Examples of org.rhq.core.domain.authz.Role

• org.rhq.core.domain.authz.Role
  A role has zero or more {@link org.rhq.core.domain.resource.group.ResourceGroup}s assigned to it. You can assign a role to zero or more {@link Subject}s. A role defines a set of {@link Permission}s that the assigned {@link Subject}s are authorized for in order to operate on the Resources in the assigned {@link org.rhq.core.domain.resource.group.ResourceGroup}s. @author Greg Hinkle

                throw new IllegalArgumentException("Could not find resourceGroup[" + groupId + "] to add roles to");
            }
            group.getRoles().size(); // load them in

            for (Integer roleId : roleIds) {
                Role role = entityManager.find(Role.class, roleId);
                if (role == null) {
                    throw new IllegalArgumentException("Tried to add role[" + roleId + "] to resourceGroup[" + groupId
                        + "], but role was not found");
                }
                group.addRole(role);

        return ldapSet;
    }

    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setLdapGroupsOnRole(Subject subject, int roleId, Set<LdapGroup> groups) {
        Role role = entityManager.find(Role.class, roleId);
        if (role == null) {
            throw new IllegalArgumentException("Role with id [" + roleId + "] does not exist.");
        }

        //add some code to synch up the current list of ldap groups.
        Set<LdapGroup> currentGroups = role.getLdapGroups();
        List<String> currentGroupNames = new ArrayList<String>(currentGroups.size());
        for (LdapGroup group : currentGroups) {
            currentGroupNames.add(group.getName());
        }

    }

    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addLdapGroupsToRole(Subject subject, int roleId, List<String> groupNames) {
        if ((groupNames != null) && (groupNames.size() > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId + "] to add LDAP groups to.");
            }
            role.getLdapGroups().size(); // load them in

            for (String groupId : groupNames) {
                LdapGroup group = new LdapGroup();
                group.setName(groupId);
                role.addLdapGroup(group);
            }
        }
    }

    }

    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeLdapGroupsFromRole(Subject subject, int roleId, int[] groupIds) {
        if ((groupIds != null) && (groupIds.length > 0)) {
            Role role = entityManager.find(Role.class, roleId);
            if (role == null) {
                throw new IllegalArgumentException("Could not find role[" + roleId + "] to remove LDAP groups from.");
            }
            role.getLdapGroups().size(); // load them in

            for (Integer groupId : groupIds) {
                LdapGroup doomedGroup = entityManager.find(LdapGroup.class, groupId);
                if (doomedGroup == null) {
                    throw new IllegalArgumentException("Tried to remove doomedGroup[" + groupId + "] from role["
                        + roleId + "], but doomedGroup was not found.");
                }
                role.removeLdapGroup(doomedGroup);
            }

            Query purgeQuery = entityManager.createNamedQuery(LdapGroup.DELETE_BY_ID);

            List<Integer> ids = new LinkedList<Integer>();

            sub.addLdapRole(role);
        }
    }

    public PageList<LdapGroup> findLdapGroupsByRole(int roleId, PageControl pageControl) {
        Role role = entityManager.find(Role.class, roleId);
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + roleId + "] to lookup ldap Groups on");
        }
        return new PageList<LdapGroup>(role.getLdapGroups(), role.getLdapGroups().size(), pageControl);
    }

    private List<String> getRoleNames(List<Integer> roleIds) {
        RoleManagerLocal roleManager = LookupUtil.getRoleManager();
        List<String> results = new ArrayList<String>();
        for (Integer nextRoleId : roleIds) {
            Role nextRole = roleManager.getRoleById(nextRoleId);
            if (nextRole != null) { // handle unknown role ids
                results.add(nextRole.getName());
            }
        }

        return results;
    }

    private List<String> getRoleEmails(List<Integer> roleIds) {
        RoleManagerLocal roleManager = LookupUtil.getRoleManager();
        List<String> results = new ArrayList<String>();
        for (Integer nextRoleId : roleIds) {
            Role nextRole = roleManager.getRoleById(nextRoleId);
            if (nextRole != null) { // handle unknown role ids
                for (Subject nextSubject : nextRole.getSubjects()) {
                    String nextEmail = nextSubject.getEmailAddress();
                    if (nextEmail != null) {
                        results.add(nextEmail);
                    }
                }

        try {
            EntityManager em = getEntityManager();

            // setup simple test structures
            Subject subject = SessionTestHelper.createNewSubject(em, "fake subject");
            Role role = SessionTestHelper
                .createNewRoleForSubject(em, subject, "fake role", Permission.MANAGE_INVENTORY);

            ResourceGroup recursiveGroup = SessionTestHelper.createNewMixedGroupForRole(em, role, "fake group", true);

            // setup the test tree

        try {
            EntityManager em = getEntityManager();

            // setup simple test structures
            Subject subject = SessionTestHelper.createNewSubject(em, "fake subject");
            Role role = SessionTestHelper
                .createNewRoleForSubject(em, subject, "fake role", Permission.MANAGE_INVENTORY);

            ResourceGroup lineageG1 = SessionTestHelper.createNewMixedGroupForRole(em, role, "gen1", true);
            ResourceGroup lineageG2 = SessionTestHelper.createNewMixedGroupForRole(em, role, "gen2", true);
            ResourceGroup lineageG3 = SessionTestHelper.createNewMixedGroupForRole(em, role, "gen3", true);

    }

    @Test(groups = "integration.session")
    public void testImplicitGroupMembershipFromComplexGroupUpdates() throws Throwable {
        Subject subject = null;
        Role role = null;
        ResourceGroup recursiveGroup = null;
        List<Resource> fullTree = null;

        Resource nodeBigA = null;
        Resource nodeOne = null;
        Resource nodeThree = null;
        Resource nodeLittleA = null;
        Resource nodeTripleLittleI = null;

