Search in sources :

Example 31 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class ProcessAutomaticRoleByTreeTaskExecutor method checkProcessedIdentityRole.

/**
 * Check currently assigned role is processed by current automatic role definition.
 * If not => assigned role will be removed by synchronous role request.
 *
 * @param processedIdentityRoles assigned roles processed by automatic role
 * @param identityRole assigned role
 * @param automaticRole automatic role definition (just for logging)
 */
private void checkProcessedIdentityRole(Set<UUID> processedIdentityRoles, IdmIdentityRoleDto identityRole, UUID automaticRoleId) {
    UUID identityRoleId = identityRole.getId();
    IdmIdentityContractDto identityContract = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRole_.identityContract);
    IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(identityContract, IdmIdentityContract_.identity);
    IdmRoleDto role = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRole_.role);
    // 
    if (!processedIdentityRoles.contains(identityRoleId)) {
        // remove role by request
        try {
            IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
            conceptRoleRequest.setIdentityRole(identityRole.getId());
            conceptRoleRequest.setRole(identityRole.getRole());
            conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
            conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
            // 
            IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
            roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
            roleRequest.setApplicant(identity.getId());
            roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
            // log successfully removed identity role
            ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_REMOVED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
            saveItemResult(identityRole, OperationState.EXECUTED, resultModel, null);
        } catch (Exception ex) {
            LOG.error("Remove role [{}] by automatic role [{}] failed", role.getCode(), automaticRoleId, ex);
            // 
            ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
            saveItemResult(identityRole, OperationState.EXCEPTION, resultModel, ex);
        }
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) UUID(java.util.UUID) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) UnexpectedRollbackException(org.springframework.transaction.UnexpectedRollbackException)

Example 32 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class ProcessAutomaticRoleByTreeTaskExecutor method processPosition.

/**
 * Assign automatic role for given other. Already assigned automatic role is checked.
 *
 * @param contract
 * @param automaticRole
 * @return created assigned roles
 */
private Set<UUID> processPosition(IdmContractPositionDto position, IdmRoleTreeNodeDto automaticRole) {
    UUID positionId = position.getId();
    IdmIdentityContractDto contract = getLookupService().lookupEmbeddedDto(position, IdmContractPosition_.identityContract);
    UUID contractId = contract.getId();
    Set<UUID> processedRoleRequests = new HashSet<>();
    UUID automaticRoleId = automaticRole.getId();
    IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(contract, IdmIdentityContract_.identity);
    IdmRoleDto role = getLookupService().lookupEmbeddedDto(automaticRole, IdmRoleTreeNode_.role);
    // 
    try {
        List<IdmIdentityRoleDto> allByPosition = identityRoleService.findAllByContractPosition(positionId);
        // skip already assigned automatic roles
        for (IdmIdentityRoleDto roleByContract : allByPosition) {
            if (ObjectUtils.equals(roleByContract.getAutomaticRole(), automaticRoleId)) {
                processedRoleRequests.add(roleByContract.getId());
                ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ALREADY_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
                saveItemResult(roleByContract, OperationState.NOT_EXECUTED, resultModel, null);
                return processedRoleRequests;
            }
        }
        // 
        // automatic role by tree node is added directly trough identity role
        IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
        conceptRoleRequest.setIdentityContract(contractId);
        conceptRoleRequest.setContractPosition(positionId);
        conceptRoleRequest.setValidFrom(contract.getValidFrom());
        conceptRoleRequest.setValidTill(contract.getValidTill());
        conceptRoleRequest.setRole(automaticRole.getRole());
        conceptRoleRequest.setAutomaticRole(automaticRoleId);
        conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
        // 
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
        roleRequest.setApplicant(contract.getIdentity());
        RoleRequestEvent roleRequestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
        roleRequest = roleRequestService.startConcepts(roleRequestEvent, null);
        // load role concepts and add created role to processed
        if (roleRequest != null) {
            processedRoleRequests.add(roleRequest.getId());
        }
        // Log successfully assigned role
        ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
        saveItemResult(position, OperationState.EXECUTED, resultModel, null);
    } catch (Exception ex) {
        LOG.error("Adding role [{}] by automatic role [{}] for identity [{}] failed", role.getCode(), automaticRoleId, identity.getUsername(), ex);
        // 
        ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
        saveItemResult(position, OperationState.EXCEPTION, resultModel, ex);
    }
    // 
    return processedRoleRequests;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) UnexpectedRollbackException(org.springframework.transaction.UnexpectedRollbackException) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) UUID(java.util.UUID) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) HashSet(java.util.HashSet)

Example 33 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class RemoveAutomaticRoleTaskExecutor method processItem.

