Search in sources :

Example 1 with IdmRoleSystemFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleService method toDto.

@Override
@SuppressWarnings("unchecked")
protected IdmRoleDto toDto(IdmRole entity, IdmRoleDto dto, IdmRoleFilter context) {
    IdmRoleDto roleDto = super.toDto(entity, dto, context);
    // Adds to result count of systems for this role, which are in cross-domain group.
    if (context != null && context.getIncludeCrossDomainsSystemsCount() != null && context.getIncludeCrossDomainsSystemsCount() && roleDto != null && roleDto.getId() != null && roleSystemService instanceof AbstractReadDtoService) {
        @SuppressWarnings(value = "rawtypes") AbstractReadDtoService roleSystemService = (AbstractReadDtoService) this.roleSystemService;
        BaseFilter roleSystemFilter = roleSystemService.createFilterInstance();
        if (roleSystemFilter instanceof IdmRoleSystemFilter) {
            IdmRoleSystemFilter idmRoleSystemFilter = (IdmRoleSystemFilter) roleSystemFilter;
            idmRoleSystemFilter.setIsInCrossDomainGroupRoleId(roleDto.getId());
            // Permission: User can read role -> can read connected systems.
            long count = roleSystemService.count(idmRoleSystemFilter);
            roleDto.setSystemsInCrossDomains(count);
        }
    }
    return roleDto;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AbstractReadDtoService(eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService) BaseFilter(eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter) IdmRoleSystemFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleSystemFilter)

Example 2 with IdmRoleSystemFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultIdmRequestIdentityRoleService method conceptToRequestIdentityRole.

/**
 * Converts concept to the request-identity-roles.
 *
 * @param concept
 * @param filter
 * @return
 */
@SuppressWarnings("unchecked")
private IdmRequestIdentityRoleDto conceptToRequestIdentityRole(IdmConceptRoleRequestDto concept, IdmRequestIdentityRoleFilter filter) {
    IdmRequestIdentityRoleDto requestIdentityRoleDto = modelMapper.map(concept, IdmRequestIdentityRoleDto.class);
    // load permission from related contract or role (OR)
    if (// from find method only
    filter != null && // newly requested role only
    ConceptRoleRequestOperation.ADD == concept.getOperation() && !concept.getState().isTerminatedState()) {
        // not terminated concepts
        // by related contract (backward compatible)
        IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(concept, IdmConceptRoleRequest_.identityContract);
        Set<String> contractPermissions = identityContractService.getPermissions(contract);
        if (PermissionUtils.hasPermission(contractPermissions, ContractBasePermission.CHANGEPERMISSION)) {
            Set<String> permissions = requestIdentityRoleDto.getPermissions();
            if (permissions == null) {
                permissions = new HashSet<>();
            }
            permissions.add(ContractBasePermission.CHANGEPERMISSION.getName());
            requestIdentityRoleDto.setPermissions(permissions);
        } else {
            // by related role
            IdmRoleDto role = lookupService.lookupEmbeddedDto(concept, IdmConceptRoleRequest_.role);
            Set<String> rolePermissions = roleService.getPermissions(role);
            if (PermissionUtils.hasPermission(rolePermissions, RoleBasePermission.CHANGEPERMISSION)) {
                Set<String> permissions = requestIdentityRoleDto.getPermissions();
                if (permissions == null) {
                    permissions = new HashSet<>();
                }
                permissions.add(RoleBasePermission.CHANGEPERMISSION.getName());
                requestIdentityRoleDto.setPermissions(permissions);
            }
        }
    }
    if (filter != null && filter.isIncludeEav()) {
        IdmFormInstanceDto formInstanceDto;
        if (ConceptRoleRequestOperation.REMOVE == concept.getOperation()) {
            IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(concept, IdmConceptRoleRequest_.identityRole, IdmIdentityRoleDto.class, (IdmIdentityRoleDto) null);
            if (identityRole == null) {
                // Identity-role was not found, remove concept was executed (identity-role was removed).
                return addCandidates(requestIdentityRoleDto, concept, filter);
            }
            formInstanceDto = identityRoleService.getRoleAttributeValues(identityRole);
        } else {
            // Check on change of values is made only on ended request! 'Original' value is current value and in audit it was confusing (only 'new' value is show now).
            formInstanceDto = conceptRoleService.getRoleAttributeValues(concept, !concept.getState().isTerminatedState());
        }
        addEav(requestIdentityRoleDto, formInstanceDto);
    }
    // Include info if is role in cross-domain group.
    if (filter != null && filter.isIncludeCrossDomainsSystemsCount()) {
        if (ConceptRoleRequestOperation.REMOVE != concept.getOperation()) {
            IdmRoleDto roleDto = DtoUtils.getEmbedded(concept, IdmConceptRoleRequest_.role.getName(), IdmRoleDto.class, null);
            if (roleDto != null && this.roleSystemService instanceof AbstractReadDtoService) {
                AbstractReadDtoService<?, ?, IdmRoleSystemFilter> roleSystemService = (AbstractReadDtoService<?, ?, IdmRoleSystemFilter>) this.roleSystemService;
                BaseFilter roleSystemFilter = roleSystemService.createFilterInstance();
                if (roleSystemFilter instanceof IdmRoleSystemFilter) {
                    IdmRoleSystemFilter idmRoleSystemFilter = (IdmRoleSystemFilter) roleSystemFilter;
                    idmRoleSystemFilter.setIsInCrossDomainGroupRoleId(roleDto.getId());
                    long count = roleSystemService.count(idmRoleSystemFilter);
                    roleDto.setSystemsInCrossDomains(count);
                }
            }
        }
    }
    return addCandidates(requestIdentityRoleDto, concept, filter);
}
Also used : IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRequestIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestIdentityRoleDto) IdmRoleSystemFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleSystemFilter) BaseFilter(eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter) AbstractReadDtoService(eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Aggregations

IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)2 BaseFilter (eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)2 IdmRoleSystemFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleSystemFilter)2 AbstractReadDtoService (eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService)2 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)1 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)1 IdmRequestIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRequestIdentityRoleDto)1 IdmFormInstanceDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)1