Search in sources :

Example 1 with AuthorizationPolicy

use of eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy in project CzechIdMng by bcvsolutions.

the class RoleGuaranteeEvaluator method getPermissions.

@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
    Set<String> permissions = super.getPermissions(entity, policy);
    if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
        return permissions;
    }
    // 
    IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
    filter.setRole(entity.getId());
    filter.setGuarantee(securityService.getCurrentId());
    // by identity
    if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
        permissions.addAll(policy.getPermissions());
        return permissions;
    }
    // 
    // by role
    IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
    filterRole.setRole(entity.getId());
    Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
    // TODO: create some subquery ...
    if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
        permissions.addAll(policy.getPermissions());
    }
    // 
    return permissions;
}
Also used : IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_) Autowired(org.springframework.beans.factory.annotation.Autowired) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) Predicate(javax.persistence.criteria.Predicate) BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) Root(javax.persistence.criteria.Root) IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole) IdmRoleGuaranteeRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole_) Description(org.springframework.context.annotation.Description) RepositoryUtils(eu.bcvsolutions.idm.core.api.utils.RepositoryUtils) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter) AbstractEntity_(eu.bcvsolutions.idm.core.api.entity.AbstractEntity_) IdmRoleGuaranteeService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeService) AuthorizationPolicy(eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy) Set(java.util.Set) PageRequest(org.springframework.data.domain.PageRequest) AbstractAuthorizationEvaluator(eu.bcvsolutions.idm.core.security.evaluator.AbstractAuthorizationEvaluator) UUID(java.util.UUID) IdmRoleGuaranteeRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeRoleService) AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication) Collectors(java.util.stream.Collectors) IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_) IdmRoleGuarantee_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee_) IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee) Component(org.springframework.stereotype.Component) LocalDate(java.time.LocalDate) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) Subquery(javax.persistence.criteria.Subquery) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter) IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter) UUID(java.util.UUID)

Aggregations

IdmRoleGuaranteeFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter)1 IdmRoleGuaranteeRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter)1 AbstractEntity_ (eu.bcvsolutions.idm.core.api.entity.AbstractEntity_)1 IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)1 IdmRoleGuaranteeRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeRoleService)1 IdmRoleGuaranteeService (eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeService)1 RepositoryUtils (eu.bcvsolutions.idm.core.api.utils.RepositoryUtils)1 IdmIdentityContract_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)1 IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)1 IdmIdentityRole_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)1 IdmIdentity_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentity_)1 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)1 IdmRoleGuarantee (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)1 IdmRoleGuaranteeRole (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)1 IdmRoleGuaranteeRole_ (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole_)1 IdmRoleGuarantee_ (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee_)1 AbstractAuthentication (eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)1 AuthorizationPolicy (eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy)1 BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)1 SecurityService (eu.bcvsolutions.idm.core.security.api.service.SecurityService)1