use of eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy in project CzechIdMng by bcvsolutions.
the class RoleGuaranteeEvaluator method getPermissions.
@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
Set<String> permissions = super.getPermissions(entity, policy);
if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
return permissions;
}
//
IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
filter.setRole(entity.getId());
filter.setGuarantee(securityService.getCurrentId());
// by identity
if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
permissions.addAll(policy.getPermissions());
return permissions;
}
//
// by role
IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
filterRole.setRole(entity.getId());
Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
// TODO: create some subquery ...
if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
permissions.addAll(policy.getPermissions());
}
//
return permissions;
}
Aggregations