use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class DefaultIdentityProjectionManager method saveIdentityRoles.
protected void saveIdentityRoles(EntityEvent<IdmIdentityProjectionDto> event, BasePermission... permission) {
IdmIdentityProjectionDto dto = event.getContent();
IdmIdentityProjectionDto previousProjection = event.getOriginalSource();
IdmIdentityContractDto contract = dto.getContract();
IdmIdentityDto identity = dto.getIdentity();
//
if (previousProjection == null) {
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(dto.getIdentityRoles().size());
//
for (IdmIdentityRoleDto assignedRole : dto.getIdentityRoles()) {
// create new identity role
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
if (assignedRole.getIdentityContract() != null) {
concept.setIdentityContract(assignedRole.getIdentityContract());
} else if (contract != null) {
concept.setIdentityContract(contract.getId());
} else {
throw new ForbiddenEntityException("contract", IdmBasePermission.READ);
}
concept.setRole(assignedRole.getRole());
concept.setOperation(ConceptRoleRequestOperation.ADD);
concept.setValidFrom(assignedRole.getValidFrom());
concept.setValidTill(assignedRole.getValidTill());
concept.setEavs(assignedRole.getEavs());
//
concepts.add(concept);
}
if (!concepts.isEmpty()) {
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
roleRequest.setExecuteImmediately(false);
roleRequest.setApplicant(identity.getId());
roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
roleRequest = roleRequestService.save(roleRequest);
//
for (IdmConceptRoleRequestDto concept : concepts) {
concept.setRoleRequest(roleRequest.getId());
//
conceptRoleRequestService.save(concept);
}
//
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// frontend
requestEvent.setPriority(event.getPriority());
requestEvent.setParentId(event.getId());
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identity.getId());
//
roleRequestService.startRequestInternal(requestEvent);
}
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleAttributeService method removeAutomaticRolesInternal.
@Override
@Transactional
public void removeAutomaticRolesInternal(UUID contractId, Set<AbstractIdmAutomaticRoleDto> automaticRoles) {
List<IdmConceptRoleRequestDto> concepts = new ArrayList<IdmConceptRoleRequestDto>();
// Identity id is get from embedded identity role. This is little speedup.
UUID identityId = null;
for (AbstractIdmAutomaticRoleDto autoRole : automaticRoles) {
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityContractId(contractId);
identityRoleFilter.setAutomaticRoleId(autoRole.getId());
// TODO: possible performance update with pageable
for (IdmIdentityRoleDto identityRole : identityRoleService.find(identityRoleFilter, null).getContent()) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contractId);
concept.setRole(autoRole.getRole());
concept.setAutomaticRole(autoRole.getId());
concept.setIdentityRole(identityRole.getId());
concept.setOperation(ConceptRoleRequestOperation.REMOVE);
concepts.add(concept);
if (identityId == null) {
IdmIdentityContractDto contractDto = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract, IdmIdentityContractDto.class);
identityId = contractDto.getIdentity();
}
}
}
//
// Execute concepts
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(concepts);
roleRequest.setApplicant(identityId);
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdentityRemoveRoleBulkAction method processDto.
@Override
protected OperationResult processDto(IdmIdentityDto identity) {
List<IdmIdentityContractDto> contracts = new ArrayList<>();
if (this.isPrimaryContract()) {
IdmIdentityContractDto contract = identityContractService.getPrimeValidContract(identity.getId());
if (contract != null) {
contracts.add(contract);
}
} else {
contracts.addAll(identityContractService.findAllByIdentity(identity.getId()));
}
// contract empty return not processed
if (contracts.isEmpty()) {
LOG.warn("For identity id: [{}] username: [{}] wasn't found contranct.", identity.getId(), identity.getUsername());
return new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_CONTRACT_NOT_FOUND, //
ImmutableMap.of("identity", identity.getId()))).build();
}
boolean approve = isApprove();
List<IdmRoleDto> roles = getRoles();
