FC-280 - Verify role constraint exists before assignment
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index f0e2da2..04a8c5a 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1121,6 +1121,10 @@
* The validation for Role Constraint key is required.
*/
public static final int ROLE_CONSTRAINT_KEY_NULL = 5103;
+ /**
+ * An attempt to add a user-role constraint when the role constraint has not been enabled (added).
+ */
+ public static final int ROLE_CONSTRAINT_NOT_ENABLED = 5104;
/**
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
index 6d2a28b..78e1cc5 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AdminMgrImpl.java
@@ -367,6 +367,7 @@
{
String methodName = "assignUser";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
Role role = new Role( uRole.getName() );
role.setContextId( contextId );
User user = new User( uRole.getUserId() );
@@ -403,8 +404,8 @@
{
String methodName = "enableRoleConstraint";
VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
- VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, role );
// This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
@@ -430,10 +431,10 @@
throws SecurityException
{
String methodName = "disableRoleConstraint";
- VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
- VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
- VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, role );
+ VUtil.assertNotNull( role, GlobalErrIds.ROLE_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
// This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
String propKey = Config.getInstance().getConstraintKey( role.getName(), contextId );
String propValue = roleConstraint.getKey();
@@ -457,8 +458,19 @@
{
String methodName = "addRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
+ if ( roleConstraint.getType() == RoleConstraint.RCType.USER )
+ {
+ // Validate the user-role constraint has been enabled:
+ // This constraint type requires a global config parameter keyed by RC$tenant$role:constraint:
+ String propKey = Config.getInstance().getConstraintKey( uRole.getName(), contextId );
+ String propValue = Config.getInstance().getProperty( propKey );
+ VUtil.assertNotNull( propValue, GlobalErrIds.ROLE_CONSTRAINT_NOT_ENABLED, CLS_NM + methodName );
+ }
+
// Validate the user-role assignment exists:
User user = new User( uRole.getUserId());
user.setContextId( contextId );
@@ -473,7 +485,6 @@
}
AdminUtil.canAssign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ),
contextId );
- // todo assert roleconstraint here
userP.assign( uRole, roleConstraint );
return roleConstraint;
}
@@ -488,6 +499,8 @@
{
String methodName = "removeRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( roleConstraint, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
userP.deassign( uRole, roleConstraint );
}
@@ -500,8 +513,11 @@
public void removeRoleConstraint( UserRole uRole, String roleConstraintId )
throws SecurityException
{
- String methodName = "deassignUser";
+ String methodName = "removeRoleConstraint";
assertContext( CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( roleConstraintId, GlobalErrIds.ROLE_CONSTRAINT_NULL, CLS_NM + methodName );
+ VUtil.assertNotNull( uRole.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + methodName );
setEntitySession( CLS_NM, methodName, uRole );
AdminUtil.canDeassign( uRole.getAdminSession(), new User( uRole.getUserId() ), new Role( uRole.getName() ), contextId );