@Override
public Optional<OperationResult> processItem(IdmIdentityRoleDto identityRole) {
    try {
        IdmIdentityContractDto contract = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract);
        UUID identityId = contract.getIdentity();
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setState(RoleRequestState.CONCEPT);
        // without approval
        roleRequest.setExecuteImmediately(true);
        roleRequest.setApplicant(identityId);
        roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
        roleRequest = roleRequestService.save(roleRequest);
        // 
        IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
        conceptRoleRequest.setRoleRequest(roleRequest.getId());
        conceptRoleRequest.setIdentityRole(identityRole.getId());
        conceptRoleRequest.setRole(identityRole.getRole());
        conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
        conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
        conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
        conceptRequestService.save(conceptRoleRequest);
        // 
        // start event with skip check authorities
        RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
        requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
        // prevent to start asynchronous event before previous update event is completed.
        requestEvent.setSuperOwnerId(identityId);
        // 
        roleRequestService.startRequestInternal(requestEvent);
        // 
        return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
    } catch (Exception ex) {
        IdmIdentityContractDto identityContract = identityContractService.get(identityRole.getIdentityContract());
        IdmIdentityDto identity = DtoUtils.getEmbedded(identityContract, IdmIdentityContract_.identity);
        IdmRoleDto role = DtoUtils.getEmbedded(getAutomaticRole(), IdmRoleTreeNode_.role);
        // 
        LOG.error("Remove role [{}] by automatic role [{}] failed", role.getCode(), getAutomaticRole().getId(), ex);
        // 
        return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setModel(new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", getAutomaticRole().getId(), "identity", identity.getUsername()))).setCause(ex).build());
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) UUID(java.util.UUID) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException)

Example 34 with RoleRequestEvent

use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.

the class IdentityRoleExpirationTaskExecutor method processItem.

@Override
public Optional<OperationResult> processItem(IdmIdentityRoleDto identityRoleIdentifier) {
    UUID identityRoleId = identityRoleIdentifier.getId();
    LOG.info("Remove expired assigned role [{}], valid till is less than [{}]", identityRoleId, expiration);
    // 
    IdmIdentityRoleDto identityRole = identityRoleService.get(identityRoleId);
    if (identityRole == null) {
        // already deleted - skipping
        return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
    }
    IdmIdentityContractDto contract = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
    if (contract == null) {
        // already deleted - skipping
        return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
    }
    UUID identityId = contract.getIdentity();
    // 
    try {
        LOG.debug("Remove expired role [{}] from contract [{}] by internal role request.", identityRole.getRole(), contract.getId());
        // 
        IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
        roleRequest.setState(RoleRequestState.CONCEPT);
        // without approval
        roleRequest.setExecuteImmediately(true);
        roleRequest.setApplicant(identityId);
        roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
        roleRequest = roleRequestService.save(roleRequest);
        // 
        IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
        conceptRoleRequest.setIdentityRole(identityRoleId);
        conceptRoleRequest.setRole(identityRole.getRole());
        conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
        conceptRoleRequest.setIdentityContract(contract.getId());
        conceptRoleRequest.setRoleRequest(roleRequest.getId());
        conceptRoleRequestService.save(conceptRoleRequest);
        // 
        // start event with skip check authorities
        RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
        requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
        // prevent to start asynchronous event before previous update event is completed.
        requestEvent.setSuperOwnerId(identityId);
        // 
        roleRequestService.startRequestInternal(requestEvent);
        // 
        return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
    } catch (Exception ex) {
        LOG.error("Removing expired assigned role [{}] failed", identityRoleId, ex);
        return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setCause(ex).build());
    }
}
Also used : IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Aggregations

RoleRequestEvent (eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)34 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)33 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)26 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)21 UUID (java.util.UUID)21 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)16 ArrayList (java.util.ArrayList)13 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)12 DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)10 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)10 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)10 Serializable (java.io.Serializable)10 HashMap (java.util.HashMap)10 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)7 ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)6 CoreResultCode (eu.bcvsolutions.idm.core.api.domain.CoreResultCode)6 OperationState (eu.bcvsolutions.idm.core.api.domain.OperationState)6 AbstractIdmAutomaticRoleDto (eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)6 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)6 Transactional (org.springframework.transaction.annotation.Transactional)6