Examples with IdmAuthorizationPolicyFilter eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter used on opensource projects

Example 6 with IdmAuthorizationPolicyFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter in project CzechIdMng by bcvsolutions.

the class DuplicateRoleAuthorizationPolicyProcessor method process.

@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
    // newly set role
    IdmRoleDto duplicate = event.getContent();
    // cloned role
    IdmRoleDto originalSource = event.getOriginalSource();
    // just for sure
    Assert.notNull(originalSource.getId(), "Original source identifier is required.");
    // 
    // find current, create new and delete not present authorization policies
    IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
    filter.setRoleId(duplicate.getId());
    List<IdmAuthorizationPolicyDto> currentPolicies = Lists.newArrayList(authorizationPolicyService.find(filter, null).getContent());
    // and create new authorization policies
    filter.setRoleId(originalSource.getId());
    authorizationPolicyService.find(filter, null).filter(// find and remove from list => processed
    policy -> findCurrent(currentPolicies, policy) == null).forEach(policy -> {
        policy.setId(null);
        DtoUtils.clearAuditFields(policy);
        policy.setRole(duplicate.getId());
        // 
        EntityEvent<IdmAuthorizationPolicyDto> subEvent = new AuthorizationPolicyEvent(AuthorizationPolicyEventType.CREATE, policy);
        // we want to be sync (same as other, but no reason now)
        subEvent.setPriority(PriorityType.IMMEDIATE);
        // 
        authorizationPolicyService.publish(subEvent, event);
    });
    // 
    // remove not found (~not present in original) policies
    currentPolicies.forEach(policy -> {
        EntityEvent<IdmAuthorizationPolicyDto> subEvent = new AuthorizationPolicyEvent(AuthorizationPolicyEventType.DELETE, policy);
        // we want to be sync (same as other, but no reason now)
        subEvent.setPriority(PriorityType.IMMEDIATE);
        // 
        authorizationPolicyService.publish(subEvent, event);
    });
    // 
    return new DefaultEventResult<>(event, this);
}

Example 7 with IdmAuthorizationPolicyFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmAuthorizationPolicyService method getDefaultPolicies.

@Override
@Transactional(readOnly = true)
public List<IdmAuthorizationPolicyDto> getDefaultPolicies(Class<? extends Identifiable> entityType) {
    IdmRoleDto defaultRole = roleService.getDefaultRole();
    if (defaultRole == null) {
        LOG.debug("Default role not found, no default authorization policies will be added.  Change configuration [{}].", IdmRoleService.PROPERTY_DEFAULT_ROLE);
        return Collections.<IdmAuthorizationPolicyDto>emptyList();
    }
    if (defaultRole.isDisabled()) {
        LOG.debug("Default role [{}] is disabled, no default authorization policies will be added.", defaultRole.getCode());
        return Collections.<IdmAuthorizationPolicyDto>emptyList();
    }
    // 
    UUID defaultRoleId = defaultRole.getId();
    IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
    filter.setDisabled(Boolean.FALSE);
    if (entityType != null) {
        // optional
        filter.setAuthorizableType(entityType.getCanonicalName());
    }
    // default role policies
    filter.setRoleId(defaultRoleId);
    List<IdmAuthorizationPolicyDto> defaultPolicies = new ArrayList<>();
    defaultPolicies.addAll(find(filter, null).getContent());
    // all sub roles policies
    roleCompositionService.findAllSubRoles(defaultRoleId).stream().filter(roleComposition -> {
        IdmRoleDto subRole = DtoUtils.getEmbedded(roleComposition, IdmRoleComposition_.sub);
        return !subRole.isDisabled();
    }).forEach(roleComposition -> {
        filter.setRoleId(roleComposition.getSub());
        defaultPolicies.addAll(find(filter, null).getContent());
    });
    // 
    LOG.debug("Found [{}] default policies", defaultPolicies.size());
    // 
    return defaultPolicies;
}

Example 8 with IdmAuthorizationPolicyFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter in project CzechIdMng by bcvsolutions.

the class IdmAuthorizationPolicyControllerRestTest method testFindByIdentityId.

