Search in sources :

Example 1 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto);
    Assert.notNull(identity);
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate TODO: validate for admin?
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - til, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) Autowired(org.springframework.beans.factory.annotation.Autowired) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmPasswordService(eu.bcvsolutions.idm.core.api.service.IdmPasswordService) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Description(org.springframework.context.annotation.Description) AccModuleDescriptor(eu.bcvsolutions.idm.acc.AccModuleDescriptor) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) AccIdentityAccountRepository(eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) Component(org.springframework.stereotype.Component) IdmPasswordPolicy(eu.bcvsolutions.idm.core.model.entity.IdmPasswordPolicy) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) IdentityConfiguration(eu.bcvsolutions.idm.core.api.config.domain.IdentityConfiguration) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 2 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestService method startApprovalProcess.

@Override
@Transactional
public boolean startApprovalProcess(IdmRoleRequestDto request, boolean checkRight, EntityEvent<IdmRoleRequestDto> event, String wfDefinition) {
    // and do realization immediately (without start approval process)
    if (request.isExecuteImmediately()) {
        boolean haveRightExecuteImmediately = securityService.hasAnyAuthority(CoreGroupPermission.ROLE_REQUEST_EXECUTE);
        if (checkRight && !haveRightExecuteImmediately) {
            throw new RoleRequestException(CoreResultCode.ROLE_REQUEST_NO_EXECUTE_IMMEDIATELY_RIGHT, ImmutableMap.of("new", request));
        }
        // All concepts in progress state will be set on approved (we can
        // execute it immediately)
        request.getConceptRoles().stream().filter(concept -> {
            return RoleRequestState.IN_PROGRESS == concept.getState();
        }).forEach(concept -> {
            concept.setState(RoleRequestState.APPROVED);
            conceptRoleRequestService.save(concept);
        });
        // Execute request immediately
        return true;
    } else {
        IdmIdentityDto applicant = identityService.get(request.getApplicant());
        Map<String, Object> variables = new HashMap<>();
        // Minimize size of DTO persisting to WF
        IdmRoleRequestDto eventRequest = event.getContent();
        trimRequest(eventRequest);
        eventRequest.setConceptRoles(null);
        eventRequest.setOriginalRequest(null);
        variables.put(EntityEvent.EVENT_PROPERTY, event);
        ProcessInstance processInstance = workflowProcessInstanceService.startProcess(wfDefinition, IdmIdentity.class.getSimpleName(), applicant.getUsername(), applicant.getId().toString(), variables);
        // We have to refresh request (maybe was changed in wf process)
        request = this.get(request.getId());
        request.setWfProcessId(processInstance.getProcessInstanceId());
        this.save(request);
    }
    return false;
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) WorkflowProcessInstanceDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowProcessInstanceDto) Autowired(org.springframework.beans.factory.annotation.Autowired) StringUtils(org.apache.commons.lang3.StringUtils) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) Predicate(javax.persistence.criteria.Predicate) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) Loggable(eu.bcvsolutions.idm.core.api.domain.Loggable) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmRoleRequest(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest) UUID(java.util.UUID) Serializable(java.io.Serializable) IdmRoleRequestRepository(eu.bcvsolutions.idm.core.model.repository.IdmRoleRequestRepository) List(java.util.List) IdmRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter) Optional(java.util.Optional) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) RoleRequestEventType(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent.RoleRequestEventType) RoleRequestApprovalProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.RoleRequestApprovalProcessor) IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_) IdmRoleRequest_(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest_) RoleRequestedByType(eu.bcvsolutions.idm.core.api.domain.RoleRequestedByType) HashMap(java.util.HashMap) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) Strings(com.google.common.base.Strings) Propagation(org.springframework.transaction.annotation.Propagation) Service(org.springframework.stereotype.Service) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) WorkflowProcessInstanceService(eu.bcvsolutions.idm.core.workflow.service.WorkflowProcessInstanceService) AbstractReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.AbstractReadWriteDtoService) WorkflowFilterDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowFilterDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) Root(javax.persistence.criteria.Root) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) DateTime(org.joda.time.DateTime) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Throwables(com.google.common.base.Throwables) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) ApplicationContext(org.springframework.context.ApplicationContext) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType) Transactional(org.springframework.transaction.annotation.Transactional) Assert(org.springframework.util.Assert) RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) HashMap(java.util.HashMap) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityAccountDeleteProcessor method process.

