Examples with IdmRoleTreeNodeFilter eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter used on opensource projects

Example 6 with IdmRoleTreeNodeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter in project CzechIdMng by bcvsolutions.

the class RoleDeleteProcessor method process.

@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
    boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
    // 
    IdmRoleDto role = event.getContent();
    UUID roleId = role.getId();
    Assert.notNull(roleId, "Role id is required!");
    // check role can be removed without force
    if (!forceDelete) {
        checkWithoutForceDelete(role);
    }
    // 
    // Find all concepts and remove relation on role - has to be the first => concepts are created bellow
    IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
    conceptRequestFilter.setRoleId(roleId);
    List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.find(conceptRequestFilter, null).getContent();
    for (int counter = 0; counter < concepts.size(); counter++) {
        IdmConceptRoleRequestDto concept = concepts.get(counter);
        String message = null;
        if (concept.getState().isTerminatedState()) {
            message = MessageFormat.format("Role [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", role.getCode(), concept.getId());
        } else {
            message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested role [{1}] was deleted (not from this role request)!", concept.getId(), role.getCode());
            // Cancel concept and WF
            concept = conceptRoleRequestService.cancel(concept);
        }
        conceptRoleRequestService.addToLog(concept, message);
        conceptRoleRequestService.save(concept);
        if (counter % 100 == 0) {
            clearSession();
        }
    }
    // remove related assigned roles etc.
    if (forceDelete) {
        // remove directly assigned assigned roles (not automatic)
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setRoleId(roleId);
        identityRoleFilter.setDirectRole(Boolean.TRUE);
        identityRoleFilter.setAutomaticRole(Boolean.FALSE);
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.find(identityRoleFilter, null).getContent();
        for (int counter = 0; counter < assignedRoles.size(); counter++) {
            IdmIdentityRoleDto identityRole = assignedRoles.get(counter);
            IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
            UUID identityId = contract.getIdentity();
            IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
            roleRequest.setApplicant(identityId);
            // 
            IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
            conceptRoleRequest.setIdentityRole(identityRole.getId());
            conceptRoleRequest.setRole(identityRole.getRole());
            conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
            conceptRoleRequest.setIdentityContract(contract.getId());
            conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
            roleRequest.getConceptRoles().add(conceptRoleRequest);
            // 
            // start event
            RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
            roleRequestService.startConcepts(requestEvent, event);
            // 
            if (counter % 100 == 0) {
                clearSession();
            }
        }
        // 
        // related automatic roles by tree structure
        IdmRoleTreeNodeFilter roleTreeNodefilter = new IdmRoleTreeNodeFilter();
        roleTreeNodefilter.setRoleId(roleId);
        roleTreeNodeService.findIds(roleTreeNodefilter, null).stream().forEach(roleTreeNodeId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
            automaticRoleTask.setAutomaticRoleId(roleTreeNodeId);
            longRunningTaskManager.executeSync(automaticRoleTask);
            clearSession();
        });
        // 
        // related automatic roles by attribute
        IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
        automaticRoleFilter.setRoleId(roleId);
        automaticRoleAttributeService.findIds(automaticRoleFilter, null).stream().forEach(automaticRoleId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
            automaticRoleTask.setAutomaticRoleId(automaticRoleId);
            longRunningTaskManager.executeSync(automaticRoleTask);
            clearSession();
        });
        // 
        // business roles
        // prevent to cyclic composition will be processed twice (sub = superior)
        Set<UUID> processedCompositionIds = new HashSet<>();
        // by sub
        IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
        compositionFilter.setSubId(roleId);
        roleCompositionService.findIds(compositionFilter, null).stream().forEach(roleCompositionId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
            roleCompositionTask.setRoleCompositionId(roleCompositionId);
            longRunningTaskManager.executeSync(roleCompositionTask);
            // 
            processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
            clearSession();
        });
        // by superior
        compositionFilter = new IdmRoleCompositionFilter();
        compositionFilter.setSuperiorId(roleId);
        roleCompositionService.findIds(compositionFilter, null).stream().filter(// ~ prevent to cyclic composition will be processed twice (sub = superior)
        roleCompositionId -> !processedCompositionIds.contains(roleCompositionId)).forEach(roleCompositionId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
            roleCompositionTask.setRoleCompositionId(roleCompositionId);
            longRunningTaskManager.executeSync(roleCompositionTask);
            // 
            processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
            clearSession();
        });
    }
    // 
    // remove all policies
    IdmAuthorizationPolicyFilter policyFilter = new IdmAuthorizationPolicyFilter();
    policyFilter.setRoleId(roleId);
    authorizationPolicyService.find(policyFilter, null).forEach(dto -> {
        authorizationPolicyService.delete(dto);
    });
    clearSession();
    // 
    // Cancel all related automatic role requests
    IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
    automaticRoleRequestFilter.setRoleId(roleId);
    automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
        automaticRoleRequestService.cancel(request);
    });
    clearSession();
    // 
    // remove role guarantee
    IdmRoleGuaranteeRoleFilter roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
    roleGuaranteeRoleFilter.setGuaranteeRole(roleId);
    roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeRoleService.delete(roleGuarantee);
    });
    clearSession();
    roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
    roleGuaranteeRoleFilter.setRole(roleId);
    roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeRoleService.delete(roleGuarantee);
    });
    clearSession();
    // 
    // remove guarantees
    IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
    roleGuaranteeFilter.setRole(roleId);
    roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeService.delete(roleGuarantee);
    });
    clearSession();
    // 
    // remove catalogues
    IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
    roleCatalogueRoleFilter.setRoleId(roleId);
    roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).forEach(roleCatalogue -> {
        roleCatalogueRoleService.delete(roleCatalogue);
    });
    clearSession();
    // 
    // remove incompatible roles from both sides
    incompatibleRoleService.findAllByRole(roleId).forEach(incompatibleRole -> {
        incompatibleRoleService.delete(incompatibleRole);
    });
    clearSession();
    // 
    // Remove role-form-attributes
    IdmRoleFormAttributeFilter roleFormAttributeFilter = new IdmRoleFormAttributeFilter();
    roleFormAttributeFilter.setRole(roleId);
    roleFormAttributeService.find(roleFormAttributeFilter, null).forEach(roleCatalogue -> {
        roleFormAttributeService.delete(roleCatalogue);
    });
    // 
    if (forceDelete) {
        LOG.debug("Role [{}] should be deleted by caller after all asynchronus processes are completed.", role.getCode());
        // 
        // dirty flag only - will be processed after asynchronous events ends
        IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
        stateDeleted.setEvent(event.getId());
        stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
        entityStateManager.saveState(role, stateDeleted);
        // 
        // set disabled
        role.setDisabled(true);
        service.saveInternal(role);
    } else {
        service.deleteInternal(role);
    }
    // 
    return new DefaultEventResult<>(event, this);
}

