Example 1 with IdmRoleGuaranteeRole
use of eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole in project CzechIdMng by bcvsolutions.
the class RoleGuaranteeEvaluator method getPredicate.
@Override
public Predicate getPredicate(Root<IdmRole> root, CriteriaQuery<?> query, CriteriaBuilder builder, AuthorizationPolicy policy, BasePermission... permission) {
AbstractAuthentication authentication = securityService.getAuthentication();
if (authentication == null || authentication.getCurrentIdentity() == null) {
return null;
}
//
if (hasPermission(policy, permission)) {
//
// by identity
Subquery<IdmRoleGuarantee> subquery = query.subquery(IdmRoleGuarantee.class);
Root<IdmRoleGuarantee> subRoot = subquery.from(IdmRoleGuarantee.class);
subquery.select(subRoot);
subquery.where(builder.and(// correlation attr
builder.equal(subRoot.get(IdmRoleGuarantee_.role), root), builder.equal(subRoot.get(IdmRoleGuarantee_.guarantee).get(AbstractEntity_.id), authentication.getCurrentIdentity().getId())));
//
// by role - currently logged identity has a role
Subquery<IdmRoleGuaranteeRole> subqueryGuaranteeRole = query.subquery(IdmRoleGuaranteeRole.class);
Root<IdmRoleGuaranteeRole> subRootGuaranteeRole = subqueryGuaranteeRole.from(IdmRoleGuaranteeRole.class);
subqueryGuaranteeRole.select(subRootGuaranteeRole);
//
// assigned roles
Subquery<IdmRole> subqueryIdentityRole = query.subquery(IdmRole.class);
Root<IdmIdentityRole> subrootIdentityRole = subqueryIdentityRole.from(IdmIdentityRole.class);
subqueryIdentityRole.select(subrootIdentityRole.get(IdmIdentityRole_.role));
final LocalDate today = LocalDate.now();
subqueryIdentityRole.where(builder.and(builder.equal(subrootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), authentication.getCurrentIdentity().getId()), RepositoryUtils.getValidPredicate(subrootIdentityRole, builder, today), RepositoryUtils.getValidPredicate(subrootIdentityRole.get(IdmIdentityRole_.identityContract), builder, today), builder.equal(subrootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.disabled), Boolean.FALSE)));
//
subqueryGuaranteeRole.where(builder.and(// correlation attr
builder.equal(subRootGuaranteeRole.get(IdmRoleGuaranteeRole_.role), root), subRootGuaranteeRole.get(IdmRoleGuaranteeRole_.guaranteeRole).in(subqueryIdentityRole)));
//
return builder.or(builder.exists(subquery), builder.exists(subqueryGuaranteeRole));
}
return null;
}
Also used :
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)
IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
LocalDate(java.time.LocalDate)
Example 2 with IdmRoleGuaranteeRole
use of eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole in project CzechIdMng by bcvsolutions.
the class RoleByGuaranteeFilter method getPredicate.
@Override
public Predicate getPredicate(Root<IdmRole> root, AbstractQuery<?> query, CriteriaBuilder builder, IdmRoleFilter filter) {
UUID guaranteeId = filter.getGuaranteeId();
if (guaranteeId == null) {
return null;
}
// guarante by identity
Subquery<IdmRoleGuarantee> subquery = query.subquery(IdmRoleGuarantee.class);
Root<IdmRoleGuarantee> subRoot = subquery.from(IdmRoleGuarantee.class);
subquery.select(subRoot);
subquery.where(builder.and(// correlation attr
builder.equal(subRoot.get(IdmRoleGuarantee_.role), root), builder.equal(subRoot.get(IdmRoleGuarantee_.guarantee).get(IdmIdentity_.id), guaranteeId)));
// guarantee by role - identity has assigned role
Subquery<UUID> subqueryIdentityRole = query.subquery(UUID.class);
Root<IdmIdentityRole> subRootIdentityRole = subqueryIdentityRole.from(IdmIdentityRole.class);
subqueryIdentityRole.select(subRootIdentityRole.get(IdmIdentityRole_.role).get(IdmRole_.id));
subqueryIdentityRole.where(builder.and(builder.equal(subRootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), guaranteeId), RepositoryUtils.getValidPredicate(subRootIdentityRole, builder)));
//
Subquery<IdmRoleGuaranteeRole> subqueryRole = query.subquery(IdmRoleGuaranteeRole.class);
Root<IdmRoleGuaranteeRole> subRootRole = subqueryRole.from(IdmRoleGuaranteeRole.class);
subqueryRole.select(subRootRole);
subqueryRole.where(builder.and(// correlation attr
builder.equal(subRootRole.get(IdmRoleGuaranteeRole_.role), root), subRootRole.get(IdmRoleGuaranteeRole_.guaranteeRole).get(IdmRole_.id).in(subqueryIdentityRole)));
return builder.or(builder.exists(subquery), builder.exists(subqueryRole));
}
Also used :
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)
IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)
UUID(java.util.UUID)
Example 3 with IdmRoleGuaranteeRole
use of eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole in project CzechIdMng by bcvsolutions.
