use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleCompositionService method findAllSubRoles.
private void findAllSubRoles(List<IdmRoleCompositionDto> results, List<IdmRoleCompositionDto> parents, UUID superiorId, BasePermission... permission) {
IdmRoleCompositionFilter filter = new IdmRoleCompositionFilter();
filter.setSuperiorId(superiorId);
//
find(filter, null, permission).stream().filter(// cyclic composition in the first level is ignored
subRole -> !subRole.getSuperior().equals(subRole.getSub())).forEach(subRole -> {
if (!// duplicate composition is enabled, but from different superior role => is not cycle, is duplicate but ok
parents.stream().map(IdmRoleCompositionDto::getSuperior).anyMatch(superior -> superior.equals(subRole.getSub()))) {
results.add(subRole);
List<IdmRoleCompositionDto> lineParents = Lists.newArrayList(parents);
lineParents.add(subRole);
//
IdmRoleDto subRoleDto = DtoUtils.getEmbedded(subRole, IdmRoleComposition_.sub);
if (subRoleDto.getChildrenCount() > 0) {
findAllSubRoles(results, lineParents, subRole.getSub(), permission);
}
}
});
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleCompositionService method findAllSuperiorRoles.
/**
* @param results found parents
* @param subId original role, for which parent are found => used for prevent cycles
* @param subChildId curently processed sub role
* @param permission
*/
private void findAllSuperiorRoles(List<IdmRoleCompositionDto> results, UUID subId, UUID subChildId, BasePermission... permission) {
IdmRoleCompositionFilter filter = new IdmRoleCompositionFilter();
filter.setSubId(subChildId);
//
find(filter, null, permission).filter(// cyclic composition in the first level is ignored
superiorRole -> !superiorRole.getSuperior().equals(superiorRole.getSub())).filter(// cyclic to original
superiorRole -> !superiorRole.getSuperior().equals(subId)).forEach(superiorRole -> {
if (!results.contains(superiorRole)) {
results.add(superiorRole);
//
findAllSuperiorRoles(results, subId, superiorRole.getSuperior(), permission);
}
});
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class RoleDeleteProcessor method process.
@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
//
IdmRoleDto role = event.getContent();
UUID roleId = role.getId();
Assert.notNull(roleId, "Role id is required!");
// check role can be removed without force
if (!forceDelete) {
checkWithoutForceDelete(role);
}
//
// Find all concepts and remove relation on role - has to be the first => concepts are created bellow
IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
conceptRequestFilter.setRoleId(roleId);
List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.find(conceptRequestFilter, null).getContent();
for (int counter = 0; counter < concepts.size(); counter++) {
IdmConceptRoleRequestDto concept = concepts.get(counter);
String message = null;
if (concept.getState().isTerminatedState()) {
message = MessageFormat.format("Role [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", role.getCode(), concept.getId());
} else {
message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested role [{1}] was deleted (not from this role request)!", concept.getId(), role.getCode());
// Cancel concept and WF
concept = conceptRoleRequestService.cancel(concept);
}
conceptRoleRequestService.addToLog(concept, message);
conceptRoleRequestService.save(concept);
if (counter % 100 == 0) {
clearSession();
}
}
// remove related assigned roles etc.