@Override
public EventResult<AccIdentityAccountDto> process(EntityEvent<AccIdentityAccountDto> event) {
    AccIdentityAccountDto entity = event.getContent();
    UUID account = entity.getAccount();
    AccAccountDto accountDto = accountService.get(account);
    Assert.notNull(accountDto, "Account cannot be null!");
    // We check if exists another (ownership) identity-accounts, if not
    // then we will delete account
    List<AccIdentityAccountDto> identityAccounts = findIdentityAccounts(account);
    boolean moreIdentityAccounts = identityAccounts.stream().filter(identityAccount -> {
        return identityAccount.isOwnership() && !identityAccount.equals(entity);
    }).findAny().isPresent();
    boolean deleteTargetAccount = (boolean) event.getProperties().get(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY);
    // If is account in protection, then we will not delete
    // identity-account
    // But is here exception from this. When is presented
    // attribute FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, then
    // we will do delete of identity-account (it is important
    // for integrity ... for example during delete of whole
    // identity).
    boolean forceDeleteIdentityAccount = isForceDeleteAttributePresent(event.getProperties());
    if (!moreIdentityAccounts && entity.isOwnership()) {
        if (accountDto.isAccountProtectedAndValid()) {
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will deleted!
                deleteTargetAccount = true;
            } else {
                throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", accountDto.getUid()));
            }
        // Is account protection activated on system mapping?
        // Set account as protected we can only on account without protection (event has already invalid protection)!
        } else if (!accountDto.isInProtection() && systemMappingService.isEnabledProtection(accountDto)) {
            // This identity account is last ... protection will be
            // activated
            activateProtection(accountDto);
            accountDto = accountService.save(accountDto);
            entity.setRoleSystem(null);
            entity.setIdentityRole(null);
            service.save(entity);
            doProvisioningSkipAccountProtection(accountDto, entity.getEntity());
            // identity-account
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will be deleted!
                deleteTargetAccount = true;
            } else {
                return new DefaultEventResult<>(event, this);
            }
        }
    }
    service.deleteInternal(entity);
    if (!moreIdentityAccounts && entity.isOwnership()) {
        // We delete all identity accounts first
        identityAccounts.stream().filter(identityAccount -> identityAccount.isOwnership() && !identityAccount.equals(entity)).forEach(identityAccount -> {
            service.delete(identityAccount);
        });
        // Finally we can delete account
        accountService.publish(new AccountEvent(AccountEventType.DELETE, accountDto, ImmutableMap.of(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY, deleteTargetAccount, AccAccountService.ENTITY_ID_PROPERTY, entity.getEntity())));
    }
    return new DefaultEventResult<>(event, this);
}
Also used : AccountEvent(eu.bcvsolutions.idm.acc.event.AccountEvent) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) Autowired(org.springframework.beans.factory.annotation.Autowired) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) CoreEvent(eu.bcvsolutions.idm.core.api.event.CoreEvent) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) IdentityAccountEventType(eu.bcvsolutions.idm.acc.event.IdentityAccountEvent.IdentityAccountEventType) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AccountEventType(eu.bcvsolutions.idm.acc.event.AccountEvent.AccountEventType) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Description(org.springframework.context.annotation.Description) ImmutableMap(com.google.common.collect.ImmutableMap) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DateTime(org.joda.time.DateTime) UUID(java.util.UUID) Serializable(java.io.Serializable) ProvisioningEventType(eu.bcvsolutions.idm.acc.event.ProvisioningEvent.ProvisioningEventType) List(java.util.List) Component(org.springframework.stereotype.Component) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Assert(org.springframework.util.Assert) AccountEvent(eu.bcvsolutions.idm.acc.event.AccountEvent) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) UUID(java.util.UUID) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 4 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class ContractSynchronizationExecutor method save.

