Examples with IdmRoleRequestFilter eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter used on opensource projects

Example 16 with IdmRoleRequestFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter in project CzechIdMng by bcvsolutions.

the class ChangeIdentityPermissionTest method testFindCandidatesWithSubprocess.

@Test
public void testFindCandidatesWithSubprocess() {
    ZonedDateTime now = ZonedDateTime.now().truncatedTo(ChronoUnit.MILLIS);
    getHelper().waitForResult(null, 1, 1);
    // approve only by help desk
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "true");
    loginAsAdmin();
    // helpdesk role and identity
    IdmRoleDto helpdeskRole = getHelper().createRole();
    IdmIdentityDto helpdeskIdentity = getHelper().createIdentity();
    // add role directly
    getHelper().createIdentityRole(helpdeskIdentity, helpdeskRole);
    configurationService.setValue(APPROVE_BY_HELPDESK_ROLE, helpdeskRole.getCode());
    IdmIdentityDto identity = identityService.getByUsername(InitTestDataProcessor.TEST_USER_1);
    IdmIdentityDto guarantee = identityService.getByUsername(InitTestDataProcessor.TEST_USER_2);
    // Guarantee
    int priority = 500;
    IdmRoleDto adminRole = roleConfiguration.getAdminRole();
    adminRole.setPriority(priority);
    getHelper().createRoleGuarantee(adminRole, guarantee);
    adminRole = roleService.save(adminRole);
    configurationService.setValue(IdmRoleService.WF_BY_ROLE_PRIORITY_PREFIX + priority, APPROVE_ROLE_BY_MANAGER_KEY);
    IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
    IdmRoleRequestDto request = createRoleRequest(identity);
    request = roleRequestService.save(request);
    IdmConceptRoleRequestDto concept = createRoleConcept(adminRole, contract, request);
    concept = conceptRoleRequestService.save(concept);
    IdmRequestIdentityRoleFilter requestIdentityRoleFilter = new IdmRequestIdentityRoleFilter();
    requestIdentityRoleFilter.setIncludeCandidates(true);
    requestIdentityRoleFilter.setRoleRequestId(request.getId());
    requestIdentityRoleFilter.setIdentityId(identity.getId());
    List<IdmRequestIdentityRoleDto> requestIdentityRoles = requestIdentityRoleService.find(requestIdentityRoleFilter, null).getContent();
    assertEquals(1, requestIdentityRoles.size());
    IdmRequestIdentityRoleDto requestIdentityRoleDto = requestIdentityRoles.get(0);
    assertNull(requestIdentityRoleDto.getCandidates());
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
    WorkflowFilterDto taskFilter = new WorkflowFilterDto();
    taskFilter.setCreatedAfter(now);
    taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
    List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
    assertEquals(0, tasks.size());
    Set<IdmIdentityDto> candidates = workflowProcessInstanceService.getApproversForProcess(request.getWfProcessId());
    assertEquals(1, candidates.size());
    candidates = workflowProcessInstanceService.getApproversForSubprocess(request.getWfProcessId());
    assertEquals(0, candidates.size());
    requestIdentityRoleFilter = new IdmRequestIdentityRoleFilter();
    requestIdentityRoleFilter.setIncludeCandidates(true);
    requestIdentityRoleFilter.setRoleRequestId(request.getId());
    requestIdentityRoleFilter.setIdentityId(identity.getId());
    requestIdentityRoles = requestIdentityRoleService.find(requestIdentityRoleFilter, null).getContent();
    assertEquals(1, requestIdentityRoles.size());
    requestIdentityRoleDto = requestIdentityRoles.get(0);
    assertNull(requestIdentityRoleDto.getCandidates());
    IdmRoleRequestFilter filter = new IdmRoleRequestFilter();
    filter.setIncludeApprovers(true);
    IdmRoleRequestDto requestDto = roleRequestService.get(request.getId(), filter);
    assertEquals(1, requestDto.getApprovers().size());
    // HELPDESK
    loginAsAdmin(helpdeskIdentity.getUsername());
    taskFilter.setCandidateOrAssigned(helpdeskIdentity.getUsername());
    checkAndCompleteOneTask(taskFilter, InitTestDataProcessor.TEST_USER_1, "approve");
    filter.setIncludeApprovers(false);
    requestDto = roleRequestService.get(request.getId(), filter);
    assertNull(requestDto.getApprovers());
    // Subprocess - approve by Manager
    request = roleRequestService.get(request.getId());
    loginAsAdmin(guarantee.getUsername());
    taskFilter.setCandidateOrAssigned(InitTestDataProcessor.TEST_USER_2);
    tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
    assertEquals(1, tasks.size());
    concept = conceptRoleRequestService.get(concept.getId());
    String conceptWf = concept.getWfProcessId();
    assertNotNull(conceptWf);
    assertNotNull(workflowProcessInstanceService.get(conceptWf));
    candidates = workflowProcessInstanceService.getApproversForProcess(request.getWfProcessId());
    assertEquals(1, candidates.size());
    IdmIdentityDto approversFromProcess = candidates.stream().findFirst().get();
    candidates = workflowProcessInstanceService.getApproversForSubprocess(request.getWfProcessId());
    assertEquals(1, candidates.size());
    IdmIdentityDto approversFromSubProcess = candidates.stream().findFirst().get();
    assertEquals(approversFromProcess.getId(), approversFromSubProcess.getId());
    requestIdentityRoleFilter = new IdmRequestIdentityRoleFilter();
    requestIdentityRoleFilter.setIncludeCandidates(true);
    requestIdentityRoleFilter.setRoleRequestId(request.getId());
    requestIdentityRoleFilter.setIdentityId(identity.getId());
    requestIdentityRoles = requestIdentityRoleService.find(requestIdentityRoleFilter, null).getContent();
    assertEquals(1, requestIdentityRoles.size());
    requestIdentityRoleDto = requestIdentityRoles.get(0);
    assertEquals(1, requestIdentityRoleDto.getCandidates().size());
    requestIdentityRoleFilter.setIncludeCandidates(false);
    requestIdentityRoles = requestIdentityRoleService.find(requestIdentityRoleFilter, null).getContent();
    assertEquals(1, requestIdentityRoles.size());
    requestIdentityRoleDto = requestIdentityRoles.get(0);
    assertNull(requestIdentityRoleDto.getCandidates());
    filter = new IdmRoleRequestFilter();
    filter.setIncludeApprovers(true);
    requestDto = roleRequestService.get(request.getId(), filter);
    assertEquals(1, requestDto.getApprovers().size());
    filter.setIncludeApprovers(false);
    requestDto = roleRequestService.get(request.getId(), filter);
    assertNull(requestDto.getApprovers());
}

