public void setLdapGroupsForRole(int roleId, List<String> groupIds) throws RuntimeException {
try {
// add permissions check
Set<Permission> globalPermissions =
authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);
if (accessGranted) {
// clean out existing roles as this defines the new list of roles
PageList<LdapGroup> existing =
ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
log.trace("Removing " + existing.getTotalSize() + " groups from role '" + roleId + "'.");
int[] groupIndices = new int[existing.size()];
int indx = 0;
for (LdapGroup lg : existing) {
groupIndices[indx++] = lg.getId();
}
log.trace("Removing " + groupIndices.length + " LDAP Groups." + groupIndices);
ldapManager.removeLdapGroupsFromRole(subjectManager.getOverlord(), roleId, groupIndices);
PageList<LdapGroup> nowGroups =
ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
// from among all available groups, if group name matches then add it to the list.
ArrayList<String> validGroupIds = new ArrayList<String>();
Set<Map<String, String>> allAvailableLdapGroups = ldapManager.findAvailableGroups();
for (String group : groupIds) {
for (Map<String, String> map : allAvailableLdapGroups) {
if (map.get("name").equals(group)) {
validGroupIds.add(group);
}
}
}
log.trace("Adding " + validGroupIds.size() + " ldap groups to role[" + roleId + "].");
ldapManager.addLdapGroupsToRole(subjectManager.getOverlord(), roleId, groupIds);
nowGroups = ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
} else {
String message =
"User '"
+ getSessionSubject().getName()
+ "' does not have sufficient permissions to modify LDAP group assignments for roles.";
log.debug(message);
throw new PermissionException(message);
}
} catch (Throwable t) {
throw getExceptionToThrowToClient(t);
}
}
@Override
public Set<Map<String, String>> findAvailableGroupsStatus() throws RuntimeException {
try {
// add permissions check
Set<Permission> globalPermissions =
authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);
Set<Map<String, String>> results = null;
if (accessGranted) {
results = ldapManager.findAvailableGroupsStatus();
} else {
String message =
"User '"
+ getSessionSubject().getName()
+ "' does not have sufficient permissions to query the status of available LDAP groups request.";
log.debug(message);
throw new PermissionException(message);
}
return SerialUtility.prepare(results, "findAvailableGroups");
} catch (Throwable t) {
throw getExceptionToThrowToClient(t);
}
}
public PageList<LdapGroup> findLdapGroupsAssignedToRole(int roleId) throws RuntimeException {
try {
// add permissions check
Set<Permission> globalPermissions =
authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);
PageList<LdapGroup> allAssignedLdapGroups = null;
if (accessGranted) {
allAssignedLdapGroups =
ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
} else {
String message =
"User '"
+ getSessionSubject().getName()
+ "' does not have permissions to query LDAP group by role.";
log.debug(message);
throw new PermissionException(message);
}
return SerialUtility.prepare(allAssignedLdapGroups, "findLdapGroupsAssignedToRole");
} catch (Throwable t) {
throw getExceptionToThrowToClient(t);
}
}