/**
 * Save entity
 *
 * @param entity
 * @param skipProvisioning
 * @return
 */
@Override
protected IdmIdentityContractDto save(IdmIdentityContractDto entity, boolean skipProvisioning) {
    if (entity.getIdentity() == null) {
        throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_CANNOT_BE_NULL, ImmutableMap.of("property", CONTRACT_IDENTITY_FIELD));
    }
    EntityEvent<IdmIdentityContractDto> event = new IdentityContractEvent(contractService.isNew(entity) ? IdentityContractEventType.CREATE : IdentityContractEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
    // We do not want execute HR processes for every contract. We need start
    // them for every identity only once.
    // For this we skip them now. HR processes must be start after whole
    // sync finished (by using dependent scheduled task)!
    event.getProperties().put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
    // 
    // We don't want recalculate automatic role by attribute recalculation for every contract.
    // Recalculation will be started only once.
    event.getProperties().put(IdmAutomaticRoleAttributeService.SKIP_RECALCULATION, Boolean.TRUE);
    IdmIdentityContractDto contract = contractService.publish(event).getContent();
    if (entity.getEmbedded().containsKey(SYNC_CONTRACT_FIELD)) {
        SyncIdentityContractDto syncContract = (SyncIdentityContractDto) entity.getEmbedded().get(SYNC_CONTRACT_FIELD);
        IdmContractGuaranteeFilter guaranteeFilter = new IdmContractGuaranteeFilter();
        guaranteeFilter.setIdentityContractId(contract.getId());
        List<IdmContractGuaranteeDto> currentGuarantees = guaranteeService.find(guaranteeFilter, null).getContent();
        // Search guarantees to delete
        List<IdmContractGuaranteeDto> guaranteesToDelete = currentGuarantees.stream().filter(sysImplementer -> {
            return sysImplementer.getGuarantee() != null && !syncContract.getGuarantees().contains(new IdmIdentityDto(sysImplementer.getGuarantee()));
        }).collect(Collectors.toList());
        // Search guarantees to add
        List<IdmIdentityDto> guaranteesToAdd = syncContract.getGuarantees().stream().filter(identity -> {
            return !currentGuarantees.stream().filter(currentGuarrantee -> {
                return identity.getId().equals(currentGuarrantee.getGuarantee());
            }).findFirst().isPresent();
        }).collect(Collectors.toList());
        // Delete guarantees
        guaranteesToDelete.forEach(guarantee -> {
            EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.DELETE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
            guaranteeService.publish(guaranteeEvent);
        });
        // Create new guarantees
        guaranteesToAdd.forEach(identity -> {
            IdmContractGuaranteeDto guarantee = new IdmContractGuaranteeDto();
            guarantee.setIdentityContract(contract.getId());
            guarantee.setGuarantee(identity.getId());
            // 
            EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.CREATE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
            guaranteeService.publish(guaranteeEvent);
        });
    }
    return contract;
}
Also used : DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmIdentityContract(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract) Autowired(org.springframework.beans.factory.annotation.Autowired) IdmTreeNodeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmTreeNodeFilter) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) FormService(eu.bcvsolutions.idm.core.eav.api.service.FormService) ContractGuaranteeEventType(eu.bcvsolutions.idm.core.model.event.ContractGuaranteeEvent.ContractGuaranteeEventType) GroovyScriptService(eu.bcvsolutions.idm.core.api.service.GroovyScriptService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IdmLongRunningTaskFilter(eu.bcvsolutions.idm.core.scheduler.api.dto.filter.IdmLongRunningTaskFilter) Task(eu.bcvsolutions.idm.core.scheduler.api.dto.Task) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService) AccContractAccountService(eu.bcvsolutions.idm.acc.service.api.AccContractAccountService) HrEndContractProcess(eu.bcvsolutions.idm.core.scheduler.task.impl.hr.HrEndContractProcess) IntrospectionException(java.beans.IntrospectionException) Serializable(java.io.Serializable) InvocationTargetException(java.lang.reflect.InvocationTargetException) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) IdentityContractEvent(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent) IdmIdentityContractFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityContractFilter) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) HrEnableContractProcess(eu.bcvsolutions.idm.core.scheduler.task.impl.hr.HrEnableContractProcess) AccContractAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccContractAccountFilter) IdmTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmTreeNodeService) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) IdmConfigurationService(eu.bcvsolutions.idm.core.api