Пример #1
0
  public void setLdapGroupsForRole(int roleId, List<String> groupIds) throws RuntimeException {
    try {
      // add permissions check
      Set<Permission> globalPermissions =
          authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
      Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);

      if (accessGranted) {
        // clean out existing roles as this defines the new list of roles
        PageList<LdapGroup> existing =
            ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
        log.trace("Removing " + existing.getTotalSize() + " groups from role '" + roleId + "'.");
        int[] groupIndices = new int[existing.size()];
        int indx = 0;
        for (LdapGroup lg : existing) {
          groupIndices[indx++] = lg.getId();
        }
        log.trace("Removing " + groupIndices.length + " LDAP Groups." + groupIndices);
        ldapManager.removeLdapGroupsFromRole(subjectManager.getOverlord(), roleId, groupIndices);
        PageList<LdapGroup> nowGroups =
            ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());

        // from among all available groups, if group name matches then add it to the list.
        ArrayList<String> validGroupIds = new ArrayList<String>();
        Set<Map<String, String>> allAvailableLdapGroups = ldapManager.findAvailableGroups();
        for (String group : groupIds) {
          for (Map<String, String> map : allAvailableLdapGroups) {
            if (map.get("name").equals(group)) {
              validGroupIds.add(group);
            }
          }
        }
        log.trace("Adding " + validGroupIds.size() + " ldap groups to role[" + roleId + "].");
        ldapManager.addLdapGroupsToRole(subjectManager.getOverlord(), roleId, groupIds);
        nowGroups = ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
      } else {
        String message =
            "User '"
                + getSessionSubject().getName()
                + "' does not have sufficient permissions to modify LDAP group assignments for roles.";
        log.debug(message);
        throw new PermissionException(message);
      }

    } catch (Throwable t) {
      throw getExceptionToThrowToClient(t);
    }
  }
Пример #2
0
  @Override
  public Set<Map<String, String>> findAvailableGroupsStatus() throws RuntimeException {
    try {
      // add permissions check
      Set<Permission> globalPermissions =
          authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
      Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);

      Set<Map<String, String>> results = null;
      if (accessGranted) {
        results = ldapManager.findAvailableGroupsStatus();
      } else {
        String message =
            "User '"
                + getSessionSubject().getName()
                + "' does not have sufficient permissions to query the status of available LDAP groups request.";
        log.debug(message);
        throw new PermissionException(message);
      }
      return SerialUtility.prepare(results, "findAvailableGroups");
    } catch (Throwable t) {
      throw getExceptionToThrowToClient(t);
    }
  }
Пример #3
0
  public PageList<LdapGroup> findLdapGroupsAssignedToRole(int roleId) throws RuntimeException {
    try {
      // add permissions check
      Set<Permission> globalPermissions =
          authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
      Boolean accessGranted = globalPermissions.contains(Permission.MANAGE_SECURITY);

      PageList<LdapGroup> allAssignedLdapGroups = null;
      if (accessGranted) {
        allAssignedLdapGroups =
            ldapManager.findLdapGroupsByRole(roleId, PageControl.getUnlimitedInstance());
      } else {
        String message =
            "User '"
                + getSessionSubject().getName()
                + "' does not have permissions to query LDAP group by role.";
        log.debug(message);
        throw new PermissionException(message);
      }
      return SerialUtility.prepare(allAssignedLdapGroups, "findLdapGroupsAssignedToRole");
    } catch (Throwable t) {
      throw getExceptionToThrowToClient(t);
    }
  }