Examples with IdmRoleGuaranteeFilter eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter used on opensource projects

Example 6 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class IdentityDeleteProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    UUID identityId = identity.getId();
    Assert.notNull(identityId, "Identity ID is required!");
    boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
    // 
    // delete contract slices
    IdmContractSliceFilter sliceFilter = new IdmContractSliceFilter();
    sliceFilter.setIdentity(identityId);
    contractSliceService.find(sliceFilter, null).forEach(guarantee -> {
        contractSliceService.delete(guarantee);
    });
    // delete contract slice guarantees
    IdmContractSliceGuaranteeFilter sliceGuaranteeFilter = new IdmContractSliceGuaranteeFilter();
    sliceGuaranteeFilter.setGuaranteeId(identityId);
    contractSliceGuaranteeService.find(sliceGuaranteeFilter, null).forEach(guarantee -> {
        contractSliceGuaranteeService.delete(guarantee);
    });
    // 
    // contracts
    identityContractService.findAllByIdentity(identityId).forEach(identityContract -> {
        // when identity is deleted, then HR processes has to be skipped (prevent to update deleted identity, when contract is removed)
        Map<String, Serializable> properties = new HashMap<>();
        properties.put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
        // propagate force attribute
        properties.put(PROPERTY_FORCE_DELETE, forceDelete);
        // prepare event
        IdentityContractEvent contractEvent = new IdentityContractEvent(IdentityContractEventType.DELETE, identityContract, properties);
        contractEvent.setPriority(PriorityType.HIGH);
        // 
        identityContractService.publish(contractEvent);
    });
    // delete contract guarantees
    IdmContractGuaranteeFilter filter = new IdmContractGuaranteeFilter();
    filter.setGuaranteeId(identityId);
    contractGuaranteeService.find(filter, null).forEach(guarantee -> {
        contractGuaranteeService.delete(guarantee);
    });
    // remove role guarantee
    IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
    roleGuaranteeFilter.setGuarantee(identityId);
    roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeService.delete(roleGuarantee);
    });
    // remove password
    passwordProcessor.deletePassword(identity);
    // delete password history for identity
    passwordHistoryService.deleteAllByIdentity(identityId);
    // disable related tokens - tokens has to be disabled to prevent their usage (when tokens are deleted, then token is recreated)
    tokenManager.disableTokens(identity);
    // 
    // delete all identity's profiles
    IdmProfileFilter profileFilter = new IdmProfileFilter();
    profileFilter.setIdentityId(identityId);
    profileService.find(profileFilter, null).forEach(profile -> {
        profileService.delete(profile);
    });
    // remove all IdentityRoleValidRequest for this identity
    List<IdmIdentityRoleValidRequestDto> validRequests = identityRoleValidRequestService.findAllValidRequestForIdentityId(identityId);
    identityRoleValidRequestService.deleteAll(validRequests);
    // 
    // delete all identity's delegations - delegate
    IdmDelegationDefinitionFilter delegationFilter = new IdmDelegationDefinitionFilter();
    delegationFilter.setDelegateId(identityId);
    delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
        delegationDefinitionService.delete(delegation);
    });
    // 
    // delete all identity's delegations - delegator
    delegationFilter = new IdmDelegationDefinitionFilter();
    delegationFilter.setDelegatorId(identityId);
    delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
        delegationDefinitionService.delete(delegation);
    });
    // deletes identity
    if (forceDelete) {
        LOG.debug("Identity [{}] should be deleted by caller after all asynchronus processes are completed.", identityId);
        // 
        // dirty flag only - will be processed after asynchronous events ends
        IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
        stateDeleted.setEvent(event.getId());
        stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
        entityStateManager.saveState(identity, stateDeleted);
        // 
        // set disabled (automatically)
        identity.setState(IdentityState.DISABLED);
        service.saveInternal(identity);
    } else {
        // delete all role requests where is this identity applicant
        IdmRoleRequestFilter roleRequestFilter = new IdmRoleRequestFilter();
        roleRequestFilter.setApplicantId(identityId);
        roleRequestService.find(roleRequestFilter, null).forEach(request -> {
            roleRequestService.delete(request);
        });
        // 
        service.deleteInternal(identity);
    }
    return new DefaultEventResult<>(event, this);
}

Example 7 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class RoleGuaranteeEvaluator method getPermissions.