        List<Resource> resultsExplicit = null;

        List<Resource> expectedImplicit = null;
        List<Resource> expectedExplicit = new ArrayList<Resource>();

        try {
            try {
                getTransactionManager().begin();

                EntityManager em = getEntityManager();
                // setup simple test structures
                subject = SessionTestHelper.createNewSubject(em, "fake subject");
                role = SessionTestHelper.createNewRoleForSubject(em, subject, "fake role", Permission.MANAGE_INVENTORY);
                recursiveGroup = SessionTestHelper.createNewMixedGroupForRole(em, role, "fake group", true);

                // setup the test tree
                fullTree = getSimpleTree(em);

                ResourceTreeHelper.printForest(fullTree);

                // get the resources from the tree we want to explicitly add
                nodeBigA = ResourceTreeHelper.findNode(fullTree, "A");
                nodeOne = ResourceTreeHelper.findNode(fullTree, "1");
                nodeThree = ResourceTreeHelper.findNode(fullTree, "3");
                nodeLittleA = ResourceTreeHelper.findNode(fullTree, "a");
                nodeTripleLittleI = ResourceTreeHelper.findNode(fullTree, "iii");

                // adding nodeLittleA should give us the subtree under nodeLittleA
                expectedImplicit = ResourceTreeHelper.getSubtree(nodeLittleA);
                implicitGroupMembershipAddHelper(subject, recursiveGroup, nodeLittleA, expectedImplicit);
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                expectedExplicit.add(nodeLittleA);
                verifyEqualByIds("explicit add 1", expectedExplicit, resultsExplicit);

                // adding nodeThree should give us the union of the subtrees under nodeLittleA and nodeThree
                expectedImplicit.add(nodeThree);
                implicitGroupMembershipAddHelper(subject, recursiveGroup, nodeThree, expectedImplicit);
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                expectedExplicit.add(nodeThree);
                verifyEqualByIds("explicit add 2", expectedExplicit, resultsExplicit);

                // adding nodeBigA should give us the union of the entire A tree with the nodeThree subtree
                expectedImplicit = ResourceTreeHelper.getSubtree(nodeBigA);
                expectedImplicit.addAll(ResourceTreeHelper.getSubtree(nodeThree));
                implicitGroupMembershipAddHelper(subject, recursiveGroup, nodeBigA, expectedImplicit);
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                expectedExplicit.add(nodeBigA);
                verifyEqualByIds("explicit add 3", expectedExplicit, resultsExplicit);

                // adding nodeOne, which is a child of nodeBigA, shouldn't effect the expected results
                implicitGroupMembershipAddHelper(subject, recursiveGroup, nodeOne, expectedImplicit);
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                expectedExplicit.add(nodeOne);
                verifyEqualByIds("explicit add 4", expectedExplicit, resultsExplicit);

                // adding nodeTripleLittleI shouldn't effect the expected results either
                implicitGroupMembershipAddHelper(subject, recursiveGroup, nodeTripleLittleI, expectedImplicit);
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                expectedExplicit.add(nodeTripleLittleI);
                verifyEqualByIds("explicit add 5", expectedExplicit, resultsExplicit);
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();
                // removing the subtree nodeTripleLittleI shouldn't affect the expected set
                implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeTripleLittleI, expectedImplicit);
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();

                // removing a descendant of a node that is also in the explicit list should be a no-op
                implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeOne, expectedImplicit);

                expectedImplicit.remove(nodeThree);
                // removing the wandering nodeThree, so that results will be the complete nodeBigA subtree
                implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeThree, expectedImplicit);

                // removing a root node should remove all descendants that aren't still in the explicit list
                implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeBigA,
                    ResourceTreeHelper.getSubtree(nodeLittleA));
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();

                // remove a node that wasn't in the group - negative testing
                try {
                    // passing the "real" expected list for the results; this way, if the exception doesn't happen, the helper returns true
                    implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeBigA,
                        ResourceTreeHelper.getSubtree(nodeLittleA));
                    assert false : "Failed: removed non-existent successfully: node = " + nodeBigA.getName();
                } catch (Throwable t) {
                    // expected
                }
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();

                // removing the last resource should leave an empty list
                implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeLittleA, new ArrayList<Resource>());
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();
                // remove a node that wasn't in the group - negative testing
                try {
                    // passing the "real" expected list for the results; this way, if the exception doesn't happen, the helper returns true
                    Resource nodeBigB = ResourceTreeHelper.findNode(fullTree, "B");
                    implicitGroupMembershipRemoveHelper(subject, recursiveGroup, nodeBigB,
                        ResourceTreeHelper.getSubtree(nodeBigA));
                    assert false : "Failed: removed non-existent successfully: node = " + nodeBigB.getName();
                } catch (Throwable t) {
                    // expected
                }
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

            try {
                getTransactionManager().begin();
                resultsExplicit = resourceManager.findExplicitResourcesByResourceGroup(subject, recursiveGroup,
                    PageControl.getUnlimitedInstance());
                verifyEqualByIds("explicit remove 0", new ArrayList<Resource>(), resultsExplicit);
            } catch (Throwable t) {
                handleThrowable(t);
            } finally {
                handleTransaction();
            }

        } finally {
            // clean up anything that may have gotten created
            try {
                getTransactionManager().begin();

                EntityManager em = getEntityManager();

                Subject overlord = subjectManager.getOverlord();

                if (null != subject) {
                    subjectManager.deleteUsers(overlord, new int[] { subject.getId() });
                }
                if (null != role) {
                    roleManager.deleteRoles(overlord, new int[] { role.getId() });
                }
                if (null != recursiveGroup) {
                    resourceGroupManager.deleteResourceGroup(overlord, recursiveGroup.getId());
                }