Examples with IdmIdentityContractDto eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto used on opensource projects

Example 1 with IdmIdentityContractDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto in project CzechIdMng by bcvsolutions.

the class IdentityRolePublishChangeProcessor method setAdditionalEventProperties.

@Override
protected EntityEvent<IdmIdentityRoleDto> setAdditionalEventProperties(EntityEvent<IdmIdentityRoleDto> event) {
    event = super.setAdditionalEventProperties(event);
    // we need to set super entity owner - identity roles should not be processed concurrently for given identity
    // TODO: can be removed, if account management can be executed concurrently for given identity
    IdmIdentityContractDto identityContract = DtoUtils.getEmbedded(event.getContent(), IdmIdentityRole_.identityContract, IdmIdentityContractDto.class, null);
    if (identityContract == null) {
        identityContract = (IdmIdentityContractDto) lookupService.lookupDto(IdmIdentityContractDto.class, event.getContent().getIdentityContract());
    }
    event.getProperties().put(EntityEventManager.EVENT_PROPERTY_SUPER_OWNER_ID, identityContract.getIdentity());
    // 
    return event;
}

Example 2 with IdmIdentityContractDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleAttributeService method processAutomaticRolesForContract.

@Override
public void processAutomaticRolesForContract(UUID contractId, Set<AbstractIdmAutomaticRoleDto> passedAutomaticRoles, Set<AbstractIdmAutomaticRoleDto> notPassedAutomaticRoles) {
    // Assign new passed automatic roles (assign to default contract)
    IdmIdentityContractDto contract = identityContractService.get(contractId);
    // 
    if (contract == null) {
        LOG.debug(MessageFormat.format("Contract id [{0}] not found.", contractId));
        return;
    }
    // TODO: this behavior can be optimalized by add it into query
    if (!contract.isValidNowOrInFuture() || contract.getState() == ContractState.DISABLED) {
        // null all new passed automatic roles
        passedAutomaticRoles = null;
    }
    // 
    // find all automatic roles for identity
    IdmIdentityRoleFilter roleIdentityFilter = new IdmIdentityRoleFilter();
    roleIdentityFilter.setIdentityContractId(contractId);
    roleIdentityFilter.setAutomaticRole(Boolean.TRUE);
    // 
    if (passedAutomaticRoles != null && !passedAutomaticRoles.isEmpty()) {
        this.addAutomaticRoles(contract, passedAutomaticRoles);
    }
    // 
    if (notPassedAutomaticRoles != null && !notPassedAutomaticRoles.isEmpty()) {
        this.removeAutomaticRoles(contract.getId(), notPassedAutomaticRoles);
    }
}

Example 3 with IdmIdentityContractDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto in project CzechIdMng by bcvsolutions.

the class IdmIdentityContractController method saveFormValues.

/**
 * Saves entity's form values
 *
 * @param backendId
 * @param formValues
 * @return
 */
@ResponseBody
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITYCONTRACT_UPDATE + "')")
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.POST)
@ApiOperation(value = "Identity contract form definition - save values", nickname = "postIdentityContractFormValues", tags = { IdmIdentityContractController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }) })
public Resource<?> saveFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode, @ApiParam(value = "Filled form data.", required = true) @RequestBody @Valid List<IdmFormValueDto> formValues) {
    IdmIdentityContractDto dto = getDto(backendId);
    if (dto == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    checkAccess(dto, IdmBasePermission.UPDATE);
    // 
    IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentityContract.class, definitionCode);
    // 
    return formDefinitionController.saveFormValues(dto, formDefinition, formValues);
}

Example 4 with IdmIdentityContractDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto in project CzechIdMng by bcvsolutions.

the class ProcessAllAutomaticRoleByAttributeTaskExecutor method processAutomaticRoleForContract.

/**
 * Start recalculation for automatic role
 *
 * @param automaticRolAttributeDto
 */
private void processAutomaticRoleForContract(IdmAutomaticRoleAttributeDto automaticRolAttributeDto) {
    UUID automaticRoleId = automaticRolAttributeDto.getId();
    Set<AbstractIdmAutomaticRoleDto> automaticRoleSet = new HashSet<AbstractIdmAutomaticRoleDto>();
    automaticRoleSet.add(automaticRolAttributeDto);
    // 
    // process contracts
    Page<UUID> newPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, true, new PageRequest(0, DEFAULT_PAGE_SIZE_PAGE_SIZE_IDENTITIES));
    Page<UUID> newNotPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, false, new PageRequest(0, DEFAULT_PAGE_SIZE_PAGE_SIZE_IDENTITIES));
    // 
    boolean canContinue = true;
    while (canContinue) {
        for (UUID contractId : newPassedContracts) {
            IdmIdentityContractDto contract = identityContractService.get(contractId);
            // check for contract validity
            if (contract.getState() == ContractState.DISABLED || !contract.isValidNowOrInFuture()) {
                continue;
            }
            // 
            automaticRoleAttributeService.addAutomaticRoles(contract, automaticRoleSet);
            canContinue = updateState();
            if (!canContinue) {
                break;
            }
        }
        if (newPassedContracts.hasNext()) {
            newPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, true, newPassedContracts.nextPageable());
        } else {
            break;
        }
    }
    // 
    while (canContinue) {
        for (UUID contractId : newNotPassedContracts) {
            IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
            filter.setIdentityContractId(contractId);
            filter.setAutomaticRoleId(automaticRoleId);
            List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(filter, null).getContent();
            for (IdmIdentityRoleDto identityRole : identityRoles) {
                automaticRoleAttributeService.removeAutomaticRoles(identityRole);
            }
            canContinue = updateState();
            if (!canContinue) {
                break;
            }
        }
        if (newNotPassedContracts.hasNext()) {
            newNotPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, false, newNotPassedContracts.nextPageable());
        } else {
            break;
        }
    }
}

Example 5 with IdmIdentityContractDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto in project CzechIdMng by bcvsolutions.

the class IdentityRoleSaveProvisioningProcessor method process.

@Override
public EventResult<IdmIdentityRoleDto> process(EntityEvent<IdmIdentityRoleDto> event) {
    IdmIdentityRoleDto identityRole = event.getContent();
    IdmIdentityContractDto identityContract = identityContractService.get(identityRole.getIdentityContract());
    IdmIdentityDto identity = DtoUtils.getEmbedded(identityContract, IdmIdentityContract_.identity, IdmIdentityDto.class);
    // 
    // TODO: full account management should be moved into NOTIFY on identity => super owner id can be removed then in IdentityRolePublishChangeProcessor
    // all identity roles are processed now => doesn't support concurrency - duplicate accounts can be created now (ux constraint ex. is thrown)
    LOG.debug("Call account management for identity [{}]", identity.getUsername());
    provisioningService.accountManagement(identity);
    LOG.debug("Register change for identity [{}]", identity.getUsername());
    entityEventManager.changedEntity(identity, event);
    // 
    return new DefaultEventResult<>(event, this);
}