use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class ProcessAllAutomaticRoleByAttributeTaskExecutor method processAutomaticRoleForContract.
/**
* Start recalculation for automatic role. All identity roles (newly added and removed) will be added by {@link IdmRoleRequestDto}.
* But role request is created for each contract twice. One for newly added and one for newly removed. This is now only solutions.
*
* @param automaticRolAttributeDto
*/
private void processAutomaticRoleForContract(IdmAutomaticRoleAttributeDto automaticRolAttributeDto) {
UUID automaticRoleId = automaticRolAttributeDto.getId();
//
// process contracts
List<UUID> newPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, true, null).getContent();
List<UUID> newNotPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, false, null).getContent();
//
boolean canContinue = true;
for (UUID contractId : newPassedContracts) {
// Concepts that will be added
List<IdmConceptRoleRequestDto> concepts = new ArrayList<IdmConceptRoleRequestDto>();
//
IdmIdentityContractDto contract = identityContractService.get(contractId);
//
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contract.getId());
concept.setValidFrom(contract.getValidFrom());
concept.setValidTill(contract.getValidTill());
concept.setRole(automaticRolAttributeDto.getRole());
concept.setAutomaticRole(automaticRoleId);
concept.setOperation(ConceptRoleRequestOperation.ADD);
concepts.add(concept);
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(contract.getIdentity());
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
canContinue = updateState();
if (!canContinue) {
break;
}
}
//
if (canContinue) {
for (UUID contractId : newNotPassedContracts) {
// Identity id is get from embedded identity role. This is little speedup.
UUID identityId = null;
//
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setIdentityContractId(contractId);
filter.setAutomaticRoleId(automaticRoleId);
List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(filter, null).getContent();
// Concepts that will be added
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(identityRoles.size());
for (IdmIdentityRoleDto identityRole : identityRoles) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contractId);
concept.setRole(automaticRolAttributeDto.getRole());
concept.setAutomaticRole(automaticRoleId);
concept.setIdentityRole(identityRole.getId());
concept.setOperation(ConceptRoleRequestOperation.REMOVE);
concepts.add(concept);
if (identityId == null) {
IdmIdentityContractDto contractDto = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract, IdmIdentityContractDto.class, null);
identityId = contractDto.getIdentity();
}
}
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(identityId);
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
canContinue = updateState();
if (!canContinue) {
break;
}
}
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class ProcessSkippedAutomaticRoleByTreeForContractTaskExecutor method removeAllAutomaticRoles.
private void removeAllAutomaticRoles(IdmIdentityContractDto invalidContract) {
UUID contractId = invalidContract.getId();
UUID identityId = invalidContract.getIdentity();
//
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setIdentityContractId(contractId);
filter.setAutomaticRole(Boolean.TRUE);
filter.setDirectRole(Boolean.TRUE);
//
List<IdmIdentityRoleDto> contractRoles = identityRoleService.find(filter, null).getContent();
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contractRoles.size());
for (IdmIdentityRoleDto identityRole : contractRoles) {
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setAutomaticRole(identityRole.getAutomaticRole());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contractId);
//
concepts.add(conceptRoleRequest);
}
if (concepts.isEmpty()) {
LOG.debug("invalid contract [{}] does not have assigned roles.", contractId);
//
return;
}
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
roleRequest = roleRequestService.save(roleRequest);
//
for (IdmConceptRoleRequestDto concept : concepts) {
concept.setRoleRequest(roleRequest.getId());
//
conceptRoleRequestService.save(concept);
}
//
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identityId);
//
roleRequestService.startRequestInternal(requestEvent);
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleAttributeService method createIdentityRoles.
/**
* Create identity roles by request and concepts.
*
* @param contract
* @param contractPosition
* @param automaticRoles
*/
private void createIdentityRoles(IdmIdentityContractDto contract, IdmContractPositionDto contractPosition, Set<AbstractIdmAutomaticRoleDto> automaticRoles) {
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(automaticRoles.size());
for (AbstractIdmAutomaticRoleDto autoRole : automaticRoles) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contract.getId());
concept.setValidFrom(contract.getValidFrom());
concept.setValidTill(contract.getValidTill());
concept.setRole(autoRole.getRole());
concept.setAutomaticRole(autoRole.getId());
concept.setOperation(ConceptRoleRequestOperation.ADD);
concepts.add(concept);
}
//
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(contract.getIdentity());
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class RemoveRoleCompositionTaskExecutor method processItem.
@Override
public Optional<OperationResult> processItem(IdmIdentityRoleDto identityRole) {
try {
// create request
IdmIdentityContractDto contract = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract);
UUID identityId = contract.getIdentity();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
roleRequest = roleRequestService.save(roleRequest);
// create concepts
createConcepts(roleRequest, new ArrayList<>(), identityRole);
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identityId);
//
roleRequestService.startRequestInternal(requestEvent);
//
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
} catch (Exception ex) {
return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setModel(new DefaultResultModel(CoreResultCode.ROLE_COMPOSITION_ASSIGNED_ROLE_REMOVAL_FAILED, ImmutableMap.of("identityRole", identityRole.getId().toString()))).setCause(ex).build());
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdentityRoleByIdentityDeduplicationBulkAction method processDto.
@Override
protected OperationResult processDto(IdmIdentityDto identity) {
UUID identityId = identity.getId();
// Result will be list of concepts.
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>();
List<IdmIdentityContractDto> contracts = identityContractService.findAllValidForDate(identityId, LocalDate.now(), null);
for (IdmIdentityContractDto contract : contracts) {
// Check access for contract.
try {
identityContractService.checkAccess(contract, PermissionUtils.toPermissions(getAuthoritiesForIdentityContract()).toArray(new BasePermission[] {}));
} catch (ForbiddenEntityException e) {
continue;
}
// Process deduplication per identity contract.
concepts.addAll(processDuplicitiesForContract(contract));
}
// If result is empty for identity will be removed any roles.
if (concepts.isEmpty()) {
return new OperationResult.Builder(OperationState.EXECUTED).build();
}
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
roleRequest.setLog("Request was created by bulk action (deduplication).");
// if set approve, dont execute immediately
roleRequest.setExecuteImmediately(!isApprove());
roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
for (IdmConceptRoleRequestDto concept : concepts) {
concept.setRoleRequest(roleRequest.getId());
concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
}
Map<String, Serializable> properties = new HashMap<>();
properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
event.setPriority(PriorityType.HIGH);
IdmRoleRequestDto request = roleRequestService.startRequestInternal(event);
//
if (request.getState() == RoleRequestState.EXECUTED) {
return new OperationResult.Builder(OperationState.EXECUTED).build();
} else {
return new OperationResult.Builder(OperationState.CREATED).build();
}
}
Aggregations