SAK-29155 Cleanup empty realms when no longer needed.

If a realm being edited doesn’t have any permissions of users against it then it can be removed as it’s not granting anything.
warpwire · Mar 13, 2015 · daf17a6 · daf17a6
1 parent b5ea27a
commit daf17a6
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java b/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java
@@ -531,7 +531,13 @@ public void doSave(RunData data)
 			// commit the change
 			try
 			{
-				AuthzGroupService.save(edit);
+				removeEmptyRoles(edit);
+
+				if (hasNothingSet(edit)) {
+					AuthzGroupService.removeAuthzGroup(edit);
+				} else {
+					AuthzGroupService.save(edit);
+				}
 			}
 			catch (GroupNotDefinedException e)
 			{
@@ -547,6 +553,26 @@ public void doSave(RunData data)
 		cleanupState(state);
 	}
 
+	/**
+	 * Removes all the roles in an AuthzGroup that don't have any permissions set on them.
+	 * @param edit The AuthzGroup to cleanup.
+	 */
+	private void removeEmptyRoles(AuthzGroup edit) {
+		for (Role role : edit.getRoles()) {
+			if(role.getAllowedFunctions().isEmpty()) {
+				edit.removeRole(role.getId());
+			}
+		}
+	}
+
+	/**
+	 * @param edit The AuthzGroup to check.
+	 * @return <code>true</code> if there are no roles and no members in this AuthzGroup.
+	 */
+	private boolean hasNothingSet(AuthzGroup edit) {
+		return edit.getRoles().isEmpty() && edit.getMembers().isEmpty();
+	}
+
 	/**
 	 * Handle the eventSubmit_doCancel command to abort the edits.
 	 */