Set<UUID> rolesIds = roles.stream().map(IdmRoleDto::getId).collect(Collectors.toSet());
//
List<IdmConceptRoleRequestDto> concepts = new ArrayList<>();
for (IdmIdentityContractDto contract : contracts) {
if (!checkPermissionForContract(contract)) {
LOG.warn("Insufficient permissions for asign role for contract [{}]", contract.getId());
//
logItemProcessed(contract, new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_NOT_AUTHORIZED_ASSING_ROLE_FOR_CONTRACT, ImmutableMap.of("contractId", contract.getId()))).build());
//
continue;
}
// check if contract has role
List<IdmIdentityRoleDto> allByContract = identityRoleService.findAllByContract(contract.getId());
Set<UUID> roleIdsSet = allByContract.stream().map(IdmIdentityRoleDto::getRole).collect(Collectors.toSet());
if (Collections.disjoint(roleIdsSet, rolesIds)) {
// contract hasn't assigned the roles
continue;
}
//
for (IdmRoleDto role : roles) {
List<IdmIdentityRoleDto> identityRoles = allByContract.stream().filter(ir -> ir.getRole().equals(role.getId())).filter(// direct role
ir -> ir.getDirectRole() == null).filter(// not automatic
ir -> ir.getAutomaticRole() == null).collect(Collectors.toList());
if (identityRoles.isEmpty()) {
continue;
}
//
for (IdmIdentityRoleDto identityRole : identityRoles) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setRole(role.getId());
concept.setIdentityContract(contract.getId());
concept.setIdentityRole(identityRole.getId());
concept.setOperation(ConceptRoleRequestOperation.REMOVE);
concepts.add(concept);
}
}
}
if (!concepts.isEmpty()) {
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identity.getId());
roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
roleRequest.setLog("Request was created by bulk action.");
// if set approve, dont execute immediately
roleRequest.setExecuteImmediately(!approve);
roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
//
for (IdmConceptRoleRequestDto concept : concepts) {
concept.setRoleRequest(roleRequest.getId());
concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
}
//
Map<String, Serializable> properties = new HashMap<>();
properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
event.setPriority(PriorityType.HIGH);
roleRequest = roleRequestService.startRequestInternal(event);
//
if (roleRequest.getState() == RoleRequestState.EXECUTED) {
return new OperationResult.Builder(OperationState.EXECUTED).build();
} else {
return new OperationResult.Builder(OperationState.CREATED).build();
}
}
//
LOG.warn("For identity id: [{}] username: [{}] wasn't found roles to removal." + " Roles not found or cannot be removed (its automatic role, business role or for insufficient permissions).", identity.getId(), identity.getUsername());
return new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.BULK_ACTION_IDENTITY_REMOVE_ROLE_FAILED, //
ImmutableMap.of("identity", identity.getId()))).build();
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class RoleDeleteProcessor method process.
@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
//
IdmRoleDto role = event.getContent();
UUID roleId = role.getId();
Assert.notNull(roleId, "Role id is required!");
// check role can be removed without force
if (!forceDelete) {
checkWithoutForceDelete(role);
}
//
// Find all concepts and remove relation on role - has to be the first => concepts are created bellow
IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
conceptRequestFilter.setRoleId(roleId);
List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.find(conceptRequestFilter, null).getContent();
for (int counter = 0; counter < concepts.size(); counter++) {
IdmConceptRoleRequestDto concept = concepts.get(counter);
String message = null;
if (concept.getState().isTerminatedState()) {
message = MessageFormat.format("Role [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", role.getCode(), concept.getId());
} else {
message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested role [{1}] was deleted (not from this role request)!", concept.getId(), role.getCode());
// Cancel concept and WF
concept = conceptRoleRequestService.cancel(concept);
}
conceptRoleRequestService.addToLog(concept, message);
conceptRoleRequestService.save(concept);
if (counter % 100 == 0) {
clearSession();
}
}
// remove related assigned roles etc.