if (forceDelete) {
// remove directly assigned assigned roles (not automatic)
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleId);
identityRoleFilter.setDirectRole(Boolean.TRUE);
identityRoleFilter.setAutomaticRole(Boolean.FALSE);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.find(identityRoleFilter, null).getContent();
for (int counter = 0; counter < assignedRoles.size(); counter++) {
IdmIdentityRoleDto identityRole = assignedRoles.get(counter);
IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
UUID identityId = contract.getIdentity();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identityId);
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
roleRequest.getConceptRoles().add(conceptRoleRequest);
//
// start event
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequestService.startConcepts(requestEvent, event);
//
if (counter % 100 == 0) {
clearSession();
}
}
//
// related automatic roles by tree structure
IdmRoleTreeNodeFilter roleTreeNodefilter = new IdmRoleTreeNodeFilter();
roleTreeNodefilter.setRoleId(roleId);
roleTreeNodeService.findIds(roleTreeNodefilter, null).stream().forEach(roleTreeNodeId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(roleTreeNodeId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// related automatic roles by attribute
IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
automaticRoleFilter.setRoleId(roleId);
automaticRoleAttributeService.findIds(automaticRoleFilter, null).stream().forEach(automaticRoleId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(automaticRoleId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// business roles
// prevent to cyclic composition will be processed twice (sub = superior)
Set<UUID> processedCompositionIds = new HashSet<>();
// by sub
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSubId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
// by superior
compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().filter(// ~ prevent to cyclic composition will be processed twice (sub = superior)
roleCompositionId -> !processedCompositionIds.contains(roleCompositionId)).forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
}
//
// remove all policies
IdmAuthorizationPolicyFilter policyFilter = new IdmAuthorizationPolicyFilter();
policyFilter.setRoleId(roleId);
authorizationPolicyService.find(policyFilter, null).forEach(dto -> {
authorizationPolicyService.delete(dto);
});
clearSession();
//
// Cancel all related automatic role requests
IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
automaticRoleRequestFilter.setRoleId(roleId);
automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
automaticRoleRequestService.cancel(request);
});
clearSession();
//
// remove role guarantee
IdmRoleGuaranteeRoleFilter roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setGuaranteeRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
//
// remove guarantees
IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
roleGuaranteeFilter.setRole(roleId);
roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
roleGuaranteeService.delete(roleGuarantee);
});
clearSession();
//
// remove catalogues
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleId(roleId);
roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).forEach(roleCatalogue -> {
roleCatalogueRoleService.delete(roleCatalogue);
});
clearSession();
//
// remove incompatible roles from both sides
incompatibleRoleService.findAllByRole(roleId).forEach(incompatibleRole -> {
incompatibleRoleService.delete(incompatibleRole);
});
clearSession();
//
// Remove role-form-attributes
IdmRoleFormAttributeFilter roleFormAttributeFilter = new IdmRoleFormAttributeFilter();
roleFormAttributeFilter.setRole(roleId);
roleFormAttributeService.find(roleFormAttributeFilter, null).forEach(roleCatalogue -> {
roleFormAttributeService.delete(roleCatalogue);
});
//
if (forceDelete) {
LOG.debug("Role [{}] should be deleted by caller after all asynchronus processes are completed.", role.getCode());
//
// dirty flag only - will be processed after asynchronous events ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(role, stateDeleted);
//
// set disabled
role.setDisabled(true);
service.saveInternal(role);
} else {
service.deleteInternal(role);
}
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter in project CzechIdMng by bcvsolutions.
the class RemoveRoleCompositionTaskExecutor method createConcepts.
/**
* Identity role => one applicant => one request can be executed from prepared contracts.
*
* @param preparedConcepts cumulative concepts => will be used to execute request at end
* @param identityRole assigned role
* @return concepts to remove assigned roles
*/
private List<IdmConceptRoleRequestDto> createConcepts(IdmRoleRequestDto roleRequest, List<IdmConceptRoleRequestDto> createdConcepts, IdmIdentityRoleDto identityRole) {
// remove assigned role by concept
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setRoleRequest(roleRequest.getId());
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
conceptRoleRequest.setAutomaticRole(identityRole.getAutomaticRole());
conceptRoleRequest.setDirectRole(identityRole.getDirectRole());
conceptRoleRequest.setRoleComposition(identityRole.getRoleComposition());
//
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(identityRole.getRole());
// prevent cycles ...
createdConcepts.add(conceptRequestService.save(conceptRoleRequest));
roleCompositionService.find(compositionFilter, null).forEach(composition -> {
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setRoleId(composition.getSub());
filter.setRoleCompositionId(composition.getId());
filter.setDirectRoleId(identityRole.getDirectRole());
identityRoleService.find(filter, // just one sub role can be removed => other completely same sub roles will be preserved.
PageRequest.of(0, 1)).forEach(subIdentityRole -> {
// remove all sub
if (!createdConcepts.stream().map(IdmConceptRoleRequestDto::getIdentityRole).anyMatch(ir -> ir.equals(subIdentityRole.getId()))) {
createConcepts(roleRequest, createdConcepts, subIdentityRole);
}
});
});
//
return createdConcepts;
}
Aggregations