Examples with ForbiddenEntityException eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException used on opensource projects

Search in sources :

Example 11 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class IdentityChangeContractTreeNodeAndValidityBulkAction method processDto.

@Override
protected OperationResult processDto(IdmIdentityDto identity) {
    List<IdmIdentityContractDto> contracts = contractService.findAllByIdentity(identity.getId());
    UUID treeNodeId = getSelectedTreeNode();
    LocalDate tillDate = getSelectedDate(PARAMETER_VALID_TILL);
    LocalDate fromDate = getSelectedDate(PARAMETER_VALID_FROM);
    if (treeNodeId == null && tillDate == null && fromDate == null) {
        return new OperationResult.Builder(OperationState.EXECUTED).build();
    }
    for (IdmIdentityContractDto contract : contracts) {
        if (treeNodeId != null) {
            contract.setWorkPosition(treeNodeId);
        }
        if (fromDate != null) {
            contract.setValidFrom(fromDate);
        }
        if (tillDate != null) {
            contract.setValidTill(tillDate);
        }
        try {
            contractService.save(contract, IdmBasePermission.UPDATE);
            logItemProcessed(contract, new OperationResult.Builder(OperationState.EXECUTED).build());
        } catch (ForbiddenEntityException ex) {
            LOG.warn("Insufficient permissions for changing contract [{}]", contract.getId(), ex);
            logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_NOT_AUTHORIZED_MODIFY_CONTRACT, ImmutableMap.of("contractId", contract.getId()))).build());
        } catch (ResultCodeException ex) {
            logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setException(ex).build());
        }
    }
    return new OperationResult.Builder(OperationState.EXECUTED).build();
}
Also used : DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) UUID(java.util.UUID) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) LocalDate(java.time.LocalDate) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)

Example 12 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class DefaultIdmConceptRoleRequestService method checkAccess.

@Override
public IdmConceptRoleRequest checkAccess(IdmConceptRoleRequest entity, BasePermission... permission) {
    if (entity == null) {
        // nothing to check
        return null;
    }
    if (ObjectUtils.isEmpty(permission)) {
        return entity;
    }
    // We can delete the concept if we have UPDATE permission on request
    Set<BasePermission> permissionsForRequest = Sets.newHashSet();
    for (BasePermission p : permission) {
        if (p.equals(IdmBasePermission.DELETE)) {
            permissionsForRequest.add(IdmBasePermission.UPDATE);
        } else {
            permissionsForRequest.add(p);
        }
    }
    // We have rights on the concept, when we have rights on whole request
    if (getAuthorizationManager().evaluate(entity.getRoleRequest(), permissionsForRequest.toArray(new BasePermission[0]))) {
        return entity;
    }
    // We have rights on the concept, when we have rights on workflow process using in the concept.
    // Beware, concet can use different WF process than whole request. So we need to check directly process on concept!
    String processId = entity.getWfProcessId();
    if (!Strings.isNullOrEmpty(processId)) {
        WorkflowProcessInstanceDto processInstance = workflowProcessInstanceService.get(processId, true);
        if (processInstance != null) {
            return entity;
        }
        if (processInstance == null) {
            // Ok process was not returned, but we need to check historic process (on involved user) too.
            WorkflowHistoricProcessInstanceDto historicProcess = historicProcessService.get(processId);
            if (historicProcess != null) {
                return entity;
            }
        }
    }
    throw new ForbiddenEntityException((BaseEntity) entity, permission);
}
Also used : BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) WorkflowProcessInstanceDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowProcessInstanceDto) WorkflowHistoricProcessInstanceDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowHistoricProcessInstanceDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)

Example 13 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class RoleRequestByWfEvaluatorIntegrationTest method testRoleRequestByWfInvolvedIdentityEvaluator.

@Test
public void testRoleRequestByWfInvolvedIdentityEvaluator() {
    // approve only by help desk
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "true");
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    loginAsAdmin();
    IdmIdentityDto applicant = getHelper().createIdentity();
    IdmIdentityDto otherUser = getHelper().createIdentity();
    IdmIdentityDto helpdeskIdentity = getHelper().createIdentity();
    // 
    IdmRoleDto role = getHelper().createRole();
    IdmRoleDto policyRole = getHelper().createRole();
    // 
    // helpdesk role and identity
    IdmRoleDto helpdeskRole = getHelper().createRole();
    // Create policy with RoleRequestByWfInvolvedIdentityEvaluator.
    IdmAuthorizationPolicyDto roleRequestPolicy = getHelper().createBasePolicy(policyRole.getId(), CoreGroupPermission.ROLEREQUEST, IdmRoleRequest.class, IdmBasePermission.ADMIN);
    roleRequestPolicy.setEvaluator(RoleRequestByWfInvolvedIdentityEvaluator.class);
    getHelper().getService(IdmAuthorizationPolicyService.class).save(roleRequestPolicy);
    // Assign policy to all our's users.
    getHelper().createIdentityRole(applicant, policyRole);
    getHelper().createIdentityRole(otherUser, policyRole);
    getHelper().createIdentityRole(helpdeskIdentity, policyRole);
    // add role directly
    getHelper().createIdentityRole(helpdeskIdentity, helpdeskRole);
    configurationService.setValue(APPROVE_BY_HELPDESK_ROLE, helpdeskRole.getCode());
    IdmIdentityContractDto contract = getHelper().getPrimeContract(applicant.getId());
    loginAsNoAdmin(applicant.getUsername());
    IdmRoleRequestDto request = createRoleRequest(applicant);
    request = roleRequestService.save(request);
    IdmConceptRoleRequestDto concept = createRoleConcept(role, contract, request);
    conceptRoleRequestService.save(concept);
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
    loginAsNoAdmin(otherUser.getUsername());
    try {
        roleRequestService.checkAccess(request, IdmBasePermission.READ);
        fail("This user: " + otherUser.getUsername() + " can't read this role-request");
    } catch (ForbiddenEntityException ex) {
    // OK
    } catch (Exception e) {
        fail("Some problem: " + e.getLocalizedMessage());
    }
    loginAsNoAdmin(helpdeskIdentity.getUsername());
    try {
        roleRequestService.checkAccess(request, IdmBasePermission.READ);
    } catch (ResultCodeException ex) {
        fail("This user: " + helpdeskIdentity.getUsername() + " can read this role-request.");
    } catch (Exception e) {
        fail("Some problem: " + e.getLocalizedMessage());
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyService(eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 14 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class IdentityUsernameExportBulkActionTest method checkPermission.

