From daf17a66748302d632188b6402a8016192bfb2b8 Mon Sep 17 00:00:00 2001 From: Ben Holmes Date: Fri, 13 Mar 2015 10:35:51 +0000 Subject: [PATCH] SAK-29155 Cleanup empty realms when no longer needed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a realm being edited doesn’t have any permissions of users against it then it can be removed as it’s not granting anything. --- .../authz/tool/PermissionsHelperAction.java | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java b/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java index 583c5e162cf3..af317d1811cd 100755 --- a/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java +++ b/authz/authz-tool/tool/src/java/org/sakaiproject/authz/tool/PermissionsHelperAction.java @@ -531,7 +531,13 @@ public void doSave(RunData data) // commit the change try { - AuthzGroupService.save(edit); + removeEmptyRoles(edit); + + if (hasNothingSet(edit)) { + AuthzGroupService.removeAuthzGroup(edit); + } else { + AuthzGroupService.save(edit); + } } catch (GroupNotDefinedException e) { @@ -547,6 +553,26 @@ public void doSave(RunData data) cleanupState(state); } + /** + * Removes all the roles in an AuthzGroup that don't have any permissions set on them. + * @param edit The AuthzGroup to cleanup. + */ + private void removeEmptyRoles(AuthzGroup edit) { + for (Role role : edit.getRoles()) { + if(role.getAllowedFunctions().isEmpty()) { + edit.removeRole(role.getId()); + } + } + } + + /** + * @param edit The AuthzGroup to check. + * @return true if there are no roles and no members in this AuthzGroup. + */ + private boolean hasNothingSet(AuthzGroup edit) { + return edit.getRoles().isEmpty() && edit.getMembers().isEmpty(); + } + /** * Handle the eventSubmit_doCancel command to abort the edits. */