public class AdminWebauthAction extends FessAdminAction {

    /**
     * Default constructor.
     */
    public AdminWebauthAction() {
        super();
    }

    /** Role name for admin web auth operations */
    public static final String ROLE = "admin-webauth";

    private static final Logger logger = LogManager.getLogger(AdminWebauthAction.class);

public class AdminSearchlistAction extends FessAdminAction {

    /**
     * Default constructor.
     */
    public AdminSearchlistAction() {
        super();
    }

    /** Role name for admin search list operations */
    public static final String ROLE = "admin-searchlist";

    // ===================================================================================
    // Constant
    //

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.api.admin.role;

import org.codelibs.fess.app.web.admin.role.CreateForm;

/**
 * Request body for creating role via REST API.
 * Extends CreateForm to inherit validation and field definitions.
 */
public class CreateBody extends CreateForm {

    /**

    }

    @Override
    protected String getActionRole() {
        return ROLE;
    }

    /**
     * Displays the storage management index page.
     *
     * @return HTML response for the storage list page
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse index() {
        saveToken();
        return asListHtml(StringUtil.EMPTY);
    }

#### Adding 'admin' Role

- Go to Roles
  - Add new Role `admin` with Description `${role_admin}`.
  - Add this Role into compositive role named `default-roles-{realm}` - `{realm}` should be replaced with whatever realm you created from `prerequisites` section. This role is automatically trusted in the 'Service Accounts' tab.

- Check that `account` client_id has the role 'admin' assigned in the "Service Account Roles" tab.

 */
package org.codelibs.fess.app.web.api.admin.role;

import org.codelibs.fess.app.web.api.admin.BaseSearchBody;

/**
 * Search request body for role administration API.
 */
public class SearchBody extends BaseSearchBody {

    /**
     * Default constructor.
     */
    public SearchBody() {
        super();
    }

    /** Role ID */
    public String id;

    /**
     * Default constructor for AdminMaintenanceAction.
     */
    public AdminMaintenanceAction() {
        super();
    }

    /**
     * Role identifier for admin maintenance operations.
     */
    public static final String ROLE = "admin-maintenance";

    // ===================================================================================

        assertNull(permissionHelper.encode("{role}\n"));
        assertNull(permissionHelper.encode("(allow){user}  "));
        assertNull(permissionHelper.encode("(deny){group}\t\n"));
    }

    public void test_encode_decode_symmetry() {
        String[] testValues =
                { "guest", "{user}guest", "{group}guest", "{role}guest", "(deny){user}guest", "(deny){group}guest", "(deny){role}guest" };

# Whether to use samAccountName for LDAP group.
ldap.samaccountname.group=false

# Whether LDAP role search for user is enabled.
ldap.role.search.user.enabled=true
# Whether LDAP role search for group is enabled.
ldap.role.search.group.enabled=true
# Whether LDAP role search for role is enabled.
ldap.role.search.role.enabled=true

# LDAP attribute for surname.
ldap.attr.surname=sn
# LDAP attribute for given name.

    /**
     * Checks if the current user has the specified action role or administrative privileges.
     *
     * @param role the role to check (supports both view and edit variants)
     * @return true if the user has the role or admin privileges, false otherwise
     */
    public static boolean hasActionRole(final String role) {
        final String[] roles;
        if (role.endsWith(FessAdminAction.VIEW)) {