Search in sources :

Example 1 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class IdentityContractAutomaticRoleProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto identityContract = event.getContent();
    UUID contractId = identityContract.getId();
    // 
    // both by default - contract can be saved together with identity => we need to recalculate all rules
    AutomaticRoleAttributeRuleType type = null;
    // just contract eav save
    if (CoreEventType.EAV_SAVE.name().equals(event.getParentType())) {
        type = AutomaticRoleAttributeRuleType.CONTRACT_EAV;
    }
    // 
    // resolve automatic role by attribute
    Set<AbstractIdmAutomaticRoleDto> allNewPassedAutomaticRoleForContract = automaticRoleAttributeService.getRulesForContract(true, type, contractId);
    Set<AbstractIdmAutomaticRoleDto> allNotPassedAutomaticRoleForContract = automaticRoleAttributeService.getRulesForContract(false, type, contractId);
    // we don't know precious size - guava is used instead simple ArrayList constructor
    List<IdmConceptRoleRequestDto> concepts = Lists.newArrayListWithExpectedSize(allNewPassedAutomaticRoleForContract.size() + allNotPassedAutomaticRoleForContract.size());
    // Iterate over newly passed
    for (AbstractIdmAutomaticRoleDto autoRole : allNewPassedAutomaticRoleForContract) {
        IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
        concept.setIdentityContract(contractId);
        concept.setValidFrom(identityContract.getValidFrom());
        concept.setValidTill(identityContract.getValidTill());
        concept.setRole(autoRole.getRole());
        concept.setAutomaticRole(autoRole.getId());
        concept.setOperation(ConceptRoleRequestOperation.ADD);
        concepts.add(concept);
    }
    // Iterate over newly not passed
    for (AbstractIdmAutomaticRoleDto autoRole : allNotPassedAutomaticRoleForContract) {
        // Find all identity roles
        IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
        filter.setAutomaticRoleId(autoRole.getId());
        filter.setIdentityContractId(contractId);
        ;
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(filter, null).getContent();
        // 
        for (IdmIdentityRoleDto identityRole : identityRoles) {
            IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
            concept.setIdentityContract(contractId);
            concept.setRole(autoRole.getRole());
            concept.setAutomaticRole(autoRole.getId());
            concept.setIdentityRole(identityRole.getId());
            concept.setOperation(ConceptRoleRequestOperation.REMOVE);
            concepts.add(concept);
        }
    }
    // 
    // Execute concepts
    IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
    roleRequest.setConceptRoles(concepts);
    roleRequest.setApplicant(identityContract.getIdentity());
    roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), event);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Example 2 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class IdentityContractEndProcessor method process.