Example 17 with IdmRoleRequestFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter in project CzechIdMng by bcvsolutions.

the class DefaultTestHelper method startRequestInternal.

@Override
public IdmRoleRequestDto startRequestInternal(IdmRoleRequestDto roleRequest, boolean checkRight, boolean immediate) {
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(RoleRequestProcessor.CHECK_RIGHT_PROPERTY, checkRight);
    CoreEvent<IdmRoleRequestDto> event = new CoreEvent<IdmRoleRequestDto>((EventType) () -> "EXCECUTE", roleRequest, properties);
    if (immediate) {
        event.setPriority(PriorityType.IMMEDIATE);
    }
    // 
    roleRequestService.startRequestInternal(event);
    // 
    return roleRequestService.get(roleRequest.getId(), new IdmRoleRequestFilter(true));
}

Example 18 with IdmRoleRequestFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter in project CzechIdMng by bcvsolutions.

the class IdentityDeleteBulkAction method end.

@Override
protected OperationResult end(OperationResult result, Exception exception) {
    if (exception != null || (result != null && OperationState.EXECUTED != result.getState())) {
        return super.end(result, exception);
    }
    // success - force by default
    for (UUID identityId : processedIds) {
        IdmIdentityDto identity = getService().get(identityId);
        if (identity != null) {
            // delete identity contracts => contract related records are  removed asynchornously, but contract itself will be removed here
            for (IdmIdentityContractDto contract : contractService.findAllByIdentity(identityId)) {
                // check assigned roles again - can be assigned in the meantime ...
                IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
                UUID contractId = contract.getId();
                identityRoleFilter.setIdentityContractId(contractId);
                if (identityRoleService.count(identityRoleFilter) > 0) {
                    return super.end(result, new ResultCodeException(CoreResultCode.CONTRACT_DELETE_FAILED_ROLE_ASSIGNED, ImmutableMap.of("contract", contractId)));
                }
                contractService.deleteInternal(contract);
                // 
                LOG.debug("Contract [{}] deleted.", contractId);
                // clean up all states
                entityStateManager.deleteStates(contract, null, null);
            }
            // 
            // Delete all role requests where is this identity applicant - processed asynchronous requests should be deleted here
            IdmRoleRequestFilter roleRequestFilter = new IdmRoleRequestFilter();
            roleRequestFilter.setApplicantId(identityId);
            roleRequestService.find(roleRequestFilter, null).forEach(request -> {
                roleRequestService.delete(request);
            });
            // 
            identityService.deleteInternal(identity);
            // 
            LOG.debug("Identity [{}] deleted.", identity.getUsername());
        } else {
            LOG.debug("Identity [{}] already deleted.", identityId);
        }
        // clean up all states
        entityStateManager.deleteStates(new IdmIdentityDto(identityId), null, null);
    }
    return super.end(result, exception);
}

Example 19 with IdmRoleRequestFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestService method executeRequestInternal.

