Search in sources :

Example 1 with AccUniformPasswordSystem

use of eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountService method toPredicates.

@Override
protected List<Predicate> toPredicates(Root<AccAccount> root, CriteriaQuery<?> query, CriteriaBuilder builder, AccAccountFilter filter) {
    List<Predicate> predicates = super.toPredicates(root, query, builder, filter);
    // full search
    if (StringUtils.isNotEmpty(filter.getText())) {
        predicates.add(// 
        builder.or(builder.like(builder.lower(root.get(AccAccount_.uid)), "%" + filter.getText().toLowerCase() + "%"), builder.like(builder.lower(root.get(AccAccount_.systemEntity).get(SysSystemEntity_.uid)), "%" + filter.getText().toLowerCase() + "%")));
    }
    if (filter.getSystemId() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.system).get(SysSystem_.id), filter.getSystemId()));
    }
    if (filter.getSystemEntityId() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.systemEntity).get(SysSystemEntity_.id), filter.getSystemEntityId()));
    }
    if (filter.getUid() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.uid), filter.getUid()));
    }
    if (filter.getIdentityId() != null || filter.getOwnership() != null) {
        Subquery<AccIdentityAccount> identityAccountSubquery = query.subquery(AccIdentityAccount.class);
        Root<AccIdentityAccount> subRootIdentityAccount = identityAccountSubquery.from(AccIdentityAccount.class);
        identityAccountSubquery.select(subRootIdentityAccount);
        Predicate predicate = builder.and(builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.account), root));
        Predicate identityPredicate = builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.identity).get(IdmIdentity_.id), filter.getIdentityId());
        Predicate ownerPredicate = builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.ownership), filter.getOwnership());
        if (filter.getIdentityId() != null && filter.getOwnership() == null) {
            predicate = builder.and(predicate, identityPredicate);
        } else if (filter.getOwnership() != null && filter.getIdentityId() == null) {
            predicate = builder.and(predicate, ownerPredicate);
        } else {
            predicate = builder.and(predicate, identityPredicate, ownerPredicate);
        }
        identityAccountSubquery.where(predicate);
        predicates.add(builder.exists(identityAccountSubquery));
    }
    if (filter.getAccountType() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.accountType), filter.getAccountType()));
    }
    if (filter.getSupportChangePassword() != null && filter.getSupportChangePassword()) {
        Subquery<SysSystemAttributeMapping> systemAttributeMappingSubquery = query.subquery(SysSystemAttributeMapping.class);
        Root<SysSystemAttributeMapping> subRootSystemAttributeMapping = systemAttributeMappingSubquery.from(SysSystemAttributeMapping.class);
        systemAttributeMappingSubquery.select(subRootSystemAttributeMapping);
        Path<SysSystem> systemPath = root.get(AccAccount_.system);
        Predicate predicate = builder.and(builder.isFalse(systemPath.get(SysSystem_.disabledProvisioning)), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.schemaAttribute).get(// 
        SysSchemaAttribute_.objectClass).get(// 
        SysSchemaObjectClass_.system), systemPath), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.systemMapping).get(SysSystemMapping_.operationType), SystemOperationType.PROVISIONING), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.schemaAttribute).get(SysSchemaAttribute_.name), ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME));
        systemAttributeMappingSubquery.where(predicate);
        predicates.add(builder.exists(systemAttributeMappingSubquery));
    }
    if (filter.getEntityType() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.entityType), filter.getEntityType()));
    }
    if (filter.getInProtection() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.inProtection), filter.getInProtection()));
    }
    if (filter.getUniformPasswordId() != null) {
        Subquery<SysSystem> subquerySystem = query.subquery(SysSystem.class);
        Root<SysSystem> subRootSystem = subquerySystem.from(SysSystem.class);
        subquerySystem.select(subRootSystem);
        Subquery<AccUniformPasswordSystem> subqueryUniformSystem = query.subquery(AccUniformPasswordSystem.class);
        Root<AccUniformPasswordSystem> subRootUniformSystem = subqueryUniformSystem.from(AccUniformPasswordSystem.class);
        subqueryUniformSystem.select(subRootUniformSystem);
        predicates.add(builder.exists(subquerySystem.where(builder.and(// Correlation attribute - connection to system