Example 7 with IdmRoleTreeNodeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter in project CzechIdMng by bcvsolutions.

the class TreeNodeDeleteProcessor method checkWithoutForceDelete.

/**
 * Check tree node can be deleted without force delete.
 *
 * @param treeNode deleted tree node
 * @throws ResultCodeException if not
 */
private void checkWithoutForceDelete(IdmTreeNodeDto treeNode) {
    UUID treeNodeId = treeNode.getId();
    // 
    if (service.findChildrenByParent(treeNodeId, PageRequest.of(0, 1)).getTotalElements() > 0) {
        throw new TreeNodeException(CoreResultCode.TREE_NODE_DELETE_FAILED_HAS_CHILDREN, ImmutableMap.of("treeNode", treeNode.getCode()));
    }
    // 
    IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
    contractFilter.setWorkPosition(treeNodeId);
    contractFilter.setRecursionType(RecursionType.NO);
    if (identityContractService.count(contractFilter) > 0) {
        throw new TreeNodeException(CoreResultCode.TREE_NODE_DELETE_FAILED_HAS_CONTRACTS, ImmutableMap.of("treeNode", treeNode.getCode()));
    }
    // 
    IdmContractSliceFilter sliceFilter = new IdmContractSliceFilter();
    sliceFilter.setTreeNode(treeNodeId);
    if (contractSliceService.find(sliceFilter, null).getTotalElements() > 0) {
        throw new TreeNodeException(CoreResultCode.TREE_NODE_DELETE_FAILED_HAS_CONTRACT_SLICES, ImmutableMap.of("treeNode", treeNode.getCode()));
    }
    // 
    IdmContractPositionFilter positionFilter = new IdmContractPositionFilter();
    positionFilter.setWorkPosition(treeNodeId);
    if (contractPositionService.find(positionFilter, PageRequest.of(0, 1)).getTotalElements() > 0) {
        throw new TreeNodeException(CoreResultCode.TREE_NODE_DELETE_FAILED_HAS_CONTRACT_POSITIONS, ImmutableMap.of("treeNode", treeNode.getCode()));
    }
    // 
    // check related automatic roles
    IdmRoleTreeNodeFilter filter = new IdmRoleTreeNodeFilter();
    filter.setTreeNodeId(treeNodeId);
    if (roleTreeNodeService.find(filter, null).getTotalElements() > 0) {
        throw new TreeNodeException(CoreResultCode.TREE_NODE_DELETE_FAILED_HAS_ROLE, ImmutableMap.of("treeNode", treeNode.getCode()));
    }
}

Example 8 with IdmRoleTreeNodeFilter

use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter in project CzechIdMng by bcvsolutions.

the class ProcessAutomaticRoleByTreeTaskExecutor method getItemsToProcess.

@Override
public Page<IdmRoleTreeNodeDto> getItemsToProcess(Pageable pageable) {
    IdmRoleTreeNodeFilter filter = new IdmRoleTreeNodeFilter();
    // 
    // we need to process all automatic roles => assigned role removal is on the end
    List<IdmRoleTreeNodeDto> items = new ArrayList<>(automaticRoles.size());
    // 
    // prevent to exceed IN limit sql clause
    int pageSize = 500;
    Page<UUID> idPage = new PageImpl<UUID>(automaticRoles, PageRequest.of(0, pageSize), automaticRoles.size());
    for (int page = 0; page < idPage.getTotalPages(); page++) {
        int end = (page + 1) * pageSize;
        if (end > automaticRoles.size()) {
            end = automaticRoles.size();
        }
        filter.setIds(automaticRoles.subList(page * pageSize, end));
        items.addAll(roleTreeNodeService.find(filter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(String.format("%s.%s", IdmRoleTreeNode_.role.getName(), IdmRole_.code.getName())))).getContent());
    }
    // 
    return new PageImpl<>(items, PageRequest.of(0, automaticRoles.size()), automaticRoles.size());
}