if (forceDelete) {
// remove directly assigned assigned roles (not automatic)
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleId);
identityRoleFilter.setDirectRole(Boolean.TRUE);
identityRoleFilter.setAutomaticRole(Boolean.FALSE);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.find(identityRoleFilter, null).getContent();
for (int counter = 0; counter < assignedRoles.size(); counter++) {
IdmIdentityRoleDto identityRole = assignedRoles.get(counter);
IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
UUID identityId = contract.getIdentity();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identityId);
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
roleRequest.getConceptRoles().add(conceptRoleRequest);
//
// start event
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequestService.startConcepts(requestEvent, event);
//
if (counter % 100 == 0) {
clearSession();
}
}
//
// related automatic roles by tree structure
IdmRoleTreeNodeFilter roleTreeNodefilter = new IdmRoleTreeNodeFilter();
roleTreeNodefilter.setRoleId(roleId);
roleTreeNodeService.findIds(roleTreeNodefilter, null).stream().forEach(roleTreeNodeId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(roleTreeNodeId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// related automatic roles by attribute
IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
automaticRoleFilter.setRoleId(roleId);
automaticRoleAttributeService.findIds(automaticRoleFilter, null).stream().forEach(automaticRoleId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(automaticRoleId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// business roles
// prevent to cyclic composition will be processed twice (sub = superior)
Set<UUID> processedCompositionIds = new HashSet<>();
// by sub
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSubId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
// by superior
compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().filter(// ~ prevent to cyclic composition will be processed twice (sub = superior)
roleCompositionId -> !processedCompositionIds.contains(roleCompositionId)).forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
}
//
// remove all policies
IdmAuthorizationPolicyFilter policyFilter = new IdmAuthorizationPolicyFilter();
policyFilter.setRoleId(roleId);
authorizationPolicyService.find(policyFilter, null).forEach(dto -> {
authorizationPolicyService.delete(dto);
});
clearSession();
//
// Cancel all related automatic role requests
IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
automaticRoleRequestFilter.setRoleId(roleId);
automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
automaticRoleRequestService.cancel(request);
});
clearSession();
//
// remove role guarantee
IdmRoleGuaranteeRoleFilter roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setGuaranteeRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
//
// remove guarantees
IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
roleGuaranteeFilter.setRole(roleId);
roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
roleGuaranteeService.delete(roleGuarantee);
});
clearSession();
//
// remove catalogues
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleId(roleId);
roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).forEach(roleCatalogue -> {
roleCatalogueRoleService.delete(roleCatalogue);
});
clearSession();
//
// remove incompatible roles from both sides
incompatibleRoleService.findAllByRole(roleId).forEach(incompatibleRole -> {
incompatibleRoleService.delete(incompatibleRole);
});
clearSession();
//
// Remove role-form-attributes
IdmRoleFormAttributeFilter roleFormAttributeFilter = new IdmRoleFormAttributeFilter();
roleFormAttributeFilter.setRole(roleId);
roleFormAttributeService.find(roleFormAttributeFilter, null).forEach(roleCatalogue -> {
roleFormAttributeService.delete(roleCatalogue);
});
//
if (forceDelete) {
LOG.debug("Role [{}] should be deleted by caller after all asynchronus processes are completed.", role.getCode());
//
// dirty flag only - will be processed after asynchronous events ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(role, stateDeleted);
//
// set disabled
role.setDisabled(true);
service.saveInternal(role);
} else {
service.deleteInternal(role);
}
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class ProcessAutomaticRoleByTreeTaskExecutor method processContract.
/**
* Assign automatic role for given contract. Already assigned automatic role is checked.
*
* @param contract
* @param automaticRole
* @return created assigned roles
*/
private Set<UUID> processContract(IdmIdentityContractDto contract, IdmRoleTreeNodeDto automaticRole) {
UUID contractId = contract.getId();
Set<UUID> processedRoleRequests = new HashSet<>();
UUID automaticRoleId = automaticRole.getId();
IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(contract, IdmIdentityContract_.identity);
IdmRoleDto role = getLookupService().lookupEmbeddedDto(automaticRole, IdmRoleTreeNode_.role);
//
try {
List<IdmIdentityRoleDto> allByContract = identityRoleService.findAllByContract(contractId);
// skip already assigned automatic roles
for (IdmIdentityRoleDto roleByContract : allByContract) {
if (ObjectUtils.equals(roleByContract.getAutomaticRole(), automaticRoleId)) {
processedRoleRequests.add(roleByContract.getId());
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ALREADY_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(roleByContract, OperationState.NOT_EXECUTED, resultModel, null);
return processedRoleRequests;
}
}
//
// assign automatic role by tree node by role request
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityContract(contractId);
conceptRoleRequest.setValidFrom(contract.getValidFrom());
conceptRoleRequest.setValidTill(contract.getValidTill());
conceptRoleRequest.setRole(automaticRole.getRole());
conceptRoleRequest.setAutomaticRole(automaticRoleId);
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
//
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
roleRequest.setApplicant(contract.getIdentity());
RoleRequestEvent roleRequestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequest = roleRequestService.startConcepts(roleRequestEvent, null);
// load role concepts and add created role to processed
if (roleRequest != null) {
processedRoleRequests.add(roleRequest.getId());
}
// Log successfully assigned role
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(contract, OperationState.EXECUTED, resultModel, null);
} catch (Exception ex) {
LOG.error("Adding role [{}] by automatic role [{}] for identity [{}] failed", role.getCode(), automaticRoleId, identity.getUsername(), ex);
//
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(contract, OperationState.EXCEPTION, resultModel, ex);
}
//
return processedRoleRequests;
}
Aggregations