/**
 * Check identity state after contract ended
 *
 * @param contract
 * @param skipRecalculation Skip automatic role recalculation
 * @return
 */
private OperationResult process(IdmIdentityContractDto contract, Boolean skipRecalculation, PriorityType priority, EntityEvent<IdmIdentityContractDto> event) {
    // update identity state
    IdmIdentityDto identity = identityService.get(contract.getIdentity());
    IdentityState newState = identityService.evaluateState(identity.getId());
    if (identity.getState() != newState) {
        LOG.info("Change identity [{}] state [{}]", identity.getUsername(), newState);
        // 
        identity.setState(newState);
        // is necessary publish new event with skip recalculation automatic roles
        IdentityEvent identityEvent = new IdentityEvent(IdentityEventType.UPDATE, identity);
        identityEvent.getProperties().put(AutomaticRoleManager.SKIP_RECALCULATION, skipRecalculation);
        if (priority != null) {
            identityEvent.setPriority(priority);
        }
        if (event != null) {
            identityEvent.setParentId(event.getId());
        }
        identityService.publish(identityEvent);
    }
    // remove all contract roles
    if (!contract.isValidNowOrInFuture()) {
        List<IdmIdentityRoleDto> contractRoles = identityRoleService.findAllByContract(contract.getId());
        List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contractRoles.size());
        for (IdmIdentityRoleDto identityRole : contractRoles) {
            if (identityRole.getDirectRole() != null) {
                LOG.debug("Sub role will be removed by direct role removal");
                // 
                continue;
            }
            if (identityRole.getAutomaticRole() != null) {
                if (BooleanUtils.isTrue(skipRecalculation)) {
                    LOG.debug("Automatic role will be removed by role or contract expiration task" + " or by ProcessSkippedAutomaticRoleByTreeForContractTaskExecutor.");
                    continue;
                } else {
                    LOG.debug("Automatic role will be removed by this task => contract is expired.");
                }
            }
            // 
            IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
            conceptRoleRequest.setIdentityRole(identityRole.getId());
            conceptRoleRequest.setRole(identityRole.getRole());
            conceptRoleRequest.setAutomaticRole(identityRole.getAutomaticRole());
            conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
            conceptRoleRequest.setIdentityContract(contract.getId());
            // 
            concepts.add(conceptRoleRequest);
        }
        if (!concepts.isEmpty()) {
            IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
            roleRequest.setState(RoleRequestState.CONCEPT);
            // without approval
            roleRequest.setExecuteImmediately(true);
            roleRequest.setApplicant(contract.getIdentity());
            roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
            roleRequest = roleRequestService.save(roleRequest);
            // 
            for (IdmConceptRoleRequestDto concept : concepts) {
                concept.setRoleRequest(roleRequest.getId());
                // 
                conceptRoleRequestService.save(concept);
            }
            // 
            // start event with skip check authorities
            RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
            requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
            // set priority if given
            if (priority != null) {
                requestEvent.setPriority(priority);
            }
            // set parent (contract is disabled) event
            if (event != null) {
                requestEvent.setParentId(event.getId());
            }
            // prevent to start asynchronous event before previous update event is completed.
            requestEvent.setSuperOwnerId(identity.getId());
            // 
            roleRequestService.startRequestInternal(requestEvent);
        }
    }
    return new OperationResult.Builder(OperationState.EXECUTED).build();
}
Also used : IdentityEvent(eu.bcvsolutions.idm.core.model.event.IdentityEvent) ArrayList(java.util.ArrayList) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdentityState(eu.bcvsolutions.idm.core.api.domain.IdentityState)

Example 3 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class AbstractAssignRoleBulkAction method assignRoles.

protected void assignRoles(List<UUID> identityIds, List<UUID> roleIds) {
    for (UUID identityId : identityIds) {
        List<IdmIdentityContractDto> contracts = new ArrayList<>();
        // 
        if (isPrimeContract()) {
            IdmIdentityContractDto contract = identityContractService.getPrimeValidContract(identityId);
            // 
            if (contract != null) {
                contracts.add(contract);
            }
        } else {
            IdmIdentityContractFilter filter = new IdmIdentityContractFilter();
            filter.setIdentity(identityId);
            filter.setValidNowOrInFuture(Boolean.TRUE);
            // 
            contracts.addAll(identityContractService.find(filter, null).getContent());
        }
        // nothing to process
        if (contracts.isEmpty()) {
            continue;
        }
        // 
        boolean approve = isApprove();
        LocalDate validFrom = this.getValidFrom();
        LocalDate validTill = this.getValidTill();
        // 
        List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contracts.size() + roleIds.size());
        for (IdmIdentityContractDto contract : contracts) {
            if (!checkPermissionForContract(contract)) {
                LOG.warn("Insufficient permissions for asign role for contract [{}]", contract.getId());
                // 
                logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_NOT_AUTHORIZED_ASSING_ROLE_FOR_CONTRACT, ImmutableMap.of("contractId", contract.getId()))).build());
                // 
                continue;
            }
            // 
            for (UUID roleId : roleIds) {
                IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
                concept.setRole(roleId);
                concept.setIdentityContract(contract.getId());
                concept.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT, contract);
                concept.setOperation(ConceptRoleRequestOperation.ADD);
                // filled automatically - prevent to provision future valid roles by default
                concept.setValidFrom(validFrom == null ? contract.getValidFrom() : validFrom);
                // #1887: its not filled automatically from contract (validity will be controlled by contract validity dynamically)
                concept.setValidTill(validTill);
                concepts.add(concept);
            }
        }
        // nothing to assign
        if (concepts.isEmpty()) {
            continue;
        }
        // create request, if exists at least one concept create and starts request
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setApplicant(identityId);
        roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
        roleRequest.setLog("Request was created by bulk action.");
        // if set approve, don't execute immediately
        roleRequest.setExecuteImmediately(!approve);
        roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
        // 
        List<IdmIdentityContractDto> processedContracts = new ArrayList<>(concepts.size());
        for (IdmConceptRoleRequestDto concept : concepts) {
            processedContracts.add(DtoUtils.getEmbedded(concept, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT));
            concept.setRoleRequest(roleRequest.getId());
            concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
        }
        // 
        Map<String, Serializable> properties = new HashMap<>();
        properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
        RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
        event.setPriority(PriorityType.HIGH);
        IdmRoleRequestDto request = roleRequestService.startRequestInternal(event);
        processedContracts.forEach(contract -> {
            logItemProcessed(contract, new OperationResult.Builder(request.getState() == RoleRequestState.EXECUTED ? OperationState.EXECUTED : OperationState.CREATED).build());
        });
    }
}
Also used : Serializable(java.io.Serializable) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) LocalDate(java.time.LocalDate) IdmIdentityContractFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityContractFilter) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) UUID(java.util.UUID) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Example 4 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class IdmRoleRequestController method startRequest.

