Examples with RoleRequestEvent eu.bcvsolutions.idm.core.model.event.RoleRequestEvent used on opensource projects

Example 26 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class DefaultIdentityProjectionManager method saveIdentityRoles.

protected void saveIdentityRoles(EntityEvent<IdmIdentityProjectionDto> event, BasePermission... permission) {
    IdmIdentityProjectionDto dto = event.getContent();
    IdmIdentityProjectionDto previousProjection = event.getOriginalSource();
    IdmIdentityContractDto contract = dto.getContract();
    IdmIdentityDto identity = dto.getIdentity();
    // 
    if (previousProjection == null) {
        List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(dto.getIdentityRoles().size());
        // 
        for (IdmIdentityRoleDto assignedRole : dto.getIdentityRoles()) {
            // create new identity role
            IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
            if (assignedRole.getIdentityContract() != null) {
                concept.setIdentityContract(assignedRole.getIdentityContract());
            } else if (contract != null) {
                concept.setIdentityContract(contract.getId());
            } else {
                throw new ForbiddenEntityException("contract", IdmBasePermission.READ);
            }
            concept.setRole(assignedRole.getRole());
            concept.setOperation(ConceptRoleRequestOperation.ADD);
            concept.setValidFrom(assignedRole.getValidFrom());
            concept.setValidTill(assignedRole.getValidTill());
            concept.setEavs(assignedRole.getEavs());
            // 
            concepts.add(concept);
        }
        if (!concepts.isEmpty()) {
            IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
            roleRequest.setState(RoleRequestState.CONCEPT);
            roleRequest.setExecuteImmediately(false);
            roleRequest.setApplicant(identity.getId());
            roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
            roleRequest = roleRequestService.save(roleRequest);
            // 
            for (IdmConceptRoleRequestDto concept : concepts) {
                concept.setRoleRequest(roleRequest.getId());
                // 
                conceptRoleRequestService.save(concept);
            }
            // 
            // start event with skip check authorities
            RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
            requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
            // frontend
            requestEvent.setPriority(event.getPriority());
            requestEvent.setParentId(event.getId());
            // prevent to start asynchronous event before previous update event is completed.
            requestEvent.setSuperOwnerId(identity.getId());
            // 
            roleRequestService.startRequestInternal(requestEvent);
        }
    }
}

Example 27 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleAttributeService method removeAutomaticRolesInternal.

@Override
@Transactional
public void removeAutomaticRolesInternal(UUID contractId, Set<AbstractIdmAutomaticRoleDto> automaticRoles) {
    List<IdmConceptRoleRequestDto> concepts = new ArrayList<IdmConceptRoleRequestDto>();
    // Identity id is get from embedded identity role. This is little speedup.
    UUID identityId = null;
    for (AbstractIdmAutomaticRoleDto autoRole : automaticRoles) {
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setIdentityContractId(contractId);
        identityRoleFilter.setAutomaticRoleId(autoRole.getId());
        // TODO: possible performance update with pageable
        for (IdmIdentityRoleDto identityRole : identityRoleService.find(identityRoleFilter, null).getContent()) {
            IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
            concept.setIdentityContract(contractId);
            concept.setRole(autoRole.getRole());
            concept.setAutomaticRole(autoRole.getId());
            concept.setIdentityRole(identityRole.getId());
            concept.setOperation(ConceptRoleRequestOperation.REMOVE);
            concepts.add(concept);
            if (identityId == null) {
                IdmIdentityContractDto contractDto = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract, IdmIdentityContractDto.class);
                identityId = contractDto.getIdentity();
            }
        }
    }
    // 
    // Execute concepts
    IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
    roleRequest.setConceptRoles(concepts);
    roleRequest.setApplicant(identityId);
    roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
}

Example 28 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class IdentityRemoveRoleBulkAction method processDto.