@Test
public void testFindByIdentityId() {
    // default role is enabled by default - disable
    String defaultRoleCode = roleConfiguration.getDefaultRoleCode();
    // 
    try {
        // disable default role
        getHelper().setConfigurationValue(RoleConfiguration.PROPERTY_DEFAULT_ROLE, "");
        // 
        // create test data
        IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
        // 
        IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
        filter.setIdentityId(identity.getId());
        List<IdmAuthorizationPolicyDto> policies = find(filter);
        Assert.assertTrue(policies.isEmpty());
        // 
        // assign role
        IdmRoleDto role = getHelper().createRole();
        IdmAuthorizationPolicyDto policy = getHelper().createBasePolicy(role.getId(), IdmBasePermission.AUTOCOMPLETE);
        getHelper().createIdentityRole(identity, role);
        // 
        policies = find(filter);
        Assert.assertEquals(1, policies.size());
        Assert.assertTrue(policies.stream().anyMatch(p -> p.getId().equals(policy.getId())));
        // 
        // configure default role
        IdmRoleDto defaultRole = getHelper().createRole();
        IdmAuthorizationPolicyDto defaultPolicy = getHelper().createBasePolicy(defaultRole.getId(), IdmBasePermission.READ);
        getHelper().setConfigurationValue(RoleConfiguration.PROPERTY_DEFAULT_ROLE, defaultRole.getId().toString());
        // 
        policies = find(filter);
        Assert.assertEquals(2, policies.size());
        Assert.assertTrue(policies.stream().anyMatch(p -> p.getId().equals(policy.getId())));
        Assert.assertTrue(policies.stream().anyMatch(p -> p.getId().equals(defaultPolicy.getId())));
    } finally {
        getHelper().setConfigurationValue(RoleConfiguration.PROPERTY_DEFAULT_ROLE, defaultRoleCode);
    }
}

Example 9 with IdmAuthorizationPolicyFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter in project CzechIdMng by bcvsolutions.

the class IdmAuthorizationPolicyControllerRestTest method testFindByRoleId.

@Test
public void testFindByRoleId() {
    IdmRoleDto roleOne = getHelper().createRole();
    IdmRoleDto roleOther = getHelper().createRole();
    // 
    IdmAuthorizationPolicyDto policyOne = getHelper().createBasePolicy(roleOne.getId(), IdmBasePermission.READ);
    // other
    getHelper().createBasePolicy(roleOther.getId(), IdmBasePermission.UPDATE);
    // 
    // 
    IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
    filter.setRoleId(roleOne.getId());
    List<IdmAuthorizationPolicyDto> policies = find(filter);
    Assert.assertEquals(1, policies.size());
    Assert.assertTrue(policies.stream().anyMatch(p -> p.getId().equals(policyOne.getId())));
}

Example 10 with IdmAuthorizationPolicyFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter in project CzechIdMng by bcvsolutions.

the class IdmAuthorizationPolicyControllerRestTest method testFindByGroupPermission.

@Test
public void testFindByGroupPermission() {
    IdmRoleDto role = getHelper().createRole();
    // 
    IdmAuthorizationPolicyDto policyOne = getHelper().createBasePolicy(role.getId(), CoreGroupPermission.IDENTITY, IdmIdentity.class, IdmBasePermission.READ);
    // other
    getHelper().createBasePolicy(role.getId(), CoreGroupPermission.ROLE, IdmRole.class, IdmBasePermission.READ);
    // 
    IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
    filter.setRoleId(role.getId());
    filter.setGroupPermission(CoreGroupPermission.IDENTITY.getName());
    List<IdmAuthorizationPolicyDto> policies = find(filter);
    Assert.assertEquals(1, policies.size());
    Assert.assertTrue(policies.stream().anyMatch(p -> p.getId().equals(policyOne.getId())));
}