use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class ProcessAutomaticRoleByTreeTaskExecutor method checkProcessedIdentityRole.
/**
* Check currently assigned role is processed by current automatic role definition.
* If not => assigned role will be removed by synchronous role request.
*
* @param processedIdentityRoles assigned roles processed by automatic role
* @param identityRole assigned role
* @param automaticRole automatic role definition (just for logging)
*/
private void checkProcessedIdentityRole(Set<UUID> processedIdentityRoles, IdmIdentityRoleDto identityRole, UUID automaticRoleId) {
UUID identityRoleId = identityRole.getId();
IdmIdentityContractDto identityContract = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRole_.identityContract);
IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(identityContract, IdmIdentityContract_.identity);
IdmRoleDto role = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRole_.role);
//
if (!processedIdentityRoles.contains(identityRoleId)) {
// remove role by request
try {
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
//
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
roleRequest.setApplicant(identity.getId());
roleRequest = roleRequestService.startConcepts(new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest), null);
// log successfully removed identity role
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_REMOVED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(identityRole, OperationState.EXECUTED, resultModel, null);
} catch (Exception ex) {
LOG.error("Remove role [{}] by automatic role [{}] failed", role.getCode(), automaticRoleId, ex);
//
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(identityRole, OperationState.EXCEPTION, resultModel, ex);
}
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class ProcessAutomaticRoleByTreeTaskExecutor method processPosition.
/**
* Assign automatic role for given other. Already assigned automatic role is checked.
*
* @param contract
* @param automaticRole
* @return created assigned roles
*/
private Set<UUID> processPosition(IdmContractPositionDto position, IdmRoleTreeNodeDto automaticRole) {
UUID positionId = position.getId();
IdmIdentityContractDto contract = getLookupService().lookupEmbeddedDto(position, IdmContractPosition_.identityContract);
UUID contractId = contract.getId();
Set<UUID> processedRoleRequests = new HashSet<>();
UUID automaticRoleId = automaticRole.getId();
IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(contract, IdmIdentityContract_.identity);
IdmRoleDto role = getLookupService().lookupEmbeddedDto(automaticRole, IdmRoleTreeNode_.role);
//
try {
List<IdmIdentityRoleDto> allByPosition = identityRoleService.findAllByContractPosition(positionId);
// skip already assigned automatic roles
for (IdmIdentityRoleDto roleByContract : allByPosition) {
if (ObjectUtils.equals(roleByContract.getAutomaticRole(), automaticRoleId)) {
processedRoleRequests.add(roleByContract.getId());
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ALREADY_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(roleByContract, OperationState.NOT_EXECUTED, resultModel, null);
return processedRoleRequests;
}
}
//
// automatic role by tree node is added directly trough identity role
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityContract(contractId);
conceptRoleRequest.setContractPosition(positionId);
conceptRoleRequest.setValidFrom(contract.getValidFrom());
conceptRoleRequest.setValidTill(contract.getValidTill());
conceptRoleRequest.setRole(automaticRole.getRole());
conceptRoleRequest.setAutomaticRole(automaticRoleId);
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
//
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setConceptRoles(Lists.newArrayList(conceptRoleRequest));
roleRequest.setApplicant(contract.getIdentity());
RoleRequestEvent roleRequestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequest = roleRequestService.startConcepts(roleRequestEvent, null);
// load role concepts and add created role to processed
if (roleRequest != null) {
processedRoleRequests.add(roleRequest.getId());
}
// Log successfully assigned role
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_ROLE_ASSIGNED, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(position, OperationState.EXECUTED, resultModel, null);
} catch (Exception ex) {
LOG.error("Adding role [{}] by automatic role [{}] for identity [{}] failed", role.getCode(), automaticRoleId, identity.getUsername(), ex);
//
ResultModel resultModel = new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_ASSIGN_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", automaticRoleId, "identity", identity.getUsername()));
saveItemResult(position, OperationState.EXCEPTION, resultModel, ex);
}
//
return processedRoleRequests;
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class RemoveAutomaticRoleTaskExecutor method processItem.
@Override
public Optional<OperationResult> processItem(IdmIdentityRoleDto identityRole) {
try {
IdmIdentityContractDto contract = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract);
UUID identityId = contract.getIdentity();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
roleRequest = roleRequestService.save(roleRequest);
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setRoleRequest(roleRequest.getId());
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(identityRole.getIdentityContract());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
conceptRequestService.save(conceptRoleRequest);
//
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identityId);
//
roleRequestService.startRequestInternal(requestEvent);
//
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
} catch (Exception ex) {
IdmIdentityContractDto identityContract = identityContractService.get(identityRole.getIdentityContract());
IdmIdentityDto identity = DtoUtils.getEmbedded(identityContract, IdmIdentityContract_.identity);
IdmRoleDto role = DtoUtils.getEmbedded(getAutomaticRole(), IdmRoleTreeNode_.role);
//
LOG.error("Remove role [{}] by automatic role [{}] failed", role.getCode(), getAutomaticRole().getId(), ex);
//
return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setModel(new DefaultResultModel(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_NOT_COMPLETE, ImmutableMap.of("role", role.getCode(), "roleTreeNode", getAutomaticRole().getId(), "identity", identity.getUsername()))).setCause(ex).build());
}
}
use of eu.bcvsolutions.idm.core.model.event.RoleRequestEvent in project CzechIdMng by bcvsolutions.
the class IdentityRoleExpirationTaskExecutor method processItem.
@Override
public Optional<OperationResult> processItem(IdmIdentityRoleDto identityRoleIdentifier) {
UUID identityRoleId = identityRoleIdentifier.getId();
LOG.info("Remove expired assigned role [{}], valid till is less than [{}]", identityRoleId, expiration);
//
IdmIdentityRoleDto identityRole = identityRoleService.get(identityRoleId);
if (identityRole == null) {
// already deleted - skipping
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
}
IdmIdentityContractDto contract = getLookupService().lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
if (contract == null) {
// already deleted - skipping
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
}
UUID identityId = contract.getIdentity();
//
try {
LOG.debug("Remove expired role [{}] from contract [{}] by internal role request.", identityRole.getRole(), contract.getId());
//
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(identityId);
roleRequest.setRequestedByType(RoleRequestedByType.AUTOMATICALLY);
roleRequest = roleRequestService.save(roleRequest);
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRoleId);
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setRoleRequest(roleRequest.getId());
conceptRoleRequestService.save(conceptRoleRequest);
//
// start event with skip check authorities
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
requestEvent.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
// prevent to start asynchronous event before previous update event is completed.
requestEvent.setSuperOwnerId(identityId);
//
roleRequestService.startRequestInternal(requestEvent);
//
return Optional.of(new OperationResult.Builder(OperationState.EXECUTED).build());
} catch (Exception ex) {
LOG.error("Removing expired assigned role [{}] failed", identityRoleId, ex);
return Optional.of(new OperationResult.Builder(OperationState.EXCEPTION).setCause(ex).build());
}
}
Aggregations