use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.
the class IdentityPasswordValidateProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
IdmIdentityDto identity = event.getContent();
//
Assert.notNull(passwordChangeDto);
Assert.notNull(identity);
//
LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
//
List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
//
// Find user accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
//
if (!securityService.isAdmin()) {
// check accounts and property all_only
PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
// get distinct account ids from identity accounts
List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
// filter by ownership
return (identityAccount.isOwnership());
}).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
//
if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
// size of the found accounts must match the account size in the password change - ALL_ONLY
boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
if (!containsAll) {
throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
}
}
}
}
//
// validate TODO: validate for admin?
IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
// get old password for validation - til, from and password history
IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
passwordValidationDto.setIdentity(identity);
passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleRequestService method startApprovalProcess.
@Override
@Transactional
public boolean startApprovalProcess(IdmRoleRequestDto request, boolean checkRight, EntityEvent<IdmRoleRequestDto> event, String wfDefinition) {
// and do realization immediately (without start approval process)
if (request.isExecuteImmediately()) {
boolean haveRightExecuteImmediately = securityService.hasAnyAuthority(CoreGroupPermission.ROLE_REQUEST_EXECUTE);
if (checkRight && !haveRightExecuteImmediately) {
throw new RoleRequestException(CoreResultCode.ROLE_REQUEST_NO_EXECUTE_IMMEDIATELY_RIGHT, ImmutableMap.of("new", request));
}
// All concepts in progress state will be set on approved (we can
// execute it immediately)
request.getConceptRoles().stream().filter(concept -> {
return RoleRequestState.IN_PROGRESS == concept.getState();
}).forEach(concept -> {
concept.setState(RoleRequestState.APPROVED);
conceptRoleRequestService.save(concept);
});
// Execute request immediately
return true;
} else {
IdmIdentityDto applicant = identityService.get(request.getApplicant());
Map<String, Object> variables = new HashMap<>();
// Minimize size of DTO persisting to WF
IdmRoleRequestDto eventRequest = event.getContent();
trimRequest(eventRequest);
eventRequest.setConceptRoles(null);
eventRequest.setOriginalRequest(null);
variables.put(EntityEvent.EVENT_PROPERTY, event);
ProcessInstance processInstance = workflowProcessInstanceService.startProcess(wfDefinition, IdmIdentity.class.getSimpleName(), applicant.getUsername(), applicant.getId().toString(), variables);
// We have to refresh request (maybe was changed in wf process)
request = this.get(request.getId());
request.setWfProcessId(processInstance.getProcessInstanceId());
this.save(request);
}
return false;
}
use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.
the class IdentityAccountDeleteProcessor method process.
@Override
public EventResult<AccIdentityAccountDto> process(EntityEvent<AccIdentityAccountDto> event) {
AccIdentityAccountDto entity = event.getContent();
UUID account = entity.getAccount();
AccAccountDto accountDto = accountService.get(account);
Assert.notNull(accountDto, "Account cannot be null!");
// We check if exists another (ownership) identity-accounts, if not
// then we will delete account
List<AccIdentityAccountDto> identityAccounts = findIdentityAccounts(account);
boolean moreIdentityAccounts = identityAccounts.stream().filter(identityAccount -> {
return identityAccount.isOwnership() && !identityAccount.equals(entity);
}).findAny().isPresent();
boolean deleteTargetAccount = (boolean) event.getProperties().get(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY);
// If is account in protection, then we will not delete
// identity-account
// But is here exception from this. When is presented
// attribute FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, then
// we will do delete of identity-account (it is important
// for integrity ... for example during delete of whole
// identity).
boolean forceDeleteIdentityAccount = isForceDeleteAttributePresent(event.getProperties());
if (!moreIdentityAccounts && entity.isOwnership()) {
if (accountDto.isAccountProtectedAndValid()) {
if (forceDeleteIdentityAccount) {
// Target account and AccAccount will deleted!
deleteTargetAccount = true;
} else {
throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", accountDto.getUid()));
}
// Is account protection activated on system mapping?
// Set account as protected we can only on account without protection (event has already invalid protection)!
} else if (!accountDto.isInProtection() && systemMappingService.isEnabledProtection(accountDto)) {
// This identity account is last ... protection will be
// activated
activateProtection(accountDto);
accountDto = accountService.save(accountDto);
entity.setRoleSystem(null);
entity.setIdentityRole(null);
service.save(entity);
doProvisioningSkipAccountProtection(accountDto, entity.getEntity());
// identity-account
if (forceDeleteIdentityAccount) {
// Target account and AccAccount will be deleted!
deleteTargetAccount = true;
} else {
return new DefaultEventResult<>(event, this);
}
}
}
service.deleteInternal(entity);
if (!moreIdentityAccounts && entity.isOwnership()) {
// We delete all identity accounts first
identityAccounts.stream().filter(identityAccount -> identityAccount.isOwnership() && !identityAccount.equals(entity)).forEach(identityAccount -> {
service.delete(identityAccount);
});
// Finally we can delete account
accountService.publish(new AccountEvent(AccountEventType.DELETE, accountDto, ImmutableMap.of(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY, deleteTargetAccount, AccAccountService.ENTITY_ID_PROPERTY, entity.getEntity())));
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.
the class ContractSynchronizationExecutor method save.
