/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: BaseRole.java,v 1.4 2008/06/25 05:41:44 qcheng Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* Abstract base class for all roles.
*
* @supported.api
*/
static {
}
/**
* Default constructor
*
* @see com.iplanet.ums.PersistentObject#PersistentObject()
*/
protected BaseRole() {
super();
}
/**
* Constructs a BaseRole object from a principal and guid.
*
* @see com.iplanet.ums.PersistentObject#PersistentObject(
* java.security.Principal
* p, String guid)
*/
super();
}
/**
* Constructs a BaseRole from a creation template
* and attribute set.
*
* @see com.iplanet.ums.PersistentObject#PersistentObject(CreationTemplate
* template, AttrSet attrSet)
*
* @supported.api
*/
throws UMSException {
}
/**
* Checks if a given identifier is a member of the role.
*
* @param po
* member to be checked for membership
*
* @return <code>true</code> if it is a member
* @exception UMSException
* on failure to read object for guid
*
* @supported.api
*/
boolean hasTheMember = false;
hasTheMember = true;
}
}
return hasTheMember;
}
/**
* Returns the attribute access rights associated with the role.
*
* @return AccessRightObject associated with the role
*
* @supported.api
*/
// get parent GUID
if (parentObject == null) {
}
// get ACIS from parent object
// go throw each ACI to see if it sets the access right for the role
if (debug.messageEnabled()) {
}
// try to find out if this ACI is for this role
// checking the name of the aci,
// better solution is to check the roledn, TBD
break;
else
continue;
}
break;
else
continue;
}
}
}
} else {
}
} else {
} else {
}
}
}
/**
* Creates attribute access rights for the role;
* existing attribute access rights for the role will be replaced.
*
* @param accessRight
* New access right to be set to the role
*
* @supported.api
*/
throws UMSException, ACIParseException {
// get parent GUID
if (parentObject == null) {
}
// get ACIS from parent object
// go throw each ACI to see if it sets the access right for the role
if (debug.messageEnabled()) {
}
// try to find out if this ACI is for this role
// checking the name of the aci,
// better solution is to check the roledn, TBD
break;
else
continue;
}
break;
else
continue;
}
}
}
// modify existing read ACI
if (debug.messageEnabled()) {
}
.getReadableAttributeNames(), false);
} else {
// add new read ACI
.getReadableAttributeNames(), false);
// set Allow "read" permission
// set applied role
if (debug.messageEnabled()) {
+ newReadACI.toString());
}
}
// modify existing read ACI
if (debug.messageEnabled()) {
}
.getWritableAttributeNames(), false);
} else {
// add new write ACI
accessRight.getWritableAttributeNames(), false);
// set Allow "write" permission
// set applied role
if (debug.messageEnabled()) {
+ newWriteACI.toString());
}
}
// save ACI changes to parent persistent store
parentObject.save();
}
// need to set cosattribute to be "operational" to avoid adding objectclass
// to every user entry, but need to get response back from DS team (TBD)
// but for now, just set cosattribute operational
}