use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdentityContractAutomaticRoleProcessor method process.
@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
IdmIdentityContractDto identityContract = event.getContent();
UUID contractId = identityContract.getId();
//
// both by default - contract can be saved together with identity => we need to recalculate all rules
AutomaticRoleAttributeRuleType type = null;
// just contract eav save
if (CoreEventType.EAV_SAVE.name().equals(event.getParentType())) {
type = AutomaticRoleAttributeRuleType.CONTRACT_EAV;
}
//
// resolve automatic role by attribute
Set<AbstractIdmAutomaticRoleDto> allNewPassedAutomaticRoleForContract = automaticRoleAttributeService.getRulesForContract(true, type, contractId);
Set<AbstractIdmAutomaticRoleDto> allNotPassedAutomaticRoleForContract = automaticRoleAttributeService.getRulesForContract(false, type, contractId);
// we don't know precious size - guava is used instead simple ArrayList constructor
List<IdmConceptRoleRequestDto> concepts = Lists.newArrayListWithExpectedSize(allNewPassedAutomaticRoleForContract.size() + allNotPassedAutomaticRoleForContract.size());
// Iterate over newly passed
for (AbstractIdmAutomaticRoleDto autoRole : allNewPassedAutomaticRoleForContract) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contractId);
concept.setValidFrom(identityContract.getValidFrom());
concept.setValidTill(identityContract.getValidTill());
concept.setRole(autoRole.getRole());
concept.setAutomaticRole(autoRole.getId());
concept.setOperation(ConceptRoleRequestOperation.ADD);
concepts.add(concept);
}
// Iterate over newly not passed
for (AbstractIdmAutomaticRoleDto autoRole : allNotPassedAutomaticRoleForContract) {
// Find all identity roles
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setAutomaticRoleId(autoRole.getId());
filter.setIdentityContractId(contractId);
;
List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(filter, null).getContent();
//
for (IdmIdentityRoleDto identityRole : identityRoles) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contractId);
concept.setRole(autoRole.getRole());
concept.setAutomaticRole(autoRole.getId());
concept.setIdentityRole(identityRole.getId());
concept.setOperation(ConceptRoleRequestOperation.REMOVE);
concepts.add(concept);
}
}
//
// Execute concepts
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(identityContract.getIdentity());
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), event);
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdentityContractEndProcessor method process.
/**
* Check identity state after contract ended
*
* @param contract
* @param skipRecalculation Skip automatic role recalculation
* @return
*/
private OperationResult process(IdmIdentityContractDto contract, Boolean skipRecalculation, PriorityType priority, EntityEvent<IdmIdentityContractDto> event) {
// update identity state
IdmIdentityDto identity = identityService.get(contract.getIdentity());
IdentityState newState = identityService.evaluateState(identity.getId());
if (identity.getState() != newState) {
LOG.info("Change identity [{}] state [{}]", identity.getUsername(), newState);
//
identity.setState(newState);
// is necessary publish new event with skip recalculation automatic roles
IdentityEvent identityEvent = new IdentityEvent(IdentityEventType.UPDATE, identity);
identityEvent.getProperties().put(AutomaticRoleManager.SKIP_RECALCULATION, skipRecalculation);
if (priority != null) {
identityEvent.setPriority(priority);
}
if (event != null) {
identityEvent.setParentId(event.getId());
}
identityService.publish(identityEvent);
}
// remove all contract roles
if (!contract.isValidNowOrInFuture()) {
List<IdmIdentityRoleDto> contractRoles = identityRoleService.findAllByContract(contract.getId());
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contractRoles.size());
for (IdmIdentityRoleDto identityRole : contractRoles) {
if (identityRole.getDirectRole() != null) {
LOG.debug("Sub role will be removed by direct role removal");
//
continue;
}
if (identityRole.getAutomaticRole() != null) {
if (BooleanUtils.isTrue(skipRecalculation)) {
LOG.debug("Automatic role will be removed by role or contract expiration task" + " or by ProcessSkippedAutomaticRoleByTreeForContractTaskExecutor.");
continue;
} else {
LOG.debug("Automatic role will be removed by this task => contract is expired.");
}
}
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setAutomaticRole(identityRole.getAutomaticRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contract.getId());
//
concepts.add(conceptRoleRequest);
}
if (!concepts.isEmpty()) {
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(contract.getIdentity());
roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
roleRequest = roleRequestService.save(roleRequest);
//
for (IdmConceptRoleRequestDto concept : concepts) {
concept.setRoleRequest(roleRequest.getId());
//
conceptRoleRequestService.save(concept);
}
//
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// set priority if given
if (priority != null) {
requestEvent.setPriority(priority);
}
// set parent (contract is disabled) event
if (event != null) {
requestEvent.setParentId(event.getId());
}
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identity.getId());
//
roleRequestService.startRequestInternal(requestEvent);
}
}
return new OperationResult.Builder(OperationState.EXECUTED).build();
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class AbstractAssignRoleBulkAction method assignRoles.
