Search in sources :

Example 16 with IdmRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.

the class IdmRequestController method startRequest.

@ResponseBody
@RequestMapping(value = "/{backendId}/start", method = RequestMethod.PUT)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.REQUEST_UPDATE + "')")
@ApiOperation(value = "Start request", nickname = "startRequest", response = IdmRequestDto.class, tags = { IdmRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_UPDATE, description = "") }) })
public ResponseEntity<?> startRequest(@ApiParam(value = "Request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    UUID requestId = UUID.fromString(backendId);
    IdmRequestDto request = this.getService().get(requestId, IdmBasePermission.EXECUTE);
    // Validate request
    List<IdmRequestItemDto> items = requestManager.findRequestItems(request.getId(), null);
    if (items.isEmpty()) {
        throw new ResultCodeException(CoreResultCode.REQUEST_CANNOT_BE_EXECUTED_NONE_ITEMS, ImmutableMap.of("request", request.toString()));
    }
    requestManager.startRequest(requestId, true);
    return this.get(backendId);
}
Also used : IdmRequestItemDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestItemDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) UUID(java.util.UUID) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 17 with IdmRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.

the class IdmRequestController method delete.

@Override
@ResponseBody
@RequestMapping(value = "/{backendId}", method = RequestMethod.DELETE)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.REQUEST_DELETE + "')")
@ApiOperation(value = "Delete request", nickname = "deleteRequest", tags = { IdmRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_DELETE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_DELETE, description = "") }) })
public ResponseEntity<?> delete(@ApiParam(value = "Request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    IdmRequestService service = ((IdmRequestService) this.getService());
    IdmRequestDto dto = service.get(backendId);
    // 
    checkAccess(dto, IdmBasePermission.DELETE);
    // Request in Executed state can not be delete or change
    if (RequestState.EXECUTED == dto.getState()) {
        throw new ResultCodeException(CoreResultCode.REQUEST_EXECUTED_CANNOT_DELETE, ImmutableMap.of("request", dto));
    }
    // Only request in Concept state, can be deleted. In others states, will be request set to Canceled state and save.
    if (RequestState.CONCEPT == dto.getState()) {
        service.delete(dto);
    } else {
        requestManager.cancel(dto);
    }
    return new ResponseEntity<Object>(HttpStatus.NO_CONTENT);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) IdmRequestService(eu.bcvsolutions.idm.core.api.service.IdmRequestService) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 18 with IdmRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.

the class AbstractRequestDtoController method createRequest.

@ApiOperation(value = "Create request for DTO", authorizations = { // 
@Authorization(SwaggerConfig.AUTHENTICATION_BASIC), // 
@Authorization(SwaggerConfig.AUTHENTICATION_CIDMST) })
public ResponseEntity<?> createRequest(@ApiParam(value = "Record (dto).", required = true) DTO dto) {
    IdmRequestDto request = requestManager.createRequest(dto, IdmBasePermission.CREATE);
    Link selfLink = ControllerLinkBuilder.linkTo(IdmRequestController.class).slash(request.getId()).withSelfRel();
    Resource<IdmRequestDto> resource = new Resource<IdmRequestDto>(request, selfLink);
    return new ResponseEntity<>(resource, HttpStatus.CREATED);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) Resource(org.springframework.hateoas.Resource) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) Link(org.springframework.hateoas.Link) ApiOperation(io.swagger.annotations.ApiOperation)

Example 19 with IdmRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.

the class RequestByOwnerEvaluatorTest method testNotRightOnRequest.

@Test(expected = ForbiddenEntityException.class)
public void testNotRightOnRequest() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmRoleDto roleForRequest = getHelper().createRole();
    IdmRequestDto request = requestManager.createRequest(roleForRequest);
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        assertNull(requestService.get(request.getId(), IdmBasePermission.READ));
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 20 with IdmRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.

the class RequestByOwnerEvaluatorTest method testRightOnRequest.

@Test
public void testRightOnRequest() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmRoleDto roleForRequest = getHelper().createRole();
    IdmRequestDto requestWithOwneredRole = requestManager.createRequest(roleForRequest);
    IdmRoleDto roleForRequestWithoutRight = getHelper().createRole();
    IdmRequestDto requestWithoutOwneredRole = requestManager.createRequest(roleForRequestWithoutRight);
    IdmRoleDto role = getHelper().createRole();
    getHelper().createRoleGuaranteeRole(role, role);
    getHelper().createIdentityRole(identity, role);
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.REQUEST, IdmRequest.class, RequestByOwnerEvaluator.class, IdmBasePermission.READ);
    // User will have rights on the roleForRequest
    ConfigurationMap properties = new ConfigurationMap();
    properties.put(UuidEvaluator.PARAMETER_UUID, roleForRequest.getId());
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLE, IdmRole.class, UuidEvaluator.class, properties, IdmBasePermission.READ);
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        try {
            requestService.get(requestWithoutOwneredRole.getId(), IdmBasePermission.READ);
            fail();
        } catch (ForbiddenEntityException ex) {
        // It is OK
        }
        assertNotNull(requestService.get(requestWithOwneredRole.getId(), IdmBasePermission.READ));
        IdmRequestFilter requestFilter = new IdmRequestFilter();
        // We do not have right to that request
        requestFilter.setId(requestWithoutOwneredRole.getId());
        assertEquals(0, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
        // We have right to that request
        requestFilter.setId(requestWithOwneredRole.getId());
        assertEquals(1, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestFilter) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Aggregations

IdmRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)47 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)25 Test (org.junit.Test)24 Requestable (eu.bcvsolutions.idm.core.api.domain.Requestable)23 IdmRequestItemDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemDto)23 AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)18 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)18 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)13 AbstractDto (eu.bcvsolutions.idm.core.api.dto.AbstractDto)11 UUID (java.util.UUID)11 IdmRequestItemChangesDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemChangesDto)9 Transactional (org.springframework.transaction.annotation.Transactional)9 RequestState (eu.bcvsolutions.idm.core.api.domain.RequestState)8 IdmRequestItemAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemAttributeDto)8 IdmRequestFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestFilter)8 IdmRequestService (eu.bcvsolutions.idm.core.api.service.IdmRequestService)8 IdmFormInstanceDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)8 IdmFormValueDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormValueDto)8 Lists (com.google.common.collect.Lists)7 IdmRequestItemService (eu.bcvsolutions.idm.core.api.service.IdmRequestItemService)7