Example 6 with AbstractAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication in project CzechIdMng by bcvsolutions.
the class RoleGuaranteeEvaluator method getPredicate.
@Override
public Predicate getPredicate(Root<IdmRole> root, CriteriaQuery<?> query, CriteriaBuilder builder, AuthorizationPolicy policy, BasePermission... permission) {
AbstractAuthentication authentication = securityService.getAuthentication();
if (authentication == null || authentication.getCurrentIdentity() == null) {
return null;
}
//
if (hasPermission(policy, permission)) {
//
// by identity
Subquery<IdmRoleGuarantee> subquery = query.subquery(IdmRoleGuarantee.class);
Root<IdmRoleGuarantee> subRoot = subquery.from(IdmRoleGuarantee.class);
subquery.select(subRoot);
subquery.where(builder.and(// correlation attr
builder.equal(subRoot.get(IdmRoleGuarantee_.role), root), builder.equal(subRoot.get(IdmRoleGuarantee_.guarantee).get(AbstractEntity_.id), authentication.getCurrentIdentity().getId())));
//
// by role - currently logged identity has a role
Subquery<IdmRoleGuaranteeRole> subqueryGuaranteeRole = query.subquery(IdmRoleGuaranteeRole.class);
Root<IdmRoleGuaranteeRole> subRootGuaranteeRole = subqueryGuaranteeRole.from(IdmRoleGuaranteeRole.class);
subqueryGuaranteeRole.select(subRootGuaranteeRole);
//
// assigned roles
Subquery<IdmRole> subqueryIdentityRole = query.subquery(IdmRole.class);
Root<IdmIdentityRole> subrootIdentityRole = subqueryIdentityRole.from(IdmIdentityRole.class);
subqueryIdentityRole.select(subrootIdentityRole.get(IdmIdentityRole_.role));
final LocalDate today = LocalDate.now();
subqueryIdentityRole.where(builder.and(builder.equal(subrootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), authentication.getCurrentIdentity().getId()), RepositoryUtils.getValidPredicate(subrootIdentityRole, builder, today), RepositoryUtils.getValidPredicate(subrootIdentityRole.get(IdmIdentityRole_.identityContract), builder, today), builder.equal(subrootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.disabled), Boolean.FALSE)));
//
subqueryGuaranteeRole.where(builder.and(// correlation attr
builder.equal(subRootGuaranteeRole.get(IdmRoleGuaranteeRole_.role), root), subRootGuaranteeRole.get(IdmRoleGuaranteeRole_.guaranteeRole).in(subqueryIdentityRole)));
//
return builder.or(builder.exists(subquery), builder.exists(subqueryGuaranteeRole));
}
return null;
}
Also used :
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)
IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
LocalDate(java.time.LocalDate)
Example 7 with AbstractAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication in project CzechIdMng by bcvsolutions.
the class IdmAuditListener method changeRevisionDto.
private void changeRevisionDto(Class<AbstractEntity> entityClass, String entityName, UUID entityId, IdmAuditDto revisionEntity, RevisionType revisionType) {
// List<String> changedColumns;
// name of entity class - full name.
revisionEntity.setType(entityName);
// revision type - MOD, DEL, ADD
revisionEntity.setModification(revisionType.name());
// action executer identity
AbstractAuthentication authentication = securityService.getAuthentication();
IdmIdentityDto currentModifierIdentity = authentication == null ? null : authentication.getCurrentIdentity();
IdmIdentityDto originalModifierIdentity = authentication == null ? null : authentication.getOriginalIdentity();
//
revisionEntity.setModifier(securityService.getUsername());
revisionEntity.setModifierId(currentModifierIdentity == null ? null : currentModifierIdentity.getId());
// original action executer identity (before switch)
revisionEntity.setOriginalModifier(securityService.getOriginalUsername());
revisionEntity.setOriginalModifierId(originalModifierIdentity == null ? null : originalModifierIdentity.getId());
// entity id
revisionEntity.setEntityId((UUID) entityId);
//
// get entity in new transaction if revision type is delete
AbstractEntity currentEntity = null;
if (revisionType == RevisionType.DEL) {
currentEntity = auditService.getActualRemovedEntity(entityClass, entityId);
} else {
currentEntity = (AbstractEntity) entityManger.find(entityClass, entityId);
}
//
if (currentEntity instanceof AuditSearchable) {
AuditSearchable searchableEntity = ((AuditSearchable) currentEntity);
revisionEntity.setOwnerCode(searchableEntity.getOwnerCode());
revisionEntity.setOwnerId(searchableEntity.getOwnerId());
revisionEntity.setOwnerType(searchableEntity.getOwnerType());
revisionEntity.setSubOwnerCode(searchableEntity.getSubOwnerCode());
revisionEntity.setSubOwnerId(searchableEntity.getSubOwnerId());
revisionEntity.setSubOwnerType(searchableEntity.getSubOwnerType());
} else if (currentEntity instanceof Codeable) {
revisionEntity.setOwnerCode(((Codeable) currentEntity).getCode());
}
// transaction id
revisionEntity.setTransactionId(TransactionContextHolder.getContext().getTransactionId());
}
Also used :
AuditSearchable(eu.bcvsolutions.idm.core.api.domain.AuditSearchable)
Codeable(eu.bcvsolutions.idm.core.api.domain.Codeable)
AbstractEntity(eu.bcvsolutions.idm.core.api.entity.AbstractEntity)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Example 8 with AbstractAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication in project CzechIdMng by bcvsolutions.
the class AuditableListener method onPreUpdate.
