Examples with BasePermission eu.bcvsolutions.idm.core.security.api.domain.BasePermission used on opensource projects

Example 11 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultIdmRequestIdentityRoleService method save.

@Override
@Transactional
public IdmRequestIdentityRoleDto save(IdmRequestIdentityRoleDto dto, BasePermission... permission) {
    LOG.debug(MessageFormat.format("Save idm-request-identity-role [{0}] ", dto));
    Assert.notNull(dto, "DTO is required.");
    // We don`t know if is given DTO identity-role or role-concept.
    if (dto.getId() != null && dto.getId().equals(dto.getIdentityRole())) {
        // Given DTO is identity-role -> create UPDATE concept
        IdmIdentityRoleDto identityRole = identityRoleService.get(dto.getId());
        Assert.notNull(identityRole, "Identity role is required.");
        IdmIdentityContractDto identityContractDto = DtoUtils.getEmbedded(identityRole, IdmIdentityRole_.identityContract.getName(), IdmIdentityContractDto.class);
        UUID requestId = dto.getRoleRequest();
        IdmRoleRequestDto request = null;
        if (requestId == null) {
            request = this.createRequest(identityContractDto.getIdentity());
            requestId = request.getId();
        }
        IdmConceptRoleRequestDto conceptRoleRequest = createConcept(identityRole, identityContractDto, requestId, identityRole.getRole(), identityContractDto.getValidFrom(), identityContractDto.getValidTill(), ConceptRoleRequestOperation.UPDATE);
        conceptRoleRequest.setValidFrom(dto.getValidFrom());
        conceptRoleRequest.setValidTill(dto.getValidTill());
        conceptRoleRequest.setRoleSystem(dto.getRoleSystem());
        conceptRoleRequest.setEavs(dto.getEavs());
        // Create concept with EAVs
        conceptRoleRequest = conceptRoleService.save(conceptRoleRequest, permission);
        if (request != null) {
            // Add request to concept. Will be used on the FE (prevent loading of request).
            conceptRoleRequest.getEmbedded().put(IdmConceptRoleRequest_.roleRequest.getName(), request);
        }
        return this.conceptToRequestIdentityRole(conceptRoleRequest, null);
    } else if (dto.getId() == null && dto.getIdentityRole() == null) {
        // Given DTO does not have ID neither identity-role ID -> create ADD concept
        Assert.notNull(dto.getIdentityContract(), "Contract is required.");
        Set<UUID> roles = Sets.newHashSet();
        if (dto.getRole() != null) {
            roles.add(dto.getRole());
        }
        if (dto.getRoles() != null) {
            roles.addAll(dto.getRoles());
        }
        Assert.notEmpty(roles, "Roles cannot be empty!");
        IdmIdentityContractDto identityContractDto = identityContractService.get(dto.getIdentityContract());
        UUID requestId = dto.getRoleRequest();
        IdmRoleRequestDto request = null;
        if (requestId == null) {
            request = this.createRequest(identityContractDto.getIdentity());
            requestId = request.getId();
        }
        List<IdmConceptRoleRequestDto> concepts = Lists.newArrayList();
        UUID finalRequestId = requestId;
        IdmRoleRequestDto finalRequest = request;
        roles.forEach(role -> {
            IdmConceptRoleRequestDto conceptRoleRequest = createConcept(null, identityContractDto, finalRequestId, role, dto.getValidFrom(), dto.getValidTill(), ConceptRoleRequestOperation.ADD);
            conceptRoleRequest.setEavs(dto.getEavs());
            conceptRoleRequest.setRoleSystem(dto.getRoleSystem());
            // Create concept with EAVs
            conceptRoleRequest = conceptRoleService.save(conceptRoleRequest);
            if (finalRequest != null) {
                // Add request to concept. Will be used on the FE (prevent loading of request).
                conceptRoleRequest.getEmbedded().put(IdmConceptRoleRequest_.roleRequest.getName(), finalRequest);
            }
            concepts.add(conceptRoleRequest);
        });
        // Beware more then one concepts could be created, but only first will be returned!
        return this.conceptToRequestIdentityRole(concepts.get(0), null);
    } else {
        // Try to find role-concept
        IdmConceptRoleRequestDto roleConceptDto = conceptRoleService.get(dto.getId());
        if (roleConceptDto != null) {
            dto.setState(roleConceptDto.getState());
            if (ConceptRoleRequestOperation.UPDATE == roleConceptDto.getOperation()) {
                // Given DTO is concept -> update exists UPDATE concept
                return this.conceptToRequestIdentityRole(conceptRoleService.save(dto, permission), null);
            }
            if (ConceptRoleRequestOperation.ADD == roleConceptDto.getOperation()) {
                // Given DTO is concept -> update exists ADD concept
                return this.conceptToRequestIdentityRole(conceptRoleService.save(dto, permission), null);
            }
        }
    }
    return null;
}

