Example 16 with IdmRequestDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.
the class IdmRequestController method startRequest.
@ResponseBody
@RequestMapping(value = "/{backendId}/start", method = RequestMethod.PUT)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.REQUEST_UPDATE + "')")
@ApiOperation(value = "Start request", nickname = "startRequest", response = IdmRequestDto.class, tags = { IdmRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_UPDATE, description = "") }) })
public ResponseEntity<?> startRequest(@ApiParam(value = "Request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
UUID requestId = UUID.fromString(backendId);
IdmRequestDto request = this.getService().get(requestId, IdmBasePermission.EXECUTE);
// Validate request
List<IdmRequestItemDto> items = requestManager.findRequestItems(request.getId(), null);
if (items.isEmpty()) {
throw new ResultCodeException(CoreResultCode.REQUEST_CANNOT_BE_EXECUTED_NONE_ITEMS, ImmutableMap.of("request", request.toString()));
}
requestManager.startRequest(requestId, true);
return this.get(backendId);
}
Also used :
IdmRequestItemDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestItemDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)
UUID(java.util.UUID)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 17 with IdmRequestDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.
the class IdmRequestController method delete.
@Override
@ResponseBody
@RequestMapping(value = "/{backendId}", method = RequestMethod.DELETE)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.REQUEST_DELETE + "')")
@ApiOperation(value = "Delete request", nickname = "deleteRequest", tags = { IdmRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_DELETE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.REQUEST_DELETE, description = "") }) })
public ResponseEntity<?> delete(@ApiParam(value = "Request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
IdmRequestService service = ((IdmRequestService) this.getService());
IdmRequestDto dto = service.get(backendId);
//
checkAccess(dto, IdmBasePermission.DELETE);
// Request in Executed state can not be delete or change
if (RequestState.EXECUTED == dto.getState()) {
throw new ResultCodeException(CoreResultCode.REQUEST_EXECUTED_CANNOT_DELETE, ImmutableMap.of("request", dto));
}
// Only request in Concept state, can be deleted. In others states, will be request set to Canceled state and save.
if (RequestState.CONCEPT == dto.getState()) {
service.delete(dto);
} else {
requestManager.cancel(dto);
}
return new ResponseEntity<Object>(HttpStatus.NO_CONTENT);
}
Also used :
ResponseEntity(org.springframework.http.ResponseEntity)
IdmRequestService(eu.bcvsolutions.idm.core.api.service.IdmRequestService)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 18 with IdmRequestDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.
the class AbstractRequestDtoController method createRequest.
@ApiOperation(value = "Create request for DTO", authorizations = { //
@Authorization(SwaggerConfig.AUTHENTICATION_BASIC), //
@Authorization(SwaggerConfig.AUTHENTICATION_CIDMST) })
public ResponseEntity<?> createRequest(@ApiParam(value = "Record (dto).", required = true) DTO dto) {
IdmRequestDto request = requestManager.createRequest(dto, IdmBasePermission.CREATE);
Link selfLink = ControllerLinkBuilder.linkTo(IdmRequestController.class).slash(request.getId()).withSelfRel();
Resource<IdmRequestDto> resource = new Resource<IdmRequestDto>(request, selfLink);
return new ResponseEntity<>(resource, HttpStatus.CREATED);
}
Also used :
ResponseEntity(org.springframework.http.ResponseEntity)
Resource(org.springframework.hateoas.Resource)
IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)
Link(org.springframework.hateoas.Link)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 19 with IdmRequestDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.
the class RequestByOwnerEvaluatorTest method testNotRightOnRequest.
@Test(expected = ForbiddenEntityException.class)
public void testNotRightOnRequest() {
IdmIdentityDto identity = getHelper().createIdentity();
IdmRoleDto roleForRequest = getHelper().createRole();
IdmRequestDto request = requestManager.createRequest(roleForRequest);
try {
getHelper().login(identity.getUsername(), identity.getPassword());
assertNull(requestService.get(request.getId(), IdmBasePermission.READ));
} finally {
logout();
}
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Example 20 with IdmRequestDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRequestDto in project CzechIdMng by bcvsolutions.
the class RequestByOwnerEvaluatorTest method testRightOnRequest.
@Test
public void testRightOnRequest() {
IdmIdentityDto identity = getHelper().createIdentity();
IdmRoleDto roleForRequest = getHelper().createRole();
IdmRequestDto requestWithOwneredRole = requestManager.createRequest(roleForRequest);
IdmRoleDto roleForRequestWithoutRight = getHelper().createRole();
IdmRequestDto requestWithoutOwneredRole = requestManager.createRequest(roleForRequestWithoutRight);
IdmRoleDto role = getHelper().createRole();
getHelper().createRoleGuaranteeRole(role, role);
getHelper().createIdentityRole(identity, role);
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.REQUEST, IdmRequest.class, RequestByOwnerEvaluator.class, IdmBasePermission.READ);
// User will have rights on the roleForRequest
ConfigurationMap properties = new ConfigurationMap();
properties.put(UuidEvaluator.PARAMETER_UUID, roleForRequest.getId());
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLE, IdmRole.class, UuidEvaluator.class, properties, IdmBasePermission.READ);
try {
getHelper().login(identity.getUsername(), identity.getPassword());
try {
requestService.get(requestWithoutOwneredRole.getId(), IdmBasePermission.READ);
fail();
} catch (ForbiddenEntityException ex) {
// It is OK
}
assertNotNull(requestService.get(requestWithOwneredRole.getId(), IdmBasePermission.READ));
IdmRequestFilter requestFilter = new IdmRequestFilter();
// We do not have right to that request
requestFilter.setId(requestWithoutOwneredRole.getId());
assertEquals(0, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
// We have right to that request
requestFilter.setId(requestWithOwneredRole.getId());
assertEquals(1, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
} finally {
logout();
}
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestFilter)
IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)
ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Aggregations
IdmRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestDto)47
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)25
Test (org.junit.Test)24
Requestable (eu.bcvsolutions.idm.core.api.domain.Requestable)23
IdmRequestItemDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemDto)23
AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)18
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)18
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)13
AbstractDto (eu.bcvsolutions.idm.core.api.dto.AbstractDto)11
UUID (java.util.UUID)11
IdmRequestItemChangesDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemChangesDto)9
Transactional (org.springframework.transaction.annotation.Transactional)9
RequestState (eu.bcvsolutions.idm.core.api.domain.RequestState)8
IdmRequestItemAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestItemAttributeDto)8
IdmRequestFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestFilter)8
IdmRequestService (eu.bcvsolutions.idm.core.api.service.IdmRequestService)8
IdmFormInstanceDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)8
IdmFormValueDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormValueDto)8
Lists (com.google.common.collect.Lists)7
IdmRequestItemService (eu.bcvsolutions.idm.core.api.service.IdmRequestItemService)7
