252e6116933c7d37d53159c304fdb1e309a97aa1,src/main/java/org/apache/directory/fortress/core/impl/SDUtil.java,SDUtil,validateSSD,#User#Role#,130
Before Change
{
int matchCount;
// get all authorized roles for user
ReviewMgr rMgr = ReviewMgrFactory.createInstance(user.getContextId());
Set<String> rls = rMgr.authorizedRoles(user);
// Need to proceed?
if (!CollectionUtils.isNotEmpty( rls ))
{
return;
}
// get all SSD sets that contain the new role
List<SDSet> ssdSets = getSsdCache(role.getName(), user.getContextId());
for (SDSet ssd : ssdSets)
{
matchCount = 0;
Set<String> map = ssd.getMembers();
// iterate over every authorized role for user:
for (String authRole : rls)
{
// is there a match found between authorized role and SSD set's members?
if (map.contains(authRole))
{
matchCount++;
// does the match count exceed the cardinality allowed for this particular SSD set?
if (matchCount >= ssd.getCardinality() - 1)
{
String error = "validateSSD new role [" + role.getName() + "] validates SSD Set Name:" + ssd.getName() + " Cardinality:" + ssd.getCardinality();
throw new SecurityException(GlobalErrIds.SSD_VALIDATION_FAILED, error);
}
}
After Change
throws SecurityException
{
// get all authorized roles for user
String contextId = user.getContextId();
ReviewMgr rMgr = ReviewMgrFactory.createInstance( contextId );
Set<String> rls = rMgr.authorizedRoles( user );