inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

[MNT-24072] Retain users/groups (who are already exist and are part of AUTH.ALF zone) so parent associations can be created (#2414)

Browse Source 
* [MNT-24072] Retain existent users and groups so parent associations can be created

* [MNT-24072] Using person/authority 'exists' methods instead

* [MNT-24072] Added code to rezone users/groups (who already exist and are part of AUTH.ALF zone) that have parent associations to create

* [MNT-24072] PMD scan changes

* [MNT-24072] Added a validation to prevent an authority from being added to zones where already is
This commit is contained in:
tiagosalvado10
2024-02-06 11:58:23 +00:00
committed by GitHub
parent 47a636997c
commit 71b69529c6
1 changed files with 97 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
repository/src/main/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java
View File

@@ -1001,8 +1001,10 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
private final Map<String, String> groupsToCreate = new TreeMap<String, String>(); private final Map<String, String> groupsToCreate = new TreeMap<String, String>();
private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap(); private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap();
private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap(); private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap();
private final List<String> personToRezone = new LinkedList<>();
private Map<String, Set<String>> groupParentAssocsToCreate = new TreeMap<String, Set<String>>(); private Map<String, Set<String>> groupParentAssocsToCreate = new TreeMap<String, Set<String>>();
private final Map<String, Set<String>> groupParentAssocsToDelete = new TreeMap<String, Set<String>>(); private final Map<String, Set<String>> groupParentAssocsToDelete = new TreeMap<String, Set<String>>();
private final List<String> groupToRezone = new LinkedList<>();
private final Map<String, Set<String>> finalGroupChildAssocs = new TreeMap<String, Set<String>>(); private final Map<String, Set<String>> finalGroupChildAssocs = new TreeMap<String, Set<String>>();
private List<String> personsProcessed = new LinkedList<String>(); private List<String> personsProcessed = new LinkedList<String>();
private Set<String> allZonePersons = Collections.emptySet(); private Set<String> allZonePersons = Collections.emptySet();
@@ -1269,6 +1271,17 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
} }
} }
private void recordParentAssociationAuthoritiesToRezone(String child)
{
if (child != null)
{
List<String> toRezone = AuthorityType.getAuthorityType(child) == AuthorityType.USER
? this.personToRezone
: this.groupToRezone;
toRezone.add(child);
}
}
private void validateGroupParentAssocsToCreate() private void validateGroupParentAssocsToCreate()
{ {
Iterator<Map.Entry<String, Set<String>>> i = this.groupParentAssocsToCreate.entrySet().iterator(); Iterator<Map.Entry<String, Set<String>>> i = this.groupParentAssocsToCreate.entrySet().iterator();
@@ -1432,36 +1445,55 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
String child = entry.getKey(); String child = entry.getKey();
if (!toRetain.contains(child)) if (!toRetain.contains(child))
{ {
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled()) if (!shouldRezone(child))
{ {
if (groupList == null) if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{ {
groupList = new StringBuilder(1024); if (groupList == null)
}
else
{
groupList.setLength(0);
}
for (String parent : entry.getValue())
{
if (groupList.length() > 0)
{ {
groupList.append(", "); groupList = new StringBuilder(1024);
} }
groupList.append('\'').append( else
ChainingUserRegistrySynchronizer.this.authorityService.getShortName(parent)) {
.append('\''); groupList.setLength(0);
}
for (String parent : entry.getValue())
{
if (groupList.length() > 0)
{
groupList.append(", ");
}
groupList.append('\'').append(
ChainingUserRegistrySynchronizer.this.authorityService.getShortName(parent))
.append('\'');
}
ChainingUserRegistrySynchronizer.logger.debug("Ignoring non-existent member '"
+ ChainingUserRegistrySynchronizer.this.authorityService.getShortName(child)
+ "' in groups {" + groupList.toString() + "}");
} }
ChainingUserRegistrySynchronizer.logger.debug("Ignoring non-existent member '" i.remove();
+ ChainingUserRegistrySynchronizer.this.authorityService.getShortName(child) }