.service.IdmConfigurationService) BooleanUtils(org.apache.commons.lang3.BooleanUtils) IdmContractGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractGuaranteeFilter) IdmTreeNode_(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode_) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) WorkflowProcessInstanceService(eu.bcvsolutions.idm.core.workflow.service.WorkflowProcessInstanceService) IdmScheduledTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmScheduledTaskDto) SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto) HrContractExclusionProcess(eu.bcvsolutions.idm.core.scheduler.task.impl.hr.HrContractExclusionProcess) LongRunningTaskManager(eu.bcvsolutions.idm.core.scheduler.api.service.LongRunningTaskManager) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) SyncIdentityContractDto(eu.bcvsolutions.idm.acc.dto.SyncIdentityContractDto) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) EntityManager(javax.persistence.EntityManager) LocalDateTime(org.joda.time.LocalDateTime) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSyncContractConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncContractConfigDto) SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext) IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SynchronizationEntityExecutor(eu.bcvsolutions.idm.acc.service.api.SynchronizationEntityExecutor) AccContractAccountDto(eu.bcvsolutions.idm.acc.dto.AccContractAccountDto) SysSyncActionLogService(eu.bcvsolutions.idm.acc.service.api.SysSyncActionLogService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) OperationResultType(eu.bcvsolutions.idm.acc.domain.OperationResultType) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) ProcessAllAutomaticRoleByAttributeTaskExecutor(eu.bcvsolutions.idm.core.scheduler.task.impl.ProcessAllAutomaticRoleByAttributeTaskExecutor) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) ContractGuaranteeEvent(eu.bcvsolutions.idm.core.model.event.ContractGuaranteeEvent) SysSyncConfigService(eu.bcvsolutions.idm.acc.service.api.SysSyncConfigService) SysSyncLogService(eu.bcvsolutions.idm.acc.service.api.SysSyncLogService) ImmutableMap(com.google.common.collect.ImmutableMap) ContractState(eu.bcvsolutions.idm.core.api.domain.ContractState) IdentityContractEventType(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent.IdentityContractEventType) ReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.ReadWriteDtoService) UUID(java.util.UUID) SchedulerManager(eu.bcvsolutions.idm.core.scheduler.api.service.SchedulerManager) Collectors(java.util.stream.Collectors) SysSyncContractConfig_(eu.bcvsolutions.idm.acc.entity.SysSyncContractConfig_) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) IdmScheduledTaskService(eu.bcvsolutions.idm.core.scheduler.api.service.IdmScheduledTaskService) List(java.util.List) EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) FormableEntity(eu.bcvsolutions.idm.core.eav.api.entity.FormableEntity) MessageFormat(java.text.MessageFormat) IdmTreeTypeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeTypeDto) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) ConfidentialStorage(eu.bcvsolutions.idm.core.api.service.ConfidentialStorage) CollectionUtils(org.apache.commons.collections.CollectionUtils) SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) EntityUtils(eu.bcvsolutions.idm.core.api.utils.EntityUtils) CorrelationFilter(eu.bcvsolutions.idm.core.api.dto.filter.CorrelationFilter) IdmLongRunningTaskService(eu.bcvsolutions.idm.core.scheduler.api.service.IdmLongRunningTaskService) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmContractGuaranteeService(eu.bcvsolutions.idm.core.api.service.IdmContractGuaranteeService) SchedulableTaskExecutor(eu.bcvsolutions.idm.core.scheduler.api.service.SchedulableTaskExecutor) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) Component(org.springframework.stereotype.Component) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService) SysSyncItemLogService(eu.bcvsolutions.idm.acc.service.api.SysSyncItemLogService) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert(org.springframework.util.Assert) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IdentityContractEvent(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent) SyncIdentityContractDto(eu.bcvsolutions.idm.acc.dto.SyncIdentityContractDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmContractGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractGuaranteeFilter) ContractGuaranteeEvent(eu.bcvsolutions.idm.core.model.event.ContractGuaranteeEvent)

Example 5 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityContractUpdateByAutomaticRoleProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto contract = event.getContent();
    // 
    IdmIdentityContractDto previous = event.getOriginalSource();
    UUID previousPosition = previous.getWorkPosition();
    UUID newPosition = contract.getWorkPosition();
    // check automatic roles - if position or disabled was changed
    if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
