use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.
the class IdentityDeleteProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
IdmIdentityDto identity = event.getContent();
UUID identityId = identity.getId();
Assert.notNull(identityId, "Identity ID is required!");
boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
//
// delete contract slices
IdmContractSliceFilter sliceFilter = new IdmContractSliceFilter();
sliceFilter.setIdentity(identityId);
contractSliceService.find(sliceFilter, null).forEach(guarantee -> {
contractSliceService.delete(guarantee);
});
// delete contract slice guarantees
IdmContractSliceGuaranteeFilter sliceGuaranteeFilter = new IdmContractSliceGuaranteeFilter();
sliceGuaranteeFilter.setGuaranteeId(identityId);
contractSliceGuaranteeService.find(sliceGuaranteeFilter, null).forEach(guarantee -> {
contractSliceGuaranteeService.delete(guarantee);
});
//
// contracts
identityContractService.findAllByIdentity(identityId).forEach(identityContract -> {
// when identity is deleted, then HR processes has to be skipped (prevent to update deleted identity, when contract is removed)
Map<String, Serializable> properties = new HashMap<>();
properties.put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
// propagate force attribute
properties.put(PROPERTY_FORCE_DELETE, forceDelete);
// prepare event
IdentityContractEvent contractEvent = new IdentityContractEvent(IdentityContractEventType.DELETE, identityContract, properties);
contractEvent.setPriority(PriorityType.HIGH);
//
identityContractService.publish(contractEvent);
});
// delete contract guarantees
IdmContractGuaranteeFilter filter = new IdmContractGuaranteeFilter();
filter.setGuaranteeId(identityId);
contractGuaranteeService.find(filter, null).forEach(guarantee -> {
contractGuaranteeService.delete(guarantee);
});
// remove role guarantee
IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
roleGuaranteeFilter.setGuarantee(identityId);
roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
roleGuaranteeService.delete(roleGuarantee);
});
// remove password
passwordProcessor.deletePassword(identity);
// delete password history for identity
passwordHistoryService.deleteAllByIdentity(identityId);
// disable related tokens - tokens has to be disabled to prevent their usage (when tokens are deleted, then token is recreated)
tokenManager.disableTokens(identity);
//
// delete all identity's profiles
IdmProfileFilter profileFilter = new IdmProfileFilter();
profileFilter.setIdentityId(identityId);
profileService.find(profileFilter, null).forEach(profile -> {
profileService.delete(profile);
});
// remove all IdentityRoleValidRequest for this identity
List<IdmIdentityRoleValidRequestDto> validRequests = identityRoleValidRequestService.findAllValidRequestForIdentityId(identityId);
identityRoleValidRequestService.deleteAll(validRequests);
//
// delete all identity's delegations - delegate
IdmDelegationDefinitionFilter delegationFilter = new IdmDelegationDefinitionFilter();
delegationFilter.setDelegateId(identityId);
delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
delegationDefinitionService.delete(delegation);
});
//
// delete all identity's delegations - delegator
delegationFilter = new IdmDelegationDefinitionFilter();
delegationFilter.setDelegatorId(identityId);
delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
delegationDefinitionService.delete(delegation);
});
// deletes identity
if (forceDelete) {
LOG.debug("Identity [{}] should be deleted by caller after all asynchronus processes are completed.", identityId);
//
// dirty flag only - will be processed after asynchronous events ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(identity, stateDeleted);
//
// set disabled (automatically)
identity.setState(IdentityState.DISABLED);
service.saveInternal(identity);
} else {
// delete all role requests where is this identity applicant
IdmRoleRequestFilter roleRequestFilter = new IdmRoleRequestFilter();
roleRequestFilter.setApplicantId(identityId);
roleRequestService.find(roleRequestFilter, null).forEach(request -> {
roleRequestService.delete(request);
});
//
service.deleteInternal(identity);
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.
the class RoleGuaranteeEvaluator method getPermissions.
@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
Set<String> permissions = super.getPermissions(entity, policy);
if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
return permissions;
}
//
IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
filter.setRole(entity.getId());
filter.setGuarantee(securityService.getCurrentId());
// by identity
if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
permissions.addAll(policy.getPermissions());
return permissions;
}
//
// by role
IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
filterRole.setRole(entity.getId());
Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
// TODO: create some subquery ...
if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
permissions.addAll(policy.getPermissions());
}
//
return permissions;
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleGuaranteeService method findByRole.
