Search in sources :

Example 6 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class IdentityDeleteProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    UUID identityId = identity.getId();
    Assert.notNull(identityId, "Identity ID is required!");
    boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
    // 
    // delete contract slices
    IdmContractSliceFilter sliceFilter = new IdmContractSliceFilter();
    sliceFilter.setIdentity(identityId);
    contractSliceService.find(sliceFilter, null).forEach(guarantee -> {
        contractSliceService.delete(guarantee);
    });
    // delete contract slice guarantees
    IdmContractSliceGuaranteeFilter sliceGuaranteeFilter = new IdmContractSliceGuaranteeFilter();
    sliceGuaranteeFilter.setGuaranteeId(identityId);
    contractSliceGuaranteeService.find(sliceGuaranteeFilter, null).forEach(guarantee -> {
        contractSliceGuaranteeService.delete(guarantee);
    });
    // 
    // contracts
    identityContractService.findAllByIdentity(identityId).forEach(identityContract -> {
        // when identity is deleted, then HR processes has to be skipped (prevent to update deleted identity, when contract is removed)
        Map<String, Serializable> properties = new HashMap<>();
        properties.put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
        // propagate force attribute
        properties.put(PROPERTY_FORCE_DELETE, forceDelete);
        // prepare event
        IdentityContractEvent contractEvent = new IdentityContractEvent(IdentityContractEventType.DELETE, identityContract, properties);
        contractEvent.setPriority(PriorityType.HIGH);
        // 
        identityContractService.publish(contractEvent);
    });
    // delete contract guarantees
    IdmContractGuaranteeFilter filter = new IdmContractGuaranteeFilter();
    filter.setGuaranteeId(identityId);
    contractGuaranteeService.find(filter, null).forEach(guarantee -> {
        contractGuaranteeService.delete(guarantee);
    });
    // remove role guarantee
    IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
    roleGuaranteeFilter.setGuarantee(identityId);
    roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeService.delete(roleGuarantee);
    });
    // remove password
    passwordProcessor.deletePassword(identity);
    // delete password history for identity
    passwordHistoryService.deleteAllByIdentity(identityId);
    // disable related tokens - tokens has to be disabled to prevent their usage (when tokens are deleted, then token is recreated)
    tokenManager.disableTokens(identity);
    // 
    // delete all identity's profiles
    IdmProfileFilter profileFilter = new IdmProfileFilter();
    profileFilter.setIdentityId(identityId);
    profileService.find(profileFilter, null).forEach(profile -> {
        profileService.delete(profile);
    });
    // remove all IdentityRoleValidRequest for this identity
    List<IdmIdentityRoleValidRequestDto> validRequests = identityRoleValidRequestService.findAllValidRequestForIdentityId(identityId);
    identityRoleValidRequestService.deleteAll(validRequests);
    // 
    // delete all identity's delegations - delegate
    IdmDelegationDefinitionFilter delegationFilter = new IdmDelegationDefinitionFilter();
    delegationFilter.setDelegateId(identityId);
    delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
        delegationDefinitionService.delete(delegation);
    });
    // 
    // delete all identity's delegations - delegator
    delegationFilter = new IdmDelegationDefinitionFilter();
    delegationFilter.setDelegatorId(identityId);
    delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
        delegationDefinitionService.delete(delegation);
    });
    // deletes identity
    if (forceDelete) {
        LOG.debug("Identity [{}] should be deleted by caller after all asynchronus processes are completed.", identityId);
        // 
        // dirty flag only - will be processed after asynchronous events ends
        IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
        stateDeleted.setEvent(event.getId());
        stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
        entityStateManager.saveState(identity, stateDeleted);
        // 
        // set disabled (automatically)
        identity.setState(IdentityState.DISABLED);
        service.saveInternal(identity);
    } else {
        // delete all role requests where is this identity applicant
        IdmRoleRequestFilter roleRequestFilter = new IdmRoleRequestFilter();
        roleRequestFilter.setApplicantId(identityId);
        roleRequestService.find(roleRequestFilter, null).forEach(request -> {
            roleRequestService.delete(request);
        });
        // 
        service.deleteInternal(identity);
    }
    return new DefaultEventResult<>(event, this);
}
Also used : IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto) IdmContractSliceGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractSliceGuaranteeFilter) Serializable(java.io.Serializable) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) HashMap(java.util.HashMap) IdmProfileFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmProfileFilter) OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto) IdmContractSliceFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractSliceFilter) IdmDelegationDefinitionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmDelegationDefinitionFilter) IdentityContractEvent(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) IdmContractGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractGuaranteeFilter) IdmIdentityRoleValidRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleValidRequestDto)

Example 7 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class RoleGuaranteeEvaluator method getPermissions.

@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
    Set<String> permissions = super.getPermissions(entity, policy);
    if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
        return permissions;
    }
    // 
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
    filter.setRole(entity.getId());
    filter.setGuarantee(securityService.getCurrentId());
    // by identity
    if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
        permissions.addAll(policy.getPermissions());
        return permissions;
    }
    // 
    // by role
    IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
    filterRole.setRole(entity.getId());
    Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
    // TODO: create some subquery ...
    if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
        permissions.addAll(policy.getPermissions());
    }
    // 
    return permissions;
}
Also used : IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_) Autowired(org.springframework.beans.factory.annotation.Autowired) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) Predicate(javax.persistence.criteria.Predicate) BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) Root(javax.persistence.criteria.Root) IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole) IdmRoleGuaranteeRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole_) Description(org.springframework.context.annotation.Description) RepositoryUtils(eu.bcvsolutions.idm.core.api.utils.RepositoryUtils) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter) AbstractEntity_(eu.bcvsolutions.idm.core.api.entity.AbstractEntity_) IdmRoleGuaranteeService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeService) AuthorizationPolicy(eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy) Set(java.util.Set) PageRequest(org.springframework.data.domain.PageRequest) AbstractAuthorizationEvaluator(eu.bcvsolutions.idm.core.security.evaluator.AbstractAuthorizationEvaluator) UUID(java.util.UUID) IdmRoleGuaranteeRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeRoleService) AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication) Collectors(java.util.stream.Collectors) IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_) IdmRoleGuarantee_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee_) IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee) Component(org.springframework.stereotype.Component) LocalDate(java.time.LocalDate) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) Subquery(javax.persistence.criteria.Subquery) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter) UUID(java.util.UUID)

Example 8 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleGuaranteeService method findByRole.