        // work positions has some difference or validity changes
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
        // remove all automatic roles by attribute
        if (!assignedRoles.isEmpty()) {
            assignedRoles = assignedRoles.stream().filter(autoRole -> {
                AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
                if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
                    return true;
                }
                return false;
            }).collect(Collectors.toList());
        }
        // 
        Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
            return identityRole.getRoleTreeNode() != null;
        }).map(identityRole -> {
            return identityRole.getRoleTreeNode();
        }).collect(Collectors.toSet());
        Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
        if (newPosition != null) {
            addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
        }
        // prevent to remove newly added or still exists roles
        Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
        removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
        addedAutomaticRoles.removeIf(a -> {
            return previousAutomaticRoles.contains(a.getId());
        });
        // 
        for (UUID removedAutomaticRole : removedAutomaticRoles) {
            Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
            while (iter.hasNext()) {
                IdmIdentityRoleDto identityRole = iter.next();
                if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
                    // check, if role will be added by new automatic roles and prevent removing
                    IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
                    if (addedAutomaticRole == null) {
                        // remove assigned role
                        roleTreeNodeService.removeAutomaticRoles(identityRole, null);
                        iter.remove();
                    } else {
                        // change relation only
                        identityRole.setRoleTreeNode(addedAutomaticRole.getId());
                        updateIdentityRole(identityRole);
                        // 
                        // new automatic role is not needed
                        addedAutomaticRoles.remove(addedAutomaticRole);
                    }
                }
            }
        }
        // change date - for unchanged assigned roles only
        if (EntityUtils.validableChanged(previous, contract)) {
            changeValidable(contract, assignedRoles);
        }
        // 
        // add identity roles
        roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
    } else // process validable change
    if (EntityUtils.validableChanged(previous, contract)) {
        changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
    }
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmRoleTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmRoleTreeNodeService) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdentityContractProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityContractProcessor) HashSet(java.util.HashSet) EntityUtils(eu.bcvsolutions.idm.core.api.utils.EntityUtils) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityRoleEventType(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent.IdentityRoleEventType) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) Description(org.springframework.context.annotation.Description) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) Iterator(java.util.Iterator) IdentityContractEventType(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent.IdentityContractEventType) Set(java.util.Set) IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) List(java.util.List) Component(org.springframework.stereotype.Component) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) HashSet(java.util.HashSet)

Aggregations

EntityEvent (eu.bcvsolutions.idm.core.api.event.EntityEvent)6 List (java.util.List)6 UUID (java.util.UUID)6 Autowired (org.springframework.beans.factory.annotation.Autowired)6 Assert (org.springframework.util.Assert)5 ImmutableMap (com.google.common.collect.ImmutableMap)4 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)4 EntityEventManager (eu.bcvsolutions.idm.core.api.service.EntityEventManager)4 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)3 CoreEventProcessor (eu.bcvsolutions.idm.core.api.event.CoreEventProcessor)3 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)3 EventResult (eu.bcvsolutions.idm.core.api.event.EventResult)3 EntityUtils (eu.bcvsolutions.idm.core.api.utils.EntityUtils)3 Serializable (java.io.Serializable)3 Collectors (java.util.stream.Collectors)3 Component (org.springframework.stereotype.Component)3 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)2 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)2 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)2 AccAccountService (eu.bcvsolutions.idm.acc.service.api.AccAccountService)2