the class IdentityGuaranteesForRoleFilter method getPredicate.
@Override
public Predicate getPredicate(Root<IdmIdentity> root, AbstractQuery<?> query, CriteriaBuilder builder, IdmIdentityFilter filter) {
UUID guaranteesForRole = filter.getGuaranteesForRole();
if (guaranteesForRole == null) {
return null;
}
String guaranteeType = filter.getGuaranteeType();
// guarantee for role can be defined as identity
Subquery<IdmRoleGuarantee> subqueryIdentity = query.subquery(IdmRoleGuarantee.class);
Root<IdmRoleGuarantee> subRootIdentity = subqueryIdentity.from(IdmRoleGuarantee.class);
subqueryIdentity.select(subRootIdentity);
subqueryIdentity.where(StringUtils.isNotEmpty(guaranteeType) ? builder.and(builder.equal(subRootIdentity.get(IdmRoleGuarantee_.role).get(IdmRole_.id), guaranteesForRole), builder.equal(subRootIdentity.get(IdmRoleGuarantee_.type), guaranteeType), // corelation
builder.equal(subRootIdentity.get(IdmRoleGuarantee_.guarantee), root)) : builder.and(builder.equal(subRootIdentity.get(IdmRoleGuarantee_.role).get(IdmRole_.id), guaranteesForRole), // corelation
builder.equal(subRootIdentity.get(IdmRoleGuarantee_.guarantee), root)));
// guarantee for role can be defined as identity with role assigned
Subquery<UUID> subqueryRole = query.subquery(UUID.class);
Root<IdmRoleGuaranteeRole> subRootRole = subqueryRole.from(IdmRoleGuaranteeRole.class);
subqueryRole.select(subRootRole.get(IdmRoleGuaranteeRole_.guaranteeRole).get(IdmRole_.id));
subqueryRole.where(StringUtils.isNotEmpty(guaranteeType) ? builder.and(builder.equal(subRootRole.get(IdmRoleGuaranteeRole_.role).get(IdmRole_.id), guaranteesForRole), builder.equal(subRootRole.get(IdmRoleGuaranteeRole_.type), guaranteeType)) : builder.and(builder.equal(subRootRole.get(IdmRoleGuaranteeRole_.role).get(IdmRole_.id), guaranteesForRole)));
Subquery<UUID> subqueryIdentityRole = query.subquery(UUID.class);
Root<IdmIdentityRole> subRootIdentityRole = subqueryIdentityRole.from(IdmIdentityRole.class);
subqueryIdentityRole.select(subRootIdentityRole.get(IdmIdentityRole_.role).get(IdmRole_.id));
subqueryIdentityRole.where(builder.and(// correlation
builder.equal(subRootIdentityRole.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity), root), RepositoryUtils.getValidPredicate(subRootIdentityRole, builder), subRootIdentityRole.get(IdmIdentityRole_.role).get(IdmRole_.id).in(subqueryRole)));
//
return builder.or(builder.exists(subqueryIdentity), builder.exists(subqueryIdentityRole));
}
Also used :
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)
IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)
UUID(java.util.UUID)
Aggregations
IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)3
IdmRoleGuarantee (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)3
IdmRoleGuaranteeRole (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)3
UUID (java.util.UUID)2
IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)1
AbstractAuthentication (eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)1
LocalDate (java.time.LocalDate)1
