|
(Added in evaluate script step version of AHPSCRIPTS-109)
|
(Adding in script to work with environments & all roles now)
|
| Line 1316: | |||
| uow.commitAndClose();</pre> | uow.commitAndClose();</pre> | ||
| + | = Give All Roles Read Permission to All Environments = | ||
| + | *Here's an example of how to use the remoting library to make mass security changes. Naturally, you'll need to run this script with permissions that can see every environment and every role (so admin would probably be the best user). For teams that find the new agent security in 3.5 annoying, this can be a great way to open up the permissions to those agents. All roles get read permissions to every agent, the "Build Master" role also gets "write" permissions to every agent. | ||
| + | * Tested on 3.8.7 | ||
| + | <pre>import com.urbancode.anthill3.main.client.AnthillClient; | ||
| + | import com.urbancode.anthill3.persistence.UnitOfWork; | ||
| + | import com.urbancode.anthill3.domain.authentication.*; | ||
| + | import com.urbancode.anthill3.domain.security.*; | ||
| + | import com.urbancode.anthill3.domain.servergroup.*; | ||
| + | import java.util.*; | ||
| + | String serverHost = "localhost"; | ||
| + | int serverPort = 4567; | ||
| + | String userName = "admin"; | ||
| + | String password = "admin"; | ||
| + | // obtain connection to the Anthill server | ||
| + | AnthillClient anthill = AnthillClient.connect(serverHost, serverPort, | ||
| + | userName, password); | ||
| + | // create a Unit of Work | ||
| + | UnitOfWork uow = anthill.createUnitOfWork(); | ||
| + | serverGroupArray = ServerGroupFactory.getInstance().restoreAll(); | ||
| + | allRolesArray = RoleFactory.getInstance().restoreAllActive(); | ||
| + | for (ServerGroup serverGroup: serverGroupArray) { | ||
| + | boolean buildMasterHasWrite = false; | ||
| + | resource = ResourceFactory.getInstance().restoreForPersistent(serverGroup); | ||
| + | |||
| + | // Determine roles don't have read access to serverGroup | ||
| + | HashSet roleWithoutReadPermSet = new HashSet(); | ||
| + | roleWithoutReadPermSet.addAll(Arrays.asList(allRolesArray)); | ||
| + | Permission[] permissions = PermissionFactory.getInstance().restoreAllForResource(resource); | ||
| + | for (Permission permission : permissions) { | ||
| + | Role role = permission.getRole(); | ||
| + | action = permission.getAction(); | ||
| + | if (!role.isUserRole() && role.isActive() && action.equals("read")) { | ||
| + | roleWithoutReadPermSet.remove(role); | ||
| + | } | ||
| + | else if (role.isUserRole() || !role.isActive()) { | ||
| + | roleWithoutReadPermSet.remove(role); | ||
| + | } | ||
| + | else if (role.getName().equals("Build Master") && action.equals("write")) { | ||
| + | buildMasterHasWrite = true; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | // Create the missing Read Permissions | ||
| + | Iterator roleItr = roleWithoutReadPermSet.iterator(); | ||
| + | while (roleItr.hasNext()) { | ||
| + | Role role = roleItr.next(); | ||
| + | p = new Permission(resource, "read", role); | ||
| + | p.store(); | ||
| + | } | ||
| + | |||
| + | // Give Build Master Write Permission | ||
| + | if (!buildMasterHasWrite) { | ||
| + | Role bmRole = RoleFactory.getInstance().restoreForName("Build Master"); | ||
| + | p = new Permission(resource, "write", bmRole); | ||
| + | p.store(); | ||
| + | } | ||
| + | } | ||
| + | print("Committing Changes"); | ||
| + | uow.commitAndClose();</pre> | ||
| = Give All Roles Read Permission to All Environment Groups = | = Give All Roles Read Permission to All Environment Groups = | ||