/**
* Save entity
*
* @param entity
* @param skipProvisioning
* @return
*/
@Override
protected IdmIdentityContractDto save(IdmIdentityContractDto entity, boolean skipProvisioning) {
if (entity.getIdentity() == null) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_CANNOT_BE_NULL, ImmutableMap.of("property", CONTRACT_IDENTITY_FIELD));
}
EntityEvent<IdmIdentityContractDto> event = new IdentityContractEvent(contractService.isNew(entity) ? IdentityContractEventType.CREATE : IdentityContractEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
// We do not want execute HR processes for every contract. We need start
// them for every identity only once.
// For this we skip them now. HR processes must be start after whole
// sync finished (by using dependent scheduled task)!
event.getProperties().put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
//
// We don't want recalculate automatic role by attribute recalculation for every contract.
// Recalculation will be started only once.
event.getProperties().put(IdmAutomaticRoleAttributeService.SKIP_RECALCULATION, Boolean.TRUE);
IdmIdentityContractDto contract = contractService.publish(event).getContent();
if (entity.getEmbedded().containsKey(SYNC_CONTRACT_FIELD)) {
SyncIdentityContractDto syncContract = (SyncIdentityContractDto) entity.getEmbedded().get(SYNC_CONTRACT_FIELD);
IdmContractGuaranteeFilter guaranteeFilter = new IdmContractGuaranteeFilter();
guaranteeFilter.setIdentityContractId(contract.getId());
List<IdmContractGuaranteeDto> currentGuarantees = guaranteeService.find(guaranteeFilter, null).getContent();
// Search guarantees to delete
List<IdmContractGuaranteeDto> guaranteesToDelete = currentGuarantees.stream().filter(sysImplementer -> {
return sysImplementer.getGuarantee() != null && !syncContract.getGuarantees().contains(new IdmIdentityDto(sysImplementer.getGuarantee()));
}).collect(Collectors.toList());
// Search guarantees to add
List<IdmIdentityDto> guaranteesToAdd = syncContract.getGuarantees().stream().filter(identity -> {
return !currentGuarantees.stream().filter(currentGuarrantee -> {
return identity.getId().equals(currentGuarrantee.getGuarantee());
}).findFirst().isPresent();
}).collect(Collectors.toList());
// Delete guarantees
guaranteesToDelete.forEach(guarantee -> {
EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.DELETE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
guaranteeService.publish(guaranteeEvent);
});
// Create new guarantees
guaranteesToAdd.forEach(identity -> {
IdmContractGuaranteeDto guarantee = new IdmContractGuaranteeDto();
guarantee.setIdentityContract(contract.getId());
guarantee.setGuarantee(identity.getId());
//
EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.CREATE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
guaranteeService.publish(guaranteeEvent);
});
}
return contract;
}
use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.
the class IdentityContractUpdateByAutomaticRoleProcessor method process.
@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
IdmIdentityContractDto contract = event.getContent();
//
IdmIdentityContractDto previous = event.getOriginalSource();
UUID previousPosition = previous.getWorkPosition();
UUID newPosition = contract.getWorkPosition();
// check automatic roles - if position or disabled was changed
if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
// work positions has some difference or validity changes
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
// remove all automatic roles by attribute
if (!assignedRoles.isEmpty()) {
assignedRoles = assignedRoles.stream().filter(autoRole -> {
AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
return true;
}
return false;
}).collect(Collectors.toList());
}
//
Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
return identityRole.getRoleTreeNode() != null;
}).map(identityRole -> {
return identityRole.getRoleTreeNode();
}).collect(Collectors.toSet());
Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
if (newPosition != null) {
addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
}
// prevent to remove newly added or still exists roles
Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
addedAutomaticRoles.removeIf(a -> {
return previousAutomaticRoles.contains(a.getId());
});
//
for (UUID removedAutomaticRole : removedAutomaticRoles) {
Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
while (iter.hasNext()) {
IdmIdentityRoleDto identityRole = iter.next();
if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
// check, if role will be added by new automatic roles and prevent removing
IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
if (addedAutomaticRole == null) {
// remove assigned role
roleTreeNodeService.removeAutomaticRoles(identityRole, null);
iter.remove();
} else {
// change relation only
identityRole.setRoleTreeNode(addedAutomaticRole.getId());
updateIdentityRole(identityRole);
//
// new automatic role is not needed
addedAutomaticRoles.remove(addedAutomaticRole);
}
}
}
}
// change date - for unchanged assigned roles only
if (EntityUtils.validableChanged(previous, contract)) {
changeValidable(contract, assignedRoles);
}
//
// add identity roles
roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
} else // process validable change
if (EntityUtils.validableChanged(previous, contract)) {
changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
}
//
return new DefaultEventResult<>(event, this);
}
Aggregations