@Override
protected OperationResult processDto(IdmIdentityDto identity) {
    List<IdmIdentityContractDto> contracts = new ArrayList<>();
    if (this.isPrimaryContract()) {
        IdmIdentityContractDto contract = identityContractService.getPrimeValidContract(identity.getId());
        if (contract != null) {
            contracts.add(contract);
        }
    } else {
        contracts.addAll(identityContractService.findAllByIdentity(identity.getId()));
    }
    // contract empty return not processed
    if (contracts.isEmpty()) {
        LOG.warn("For identity id: [{}] username: [{}] wasn't found contranct.", identity.getId(), identity.getUsername());
        return new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_CONTRACT_NOT_FOUND, // 
        ImmutableMap.of("identity", identity.getId()))).build();
    }
    boolean approve = isApprove();
    List<IdmRoleDto> roles = getRoles();
    Set<UUID> rolesIds = roles.stream().map(IdmRoleDto::getId).collect(Collectors.toSet());
    // 
    List<IdmConceptRoleRequestDto> concepts = new ArrayList<>();
    for (IdmIdentityContractDto contract : contracts) {
        if (!checkPermissionForContract(contract)) {
            LOG.warn("Insufficient permissions for asign role for contract [{}]", contract.getId());
            // 
            logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_NOT_AUTHORIZED_ASSING_ROLE_FOR_CONTRACT, ImmutableMap.of("contractId", contract.getId()))).build());
            // 
            continue;
        }
        // check if contract has role
        List<IdmIdentityRoleDto> allByContract = identityRoleService.findAllByContract(contract.getId());
        Set<UUID> roleIdsSet = allByContract.stream().map(IdmIdentityRoleDto::getRole).collect(Collectors.toSet());
        if (Collections.disjoint(roleIdsSet, rolesIds)) {
            // contract hasn't assigned the roles
            continue;
        }
        // 
        for (IdmRoleDto role : roles) {
            List<IdmIdentityRoleDto> identityRoles = allByContract.stream().filter(ir -> ir.getRole().equals(role.getId())).filter(// direct role
            ir -> ir.getDirectRole() == null).filter(// not automatic
            ir -> ir.getAutomaticRole() == null).collect(Collectors.toList());
            if (identityRoles.isEmpty()) {
                continue;
            }
            // 
            for (IdmIdentityRoleDto identityRole : identityRoles) {
                IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
                concept.setRole(role.getId());
                concept.setIdentityContract(contract.getId());
                concept.setIdentityRole(identityRole.getId());
                concept.setOperation(ConceptRoleRequestOperation.REMOVE);
                concepts.add(concept);
            }
        }
    }
    if (!concepts.isEmpty()) {
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setApplicant(identity.getId());
        roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
        roleRequest.setLog("Request was created by bulk action.");
        // if set approve, dont execute immediately
        roleRequest.setExecuteImmediately(!approve);
        roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
        // 
        for (IdmConceptRoleRequestDto concept : concepts) {
            concept.setRoleRequest(roleRequest.getId());
            concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
        }
        // 
        Map<String, Serializable> properties = new HashMap<>();
        properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
        RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
        event.setPriority(PriorityType.HIGH);
        roleRequest = roleRequestService.startRequestInternal(event);
        // 
        if (roleRequest.getState() == RoleRequestState.EXECUTED) {
            return new OperationResult.Builder(OperationState.EXECUTED).build();
        } else {
            return new OperationResult.Builder(OperationState.CREATED).build();
        }
    }
    // 
    LOG.warn("For identity id: [{}] username: [{}] wasn't found roles to removal." + " Roles not found or cannot be removed (its automatic role, business role or for insufficient permissions).", identity.getId(), identity.getUsername());
    return new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_IDENTITY_REMOVE_ROLE_FAILED, // 
    ImmutableMap.of("identity", identity.getId()))).build();
}

Example 29 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class RoleDeleteProcessor method process.