@Test
public void checkPermission() {
    IdmBulkActionDto exampleAction = findBulkAction(IdmIdentity.class, IdentityUsernameExportBulkAction.BULK_ACTION_NAME);
    assertNotNull(exampleAction);
    IdmIdentityDto identity = getHelper().createIdentity();
    exampleAction.setIdentifiers(Sets.newHashSet(identity.getId()));
    IdmBulkActionDto processAction = bulkActionManager.processAction(exampleAction);
    assertNotNull(processAction.getLongRunningTaskId());
    IdmLongRunningTaskDto longRunningTask = longRunningTaskService.get(processAction.getLongRunningTaskId());
    IdmIdentityDto adminIdentity = this.createUserWithAuthorities(CoreGroupPermission.IDENTITY, CoreGroupPermission.SCHEDULER);
    loginAsNoAdmin(adminIdentity.getUsername());
    processAction = bulkActionManager.processAction(exampleAction);
    assertNotNull(processAction.getLongRunningTaskId());
    IdmLongRunningTaskDto longRunningTask2 = longRunningTaskService.get(processAction.getLongRunningTaskId());
    assertFalse(longRunningTask.isRunning());
    assertFalse(longRunningTask2.isRunning());
    Assert.notNull(longRunningTask, "Task is required.");
    Assert.notNull(longRunningTask2, "Task is required.");
    UUID attachmentOneId = attachmentManager.getAttachments(longRunningTask, null).getContent().get(0).getId();
    try {
        longRunningTaskManager.getAttachment(longRunningTask.getId(), attachmentOneId, IdmBasePermission.READ);
        fail();
    } catch (ForbiddenEntityException e) {
    // Correct behavior
    } catch (Exception e) {
        fail();
    }
    try {
        longRunningTaskManager.getAttachment(UUID.randomUUID(), attachmentOneId, IdmBasePermission.READ);
        fail();
    } catch (EntityNotFoundException e) {
    // Correct behavior
    } catch (Exception e) {
        fail();
    }
    UUID attachmentTwoId = attachmentManager.getAttachments(longRunningTask2, null).getContent().get(0).getId();
    IdmAttachmentDto attachmentDto = longRunningTaskManager.getAttachment(longRunningTask2.getId(), attachmentTwoId);
    assertNotNull(attachmentDto);
}
Also used : IdmAttachmentDto(eu.bcvsolutions.idm.core.ecm.api.dto.IdmAttachmentDto) IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) IOException(java.io.IOException) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Example 15 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class RequestByOwnerEvaluatorTest method testRightOnRequest.

@Test
public void testRightOnRequest() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmRoleDto roleForRequest = getHelper().createRole();
    IdmRequestDto requestWithOwneredRole = requestManager.createRequest(roleForRequest);
    IdmRoleDto roleForRequestWithoutRight = getHelper().createRole();
    IdmRequestDto requestWithoutOwneredRole = requestManager.createRequest(roleForRequestWithoutRight);
    IdmRoleDto role = getHelper().createRole();
    getHelper().createRoleGuaranteeRole(role, role);
    getHelper().createIdentityRole(identity, role);
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.REQUEST, IdmRequest.class, RequestByOwnerEvaluator.class, IdmBasePermission.READ);
    // User will have rights on the roleForRequest
    ConfigurationMap properties = new ConfigurationMap();
    properties.put(UuidEvaluator.PARAMETER_UUID, roleForRequest.getId());
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLE, IdmRole.class, UuidEvaluator.class, properties, IdmBasePermission.READ);
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        try {
            requestService.get(requestWithoutOwneredRole.getId(), IdmBasePermission.READ);
            fail();
        } catch (ForbiddenEntityException ex) {
        // It is OK
        }
        assertNotNull(requestService.get(requestWithOwneredRole.getId(), IdmBasePermission.READ));
        IdmRequestFilter requestFilter = new IdmRequestFilter();
        // We do not have right to that request
        requestFilter.setId(requestWithoutOwneredRole.getId());
        assertEquals(0, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
        // We have right to that request
        requestFilter.setId(requestWithOwneredRole.getId());
        assertEquals(1, requestService.find(requestFilter, null, IdmBasePermission.READ).getContent().size());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestFilter) IdmRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestDto) ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Aggregations

ForbiddenEntityException (eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)21 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)12 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)9 Test (org.junit.Test)8 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)7 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)7 UUID (java.util.UUID)7 OperationResult (eu.bcvsolutions.idm.core.api.entity.OperationResult)5 IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)5 AbstractEvaluatorIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)5 IdmBulkActionDto (eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto)4 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)4 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)4 DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)3 IdmContractGuaranteeDto (eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto)3 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)3 IdmIdentityProjectionDto (eu.bcvsolutions.idm.core.api.dto.projection.IdmIdentityProjectionDto)3 IdmFormAttributeDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)3 BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)3 ArrayList (java.util.ArrayList)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial