Examples with EventResult eu.bcvsolutions.idm.core.api.event.EventResult used on opensource projects

Example 1 with EventResult

use of eu.bcvsolutions.idm.core.api.event.EventResult in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto);
    Assert.notNull(identity);
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate TODO: validate for admin?
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - til, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}

Example 2 with EventResult

use of eu.bcvsolutions.idm.core.api.event.EventResult in project CzechIdMng by bcvsolutions.

the class IdentityAccountDeleteProcessor method process.

@Override
public EventResult<AccIdentityAccountDto> process(EntityEvent<AccIdentityAccountDto> event) {
    AccIdentityAccountDto entity = event.getContent();
    UUID account = entity.getAccount();
    AccAccountDto accountDto = accountService.get(account);
    Assert.notNull(accountDto, "Account cannot be null!");
    // We check if exists another (ownership) identity-accounts, if not
    // then we will delete account
    List<AccIdentityAccountDto> identityAccounts = findIdentityAccounts(account);
    boolean moreIdentityAccounts = identityAccounts.stream().filter(identityAccount -> {
        return identityAccount.isOwnership() && !identityAccount.equals(entity);
    }).findAny().isPresent();
    boolean deleteTargetAccount = (boolean) event.getProperties().get(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY);
    // If is account in protection, then we will not delete
    // identity-account
    // But is here exception from this. When is presented
    // attribute FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, then
    // we will do delete of identity-account (it is important
    // for integrity ... for example during delete of whole
    // identity).
    boolean forceDeleteIdentityAccount = isForceDeleteAttributePresent(event.getProperties());
    if (!moreIdentityAccounts && entity.isOwnership()) {
        if (accountDto.isAccountProtectedAndValid()) {
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will deleted!
                deleteTargetAccount = true;
            } else {
                throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", accountDto.getUid()));
            }
        // Is account protection activated on system mapping?
        // Set account as protected we can only on account without protection (event has already invalid protection)!
        } else if (!accountDto.isInProtection() && systemMappingService.isEnabledProtection(accountDto)) {
            // This identity account is last ... protection will be
            // activated
            activateProtection(accountDto);
            accountDto = accountService.save(accountDto);
            entity.setRoleSystem(null);
            entity.setIdentityRole(null);
            service.save(entity);
            doProvisioningSkipAccountProtection(accountDto, entity.getEntity());
            // identity-account
            if (forceDeleteIdentityAccount) {
                // Target account and AccAccount will be deleted!
                deleteTargetAccount = true;
            } else {
                return new DefaultEventResult<>(event, this);
            }
        }
    }
    service.deleteInternal(entity);
    if (!moreIdentityAccounts && entity.isOwnership()) {
        // We delete all identity accounts first
        identityAccounts.stream().filter(identityAccount -> identityAccount.isOwnership() && !identityAccount.equals(entity)).forEach(identityAccount -> {
            service.delete(identityAccount);
        });
        // Finally we can delete account
        accountService.publish(new AccountEvent(AccountEventType.DELETE, accountDto, ImmutableMap.of(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY, deleteTargetAccount, AccAccountService.ENTITY_ID_PROPERTY, entity.getEntity())));
    }
    return new DefaultEventResult<>(event, this);
}

Example 3 with EventResult

use of eu.bcvsolutions.idm.core.api.event.EventResult in project CzechIdMng by bcvsolutions.

the class IdentityContractUpdateByAutomaticRoleProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto contract = event.getContent();
    // 
    IdmIdentityContractDto previous = event.getOriginalSource();
    UUID previousPosition = previous.getWorkPosition();
    UUID newPosition = contract.getWorkPosition();
    // check automatic roles - if position or disabled was changed
    if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
        // work positions has some difference or validity changes
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
        // remove all automatic roles by attribute
        if (!assignedRoles.isEmpty()) {
            assignedRoles = assignedRoles.stream().filter(autoRole -> {
                AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
                if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
                    return true;
                }
                return false;
            }).collect(Collectors.toList());
        }
        // 
        Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
            return identityRole.getRoleTreeNode() != null;
        }).map(identityRole -> {
            return identityRole.getRoleTreeNode();
        }).collect(Collectors.toSet());
        Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
        if (newPosition != null) {
            addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
        }
        // prevent to remove newly added or still exists roles
        Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
        removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
        addedAutomaticRoles.removeIf(a -> {
            return previousAutomaticRoles.contains(a.getId());
        });
        // 
        for (UUID removedAutomaticRole : removedAutomaticRoles) {
            Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
            while (iter.hasNext()) {
                IdmIdentityRoleDto identityRole = iter.next();
                if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
                    // check, if role will be added by new automatic roles and prevent removing
                    IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
                    if (addedAutomaticRole == null) {
                        // remove assigned role
                        roleTreeNodeService.removeAutomaticRoles(identityRole, null);
                        iter.remove();
                    } else {
                        // change relation only
                        identityRole.setRoleTreeNode(addedAutomaticRole.getId());
                        updateIdentityRole(identityRole);
                        // 
                        // new automatic role is not needed
                        addedAutomaticRoles.remove(addedAutomaticRole);
                    }
                }
            }
        }
        // change date - for unchanged assigned roles only
        if (EntityUtils.validableChanged(previous, contract)) {
            changeValidable(contract, assignedRoles);
        }
        // 
        // add identity roles
        roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
    } else // process validable change
    if (EntityUtils.validableChanged(previous, contract)) {
        changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
    }
    // 
    return new DefaultEventResult<>(event, this);
}

Example 4 with EventResult

use of eu.bcvsolutions.idm.core.api.event.EventResult in project CzechIdMng by bcvsolutions.

the class IdentityPasswordChangeNotificationProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    List<EventResult<IdmIdentityDto>> results = event.getContext().getResults();
    // 
    List<IdmAccountDto> successAccounts = new ArrayList<>();
    List<OperationResult> failureResults = new ArrayList<>();
    List<String> systemNames = new ArrayList<>();
    for (EventResult<IdmIdentityDto> eventResult : results) {
        eventResult.getResults().forEach(result -> {
            if (result.getModel() != null) {
                boolean success = result.getModel().getStatusEnum().equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS.name());
                if (success) {
                    IdmAccountDto account = (IdmAccountDto) result.getModel().getParameters().get(IdmAccountDto.PARAMETER_NAME);
                    systemNames.add(account.getSystemName());
                    successAccounts.add(account);
                } else {
                    // exception is logged before
                    failureResults.add(result);
                }
            }
        });
    }
    // send notification if at least one system success
    if (!successAccounts.isEmpty()) {
        notificationManager.send(CoreModuleDescriptor.TOPIC_PASSWORD_CHANGED, new IdmMessageDto.Builder().setLevel(NotificationLevel.SUCCESS).addParameter("successSystemNames", StringUtils.join(systemNames, ", ")).addParameter("successAccounts", successAccounts).addParameter("failureResults", failureResults).addParameter("name", identityService.getNiceLabel(identity)).addParameter("username", identity.getUsername()).build(), identity);
    }
    // 
    return new DefaultEventResult<>(event, this);
}