Examples with EntityEvent eu.bcvsolutions.idm.core.api.event.EntityEvent used on opensource projects

Example 1 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto);
    Assert.notNull(identity);
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate TODO: validate for admin?
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - til, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}

Example 2 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestService method startApprovalProcess.

@Override
@Transactional
public boolean startApprovalProcess(IdmRoleRequestDto request, boolean checkRight, EntityEvent<IdmRoleRequestDto> event, String wfDefinition) {
    // and do realization immediately (without start approval process)
    if (request.isExecuteImmediately()) {
        boolean haveRightExecuteImmediately = securityService.hasAnyAuthority(CoreGroupPermission.ROLE_REQUEST_EXECUTE);
        if (checkRight && !haveRightExecuteImmediately) {
            throw new RoleRequestException(CoreResultCode.ROLE_REQUEST_NO_EXECUTE_IMMEDIATELY_RIGHT, ImmutableMap.of("new", request));
        }
        // All concepts in progress state will be set on approved (we can
        // execute it immediately)
        request.getConceptRoles().stream().filter(concept -> {
            return RoleRequestState.IN_PROGRESS == concept.getState();
        }).forEach(concept -> {
            concept.setState(RoleRequestState.APPROVED);
            conceptRoleRequestService.save(concept);
        });
        // Execute request immediately
        return true;
    } else {
        IdmIdentityDto applicant = identityService.get(request.getApplicant());
        Map<String, Object> variables = new HashMap<>();
        // Minimize size of DTO persisting to WF
        IdmRoleRequestDto eventRequest = event.getContent();
        trimRequest(eventRequest);
        eventRequest.setConceptRoles(null);
        eventRequest.setOriginalRequest(null);
        variables.put(EntityEvent.EVENT_PROPERTY, event);
        ProcessInstance processInstance = workflowProcessInstanceService.startProcess(wfDefinition, IdmIdentity.class.getSimpleName(), applicant.getUsername(), applicant.getId().toString(), variables);
        // We have to refresh request (maybe was changed in wf process)
        request = this.get(request.getId());
        request.setWfProcessId(processInstance.getProcessInstanceId());
        this.save(request);
    }
    return false;
}

Example 3 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityAccountDeleteProcessor method process.

@Override
public EventResult<AccIdentityAccountDto> process(EntityEvent<AccIdentityAccountDto> event) {
    AccIdentityAccountDto entity = event.getContent();
    UUID account = entity.getAccount();
    AccAccountDto accountDto = accountService.get(account);
    Assert.notNull(accountDto, "Account cannot be null!");
    // We check if exists another (ownership) identity-accounts, if not
    // then we will delete account
    List<AccIdentityAccountDto> identityAccounts = findIdentityAccounts(account);
    boolean moreIdentityAccounts = identityAccounts.stream().filter(identityAccount -> {
        return identityAccount.isOwnership() && !identityAccount.equals(entity);
    }).findAny().isPresent();
    boolean deleteTargetAccount = (boolean) event.getProperties().get(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY);
    // If is account in protection, then we will not delete
    // identity-account
    // But is here exception from this. When is presented
    // attribute FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, then
    // we will do delete of identity-account (it is important
    // for integrity ... for example during delete of whole
    // identity).
    boolean forceDeleteIdentityAccount = isForceDeleteAttributePresent(event.getProperties());
    if (!moreIdentityAccounts && entity.isOwnership()) {
        if (accountDto.isAccountProtectedAndValid()) {
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will deleted!
                deleteTargetAccount = true;
            } else {
                throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", accountDto.getUid()));
            }
        // Is account protection activated on system mapping?
        // Set account as protected we can only on account without protection (event has already invalid protection)!
        } else if (!accountDto.isInProtection() && systemMappingService.isEnabledProtection(accountDto)) {
            // This identity account is last ... protection will be
            // activated
            activateProtection(accountDto);
            accountDto = accountService.save(accountDto);
            entity.setRoleSystem(null);
            entity.setIdentityRole(null);
            service.save(entity);
            doProvisioningSkipAccountProtection(accountDto, entity.getEntity());
            // identity-account
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will be deleted!
                deleteTargetAccount = true;
            } else {
                return new DefaultEventResult<>(event, this);
            }
        }
    }
    service.deleteInternal(entity);
    if (!moreIdentityAccounts && entity.isOwnership()) {
        // We delete all identity accounts first
        identityAccounts.stream().filter(identityAccount -> identityAccount.isOwnership() && !identityAccount.equals(entity)).forEach(identityAccount -> {
            service.delete(identityAccount);
        });
        // Finally we can delete account
        accountService.publish(new AccountEvent(AccountEventType.DELETE, accountDto, ImmutableMap.of(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY, deleteTargetAccount, AccAccountService.ENTITY_ID_PROPERTY, entity.getEntity())));
    }
    return new DefaultEventResult<>(event, this);
}

Example 4 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class ContractSynchronizationExecutor method save.