@Override
@Transactional(readOnly = true)
public Page<IdmRoleGuaranteeDto> findByRole(UUID roleId, Pageable pageable, BasePermission... permission) {
Assert.notNull(roleId, "Role identifier is required.");
//
IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
filter.setRole(roleId);
//
return find(filter, pageable, permission);
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.
the class ExternalCodeableFilterBuilderIntegrationTest method testTryFindNotExternalCodeentifiableEntity.
@Test(expected = EntityTypeNotExternalCodeableException.class)
public void testTryFindNotExternalCodeentifiableEntity() {
MultiValueMap<String, Object> params = new LinkedMultiValueMap<>();
params.set(ExternalCodeable.PROPERTY_EXTERNAL_CODE, "wrong");
IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter(params);
roleGuaranteeService.find(filter, null);
}
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter in project CzechIdMng by bcvsolutions.
the class RequestManagerTest method testFind.
@Test
public void testFind() {
// Create role
IdmRoleDto role = getHelper().createRole();
// Create guarantee One
IdmIdentityDto guaranteeOne = getHelper().createIdentity();
IdmRoleGuaranteeDto roleGuaranteeOne = getHelper().createRoleGuarantee(role, guaranteeOne);
IdmRoleGuaranteeFilter guaranteeFilter = new IdmRoleGuaranteeFilter();
guaranteeFilter.setRole(role.getId());
Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
// Create request
IdmRequestDto request = requestManager.createRequest(role);
Assert.assertNotNull(request);
List<IdmRoleGuaranteeDto> guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
Assert.assertEquals(1, guarantees.size());
// Create guarantee
IdmIdentityDto guarantee = getHelper().createIdentity();
IdmRoleGuaranteeDto roleGuaranteeTwo = new IdmRoleGuaranteeDto();
roleGuaranteeTwo.setRole(role.getId());
roleGuaranteeTwo.setGuarantee(guarantee.getId());
IdmRoleGuaranteeDto requestablePost = requestManager.post(request.getId(), roleGuaranteeTwo);
IdmRequestItemDto changeRequestItem = DtoUtils.getEmbedded(requestablePost, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
Assert.assertEquals(RequestOperationType.ADD, changeRequestItem.getOperation());
// Find via standard service returns still only one result
Assert.assertEquals(1, roleGuaranteeService.find(guaranteeFilter, null).getTotalElements());
// Find via request manager returns two results
guarantees = requestManager.find(IdmRoleGuaranteeDto.class, request.getId(), guaranteeFilter, null).getContent();
Assert.assertEquals(2, guarantees.size());
// Create new request
IdmRequestDto requestTwo = requestManager.createRequest(role);
Assert.assertNotNull(requestTwo);
guarantees = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
Assert.assertEquals(1, guarantees.size());
// Change the role-guarantee (use new guarantee)
IdmIdentityDto guaranteeTwo = getHelper().createIdentity();
roleGuaranteeOne.setGuarantee(guaranteeTwo.getId());
IdmRoleGuaranteeDto roleGuaranteeOneRequest = requestManager.post(requestTwo.getId(), roleGuaranteeOne);
changeRequestItem = DtoUtils.getEmbedded(roleGuaranteeOneRequest, Requestable.REQUEST_ITEM_FIELD, IdmRequestItemDto.class);
Assert.assertEquals(RequestOperationType.UPDATE, changeRequestItem.getOperation());
// Role guarantee One are equals (same ID), but must have different guarantee
IdmRoleGuaranteeDto currentRoleGuaranteeOne = roleGuaranteeService.get(roleGuaranteeOne);
Assert.assertEquals(currentRoleGuaranteeOne, roleGuaranteeOneRequest);
Assert.assertNotEquals(currentRoleGuaranteeOne.getGuarantee(), roleGuaranteeOneRequest.getGuarantee());
guarantees = roleGuaranteeService.find(guaranteeFilter, null).getContent();
// Find via standard service returns still only one result
Assert.assertEquals(1, guarantees.size());
// Find via request manager returns one result too (item was only updated in the
// request)
List<IdmRoleGuaranteeDto> guaranteesRequest = requestManager.find(IdmRoleGuaranteeDto.class, requestTwo.getId(), guaranteeFilter, null).getContent();
Assert.assertEquals(1, guaranteesRequest.size());
// Role guarantee One are equals (same ID), but must have different guarantee
Assert.assertEquals(guarantees.get(0), guaranteesRequest.get(0));
Assert.assertNotEquals(guarantees.get(0).getGuarantee(), guaranteesRequest.get(0).getGuarantee());
}
Aggregations