/** * Creates a ROle object. * * @param roleName rolename * @param privileges set of privileges * @throws SMException */ public void createRole(String roleName, Set<String> privileges) throws SMException { PrivilegeUtility privilegeUtility = new PrivilegeUtility(); Role role = null; try { role = privilegeUtility.getRole(roleName); } catch (Exception e) { role = new Role(); role.setName(roleName); role.setDesc("Dynamically created role"); role.setApplication( privilegeUtility.getApplication( SecurityManagerPropertiesLocator.getInstance().getApplicationCtxName())); Set<Privilege> privilegeList = new HashSet<Privilege>(); try { for (String privilegeId : privileges) { Privilege privilege = privilegeUtility.getUserProvisioningManager().getPrivilegeById(privilegeId); privilegeList.add(privilege); } role.setPrivileges(privilegeList); UserProvisioningManager userProvisioningManager = privilegeUtility.getUserProvisioningManager(); userProvisioningManager.createRole(role); } catch (CSObjectNotFoundException e1) { Utility.getInstance().throwSMException(e1, e1.getMessage(), "sm.operation.error"); } catch (CSTransactionException e2) { Utility.getInstance().throwSMException(e2, e2.getMessage(), "sm.operation.error"); } } }
/** * This is a temporary method written for StorageContainer - special case Used for * StorageContainerBizLogic.isDeAssignable() method. * * @param roleId roleid * @param objectId obj id * @param privilegeName name of the priv * @return boolean whether has privilege * @throws SMException */ public boolean hasGroupPrivilege(String roleId, String objectId, String privilegeName) throws SMException { boolean hasPriv = true; PrivilegeUtility utility = new PrivilegeUtility(); String groupId = utility.getGroupIdForRole(roleId); Set<User> users; try { users = utility.getUserProvisioningManager().getUsers(groupId); for (User user : users) { if (!getPrivilegeCache(user.getLoginName()).hasPrivilege(objectId, privilegeName)) { hasPriv = false; } } } catch (CSObjectNotFoundException e) { Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error"); } return hasPriv; }
/** * This Utility method is called dynamically as soon as a Site or CollectionProtocol object gets * created through the UI & adds detials regarding that object to the PrivilegeCaches of * appropriate users in Session. * * @param objectId id * @throws SMException e */ private void addObjectToPrivilegeCaches(String objectId) throws SMException { try { Collection<PrivilegeCache> listOfPrivCaches = getPrivilegeCaches(); ProtectionElement protectionElement = privilegeUtility.getUserProvisioningManager().getProtectionElement(objectId); Collection<ProtectionElement> protElements = new ArrayList<ProtectionElement>(); protElements.add(protectionElement); for (PrivilegeCache privilegeCache : listOfPrivCaches) { Collection<ObjectPrivilegeMap> objPrivMapCol = privilegeUtility .getUserProvisioningManager() .getPrivilegeMap(privilegeCache.getLoginName(), protElements); if (!objPrivMapCol.isEmpty()) { privilegeCache.addObject(objectId, objPrivMapCol.iterator().next().getPrivileges()); } } } catch (CSObjectNotFoundException e) { Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error"); } catch (CSException e) { Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error"); } }