Example 1 with IdmRoleCompositionFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class RoleDeleteProcessor method checkWithoutForceDelete.
/**
* Check role can be deleted without force delete.
*
* @param role deleted role
* @throws ResultCodeException if not
*/
private void checkWithoutForceDelete(IdmRoleDto role) {
UUID roleId = role.getId();
// check assigned roles
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleId);
if (identityRoleService.count(identityRoleFilter) > 0) {
throw new ResultCodeException(CoreResultCode.ROLE_DELETE_FAILED_IDENTITY_ASSIGNED, ImmutableMap.of("role", role.getCode()));
}
//
// automatic roles by tree structure
IdmRoleTreeNodeFilter filter = new IdmRoleTreeNodeFilter();
filter.setRoleId(roleId);
if (roleTreeNodeService.count(filter) > 0) {
throw new ResultCodeException(CoreResultCode.ROLE_DELETE_FAILED_HAS_TREE_NODE, ImmutableMap.of("role", role.getCode()));
}
//
// related automatic roles by attribute
IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
automaticRoleFilter.setRoleId(roleId);
if (automaticRoleAttributeService.count(automaticRoleFilter) > 0) {
// some automatic role attribute has assigned this role
throw new ResultCodeException(CoreResultCode.ROLE_DELETE_FAILED_AUTOMATIC_ROLE_ASSIGNED, ImmutableMap.of("role", role.getCode()));
}
//
// business roles
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSubId(roleId);
if (roleCompositionService.count(compositionFilter) > 0) {
throw new ResultCodeException(CoreResultCode.ROLE_DELETE_FAILED_HAS_COMPOSITION, ImmutableMap.of("role", role.getCode()));
}
compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(roleId);
if (roleCompositionService.count(compositionFilter) > 0) {
throw new ResultCodeException(CoreResultCode.ROLE_DELETE_FAILED_HAS_COMPOSITION, ImmutableMap.of("role", role.getCode()));
}
}
Also used :
IdmRoleTreeNodeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
UUID(java.util.UUID)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
IdmAutomaticRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAutomaticRoleFilter)
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Example 2 with IdmRoleCompositionFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class AddNewRoleCompositionTaskExecutor method processItem.
@Override
public Optional<OperationResult> processItem(IdmRoleDto superiorRole) {
try {
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setRoleId(superiorRole.getId());
//
identityRoleService.find(filter, null).forEach(identityRole -> {
IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRole_.identityContract);
// find direct sub roles - other sub roles will be processed by role request automatically
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(identityRole.getRole());
compositionFilter.setId(roleCompositionId);
//
List<IdmConceptRoleRequestDto> concepts = roleCompositionService.find(compositionFilter, null).stream().map(subRole -> {
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
// from concept
conceptRoleRequest.setValidFrom(identityRole.getValidFrom());
conceptRoleRequest.setValidTill(identityRole.getValidTill());
conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
// from assigned (~changed) sub role
conceptRoleRequest.setRole(subRole.getSub());
conceptRoleRequest.setDirectRole(identityRole.getId());
conceptRoleRequest.setRoleComposition(subRole.getId());
//
return conceptRoleRequest;
}).collect(Collectors.toList());
//
if (!concepts.isEmpty()) {
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(contract.getIdentity());
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
}
});
//
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
} catch (Exception ex) {
return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setModel(new DefaultResultModel(CoreResultCode.ROLE_COMPOSITION_ASSIGN_ROLE_FAILED, ImmutableMap.of("role", superiorRole.getCode()))).setCause(ex).build());
}
}
Also used :
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)
IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Autowired(org.springframework.beans.factory.annotation.Autowired)
PersistentType(eu.bcvsolutions.idm.core.eav.api.domain.PersistentType)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
Lists(com.google.common.collect.Lists)
LookupService(eu.bcvsolutions.idm.core.api.service.LookupService)
OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult)
Map(java.util.Map)
IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)
IdmLongRunningTaskFilter(eu.bcvsolutions.idm.core.scheduler.api.dto.filter.IdmLongRunningTaskFilter)
Pageable(org.springframework.data.domain.Pageable)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmCheckConcurrentExecution(eu.bcvsolutions.idm.core.scheduler.api.domain.IdmCheckConcurrentExecution)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
ImmutableMap(com.google.common.collect.ImmutableMap)
IdmRoleComposition_(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition_)
AbstractSchedulableStatefulExecutor(eu.bcvsolutions.idm.core.scheduler.api.service.AbstractSchedulableStatefulExecutor)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
PageRequest(org.springframework.data.domain.PageRequest)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
UUID(java.util.UUID)
Page(org.springframework.data.domain.Page)
Collectors(java.util.stream.Collectors)
List(java.util.List)
Component(org.springframework.stereotype.Component)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto)
CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode)
RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)
Optional(java.util.Optional)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
RoleRequestEventType(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent.RoleRequestEventType)
PageImpl(org.springframework.data.domain.PageImpl)
ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)
Assert(org.springframework.util.Assert)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult)
RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException)
IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Example 3 with IdmRoleCompositionFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class RoleExportBulkAction method exportBusinessRoles.
/**
* Export business roles for given role.
