Examples of org.rhq.core.domain.authz.Role

• org.rhq.core.domain.authz.Role
  A role has zero or more {@link org.rhq.core.domain.resource.group.ResourceGroup}s assigned to it. You can assign a role to zero or more {@link Subject}s. A role defines a set of {@link Permission}s that the assigned {@link Subject}s are authorized for in order to operate on the Resources in the assigned {@link org.rhq.core.domain.resource.group.ResourceGroup}s. @author Greg Hinkle

     */
    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addResourceGroupsToRole(Subject subject, int roleId, int[] groupIds) {
        if ((groupIds != null) && (groupIds.length > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId + "] to add resourceGroups to");
            }
            role.getResourceGroups().size(); // load them in

            for (Integer groupId : groupIds) {
                ResourceGroup group = entityManager.find(ResourceGroup.class, groupId);
                if (group == null) {
                    throw new IllegalArgumentException("Tried to add resourceGroup[" + groupId + "] to role[" + roleId
                        + "], but resourceGroup was not found.");
                }
                role.addResourceGroup(group);
            }
        }

        return;
    }

    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeBundleGroupsFromRole(Subject subject, int roleId, int[] bundleGroupIds) {
        if ((bundleGroupIds != null) && (bundleGroupIds.length > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId
                    + "] in order to remove BundleGroups");
            }
            role.getBundleGroups().size(); // load them in

            for (Integer bundleGroupId : bundleGroupIds) {
                BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId);
                if (bundleGroup == null) {
                    throw new IllegalArgumentException("Tried to remove BundleGroup[" + bundleGroupId + "] from role["
                        + roleId + "], but BundleGroup was not found");
                }
                role.removeBundleGroup(bundleGroup);
            }
        }
    }

     */
    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds) {
        if ((groupIds != null) && (groupIds.length > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId + "] to remove resourceGroups from");
            }
            role.getResourceGroups().size(); // load them in

            for (Integer groupId : groupIds) {
                ResourceGroup doomedGroup = entityManager.find(ResourceGroup.class, groupId);
                if (doomedGroup == null) {
                    throw new IllegalArgumentException("Tried to remove doomedGroup[" + groupId + "] from role["
                        + roleId + "], but subject was not found");
                }
                role.removeResourceGroup(doomedGroup);
            }
        }
    }

    }

    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedBundleGroups(Subject subject, int roleId, int[] bundleGroupIds) {
        Role role = getRole(subject, roleId);
        List<Integer> currentBundleGroups = new ArrayList<Integer>();
        for (BundleGroup group : role.getBundleGroups()) {
            currentBundleGroups.add(group.getId());
        }

        List<Integer> newBundleGroups = ArrayUtils.wrapInList(bundleGroupIds); // members needing addition
        newBundleGroups.removeAll(currentBundleGroups);

    }

    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds) {
        Role role = getRole(subject, roleId);
        List<Integer> currentGroups = new ArrayList<Integer>();
        for (ResourceGroup group : role.getResourceGroups()) {
            currentGroups.add(group.getId());
        }

        List<Integer> newGroups = ArrayUtils.wrapInList(groupIds); // members needing addition
        newGroups.removeAll(currentGroups);

    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeSubjectsFromRole(Subject subject, int roleId, int[] subjectIds) {
        if ((subjectIds != null) && (subjectIds.length > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId + "] to remove subjects from");
            }
            role.getSubjects().size(); // load them in

            for (Integer subjectId : subjectIds) {
                Subject doomedSubject = entityManager.find(Subject.class, subjectId);
                if (doomedSubject == null) {
                    throw new IllegalArgumentException("Tried to remove subject[" + subjectId + "] from role[" + roleId
                        + "], but subject was not found");
                }
                if (doomedSubject.getFsystem() || (authorizationManager.isSystemSuperuser(doomedSubject))) {
                    throw new PermissionException("You cannot remove user[" + doomedSubject.getName() + "] from role["
                        + roleId + "] - roles are fixed for this user");
                }
                role.removeSubject(doomedSubject);
            }
        }
    }

    @Override
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedSubjects(Subject subject, int roleId, int[] subjectIds) {

        Role role = getRole(subject, roleId);
        List<Integer> currentSubjects = new ArrayList<Integer>();
        for (Subject currentSubject : role.getSubjects()) {
            currentSubjects.add(currentSubject.getId());
        }

        List<Integer> newSubjects = ArrayUtils.wrapInList(subjectIds); // members needing addition
        newSubjects.removeAll(currentSubjects);

                    + "] in order to remove roles");
            }
            bundleGroup.getRoles().size(); // load them in

            for (Integer roleId : roleIds) {
                Role doomedRole = entityManager.find(Role.class, roleId);
                if (doomedRole == null) {
                    throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from BundleGroup["
                        + bundleGroupId + "], but role was not found");
                }
                doomedRole.removeBundleGroup(bundleGroup);
            }
        }

        return;
    }

                throw new IllegalArgumentException("Could not find resourceGroup[" + groupId + "] to remove roles from");
            }
            group.getRoles().size(); // load them in

            for (Integer roleId : roleIds) {
                Role doomedRole = entityManager.find(Role.class, roleId);
                if (doomedRole == null) {
                    throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from resourceGroup["
                        + groupId + "], but role was not found");
                }
                group.removeRole(doomedRole);

                    + "] in order to add roles");
            }
            bundleGroup.getRoles().size(); // load them in

            for (Integer roleId : roleIds) {
                Role role = entityManager.find(Role.class, roleId);
                if (role == null) {
                    throw new IllegalArgumentException("Tried to add role[" + roleId + "] to bundleGroup["
                        + bundleGroupId + "], but role was not found");
                }
                role.addBundleGroup(bundleGroup);
            }
        }

        return;
    }