Example 1 with AuthorizationPolicy
use of eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy in project CzechIdMng by bcvsolutions.
the class RoleGuaranteeEvaluator method getPermissions.
@Override
public Set<String> getPermissions(IdmRole entity, AuthorizationPolicy policy) {
Set<String> permissions = super.getPermissions(entity, policy);
if (entity == null || entity.getId() == null || !securityService.isAuthenticated()) {
return permissions;
}
//
IdmRoleGuaranteeFilter filter = new IdmRoleGuaranteeFilter();
filter.setRole(entity.getId());
filter.setGuarantee(securityService.getCurrentId());
// by identity
if (roleGuaranteeService.find(filter, PageRequest.of(0, 1)).getTotalElements() > 0) {
permissions.addAll(policy.getPermissions());
return permissions;
}
//
// by role
IdmRoleGuaranteeRoleFilter filterRole = new IdmRoleGuaranteeRoleFilter();
filterRole.setRole(entity.getId());
Set<UUID> guaranteeRoles = roleGuaranteeRoleService.find(filterRole, null).getContent().stream().map(rg -> rg.getGuaranteeRole()).collect(Collectors.toSet());
// TODO: create some subquery ...
if (identityRoleService.findValidRoles(securityService.getCurrentId(), null).getContent().stream().filter(ir -> guaranteeRoles.contains(ir.getRole())).findFirst().orElse(null) != null) {
permissions.addAll(policy.getPermissions());
}
//
return permissions;
}
Also used :
IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService)
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
Predicate(javax.persistence.criteria.Predicate)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
Root(javax.persistence.criteria.Root)
IdmRoleGuaranteeRole(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)
IdmRoleGuaranteeRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole_)
Description(org.springframework.context.annotation.Description)
RepositoryUtils(eu.bcvsolutions.idm.core.api.utils.RepositoryUtils)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter)
AbstractEntity_(eu.bcvsolutions.idm.core.api.entity.AbstractEntity_)
IdmRoleGuaranteeService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeService)
AuthorizationPolicy(eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy)
Set(java.util.Set)
PageRequest(org.springframework.data.domain.PageRequest)
AbstractAuthorizationEvaluator(eu.bcvsolutions.idm.core.security.evaluator.AbstractAuthorizationEvaluator)
UUID(java.util.UUID)
IdmRoleGuaranteeRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeRoleService)
AbstractAuthentication(eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)
Collectors(java.util.stream.Collectors)
IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)
IdmRoleGuarantee_(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee_)
IdmRoleGuarantee(eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)
Component(org.springframework.stereotype.Component)
LocalDate(java.time.LocalDate)
IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_)
IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter)
Subquery(javax.persistence.criteria.Subquery)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
IdmRoleGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter)
IdmRoleGuaranteeRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter)
UUID(java.util.UUID)
Aggregations
IdmRoleGuaranteeFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeFilter)1
IdmRoleGuaranteeRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleGuaranteeRoleFilter)1
AbstractEntity_ (eu.bcvsolutions.idm.core.api.entity.AbstractEntity_)1
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)1
IdmRoleGuaranteeRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeRoleService)1
IdmRoleGuaranteeService (eu.bcvsolutions.idm.core.api.service.IdmRoleGuaranteeService)1
RepositoryUtils (eu.bcvsolutions.idm.core.api.utils.RepositoryUtils)1
IdmIdentityContract_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)1
IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)1
IdmIdentityRole_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)1
IdmIdentity_ (eu.bcvsolutions.idm.core.model.entity.IdmIdentity_)1
IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)1
IdmRoleGuarantee (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee)1
IdmRoleGuaranteeRole (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole)1
IdmRoleGuaranteeRole_ (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuaranteeRole_)1
IdmRoleGuarantee_ (eu.bcvsolutions.idm.core.model.entity.IdmRoleGuarantee_)1
AbstractAuthentication (eu.bcvsolutions.idm.core.security.api.domain.AbstractAuthentication)1
AuthorizationPolicy (eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy)1
BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)1
SecurityService (eu.bcvsolutions.idm.core.security.api.service.SecurityService)1