+ "' in groups {" + groupList.toString() + "}"); else {
recordParentAssociationAuthoritiesToRezone(child);
} }
i.remove();
} }
} }
} }
private boolean shouldRezone(String authorityName)
{
boolean exists = authorityService.authorityExists(authorityName);
if (exists)
{
Set<String> zones = ChainingUserRegistrySynchronizer.this.authorityService.getAuthorityZones(authorityName);
return isInZone(authorityName, zones, AuthorityService.ZONE_AUTH_ALFRESCO) && !isInZone(authorityName, zones, zoneId);
}
return false;
}
private void processGroups(UserRegistry userRegistry, boolean isFullSync, boolean splitTxns) private void processGroups(UserRegistry userRegistry, boolean isFullSync, boolean splitTxns)
{ {
// MNT-12454 fix. If syncDelete is false, there is no need to pull all users and all groups from LDAP during the full synchronization. // MNT-12454 fix. If syncDelete is false, there is no need to pull all users and all groups from LDAP during the full synchronization.
@@ -1634,6 +1666,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
public void process(Map.Entry<String, Set<String>> entry) throws Throwable public void process(Map.Entry<String, Set<String>> entry) throws Throwable
{ {
maintainAssociationCreations(entry.getKey()); maintainAssociationCreations(entry.getKey());
maintainAssociationCreationsToRezone(entry.getKey());
} }
}, splitTxns); }, splitTxns);
} }
@@ -1667,6 +1700,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
{ {
maintainAssociationDeletions(entry.getKey()); maintainAssociationDeletions(entry.getKey());
maintainAssociationCreations(entry.getKey()); maintainAssociationCreations(entry.getKey());
maintainAssociationCreationsToRezone(entry.getKey());
} }
}, splitTxns); }, splitTxns);
} }
@@ -1742,6 +1776,25 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
} }
} }
} }
private void maintainAssociationCreationsToRezone(String authorityName)
{
boolean isPerson = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER;
List<String> authorities = isPerson ? this.personToRezone : this.groupToRezone;
Map<String, Set<String>> parentAssocsToCreate = isPerson ? this.personParentAssocsToCreate : this.groupParentAssocsToCreate;
if (authorities != null && !authorities.isEmpty() && parentAssocsToCreate.containsKey(authorityName))
{
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
ChainingUserRegistrySynchronizer.logger.debug(
"Changing '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(authorityName)
+ "' to zone '" + zoneId + "'");
}
updateAuthorityZones(authorityName, ChainingUserRegistrySynchronizer.this.authorityService.getAuthorityZones(authorityName), zoneSet);
}
}
} // end of Analyzer class } // end of Analyzer class
// Run the first process the Group Analyzer // Run the first process the Group Analyzer
@@ -1906,6 +1959,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
// create cycles) // create cycles)
groupAnalyzer.maintainAssociationDeletions(personName); groupAnalyzer.maintainAssociationDeletions(personName);
groupAnalyzer.maintainAssociationCreations(personName); groupAnalyzer.maintainAssociationCreations(personName);
groupAnalyzer.maintainAssociationCreationsToRezone(personName);
synchronized (this) synchronized (this)
{ {
@@ -2118,10 +2172,32 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
zonesToAdd.removeAll(oldZones); zonesToAdd.removeAll(oldZones);
if (!zonesToAdd.isEmpty()) if (!zonesToAdd.isEmpty())
{ {
// Prevents the authority from being added to zones where already is
Set<String> currentZones = this.authorityService.getAuthorityZones(authorityName);
if (currentZones != null && !currentZones.isEmpty())
{
zonesToAdd.removeAll(currentZones);
}
this.authorityService.addAuthorityToZones(authorityName, zonesToAdd); this.authorityService.addAuthorityToZones(authorityName, zonesToAdd);
} }
} }
/**
* Checks if the supplied authority is part of a certain zone
*
* @param authorityName
* the name of authority to check
* @param authorityZones
* the zones where authority is
* @param zoneToCheck
* the zone to check
* @return true in case the authority is in supplied zone
*/
private boolean isInZone(String authorityName, Set<String> authorityZones, String zoneToCheck)
{
return authorityName != null && authorityZones != null && zoneToCheck != null && authorityZones.contains(zoneToCheck);
}
@Override @Override
protected void onBootstrap(ApplicationEvent event) protected void onBootstrap(ApplicationEvent event)
{ {