        builder.equal(root.get(AccAccount_.system), subRootSystem), // Exclude in protection accounts
        builder.isFalse(root.get(AccAccount_.inProtection)), // builder.isFalse(subRootSystem.get(SysSystem_.disabledProvisioning)), // Exclude system with disabled provisioning
        builder.exists(subqueryUniformSystem.where(builder.and(builder.equal(subRootUniformSystem.get(AccUniformPasswordSystem_.system), subRootSystem), builder.equal(subRootUniformSystem.get(AccUniformPasswordSystem_.uniformPassword).get(AbstractEntity_.id), filter.getUniformPasswordId()))))))));
    }
    if (filter.getSupportPasswordFilter() != null) {
        Subquery<SysSystem> subquerySystem = query.subquery(SysSystem.class);
        Root<SysSystem> subRootSystem = subquerySystem.from(SysSystem.class);
        subquerySystem.select(subRootSystem);
        Subquery<SysSchemaObjectClass> subquerySchema = query.subquery(SysSchemaObjectClass.class);
        Root<SysSchemaObjectClass> subRootSchema = subquerySchema.from(SysSchemaObjectClass.class);
        subquerySchema.select(subRootSchema);
        Subquery<SysSystemMapping> subqueryMapping = query.subquery(SysSystemMapping.class);
        Root<SysSystemMapping> subRootMapping = subqueryMapping.from(SysSystemMapping.class);
        subqueryMapping.select(subRootMapping);
        Subquery<SysSystemAttributeMapping> subqueryAttributeMapping = query.subquery(SysSystemAttributeMapping.class);
        Root<SysSystemAttributeMapping> subRootAttributeMapping = subqueryAttributeMapping.from(SysSystemAttributeMapping.class);
        subqueryAttributeMapping.select(subRootAttributeMapping);
        Subquery<SysSystemMapping> subquery = query.subquery(SysSystemMapping.class);
        Root<SysSystemMapping> subRoot = subquery.from(SysSystemMapping.class);
        subquery.select(subRoot);
        predicates.add(builder.exists(subquerySystem.where(builder.and(// Correlation attribute - connection to system
        builder.equal(root.get(AccAccount_.system), subRootSystem), // Exclude in protection accounts
        builder.isFalse(root.get(AccAccount_.inProtection)), // Disabled, readonly or without provisioning system are NOT excluded, because from these systems may be still receive password change requests
        builder.exists(subquerySchema.where(builder.and(// Correlation attribute - connection to schem object class
        builder.equal(subRootSchema.get(SysSchemaObjectClass_.system), subRootSystem), builder.exists(subqueryMapping.where(builder.and(// Correlation attribute - connection to mapping
        builder.equal(subRootMapping.get(SysSystemMapping_.objectClass), subRootSchema), // System mapping must be provisioning
        builder.equal(subRootMapping.get(SysSystemMapping_.operationType), SystemOperationType.PROVISIONING), // Password change is now allowed only for identities
        builder.equal(subRootMapping.get(SysSystemMapping_.entityType), SystemEntityType.IDENTITY), builder.exists(subqueryAttributeMapping.where(builder.and(// Correlation attribute - connection to attribute mapping
        builder.equal(subRootAttributeMapping.get(SysSystemAttributeMapping_.systemMapping), subRootMapping), // Only password attribute
        builder.isTrue(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordAttribute)), // Exclude disabled attribute
        builder.isFalse(subRootAttributeMapping.get(SysSystemAttributeMapping_.disabledAttribute)), BooleanUtils.isTrue(filter.getSupportPasswordFilter()) ? builder.isTrue(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordFilter)) : builder.isFalse(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordFilter)))))))))))))));
    }
    // 
    return predicates;
}
Also used : SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) SysSystemMapping(eu.bcvsolutions.idm.acc.entity.SysSystemMapping) Predicate(javax.persistence.criteria.Predicate) SysSystem(eu.bcvsolutions.idm.acc.entity.SysSystem) AccUniformPasswordSystem(eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem) AccIdentityAccount(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount) SysSchemaObjectClass(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass)

Aggregations

AccIdentityAccount (eu.bcvsolutions.idm.acc.entity.AccIdentityAccount)1 AccUniformPasswordSystem (eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem)1 SysSchemaObjectClass (eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass)1 SysSystem (eu.bcvsolutions.idm.acc.entity.SysSystem)1 SysSystemAttributeMapping (eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping)1 SysSystemMapping (eu.bcvsolutions.idm.acc.entity.SysSystemMapping)1 Predicate (javax.persistence.criteria.Predicate)1