*
* @param role
*/
private void exportBusinessRoles(IdmRoleDto role) {
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setRoleId(role.getId());
List<IdmRoleCompositionDto> compositions = roleCompositionService.find(compositionFilter, null).getContent();
if (compositions.isEmpty()) {
roleCompositionService.export(ExportManager.BLANK_UUID, this.getBatch());
}
compositions.forEach(composition -> {
roleCompositionService.export(composition.getId(), this.getBatch());
});
// Set parent fields -> set authoritative mode. Here are two parent fields!
Set<String> parents = new LinkedHashSet<>();
parents.add(IdmRoleComposition_.superior.getName());
parents.add(IdmRoleComposition_.sub.getName());
this.getExportManager().setAuthoritativeMode(parents, IdmRoleCompositionFilter.PARAMETER_ROLE_ID, IdmRoleCompositionDto.class, this.getBatch());
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Example 4 with IdmRoleCompositionFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleCompositionService method assignSubRoles.
/**
* @Transactional is not needed - (asynchronous) events is thrown for every sub role anyway ...
* Can be called repetitively for given identity role => checks or creates missing sub roles by composition.
*/
@Override
@SuppressWarnings("unchecked")
public void assignSubRoles(EntityEvent<IdmIdentityRoleDto> event, UUID roleCompositionId, BasePermission... permission) {
Assert.notNull(event, "Event is required.");
IdmIdentityRoleDto identityRole = event.getContent();
Assert.notNull(identityRole, "Identity role identifier is required.");
// find direct sub roles
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(identityRole.getRole());
compositionFilter.setId(roleCompositionId);
//
List<IdmRoleCompositionDto> directSubRoles = find(compositionFilter, null, permission).getContent();
LOG.debug("Assign sub roles [{}] for identity role [{}], role [{}]", directSubRoles.size(), identityRole.getId(), identityRole.getRole());
//
Map<String, Serializable> props = resolveProperties(event);
Set<UUID> processedRoles = (Set<UUID>) props.get(IdentityRoleEvent.PROPERTY_PROCESSED_ROLES);
processedRoles.add(identityRole.getRole());
//
directSubRoles.forEach(subRoleComposition -> {
IdmRoleDto subRole = DtoUtils.getEmbedded(subRoleComposition, IdmRoleComposition_.sub);
if (processedRoles.contains(subRole.getId())) {
LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", subRole.getCode());
} else {
// try to find currently assigned subrole by this configuration (return operation)
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setRoleCompositionId(subRoleComposition.getId());
filter.setDirectRoleId(identityRole.getDirectRole() == null ? identityRole.getId() : identityRole.getDirectRole());
if (identityRoleService.find(filter, null).getTotalElements() > 0) {
LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", subRole.getCode());
} else {
//
IdmIdentityRoleDto subIdentityRole = new IdmIdentityRoleDto();
subIdentityRole.setRole(subRole.getId());
subIdentityRole.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_ROLE, subRole);
subIdentityRole.setIdentityContract(identityRole.getIdentityContract());
subIdentityRole.setContractPosition(identityRole.getContractPosition());
subIdentityRole.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT, identityRole.getEmbedded().get(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT));
subIdentityRole.setValidFrom(identityRole.getValidFrom());
subIdentityRole.setValidTill(identityRole.getValidTill());
subIdentityRole.setDirectRole(identityRole.getDirectRole() == null ? identityRole.getId() : identityRole.getDirectRole());
subIdentityRole.setRoleComposition(subRoleComposition.getId());
//
processedRoles.add(subRole.getId());
IdentityRoleEvent subEvent = new IdentityRoleEvent(IdentityRoleEventType.CREATE, subIdentityRole, props);
//
identityRoleService.publish(subEvent, event, permission);
// Notes new created assigned role to parent event
IdmIdentityRoleDto subContent = subEvent.getContent();
notingAssignedRole(event, subEvent, subContent, IdentityRoleEvent.PROPERTY_ASSIGNED_NEW_ROLES);
}
}
});
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent)
Serializable(java.io.Serializable)
HashSet(java.util.HashSet)
Set(java.util.Set)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
UUID(java.util.UUID)
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Example 5 with IdmRoleCompositionFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleCompositionService method findDirectSubRoles.
@Override
public List<IdmRoleCompositionDto> findDirectSubRoles(UUID superiorId, BasePermission... permission) {
Assert.notNull(superiorId, "Superior role identifier is required.");
//
// TODO: Role composition cache - sub roles (cache value) by superior (cache key) + filter by superior id.
IdmRoleCompositionFilter filter = new IdmRoleCompositionFilter();
filter.setSuperiorId(superiorId);
//
return find(filter, null, permission).getContent();
}
Also used :
IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)
Aggregations
IdmRoleCompositionFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)9
IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)7
UUID (java.util.UUID)7
IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)6
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)5
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)5
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)5
IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)5
List (java.util.List)5
Lists (com.google.common.collect.Lists)4
DtoUtils (eu.bcvsolutions.idm.core.api.utils.DtoUtils)4
HashSet (java.util.HashSet)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
Assert (org.springframework.util.Assert)4
ImmutableMap (com.google.common.collect.ImmutableMap)3
ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)3
CoreResultCode (eu.bcvsolutions.idm.core.api.domain.CoreResultCode)3
OperationState (eu.bcvsolutions.idm.core.api.domain.OperationState)3
DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)3
IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)3