@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
    Set<String> permissions = super.getPermissions(entity, policy);
    if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
        return permissions;
    }
    // 
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
    filter.setRole(entity.getId());
    filter.setGuarantee(securityService.getCurrentId());
    // by identity
    if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
        permissions.addAll(policy.getPermissions());
        return permissions;
    }
    // 
    // by role
    IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
    filterRole.setRole(entity.getId());
    Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
    // TODO: create some subquery ...
    if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
        permissions.addAll(policy.getPermissions());
    }
    // 
    return permissions;
}

Example 8 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleGuaranteeService method findByRole.

@Override
@Transactional(readOnly = true)
public Page<IdmRoleGuaranteeDto> findByRole(UUID roleId, Pageable pageable, BasePermission... permission) {
    Assert.notNull(roleId, "Role identifier is required.");
    // 
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
    filter.setRole(roleId);
    // 
    return find(filter, pageable, permission);
}

Example 9 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class ExternalCodeableFilterBuilderIntegrationTest method testTryFindNotExternalCodeentifiableEntity.

@Test(expected = EntityTypeNotExternalCodeableException.class)
public void testTryFindNotExternalCodeentifiableEntity() {
    MultiValueMap<String, Object> params = new LinkedMultiValueMap<>();
    params.set(ExternalCodeable.PROPERTY_EXTERNAL_CODE, "wrong");
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter(params);
    roleGuaranteeService.find(filter, null);
}

Example 10 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class RequestManagerTest method testFind.

@Test
public void testFind() {
    // Create role
    IdmRoleDto role = getHelper().createRole();
    // Create guarantee One
    IdmIdentityDto guaranteeOne = getHelper().createIdentity();
    IdmRoleGuaranteeDto roleGuaranteeOne = getHelper().createRoleGuarantee(role, guaranteeOne);
    IdmRoleGuaranteeFilter guaranteeFilter = new IdmRoleGuaranteeFilter();
    guaranteeFilter.setRole(role.getId());
    Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
    // Create request
    IdmRequestDto request = requestManager.createRequest(role);
    Assert.assertNotNull(request);
    List<IdmRoleGuaranteeDto> guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guarantees.size());
    // Create guarantee
    IdmIdentityDto guarantee = getHelper().createIdentity();
    IdmRoleGuaranteeDto roleGuaranteeTwo = new IdmRoleGuaranteeDto();
    roleGuaranteeTwo.setRole(role.getId());
    roleGuaranteeTwo.setGuarantee(guarantee.getId());
    IdmRoleGuaranteeDto requestablePost = requestManager.post(request.getId(), roleGuaranteeTwo);
    IdmRequestItemDto changeRequestItem = DtoUtils.getEmbedded(requestablePost, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
    Assert.assertEquals(RequestOperationType.ADD, changeRequestItem.getOperation());
    // Find via standard service returns still only one result
    Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
    // Find via request manager returns two results
    guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(2, guarantees.size());
    // Create new request
    IdmRequestDto requestTwo = requestManager.createRequest(role);
    Assert.assertNotNull(requestTwo);
    guarantees = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guarantees.size());
    // Change the role-guarantee (use new guarantee)
    IdmIdentityDto guaranteeTwo = getHelper().createIdentity();
    roleGuaranteeOne.setGuarantee(guaranteeTwo.getId());
    IdmRoleGuaranteeDto roleGuaranteeOneRequest = requestManager.post(requestTwo.getId(), roleGuaranteeOne);
    changeRequestItem = DtoUtils.getEmbedded(roleGuaranteeOneRequest, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
    Assert.assertEquals(RequestOperationType.UPDATE, changeRequestItem.getOperation());
    // Role guarantee One are equals (same ID), but must have different guarantee
    IdmRoleGuaranteeDto currentRoleGuaranteeOne = roleGuaranteeService.get(roleGuaranteeOne);
    Assert.assertEquals(currentRoleGuaranteeOne, roleGuaranteeOneRequest);
    Assert.assertNotEquals(currentRoleGuaranteeOne.getGuarantee(), roleGuaranteeOneRequest.getGuarantee());
    guarantees = roleGuaranteeService.find(guaranteeFilter, null).getContent();
    // Find via standard service returns still only one result
    Assert.assertEquals(1, guarantees.size());
    // Find via request manager returns one result too (item was only updated in the
    // request)
    List<IdmRoleGuaranteeDto> guaranteesRequest = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guaranteesRequest.size());
    // Role guarantee One are equals (same ID), but must have different guarantee
    Assert.assertEquals(guarantees.get(0), guaranteesRequest.get(0));
    Assert.assertNotEquals(guarantees.get(0).getGuarantee(), guaranteesRequest.get(0).getGuarantee());
}