Examples with IdmDelegationDefinitionDto eu.bcvsolutions.idm.core.api.dto.IdmDelegationDefinitionDto used on opensource projects

Example 26 with IdmDelegationDefinitionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmDelegationDefinitionDto in project CzechIdMng by bcvsolutions.

the class SelfDelegationDefinitionByDelegateEvaluatorIntegrationTest method testPolicy.

@Test
public void testPolicy() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityDto delegator = getHelper().createIdentity();
    IdmIdentityDto delegate = getHelper().createIdentity();
    IdmRoleDto role = getHelper().createRole();
    getHelper().createIdentityRole(identity, role);
    List<IdmDelegationDefinitionDto> delegations = null;
    IdmDelegationDefinitionDto delegation = getHelper().createDelegation(identity, delegator);
    ;
    // other
    getHelper().createDelegation(delegate, delegator);
    try {
        getHelper().login(identity);
        delegations = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(delegations.isEmpty());
    } finally {
        logout();
    }
    // Create authorization policy - assign to role
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.DELEGATIONDEFINITION, IdmDelegationDefinition.class, SelfDelegationDefinitionByDelegateEvaluator.class, IdmBasePermission.READ);
    try {
        getHelper().login(identity);
        // evaluate	access
        delegations = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(1, delegations.size());
        Assert.assertEquals(delegation.getId(), delegations.get(0).getId());
        // 
        Set<String> permissions = service.getPermissions(delegation);
        Assert.assertEquals(1, permissions.size());
        Assert.assertEquals(IdmBasePermission.READ.name(), permissions.iterator().next());
    } finally {
        logout();
    }
}

Example 27 with IdmDelegationDefinitionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmDelegationDefinitionDto in project CzechIdMng by bcvsolutions.

the class DelegationDefinitionByDelegateEvaluatorTest method testRead.

@Test
public void testRead() {
    IdmIdentityDto delegatorOne = getHelper().createIdentity();
    IdmIdentityDto delegatorTwo = getHelper().createIdentity();
    IdmIdentityContractDto primeContactDelegatorOne = getHelper().getPrimeContract(delegatorOne);
    IdmIdentityDto delegateOne = getHelper().createIdentity();
    IdmIdentityDto delegateTwo = getHelper().createIdentity();
    // Create default delegation One.
    IdmDelegationDefinitionDto definitionOne = new IdmDelegationDefinitionDto();
    definitionOne.setType(DefaultDelegationType.NAME);
    definitionOne.setDelegator(delegatorOne.getId());
    definitionOne.setDelegate(delegateOne.getId());
    definitionOne = delegationDefinitionService.save(definitionOne);
    // Create default delegation Two.
    IdmDelegationDefinitionDto definitionTwo = new IdmDelegationDefinitionDto();
    definitionTwo.setType(DefaultDelegationType.NAME);
    definitionTwo.setDelegator(delegatorTwo.getId());
    definitionTwo.setDelegate(delegateTwo.getId());
    delegationDefinitionService.save(definitionTwo);
    // 
    List<IdmIdentityDto> identities;
    List<IdmIdentityContractDto> contracts;
    List<IdmDelegationDefinitionDto> delegationDefinitions;
    IdmRoleDto roleWithPermissions = getHelper().createRole();
    // 
    getHelper().createIdentityRole(delegatorOne, roleWithPermissions);
    getHelper().createIdentityRole(delegatorTwo, roleWithPermissions);
    getHelper().createIdentityRole(delegateOne, roleWithPermissions);
    getHelper().createIdentityRole(delegateTwo, roleWithPermissions);
    // check - read without policy
    try {
        getHelper().login(delegateOne.getUsername(), delegateOne.getPassword());
        // 
        identities = identityService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(identities.isEmpty());
        contracts = contractService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(contracts.isEmpty());
        delegationDefinitions = delegationDefinitionService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(delegationDefinitions.isEmpty());
    } finally {
        logout();
    }
    // 
    // create authorization policy - assign to role
    // identity
    getHelper().createAuthorizationPolicy(roleWithPermissions.getId(), CoreGroupPermission.IDENTITY, IdmIdentity.class, SelfIdentityEvaluator.class, IdmBasePermission.READ);
    // delegation transitively
    getHelper().createAuthorizationPolicy(roleWithPermissions.getId(), CoreGroupPermission.DELEGATIONDEFINITION, IdmDelegationDefinition.class, DelegationDefinitionByDelegateEvaluator.class);
    // 
    try {
        getHelper().login(delegateOne.getUsername(), delegateOne.getPassword());
        // 
        // without update permission
        identities = identityService.find(null, IdmBasePermission.UPDATE).getContent();
        Assert.assertTrue(identities.isEmpty());
        contracts = contractService.find(null, IdmBasePermission.UPDATE).getContent();
        Assert.assertTrue(contracts.isEmpty());
        delegationDefinitions = delegationDefinitionService.find(null, IdmBasePermission.UPDATE).getContent();
        Assert.assertTrue(delegationDefinitions.isEmpty());
        // 
        // evaluate	access
        identities = identityService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(1, identities.size());
        Assert.assertEquals(delegateOne.getId(), identities.get(0).getId());
        contracts = contractService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(0, contracts.size());
        delegationDefinitions = delegationDefinitionService.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(1, delegationDefinitions.size());
        Assert.assertEquals(definitionOne.getId(), delegationDefinitions.get(0).getId());
        // 
        Set<String> permissions = identityService.getPermissions(delegateOne);
        Assert.assertEquals(1, permissions.size());
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
        permissions = contractService.getPermissions(primeContactDelegatorOne);
        Assert.assertEquals(0, permissions.size());
        permissions = delegationDefinitionService.getPermissions(definitionOne);
        Assert.assertEquals(1, permissions.size());
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
    } finally {
        logout();
    }
}

Example 28 with IdmDelegationDefinitionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmDelegationDefinitionDto in project CzechIdMng by bcvsolutions.

the class AbstractDelegationType method findDelegation.

@Override
public List<IdmDelegationDefinitionDto> findDelegation(UUID delegatorId, UUID delegatorContractId, BaseDto owner) {
    IdmDelegationDefinitionFilter definitionFilter = new IdmDelegationDefinitionFilter();
    definitionFilter.setValid(Boolean.TRUE);
    definitionFilter.setType(this.getId());
    definitionFilter.setDelegatorId(delegatorId);
    if (this.isSupportsDelegatorContract()) {
        Assert.notNull(delegatorContractId, "Delegator contract cannot be null for this delegate type!");
        definitionFilter.setDelegatorContractId(delegatorContractId);
    }
    return delegationDefinitionService.find(definitionFilter, null).getContent().stream().sorted(Comparator.comparing(IdmDelegationDefinitionDto::getDelegate)).sorted(Comparator.comparing(IdmDelegationDefinitionDto::getValidTill, Comparator.nullsFirst(Comparator.naturalOrder()))).collect(Collectors.toList());
}