Example 12 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleCompositionService method findAllSubRoles.

private void findAllSubRoles(List<IdmRoleCompositionDto> results, List<IdmRoleCompositionDto> parents, UUID superiorId, BasePermission... permission) {
    IdmRoleCompositionFilter filter = new IdmRoleCompositionFilter();
    filter.setSuperiorId(superiorId);
    // 
    find(filter, null, permission).stream().filter(// cyclic composition in the first level is ignored
    subRole -> !subRole.getSuperior().equals(subRole.getSub())).forEach(subRole -> {
        if (!// duplicate composition is enabled, but from different superior role => is not cycle, is duplicate but ok
        parents.stream().map(IdmRoleCompositionDto::getSuperior).anyMatch(superior -> superior.equals(subRole.getSub()))) {
            results.add(subRole);
            List<IdmRoleCompositionDto> lineParents = Lists.newArrayList(parents);
            lineParents.add(subRole);
            // 
            IdmRoleDto subRoleDto = DtoUtils.getEmbedded(subRole, IdmRoleComposition_.sub);
            if (subRoleDto.getChildrenCount() > 0) {
                findAllSubRoles(results, lineParents, subRole.getSub(), permission);
            }
        }
    });
}

Example 13 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleCompositionService method findAllSuperiorRoles.

/**
 * @param results found parents
 * @param subId original role, for which parent are found => used for prevent cycles
 * @param subChildId curently processed sub role
 * @param permission
 */
private void findAllSuperiorRoles(List<IdmRoleCompositionDto> results, UUID subId, UUID subChildId, BasePermission... permission) {
    IdmRoleCompositionFilter filter = new IdmRoleCompositionFilter();
    filter.setSubId(subChildId);
    // 
    find(filter, null, permission).filter(// cyclic composition in the first level is ignored
    superiorRole -> !superiorRole.getSuperior().equals(superiorRole.getSub())).filter(// cyclic to original
    superiorRole -> !superiorRole.getSuperior().equals(subId)).forEach(superiorRole -> {
        if (!results.contains(superiorRole)) {
            results.add(superiorRole);
            // 
            findAllSuperiorRoles(results, subId, superiorRole.getSuperior(), permission);
        }
    });
}

Example 14 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class WorkflowTaskInstanceController method addDelegationToTask.