/**
 * Save entity
 *
 * @param entity
 * @param skipProvisioning
 * @return
 */
@Override
protected IdmIdentityContractDto save(IdmIdentityContractDto entity, boolean skipProvisioning) {
    if (entity.getIdentity() == null) {
        throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_CANNOT_BE_NULL, ImmutableMap.of("property", CONTRACT_IDENTITY_FIELD));
    }
    EntityEvent<IdmIdentityContractDto> event = new IdentityContractEvent(contractService.isNew(entity) ? IdentityContractEventType.CREATE : IdentityContractEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
    // We do not want execute HR processes for every contract. We need start
    // them for every identity only once.
    // For this we skip them now. HR processes must be start after whole
    // sync finished (by using dependent scheduled task)!
    event.getProperties().put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
    // 
    // We don't want recalculate automatic role by attribute recalculation for every contract.
    // Recalculation will be started only once.
    event.getProperties().put(IdmAutomaticRoleAttributeService.SKIP_RECALCULATION, Boolean.TRUE);
    IdmIdentityContractDto contract = contractService.publish(event).getContent();
    if (entity.getEmbedded().containsKey(SYNC_CONTRACT_FIELD)) {
        SyncIdentityContractDto syncContract = (SyncIdentityContractDto) entity.getEmbedded().get(SYNC_CONTRACT_FIELD);
        IdmContractGuaranteeFilter guaranteeFilter = new IdmContractGuaranteeFilter();
        guaranteeFilter.setIdentityContractId(contract.getId());
        List<IdmContractGuaranteeDto> currentGuarantees = guaranteeService.find(guaranteeFilter, null).getContent();
        // Search guarantees to delete
        List<IdmContractGuaranteeDto> guaranteesToDelete = currentGuarantees.stream().filter(sysImplementer -> {
            return sysImplementer.getGuarantee() != null && !syncContract.getGuarantees().contains(new IdmIdentityDto(sysImplementer.getGuarantee()));
        }).collect(Collectors.toList());
        // Search guarantees to add
        List<IdmIdentityDto> guaranteesToAdd = syncContract.getGuarantees().stream().filter(identity -> {
            return !currentGuarantees.stream().filter(currentGuarrantee -> {
                return identity.getId().equals(currentGuarrantee.getGuarantee());
            }).findFirst().isPresent();
        }).collect(Collectors.toList());
        // Delete guarantees
        guaranteesToDelete.forEach(guarantee -> {
            EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.DELETE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
            guaranteeService.publish(guaranteeEvent);
        });
        // Create new guarantees
        guaranteesToAdd.forEach(identity -> {
            IdmContractGuaranteeDto guarantee = new IdmContractGuaranteeDto();
            guarantee.setIdentityContract(contract.getId());
            guarantee.setGuarantee(identity.getId());
            // 
            EntityEvent<IdmContractGuaranteeDto> guaranteeEvent = new ContractGuaranteeEvent(ContractGuaranteeEventType.CREATE, guarantee, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
            guaranteeService.publish(guaranteeEvent);
        });
    }
    return contract;
}

Example 5 with EntityEvent

use of eu.bcvsolutions.idm.core.api.event.EntityEvent in project CzechIdMng by bcvsolutions.

the class IdentityContractUpdateByAutomaticRoleProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto contract = event.getContent();
    // 
    IdmIdentityContractDto previous = event.getOriginalSource();
    UUID previousPosition = previous.getWorkPosition();
    UUID newPosition = contract.getWorkPosition();
    // check automatic roles - if position or disabled was changed
    if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
        // work positions has some difference or validity changes
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
        // remove all automatic roles by attribute
        if (!assignedRoles.isEmpty()) {
            assignedRoles = assignedRoles.stream().filter(autoRole -> {
                AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
                if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
                    return true;
                }
                return false;
            }).collect(Collectors.toList());
        }
        // 
        Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
            return identityRole.getRoleTreeNode() != null;
        }).map(identityRole -> {
            return identityRole.getRoleTreeNode();
        }).collect(Collectors.toSet());
        Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
        if (newPosition != null) {
            addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
        }
        // prevent to remove newly added or still exists roles
        Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
        removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
        addedAutomaticRoles.removeIf(a -> {
            return previousAutomaticRoles.contains(a.getId());
        });
        // 
        for (UUID removedAutomaticRole : removedAutomaticRoles) {
            Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
            while (iter.hasNext()) {
                IdmIdentityRoleDto identityRole = iter.next();
                if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
                    // check, if role will be added by new automatic roles and prevent removing
                    IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
                    if (addedAutomaticRole == null) {
                        // remove assigned role
                        roleTreeNodeService.removeAutomaticRoles(identityRole, null);
                        iter.remove();
                    } else {
                        // change relation only
                        identityRole.setRoleTreeNode(addedAutomaticRole.getId());
                        updateIdentityRole(identityRole);
                        // 
                        // new automatic role is not needed
                        addedAutomaticRoles.remove(addedAutomaticRole);
                    }
                }
            }
        }
        // change date - for unchanged assigned roles only
        if (EntityUtils.validableChanged(previous, contract)) {
            changeValidable(contract, assignedRoles);
        }
        // 
        // add identity roles
        roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
    } else // process validable change
    if (EntityUtils.validableChanged(previous, contract)) {
        changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
    }
    // 
    return new DefaultEventResult<>(event, this);
}