@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
    boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
    // 
    IdmRoleDto role = event.getContent();
    UUID roleId = role.getId();
    Assert.notNull(roleId, "Role id is required!");
    // check role can be removed without force
    if (!forceDelete) {
        checkWithoutForceDelete(role);
    }
    // 
    // Find all concepts and remove relation on role - has to be the first => concepts are created bellow
    IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
    conceptRequestFilter.setRoleId(roleId);
    List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.find(conceptRequestFilter, null).getContent();
    for (int counter = 0; counter < concepts.size(); counter++) {
        IdmConceptRoleRequestDto concept = concepts.get(counter);
        String message = null;
        if (concept.getState().isTerminatedState()) {
            message = MessageFormat.format("Role [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", role.getCode(), concept.getId());
        } else {
            message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested role [{1}] was deleted (not from this role request)!", concept.getId(), role.getCode());
            // Cancel concept and WF
            concept = conceptRoleRequestService.cancel(concept);
        }
        conceptRoleRequestService.addToLog(concept, message);
        conceptRoleRequestService.save(concept);
        if (counter % 100 == 0) {
            clearSession();
        }
    }
    // remove related assigned roles etc.
    if (forceDelete) {
        // remove directly assigned assigned roles (not automatic)
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setRoleId(roleId);
        identityRoleFilter.setDirectRole(Boolean.TRUE);
        identityRoleFilter.setAutomaticRole(Boolean.FALSE);
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.find(identityRoleFilter, null).getContent();
        for (int counter = 0; counter < assignedRoles.size(); counter++) {
            IdmIdentityRoleDto identityRole = assignedRoles.get(counter);
            IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
            UUID identityId = contract.getIdentity();
            IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
            roleRequest.setApplicant(identityId);
            // 
            IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
            conceptRoleRequest.setIdentityRole(identityRole.getId());
            conceptRoleRequest.setRole(identityRole.getRole());
            conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
            conceptRoleRequest.setIdentityContract(contract.getId());
            conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
            roleRequest.getConceptRoles().add(conceptRoleRequest);
            // 
            // start event
            RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
            roleRequestService.startConcepts(requestEvent, event);
            // 
            if (counter % 100 == 0) {
                clearSession();
            }
        }
        // 
        // related automatic roles by tree structure
        IdmRoleTreeNodeFilter roleTreeNodefilter = new IdmRoleTreeNodeFilter();
        roleTreeNodefilter.setRoleId(roleId);
        roleTreeNodeService.findIds(roleTreeNodefilter, null).stream().forEach(roleTreeNodeId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
            automaticRoleTask.setAutomaticRoleId(roleTreeNodeId);
            longRunningTaskManager.executeSync(automaticRoleTask);
            clearSession();
        });
        // 
        // related automatic roles by attribute
        IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
        automaticRoleFilter.setRoleId(roleId);
        automaticRoleAttributeService.findIds(automaticRoleFilter, null).stream().forEach(automaticRoleId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
            automaticRoleTask.setAutomaticRoleId(automaticRoleId);
            longRunningTaskManager.executeSync(automaticRoleTask);
            clearSession();
        });
        // 
        // business roles
        // prevent to cyclic composition will be processed twice (sub = superior)
        Set<UUID> processedCompositionIds = new HashSet<>();
        // by sub
        IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
        compositionFilter.setSubId(roleId);
        roleCompositionService.findIds(compositionFilter, null).stream().forEach(roleCompositionId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
            roleCompositionTask.setRoleCompositionId(roleCompositionId);
            longRunningTaskManager.executeSync(roleCompositionTask);
            // 
            processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
            clearSession();
        });
        // by superior
        compositionFilter = new IdmRoleCompositionFilter();
        compositionFilter.setSuperiorId(roleId);
        roleCompositionService.findIds(compositionFilter, null).stream().filter(// ~ prevent to cyclic composition will be processed twice (sub = superior)
        roleCompositionId -> !processedCompositionIds.contains(roleCompositionId)).forEach(roleCompositionId -> {
            // sync => all asynchronous requests have to be prepared in event queue
            RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
            roleCompositionTask.setRoleCompositionId(roleCompositionId);
            longRunningTaskManager.executeSync(roleCompositionTask);
            // 
            processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
            clearSession();
        });
    }
    // 
    // remove all policies
    IdmAuthorizationPolicyFilter policyFilter = new IdmAuthorizationPolicyFilter();
    policyFilter.setRoleId(roleId);
    authorizationPolicyService.find(policyFilter, null).forEach(dto -> {
        authorizationPolicyService.delete(dto);
    });
    clearSession();
    // 
    // Cancel all related automatic role requests
    IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
    automaticRoleRequestFilter.setRoleId(roleId);
    automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
        automaticRoleRequestService.cancel(request);
    });
    clearSession();
    // 
    // remove role guarantee
    IdmRoleGuaranteeRoleFilter roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
    roleGuaranteeRoleFilter.setGuaranteeRole(roleId);
    roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeRoleService.delete(roleGuarantee);
    });
    clearSession();
    roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
    roleGuaranteeRoleFilter.setRole(roleId);
    roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeRoleService.delete(roleGuarantee);
    });
    clearSession();
    // 
    // remove guarantees
    IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
    roleGuaranteeFilter.setRole(roleId);
    roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
        roleGuaranteeService.delete(roleGuarantee);
    });
    clearSession();
    // 
    // remove catalogues
    IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
    roleCatalogueRoleFilter.setRoleId(roleId);
    roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).forEach(roleCatalogue -> {
        roleCatalogueRoleService.delete(roleCatalogue);
    });
    clearSession();
    // 
    // remove incompatible roles from both sides
    incompatibleRoleService.findAllByRole(roleId).forEach(incompatibleRole -> {
        incompatibleRoleService.delete(incompatibleRole);
    });
    clearSession();
    // 
    // Remove role-form-attributes
    IdmRoleFormAttributeFilter roleFormAttributeFilter = new IdmRoleFormAttributeFilter();
    roleFormAttributeFilter.setRole(roleId);
    roleFormAttributeService.find(roleFormAttributeFilter, null).forEach(roleCatalogue -> {
        roleFormAttributeService.delete(roleCatalogue);
    });
    // 
    if (forceDelete) {
        LOG.debug("Role [{}] should be deleted by caller after all asynchronus processes are completed.", role.getCode());
        // 
        // dirty flag only - will be processed after asynchronous events ends
        IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
        stateDeleted.setEvent(event.getId());
        stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
        entityStateManager.saveState(role, stateDeleted);
        // 
        // set disabled
        role.setDisabled(true);
        service.saveInternal(role);
    } else {
        service.deleteInternal(role);
    }
    // 
    return new DefaultEventResult<>(event, this);
}