@Override
public boolean onPreUpdate(PreUpdateEvent event) {
if (event.getEntity() instanceof Auditable) {
DateTime date = new DateTime();
Auditable entity = (Auditable) event.getEntity();
//
setValue(event.getState(), event, Auditable.PROPERTY_MODIFIED, date);
entity.setModified(date);
//
AbstractAuthentication authentication = securityService.getAuthentication();
//
IdmIdentityDto currentIdentity = authentication == null ? null : authentication.getCurrentIdentity();
IdmIdentityDto originalIdentity = authentication == null ? null : authentication.getOriginalIdentity();
//
String modifier = currentIdentity == null ? securityService.getUsername() : currentIdentity.getUsername();
setValue(event.getState(), event, Auditable.PROPERTY_MODIFIER, modifier);
entity.setModifier(modifier);
//
UUID modifierId = currentIdentity == null ? null : currentIdentity.getId();
setValue(event.getState(), event, Auditable.PROPERTY_MODIFIER_ID, modifierId);
entity.setModifierId(modifierId);
// could be filled in wf (applicant) ...
if (entity.getOriginalModifier() == null) {
String originalModifier = originalIdentity == null ? null : originalIdentity.getUsername();
setValue(event.getState(), event, Auditable.PROPERTY_ORIGINAL_MODIFIER, originalModifier);
entity.setOriginalModifier(originalModifier);
//
UUID originalModifierId = originalIdentity == null ? null : originalIdentity.getId();
setValue(event.getState(), event, Auditable.PROPERTY_ORIGINAL_MODIFIER_ID, originalModifierId);
entity.setOriginalModifierId(originalModifierId);
}
}
return false;
}
Also used :
Auditable(eu.bcvsolutions.idm.core.api.domain.Auditable)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
UUID(java.util.UUID)
DateTime(org.joda.time.DateTime)
Example 9 with AbstractAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication in project CzechIdMng by bcvsolutions.
the class RequestByOwnerEvaluator method getPredicate.
@Override
public Predicate getPredicate(Root<IdmRequest> root, CriteriaQuery<?> query, CriteriaBuilder builder, AuthorizationPolicy policy, BasePermission... permission) {
AbstractAuthentication authentication = securityService.getAuthentication();
if (authentication == null || authentication.getCurrentIdentity() == null) {
return null;
}
// by IdmRole
Subquery<IdmRole> roleSubquery = query.subquery(IdmRole.class);
Root<IdmRole> subRoot = roleSubquery.from(IdmRole.class);
Predicate rolePredicate = authorizationManager.getPredicate(subRoot, query, builder, permission);
roleSubquery.select(subRoot);
roleSubquery.where(builder.and(builder.equal(subRoot.get(IdmRole_.id), root.get(IdmRequest_.ownerId)), rolePredicate));
return builder.or(builder.exists(roleSubquery));
}
Also used :
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
Predicate(javax.persistence.criteria.Predicate)
Example 10 with AbstractAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication in project CzechIdMng by bcvsolutions.
the class AuditableEntityListener method touchForUpdate.
/**
* Sets modification date and modifier on the target object in case it implements {@link Auditable} on
* update events.
*
* @param target
*/
@PreUpdate
public void touchForUpdate(Object target) {
if (!(target instanceof Auditable)) {
return;
}
//
AutowireHelper.autowire(this, this.securityService);
//
ZonedDateTime date = ZonedDateTime.now();
Auditable entity = (Auditable) target;
//
entity.setModified(date);
//
AbstractAuthentication authentication = securityService.getAuthentication();
//
IdmIdentityDto currentIdentity = authentication == null ? null : authentication.getCurrentIdentity();
IdmIdentityDto originalIdentity = authentication == null ? null : authentication.getOriginalIdentity();
//
String modifier = currentIdentity == null ? securityService.getUsername() : currentIdentity.getUsername();
entity.setModifier(modifier);
//
UUID modifierId = currentIdentity == null ? null : currentIdentity.getId();
entity.setModifierId(modifierId);
//
String originalModifier = originalIdentity == null ? null : originalIdentity.getUsername();
entity.setOriginalModifier(originalModifier);
UUID originalModifierId = originalIdentity == null ? null : originalIdentity.getId();
entity.setOriginalModifierId(originalModifierId);
//
// set transaction id from context holder
entity.setTransactionId(TransactionContextHolder.getContext().getTransactionId());
}
Also used :
Auditable(eu.bcvsolutions.idm.core.api.domain.Auditable)
ZonedDateTime(java.time.ZonedDateTime)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
UUID(java.util.UUID)
PreUpdate(javax.persistence.PreUpdate)
Aggregations
AbstractAuthentication (eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)12
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)8
Auditable (eu.bcvsolutions.idm.core.api.domain.Auditable)4
UUID (java.util.UUID)4
AuditSearchable (eu.bcvsolutions.idm.core.api.domain.AuditSearchable)2
Codeable (eu.bcvsolutions.idm.core.api.domain.Codeable)2
AbstractEntity (eu.bcvsolutions.idm.core.api.entity.AbstractEntity)2
IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)2
AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)2
ZonedDateTime (java.time.ZonedDateTime)2
DateTime (org.joda.time.DateTime)2
Test (org.junit.Test)2
IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)1
IdmRoleGuarantee (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)1
IdmRoleGuaranteeRole (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)1
LocalDate (java.time.LocalDate)1
PrePersist (javax.persistence.PrePersist)1
PreUpdate (javax.persistence.PreUpdate)1
Predicate (javax.persistence.criteria.Predicate)1
Transactional (org.springframework.transaction.annotation.Transactional)1
