return Result.err(Status.ERR_DependencyExists, sb.toString());
}
- if (move && parent == null) {
- return Result
- .err(Status.ERR_DependencyExists,
- "Cannot move users, roles or permissions - parent is missing.\nDelete dependencies and try again");
- }
- else if (move && parent.type == NsType.COMPANY.type) {
+ if (move && (parent == null || parent.type == NsType.COMPANY.type)) {
return Result
.err(Status.ERR_DependencyExists,
"Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again",
// Attached to any Roles?
if (fullperm.roles != null) {
- if (force) {
+ if (force || fullperm.roles.contains(user+":user")) {
for (String role : fullperm.roles) {
Result<Void> rv = null;
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, q, role);
} else if (!fullperm.roles.isEmpty()) {
return Result
.err(Status.ERR_DependencyExists,
- "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.",
- fullperm.ns, fullperm.type, fullperm.instance, fullperm.action);
+ "Permission [%s] cannot be deleted as it is attached to 1 or more roles.",
+ fullperm.fullPerm());
}
}
Code Review / aaf / authz.git / blobdiff