Example 30 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class ProcessAutomaticRoleByTreeTaskExecutor method processContract.

/**
 * Assign automatic role for given contract. Already assigned automatic role is checked.
 *
 * @param contract
 * @param automaticRole
 * @return created assigned roles
 */
private Set<UUID> processContract(IdmIdentityContractDto contract, IdmRoleTreeNodeDto automaticRole) {
    UUID contractId = contract.getId();
    Set<UUID> processedRoleRequests = new HashSet<>();
    UUID automaticRoleId = automaticRole.getId();
    IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(contract, IdmIdentityContract_.identity);
    IdmRoleDto role = getLookupService().lookupEmbeddedDto(automaticRole, IdmRoleTreeNode_.role);
    // 
    try {
        List<IdmIdentityRoleDto> allByContract = identityRoleService.findAllByContract(contractId);
        // skip already assigned automatic roles
        for (IdmIdentityRoleDto roleByContract : allByContract) {
            if (ObjectUtils.equals(roleByContract.getAutomaticRole(), automaticRoleId)) {
                processedRoleRequests.add(roleByContract.getId());
                ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ALREADY_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
                saveItemResult(roleByContract, OperationState.NOT_EXECUTED, resultModel, null);
                return processedRoleRequests;
            }
        }
        // 
        // assign automatic role by tree node by role request
        IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
        conceptRoleRequest.setIdentityContract(contractId);
        conceptRoleRequest.setValidFrom(contract.getValidFrom());
        conceptRoleRequest.setValidTill(contract.getValidTill());
        conceptRoleRequest.setRole(automaticRole.getRole());
        conceptRoleRequest.setAutomaticRole(automaticRoleId);
        conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
        // 
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
        roleRequest.setApplicant(contract.getIdentity());
        RoleRequestEvent roleRequestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
        roleRequest = roleRequestService.startConcepts(roleRequestEvent, null);
        // load role concepts and add created role to processed
        if (roleRequest != null) {
            processedRoleRequests.add(roleRequest.getId());
        }
        // Log successfully assigned role
        ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
        saveItemResult(contract, OperationState.EXECUTED, resultModel, null);
    } catch (Exception ex) {
        LOG.error("Adding role [{}] by automatic role [{}] for identity [{}] failed", role.getCode(), automaticRoleId, identity.getUsername(), ex);
        // 
        ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
        saveItemResult(contract, OperationState.EXCEPTION, resultModel, ex);
    }
    // 
    return processedRoleRequests;
}