@Override
@Transactional(readOnly = true)
public Page<IdmRoleGuaranteeDto> findByRole(UUID roleId, Pageable pageable, BasePermission... permission) {
    Assert.notNull(roleId, "Role identifier is required.");
    // 
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
    filter.setRole(roleId);
    // 
    return find(filter, pageable, permission);
}
Also used : IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class ExternalCodeableFilterBuilderIntegrationTest method testTryFindNotExternalCodeentifiableEntity.

@Test(expected = EntityTypeNotExternalCodeableException.class)
public void testTryFindNotExternalCodeentifiableEntity() {
    MultiValueMap<String, Object> params = new LinkedMultiValueMap<>();
    params.set(ExternalCodeable.PROPERTY_EXTERNAL_CODE, "wrong");
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter(params);
    roleGuaranteeService.find(filter, null);
}
Also used : LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Test(org.junit.Test) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)

Example 10 with IdmRoleGuaranteeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.

the class RequestManagerTest method testFind.

@Test
public void testFind() {
    // Create role
    IdmRoleDto role = getHelper().createRole();
    // Create guarantee One
    IdmIdentityDto guaranteeOne = getHelper().createIdentity();
    IdmRoleGuaranteeDto roleGuaranteeOne = getHelper().createRoleGuarantee(role, guaranteeOne);
    IdmRoleGuaranteeFilter guaranteeFilter = new IdmRoleGuaranteeFilter();
    guaranteeFilter.setRole(role.getId());
    Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
    // Create request
    IdmRequestDto request = requestManager.createRequest(role);
    Assert.assertNotNull(request);
    List<IdmRoleGuaranteeDto> guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guarantees.size());
    // Create guarantee
    IdmIdentityDto guarantee = getHelper().createIdentity();
    IdmRoleGuaranteeDto roleGuaranteeTwo = new IdmRoleGuaranteeDto();
    roleGuaranteeTwo.setRole(role.getId());
    roleGuaranteeTwo.setGuarantee(guarantee.getId());
    IdmRoleGuaranteeDto requestablePost = requestManager.post(request.getId(), roleGuaranteeTwo);
    IdmRequestItemDto changeRequestItem = DtoUtils.getEmbedded(requestablePost, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
    Assert.assertEquals(RequestOperationType.ADD, changeRequestItem.getOperation());
    // Find via standard service returns still only one result
    Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
    // Find via request manager returns two results
    guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(2, guarantees.size());
    // Create new request
    IdmRequestDto requestTwo = requestManager.createRequest(role);
    Assert.assertNotNull(requestTwo);
    guarantees = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guarantees.size());
    // Change the role-guarantee (use new guarantee)
    IdmIdentityDto guaranteeTwo = getHelper().createIdentity();
    roleGuaranteeOne.setGuarantee(guaranteeTwo.getId());
    IdmRoleGuaranteeDto roleGuaranteeOneRequest = requestManager.post(requestTwo.getId(), roleGuaranteeOne);
    changeRequestItem = DtoUtils.getEmbedded(roleGuaranteeOneRequest, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
    Assert.assertEquals(RequestOperationType.UPDATE, changeRequestItem.getOperation());
    // Role guarantee One are equals (same ID), but must have different guarantee
    IdmRoleGuaranteeDto currentRoleGuaranteeOne = roleGuaranteeService.get(roleGuaranteeOne);
    Assert.assertEquals(currentRoleGuaranteeOne, roleGuaranteeOneRequest);
    Assert.assertNotEquals(currentRoleGuaranteeOne.getGuarantee(), roleGuaranteeOneRequest.getGuarantee());
    guarantees = roleGuaranteeService.find(guaranteeFilter, null).getContent();
    // Find via standard service returns still only one result
    Assert.assertEquals(1, guarantees.size());
    // Find via request manager returns one result too (item was only updated in the
    // request)
    List<IdmRoleGuaranteeDto> guaranteesRequest = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
    Assert.assertEquals(1, guaranteesRequest.size());
    // Role guarantee One are equals (same ID), but must have different guarantee
    Assert.assertEquals(guarantees.get(0), guaranteesRequest.get(0));
    Assert.assertNotEquals(guarantees.get(0).getGuarantee(), guaranteesRequest.get(0).getGuarantee());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRequestItemDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestItemDto) IdmRoleGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Aggregations

IdmRoleGuaranteeFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter)12 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)6 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)6 Test (org.junit.Test)6 IdmRoleGuaranteeDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto)5 UUID (java.util.UUID)4 IdmRoleGuaranteeRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter)3 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)3 DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)2 IdmEntityStateDto (eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto)2 OperationResultDto (eu.bcvsolutions.idm.core.api.dto.OperationResultDto)2 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)2 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)1 ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)1 CoreResultCode (eu.bcvsolutions.idm.core.api.domain.CoreResultCode)1 OperationState (eu.bcvsolutions.idm.core.api.domain.OperationState)1 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)1 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)1