directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [directory-fortress-core] branch FC-265 updated: use property to define role disabling DA checks
Date Fri, 15 Mar 2019 01:22:52 GMT
This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch FC-265
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git


The following commit(s) were added to refs/heads/FC-265 by this push:
     new f94f09c  use property to define role disabling DA checks
f94f09c is described below

commit f94f09c239341e1fff9223af5bf9392456f474df
Author: Shawn McKinney <smckinney@apache.org>
AuthorDate: Thu Mar 14 20:22:41 2019 -0500

    use property to define role disabling DA checks
---
 ldap/setup/refreshLDAPData-src.xml                             |  1 +
 .../apache/directory/fortress/core/impl/DelAccessMgrImpl.java  | 10 ++++------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/ldap/setup/refreshLDAPData-src.xml b/ldap/setup/refreshLDAPData-src.xml
index a7dcdc2..a3ebc99 100755
--- a/ldap/setup/refreshLDAPData-src.xml
+++ b/ldap/setup/refreshLDAPData-src.xml
@@ -157,6 +157,7 @@
                 <config props="adminperm.root:ou=AdminPerms,ou=ARBAC,@SUFFIX@"/>
                 <config props="audit.root:@AUDITS_DN@"/>
                 <config props="superadmin.role:fortress-core-super-admin"/>
+                <config props="serviceadmin.role:fortress-rest-admin"/>
                 <config props="temporal.validator.0:org.apache.directory.fortress.core.util.time.Date"/>
                 <config props="temporal.validator.1:org.apache.directory.fortress.core.util.time.LockDate"/>
                 <config props="temporal.validator.2:org.apache.directory.fortress.core.util.time.Timeout"/>
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
index 87f6d10..e77b1db 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
@@ -70,12 +70,14 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
     private UserP userP;
     private PermP permP;
     private String SUPER_ADMIN;
+    private String REST_ADMIN;
 
     public DelAccessMgrImpl()
     {
         userP = new UserP();
         permP = new PermP();
         SUPER_ADMIN = Config.getInstance().getProperty("superadmin.role", "fortress-core-super-admin");
+        REST_ADMIN = Config.getInstance().getProperty("serviceadmin.role", "fortress-rest-admin");
 	}
     
     /**
@@ -298,7 +300,6 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
         if(CollectionUtils.isNotEmpty( uaRoles ))
         {
             // validate user and retrieve user' ou:
-            // TODO: If this is an 'add', use the value of ou passed in 'user', other read
from directory and use that.
             User ue;
             if(!isAdd)
             {
@@ -381,9 +382,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
                     {
                         // Get the Role range for admin role:
                         Set<String> range;
-                        //if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
-                        // TODO: This should not be hardcoded!:
-                        if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+                        if(uaRole.getName().equalsIgnoreCase(REST_ADMIN))
                         {
                             result = true;
                             break;
@@ -462,8 +461,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
                     {
                         // Get the Role range for admin role:
                         Set<String> range;
-                        // TODO: This should not be hardcoded!:
-                        if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+                        if(uaRole.getName().equalsIgnoreCase(REST_ADMIN))
                         {
                             result = true;
                             break;


Mime
View raw message