private IdmRoleRequestDto executeRequestInternal(EntityEvent<IdmRoleRequestDto> requestEvent) {
    UUID requestId = requestEvent.getContent().getId();
    Assert.notNull(requestId, "Role request ID is required!");
    IdmRoleRequestDto request = this.get(requestId, new IdmRoleRequestFilter(true));
    Assert.notNull(request, "Role request is required!");
    List<IdmConceptRoleRequestDto> concepts = request.getConceptRoles();
    IdmIdentityDto identity = identityService.get(request.getApplicant());
    boolean identityNotSame = concepts.stream().anyMatch(concept -> {
        // get contract DTO from embedded map
        IdmIdentityContractDto contract = (IdmIdentityContractDto) concept.getEmbedded().get(IdmConceptRoleRequestService.IDENTITY_CONTRACT_FIELD);
        if (contract == null) {
            contract = identityContractService.get(concept.getIdentityContract());
        }
        Assert.notNull(contract, "Contract cannot be empty!");
        return !identity.getId().equals(contract.getIdentity());
    });
    if (identityNotSame) {
        throw new RoleRequestException(CoreResultCode.ROLE_REQUEST_APPLICANTS_NOT_SAME, ImmutableMap.of("request", request, "applicant", identity.getUsername()));
    }
    // Add changed identity-roles to event (prevent redundant search). We will used them for recalculations (ACM / provisioning).
    // Beware!! Sets have to be defined here, because without that will be not propagated to a sub event (role-request -> identity-role event)!
    requestEvent.getProperties().put(IdentityRoleEvent.PROPERTY_ASSIGNED_NEW_ROLES, Sets.newHashSet());
    requestEvent.getProperties().put(IdentityRoleEvent.PROPERTY_ASSIGNED_UPDATED_ROLES, Sets.newHashSet());
    requestEvent.getProperties().put(IdentityRoleEvent.PROPERTY_ASSIGNED_REMOVED_ROLES, Sets.newHashSet());
    requestEvent.getProperties().put(IdmAccountDto.IDENTITY_ACCOUNT_FOR_DELAYED_ACM, Sets.newHashSet());
    requestEvent.getProperties().put(IdmAccountDto.ACCOUNT_FOR_ADDITIONAL_PROVISIONING, Sets.newHashSet());
    // Remove not approved concepts.
    List<IdmConceptRoleRequestDto> approvedConcepts = concepts.stream().filter(concept -> {
        // approval event disabled).
        return RoleRequestState.APPROVED == concept.getState() || RoleRequestState.CONCEPT == concept.getState();
    }).collect(Collectors.toList());
    // Add concepts for business roles.
    List<IdmIdentityRoleDto> allAssignedRoles = identityRoleService.findAllByIdentity(identity.getId());
    List<IdmConceptRoleRequestDto> allApprovedConcepts = appendBusinessRoleConcepts(approvedConcepts, allAssignedRoles);
    // Create new identity role.
    allApprovedConcepts.stream().filter(concept -> ConceptRoleRequestOperation.ADD == concept.getOperation()).forEach(concept -> {
        if (!cancelInvalidConcept(allAssignedRoles, concept, request)) {
            // assign new role
            createAssignedRole(allApprovedConcepts, concept, request, requestEvent);
        }
        flushHibernateSession();
    });
    // Update identity role
    allApprovedConcepts.stream().filter(concept -> ConceptRoleRequestOperation.UPDATE == concept.getOperation()).forEach(concept -> {
        if (!cancelInvalidConcept(allAssignedRoles, concept, request)) {
            updateAssignedRole(allApprovedConcepts, concept, request, requestEvent);
        }
        flushHibernateSession();
    });
    // Delete identity sub roles at first (prevent to delete sub roles by referential integrity).
    allApprovedConcepts.stream().filter(concept -> ConceptRoleRequestOperation.REMOVE == concept.getOperation()).filter(concept -> concept.getDirectConcept() != null).forEach(concept -> {
        if (!cancelInvalidConcept(allAssignedRoles, concept, request)) {
            removeAssignedRole(concept, request, requestEvent);
        }
        flushHibernateSession();
    });
    // Delete direct identity role
    allApprovedConcepts.stream().filter(concept -> ConceptRoleRequestOperation.REMOVE == concept.getOperation()).filter(concept -> concept.getDirectConcept() == null).forEach(concept -> {
        if (!cancelInvalidConcept(allAssignedRoles, concept, request)) {
            removeAssignedRole(concept, request, requestEvent);
        }
        flushHibernateSession();
    });
    return this.save(request);
}

Example 20 with IdmRoleRequestFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestService method startRequest.

@Override
@Transactional
public IdmRoleRequestDto startRequest(UUID requestId, boolean checkRight) {
    Assert.notNull(requestId, "Role request ID is required!");
    // Load request ... check right for read
    IdmRoleRequestDto request = get(requestId, new IdmRoleRequestFilter(true));
    Assert.notNull(request, "Role request DTO is required!");
    // 
    Map<String, Serializable> variables = new HashMap<>();
    variables.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, checkRight);
    RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, request, variables);
    // 
    return startRequest(event);
}