@ResponseBody
@RequestMapping(value = "/{backendId}/start", method = RequestMethod.PUT)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_UPDATE + "')")
@ApiOperation(value = "Start role request. Returns request doesn't contains concepts (from version 9.7.0!).", nickname = "startRoleRequest", response = IdmRoleRequestDto.class, tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_UPDATE, description = "") }) })
public ResponseEntity<?> startRequest(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    IdmRoleRequestDto requestDto = service.get(backendId, new IdmRoleRequestFilter(true), IdmBasePermission.READ);
    // Validate
    service.validate(requestDto);
    // Start request
    Map<String, Serializable> variables = new HashMap<>();
    variables.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
    RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, requestDto, variables);
    event.setPriority(PriorityType.HIGH);
    // 
    requestDto = service.startRequest(event);
    if (!requestDto.getState().isTerminatedState()) {
        throw new AcceptedException();
    }
    ResourceSupport resource = toResource(requestDto);
    ResponseEntity<ResourceSupport> response = new ResponseEntity<>(resource, HttpStatus.OK);
    return response;
}
Also used : Serializable(java.io.Serializable) ResponseEntity(org.springframework.http.ResponseEntity) HashMap(java.util.HashMap) IdmRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException) ResourceSupport(org.springframework.hateoas.ResourceSupport) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class SiemLoggerManagerIntegrationTest method roleRequestEventLogTest.

@Test
public void roleRequestEventLogTest() {
    IdmIdentityDto identityDto = getHelper().createIdentity();
    IdmRoleDto roleDto = getHelper().createRole();
    IdmRoleRequestDto roleRequestDto = getHelper().createRoleRequest(identityDto, roleDto);
    RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.CREATE, roleRequestDto);
    String expectedAction = String.format("%s.%s.%s", SiemLoggerManager.ROOT_LEVEL_KEY, SiemLoggerManager.ROLE_REQUEST_LEVEL_KEY, event.getType().toString());
    String transactionId = Objects.toString(roleRequestDto.getTransactionId(), "");
    setTestStandardOut();
    Class<?> clazz = roleRequestService.getClass();
    Method method;
    try {
        method = clazz.getDeclaredMethod("siemLog", EntityEvent.class, String.class, String.class);
        method.setAccessible(true);
        method.invoke(roleRequestService, event, SiemLoggerManager.SUCCESS_ACTION_STATUS, "");
    } catch (Exception e) {
        fail("Failed to invoke crucial method");
    }
    String out = stdOut.toString();
    setOriginalStandardOut();
    String pattern = createPattern(expectedAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, "", roleRequestDto.getId().toString(), "", "", transactionId, roleRequestDto.getState().toString());
    isLogPatternValid(out, pattern);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) Method(java.lang.reflect.Method) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

RoleRequestEvent (eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)34 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)33 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)26 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)21 UUID (java.util.UUID)21 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)16 ArrayList (java.util.ArrayList)13 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)12 DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)10 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)10 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)10 Serializable (java.io.Serializable)10 HashMap (java.util.HashMap)10 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)7 ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)6 CoreResultCode (eu.bcvsolutions.idm.core.api.domain.CoreResultCode)6 OperationState (eu.bcvsolutions.idm.core.api.domain.OperationState)6 AbstractIdmAutomaticRoleDto (eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)6 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)6 Transactional (org.springframework.transaction.annotation.Transactional)6