protected void assignRoles(List<UUID> identityIds, List<UUID> roleIds) {
for (UUID identityId : identityIds) {
List<IdmIdentityContractDto> contracts = new ArrayList<>();
//
if (isPrimeContract()) {
IdmIdentityContractDto contract = identityContractService.getPrimeValidContract(identityId);
//
if (contract != null) {
contracts.add(contract);
}
} else {
IdmIdentityContractFilter filter = new IdmIdentityContractFilter();
filter.setIdentity(identityId);
filter.setValidNowOrInFuture(Boolean.TRUE);
//
contracts.addAll(identityContractService.find(filter, null).getContent());
}
// nothing to process
if (contracts.isEmpty()) {
continue;
}
//
boolean approve = isApprove();
LocalDate validFrom = this.getValidFrom();
LocalDate validTill = this.getValidTill();
//
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contracts.size() + roleIds.size());
for (IdmIdentityContractDto contract : contracts) {
if (!checkPermissionForContract(contract)) {
LOG.warn("Insufficient permissions for asign role for contract [{}]", contract.getId());
//
logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_NOT_AUTHORIZED_ASSING_ROLE_FOR_CONTRACT, ImmutableMap.of("contractId", contract.getId()))).build());
//
continue;
}
//
for (UUID roleId : roleIds) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setRole(roleId);
concept.setIdentityContract(contract.getId());
concept.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT, contract);
concept.setOperation(ConceptRoleRequestOperation.ADD);
// filled automatically - prevent to provision future valid roles by default
concept.setValidFrom(validFrom == null ? contract.getValidFrom() : validFrom);
// #1887: its not filled automatically from contract (validity will be controlled by contract validity dynamically)
concept.setValidTill(validTill);
concepts.add(concept);
}
}
// nothing to assign
if (concepts.isEmpty()) {
continue;
}
// create request, if exists at least one concept create and starts request
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
roleRequest.setLog("Request was created by bulk action.");
// if set approve, don't execute immediately
roleRequest.setExecuteImmediately(!approve);
roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
//
List<IdmIdentityContractDto> processedContracts = new ArrayList<>(concepts.size());
for (IdmConceptRoleRequestDto concept : concepts) {
processedContracts.add(DtoUtils.getEmbedded(concept, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT));
concept.setRoleRequest(roleRequest.getId());
concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
}
//
Map<String, Serializable> properties = new HashMap<>();
properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
event.setPriority(PriorityType.HIGH);
IdmRoleRequestDto request = roleRequestService.startRequestInternal(event);
processedContracts.forEach(contract -> {
logItemProcessed(contract, new OperationResult.Builder(request.getState() == RoleRequestState.EXECUTED ? OperationState.EXECUTED : OperationState.CREATED).build());
});
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdmRoleRequestController method startRequest.
@ResponseBody
@RequestMapping(value = "/{backendId}/start", method = RequestMethod.PUT)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_UPDATE + "')")
@ApiOperation(value = "Start role request. Returns request doesn't contains concepts (from version 9.7.0!).", nickname = "startRoleRequest", response = IdmRoleRequestDto.class, tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_UPDATE, description = "") }) })
public ResponseEntity<?> startRequest(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
IdmRoleRequestDto requestDto = service.get(backendId, new IdmRoleRequestFilter(true), IdmBasePermission.READ);
// Validate
service.validate(requestDto);
// Start request
Map<String, Serializable> variables = new HashMap<>();
variables.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, requestDto, variables);
event.setPriority(PriorityType.HIGH);
//
requestDto = service.startRequest(event);
if (!requestDto.getState().isTerminatedState()) {
throw new AcceptedException();
}
ResourceSupport resource = toResource(requestDto);
ResponseEntity<ResourceSupport> response = new ResponseEntity<>(resource, HttpStatus.OK);
return response;
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class SiemLoggerManagerIntegrationTest method roleRequestEventLogTest.
@Test
public void roleRequestEventLogTest() {
IdmIdentityDto identityDto = getHelper().createIdentity();
IdmRoleDto roleDto = getHelper().createRole();
IdmRoleRequestDto roleRequestDto = getHelper().createRoleRequest(identityDto, roleDto);
RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.CREATE, roleRequestDto);
String expectedAction = String.format("%s.%s.%s", SiemLoggerManager.ROOT_LEVEL_KEY, SiemLoggerManager.ROLE_REQUEST_LEVEL_KEY, event.getType().toString());
String transactionId = Objects.toString(roleRequestDto.getTransactionId(), "");
setTestStandardOut();
Class<?> clazz = roleRequestService.getClass();
Method method;
try {
method = clazz.getDeclaredMethod("siemLog", EntityEvent.class, String.class, String.class);
method.setAccessible(true);
method.invoke(roleRequestService, event, SiemLoggerManager.SUCCESS_ACTION_STATUS, "");
} catch (Exception e) {
fail("Failed to invoke crucial method");
}
String out = stdOut.toString();
setOriginalStandardOut();
String pattern = createPattern(expectedAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, "", roleRequestDto.getId().toString(), "", "", transactionId, roleRequestDto.getState().toString());
isLogPatternValid(out, pattern);
}
Aggregations