Search in sources :

Example 1 with Escalation

use of com.tremolosecurity.provisioning.objects.Escalation in project OpenUnison by TremoloSecurity.

the class Approver method updateAllowedApprovals.

public boolean updateAllowedApprovals(Session session, ConfigManager cfg, Map<String, Object> request) throws ProvisioningException, SQLException {
    boolean updateObj = false;
    boolean localFail = false;
    Approvals approvalObj = session.load(Approvals.class, this.id);
    if (!this.failed && this.escalationRules != null && !this.escalationRules.isEmpty()) {
        boolean continueLooking = true;
        for (EscalationRule rule : this.escalationRules) {
            if (!rule.isCompleted() && continueLooking) {
                RunOptions res = rule.shouldExecute(this.getWorkflow().getUser());
                switch(res) {
                    case notReadyYet:
                        continueLooking = false;
                        break;
                    case run:
                        continueLooking = false;
                        this.azRules.clear();
                        this.azRules.addAll(rule.getAzRules());
                        this.approvers = new ArrayList<Approver>();
                        for (AzRule azr : this.azRules) {
                            Approver approver = new Approver();
                            if (azr.getScope() == ScopeType.Filter) {
                                approver.type = ApproverType.Filter;
                            } else if (azr.getScope() == ScopeType.Group) {
                                approver.type = ApproverType.StaticGroup;
                            } else if (azr.getScope() == ScopeType.DN) {
                                approver.type = ApproverType.DN;
                            } else if (azr.getScope() == ScopeType.DynamicGroup) {
                                approver.type = ApproverType.DynamicGroup;
                            } else if (azr.getScope() == ScopeType.Custom) {
                                approver.type = ApproverType.Custom;
                                approver.customAz = azr.getCustomAuthorization();
                            }
                            approver.constraint = azr.getConstraint();
                            setupCustomParameters(approver);
                            this.approvers.add(approver);
                        }
                        if (this.approvers.size() == 0 && this.failOnNoAZ) {
                            this.azRules = this.failureAzRules;
                            this.approvers = new ArrayList<Approver>();
                            for (AzRule azr : this.azRules) {
                                Approver approver = new Approver();
                                if (azr.getScope() == ScopeType.Filter) {
                                    approver.type = ApproverType.Filter;
                                } else if (azr.getScope() == ScopeType.Group) {
                                    approver.type = ApproverType.StaticGroup;
                                } else if (azr.getScope() == ScopeType.DN) {
                                    approver.type = ApproverType.DN;
                                } else if (azr.getScope() == ScopeType.DynamicGroup) {
                                    approver.type = ApproverType.DynamicGroup;
                                } else if (azr.getScope() == ScopeType.Custom) {
                                    approver.type = ApproverType.Custom;
                                    approver.customAz = azr.getCustomAuthorization();
                                    approver.params = azr.getCustomParameters();
                                }
                                approver.constraint = azr.getConstraint();
                                this.approvers.add(approver);
                            }
                        }
                        updateObj = true;
                        rule.setCompleted(true);
                        Escalation escalation = new Escalation();
                        escalation.setApprovals(approvalObj);
                        escalation.setWhenTs(new Timestamp(new DateTime().getMillis()));
                        session.save(escalation);
                        break;
                    case stopEscalating:
                        continueLooking = false;
                        localFail = true;
                        updateObj = true;
                        break;
                }
            }
        }
    }
    boolean foundApprovers = false;
    Approvals approval = session.load(Approvals.class, this.id);
    if (!session.isJoinedToTransaction()) {
        session.beginTransaction();
    }
    for (Approver approver : this.approvers) {
        String constraintRendered = this.renderTemplate(approver.constraint, request);
        String[] localParams = null;
        localParams = renderCustomParameters(request, approver, localParams);
        switch(approver.type) {
            case StaticGroup:
                foundApprovers |= AzUtils.loadStaticGroupApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                break;
            case Filter:
                foundApprovers |= AzUtils.loadFilterApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                break;
            case DN:
                foundApprovers |= AzUtils.loadDNApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                break;
            case Custom:
                foundApprovers |= AzUtils.loadCustomApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false, approver.customAz, localParams);
                break;
        }
    }
    if (!this.failed && (!foundApprovers || localFail)) {
        if (this.failOnNoAZ) {
            this.azRules = this.failureAzRules;
            this.approvers = new ArrayList<Approver>();
            for (AzRule azr : this.azRules) {
                Approver approver = new Approver();
                if (azr.getScope() == ScopeType.Filter) {
                    approver.type = ApproverType.Filter;
                } else if (azr.getScope() == ScopeType.Group) {
                    approver.type = ApproverType.StaticGroup;
                } else if (azr.getScope() == ScopeType.DN) {
                    approver.type = ApproverType.DN;
                } else if (azr.getScope() == ScopeType.DynamicGroup) {
                    approver.type = ApproverType.DynamicGroup;
                } else if (azr.getScope() == ScopeType.Custom) {
                    approver.type = ApproverType.Custom;
                    approver.customAz = azr.getCustomAuthorization();
                    approver.params = azr.getCustomParameters();
                }
                approver.constraint = azr.getConstraint();
                this.approvers.add(approver);
            }
        }
        for (Approver approver : this.approvers) {
            String constraintRendered = this.renderTemplate(approver.constraint, request);
            String[] localParams = null;
            localParams = renderCustomParameters(request, approver, localParams);
            switch(approver.type) {
                case StaticGroup:
                    AzUtils.loadStaticGroupApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                    break;
                case Filter:
                    AzUtils.loadFilterApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                    break;
                case DN:
                    AzUtils.loadDNApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
                    break;
                case Custom:
                    AzUtils.loadCustomApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false, approver.customAz, localParams);
                    break;
            }
        }
        this.failed = true;
    }
    return updateObj;
}
Also used : Escalation(com.tremolosecurity.provisioning.objects.Escalation) VerifyEscalation(com.tremolosecurity.proxy.az.VerifyEscalation) Approvals(com.tremolosecurity.provisioning.objects.Approvals) EscalationRule(com.tremolosecurity.provisioning.util.EscalationRule) AzRule(com.tremolosecurity.proxy.az.AzRule) Timestamp(java.sql.Timestamp) RunOptions(com.tremolosecurity.provisioning.util.EscalationRule.RunOptions) DateTime(org.joda.time.DateTime)

Aggregations

Approvals (com.tremolosecurity.provisioning.objects.Approvals)1 Escalation (com.tremolosecurity.provisioning.objects.Escalation)1 EscalationRule (com.tremolosecurity.provisioning.util.EscalationRule)1 RunOptions (com.tremolosecurity.provisioning.util.EscalationRule.RunOptions)1 AzRule (com.tremolosecurity.proxy.az.AzRule)1 VerifyEscalation (com.tremolosecurity.proxy.az.VerifyEscalation)1 Timestamp (java.sql.Timestamp)1 DateTime (org.joda.time.DateTime)1