📄 profileresourceaclplugin.java
字号:
* @param resourcesTarget Set of the resources.
* @param userContext Context of the user.
*
* @return True if the given object is in the resources, false otherwise.
*/
private boolean isInResources(JBTop entry, ResourcesTarget resourcesTarget,
UserContext userContext
)
{
Iterator it = resourcesTarget.getResourcesList().iterator();
String resourceName;
while (it.hasNext())
{
resourceName = (String) it.next();
if (PersistenceLDAP.isJbTopInResource(entry, resourceName,
userContext
)
)
{
return true;
}
}
return false;
}
/**
* Indicates if the modification is allowed on the first given object for the
* user which the context is given in argument.
* The given objects are LDAP Directory entries.
*
* @param oldentry The entry before modification.
* @param newentry The entry after modification.
* @param userContext The context of the user.
*
* @return True if the modification is allowed, false otherwise.
*
* @see opiam.admin.faare.service.services.acl.AclPluginInterface#
* isModificationEnabled(JBTop, JBTop, UserContext).
*
* @throws ServiceException if an error occurs.
*
* TO BE TESTED.
*
*/
public boolean isModificationEnabled(JBTop oldentry, JBTop newentry,
UserContext userContext
) throws ServiceException
{
// Get the target definitions for the current profile
String profile = userContext.getJbProfile().getName().trim().toLowerCase();
List targets = (List) profileAclMap.get(profile);
if (targets == null)
{
// if profile not found, consider it disabled
_logger.info(profile + " profile not found, has no rights");
return false;
}
// checks if it is a self modify operation
String dnRef = userContext.getJbUser().getDn();
if (oldentry.getDn().toLowerCase().equals(dnRef))
{
return true;
}
// checks if the user has the profil to modify the entry
if (oldentry instanceof Person)
{
Person pers = (Person)oldentry;
String department = pers.getDepartment().toLowerCase();
if (((!profile.equals("directory administrator"))
&& (!profile.equals("service manager")))
&& ((department.equals("accounting") && (!profile.equals("accounting manager")))
|| (department.equals("human resources") && (!profile.equals("hr manager")))
|| (department.equals("product testing") && (!profile.equals("qa manager")))
|| (department.equals("product development") && (!profile.equals("pd manager")))))
{
return false;
}
}
List modifiedAttrs = new ArrayList();
/*R閏up閞ation du type d'objet m閠ier*/
JBClassDescriptor classDesc;
try
{
classDesc =
PropertiesManager.getInstance().getPersistenceDescriptionMap()
.getClassDescriptor(newentry.getClass()
.getName()
);
}
catch (PersistenceException pex)
{
throw new ServiceException(MessageUtil.formatMessage("MSG_MAPPING_CLASS_NOT_FOUND",
newentry.getClass()
.getName()
), pex
);
}
/*Parcours des attributs*/
JBFieldDescriptor fieldDesc = null;
Iterator ita = classDesc.getFields().iterator();
while (ita.hasNext())
{
fieldDesc = (JBFieldDescriptor) ita.next();
_logger.debug(fieldDesc.getName());
if (fieldDesc.getSrcDesc().getName().compareToIgnoreCase("dn") == 0)
{
// ne pas traiter l'attribut "DN" (ce n'est pas un atttribut)
continue;
}
if (fieldDesc.getSrcDesc().getName().equalsIgnoreCase("objectclass")
)
{
// ne pas traiter l'attribut "objectclass"
continue;
}
Object newValue;
Object oldValue;
try
{
newValue =
PropertyUtils.getProperty(newentry, fieldDesc.getName());
}
catch (Exception ex) // no value
{
newValue = null;
}
try
{
oldValue =
PropertyUtils.getProperty(oldentry, fieldDesc.getName());
}
catch (Exception ex) // no value
{
oldValue = null;
}
_logger.debug(fieldDesc.getName() + "=>" + newValue + "/" +
oldValue
);
// cas des chaines vides.
if (fieldDesc.isStringType() && !fieldDesc.isACollection())
{
String snew = (String) newValue;
String sold = (String) oldValue;
if (snew != null)
{
snew = snew.trim();
if (snew.equals(""))
{
newValue = null;
}
}
if (sold != null)
{
sold = sold.trim();
if (sold.equals(""))
{
oldValue = null;
}
}
}
if ((newValue == null) && (oldValue == null))
{
continue;
}
if (((newValue == null) && (oldValue != null)) || // added or deleted
((newValue != null) && (oldValue == null))
)
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 1");
}
else if (!fieldDesc.isACollection())
{
if (!newValue.equals(oldValue)) // modified, simple value
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 2");
}
}
else // Collection
{
if (!CollectionUtils.isEqualCollection((Collection) newValue,
(Collection) oldValue
)
)
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 3");
}
}
}
// iterate on all targets
Iterator it = targets.iterator();
ResourcesTarget resourcesTarget = null;
String attrName = null;
while (it.hasNext())
{
resourcesTarget = (ResourcesTarget) it.next();
if (isInResources(newentry, resourcesTarget, userContext))
{
_logger.debug("isEnabled ACL execut⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -