, user.getRoles());
try {
userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles);
} catch (GroupsRequiredForUserException e) {
usersNotRemoved.add(principalName);
}
}
}
for (String principalName : selectedUsers) {
User user = userDatabase.getAccount(principalName);
Role[] updatedRoles = addRole(role, user.getRoles());
userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles);
}
return usersNotRemoved.toArray(new String[usersNotRemoved.size()]);
}
/**
* Edit an existing role. The role to edit must be placed in the request attribute
*
* @param mapping mapping
* @param form form
* @param request request
* @param response response
* @return forward
* @throws Exception on any error
*/
public ActionForward edit(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
Role role = (Role) request.getAttribute(Constants.EDITING_ITEM);
if (role == null) {
throw new Exception("No role configured for editing.");
}
PolicyUtil.checkPermission(
PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
request);
SessionInfo sessionInfo = getSessionInfo(request);
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
List<User> users = Arrays.asList(userDatabase.getUsersInRole(role));
RoleForm roleForm = (RoleForm) form;
roleForm.initialize(users);
roleForm.setRolename(role.getPrincipalName());
roleForm.setReferer(CoreUtil.getReferer(request));
roleForm.setEditing();
CoreUtil.addRequiredFieldMessage(this, request);
return mapping.findForward("display");
}
/* (non-Javadoc)
* @see com.adito.extensions.types.Plugin#startPlugin(com.adito.extensions.types.PluginDefinition, com.adito.extensions.ExtensionDescriptor, org.jdom.Element)
*/
public void startPlugin(
PluginDefinition definition, ExtensionDescriptor descriptor, Element element)
throws ExtensionException {
super.startPlugin(definition, descriptor, element);
UserDatabaseDefinition databaseDefinition =
new UserDatabaseDefinition(
ActiveDirectoryUserDatabase.class, "activeDirectory", "activeDirectory", 80);
UserDatabaseManager.getInstance().registerDatabase(databaseDefinition);
}
private void createRole(RoleForm roleForm, SessionInfo sessionInfo) throws Exception {
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
try {
Role role = userDatabase.createRole(roleForm.getRolename());
List<String> selectedUsers = roleForm.getUserList();
updateUserRoles(role, selectedUsers, userDatabase.getRealm());
fireSuccessfulEvent(sessionInfo, CoreEventConstants.GROUP_CREATED, role, selectedUsers);
} catch (Exception expt) {
fireUnsuccessfulEvent(roleForm, sessionInfo, CoreEventConstants.GROUP_CREATED, expt);
throw expt;
}
}
/**
* Create a new role.
*
* @param mapping mapping
* @param form form
* @param request request
* @param response response
* @return forward
* @throws Exception on any error
*/
public ActionForward create(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
SessionInfo sessionInfo = getSessionInfo(request);
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
if (!userDatabase.supportsAccountCreation()) {
throw new Exception("The underlying user database does not support role creation.");
}
PolicyUtil.checkPermission(
PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
request);
RoleForm roleForm = (RoleForm) form;
roleForm.initialize(Collections.<User>emptyList());
roleForm.setReferer(CoreUtil.getReferer(request));
CoreUtil.addRequiredFieldMessage(this, request);
return mapping.findForward("display");
}