/**
 * Find and add definition of the delegation connected with this task.
 *
 * @param dto
 */
private void addDelegationToTask(WorkflowTaskInstanceDto dto, BasePermission... permission) {
    if (dto != null && dto.getId() != null) {
        // We need to create mock task, because DTO can be instance of historic task here.
        WorkflowTaskInstanceDto mockTask = new WorkflowTaskInstanceDto();
        mockTask.setId(dto.getId());
        UUID currentUserId = securityService.getCurrentId();
        boolean currentUserIsCandidate = dto.getIdentityLinks().stream().filter(identityLink -> IdentityLinkType.CANDIDATE.equals(identityLink.getType()) || IdentityLinkType.ASSIGNEE.equals(identityLink.getType())).anyMatch(identityLink -> currentUserId != null && UUID.fromString(identityLink.getUserId()).equals(currentUserId));
        boolean filterOnlyForCurrentUser = currentUserIsCandidate && !workflowTaskInstanceService.canReadAllTask(permission);
        List<IdmDelegationDto> delegations = delegationManager.findDelegationForOwner(mockTask, permission).stream().filter(delegation -> {
            // Filter only delegation where delegator or delegate is logged user (and user is not admin).
            if (!filterOnlyForCurrentUser) {
                return true;
            }
            IdmDelegationDefinitionDto definition = DtoUtils.getEmbedded(delegation, IdmDelegation_.definition.getName(), IdmDelegationDefinitionDto.class);
            return definition.getDelegate().equals(currentUserId) || definition.getDelegator().equals(currentUserId);
        }).sorted(Comparator.comparing(IdmDelegationDto::getCreated)).collect(Collectors.toList());
        // TODO: ONLY first delegation definition is sets to the task!
        if (!CollectionUtils.isEmpty(delegations)) {
            Collections.reverse(delegations);
            IdmDelegationDto delegation = delegations.get(0);
            IdmDelegationDefinitionDto definition = DtoUtils.getEmbedded(delegation, IdmDelegation_.definition.getName(), IdmDelegationDefinitionDto.class);
            dto.setDelegationDefinition(definition);
        }
    }
}

Example 15 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultFormService method findFormInstance.

@Override
@Transactional(readOnly = true)
public IdmFormInstanceDto findFormInstance(Identifiable owner, IdmFormDefinitionDto formDefinition, FormableFilter filter, BasePermission... permission) {
    Assert.notNull(owner, "Form values owner is required.");
    Assert.notNull(owner.getId(), "Owner id is required.");
    // 
    BasePermission[] permissions = PermissionUtils.trimNull(permission);
    FormableEntity ownerEntity = getOwnerEntity(owner);
    // Definition will be reloaded only if is given definition trimmed (we need to not reloading the definition in case use the sub-definition (role-attributes))
    formDefinition = checkDefaultDefinition(owner.getClass(), formDefinition);
    if (formDefinition.isTrimmed()) {
        // load => prevent to modify input definition
        formDefinition = getDefinition(formDefinition.getId());
    }
    FormValueService<FormableEntity> formValueService = getFormValueService(owner);
    // 
    // construct value filter
    IdmFormValueFilter<FormableEntity> valueFilter = toValueFilter(ownerEntity, formDefinition, filter);
    // find form values
    List<IdmFormValueDto> values = formValueService.find(valueFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(AbstractFormValue_.seq.getName())), permission).getContent();
    IdmFormInstanceDto formInstance = new IdmFormInstanceDto(ownerEntity, formDefinition, values);
    // evaluate permissions for form definition attributes by values - change attribute properties or remove attribute at all
    if (!ObjectUtils.isEmpty(permissions)) {
        Set<UUID> checkedAttributes = new HashSet<>(values.size());
        for (IdmFormValueDto value : values) {
            checkedAttributes.add(value.getFormAttribute());
            Set<String> valuePermissions = formValueService.getPermissions(value);
            if (!PermissionUtils.hasPermission(valuePermissions, IdmBasePermission.READ)) {
                // TODO: hidden?
                formInstance.getFormDefinition().removeFormAttribute(value.getFormAttribute());
            } else if (!PermissionUtils.hasPermission(valuePermissions, IdmBasePermission.UPDATE)) {
                formInstance.getMappedAttribute(value.getFormAttribute()).setReadonly(true);
            }
        }
        // evaluate permissions for new values - iterate through unprocessed attributes and check update permission
        List<IdmFormAttributeDto> formAttributes = Lists.newArrayList(formInstance.getFormDefinition().getFormAttributes());
        for (IdmFormAttributeDto formAttribute : formAttributes) {
            if (checkedAttributes.contains(formAttribute.getId())) {
                continue;
            }
            IdmFormValueDto newValue = new IdmFormValueDto();
            newValue.setOwnerAndAttribute(ownerEntity, formAttribute);
            Set<String> valuePermissions = formValueService.getPermissions(newValue);
            if (!PermissionUtils.hasPermission(valuePermissions, IdmBasePermission.READ)) {
                // TODO: hidden?
                formInstance.getFormDefinition().removeFormAttribute(newValue.getFormAttribute());
            } else if (!PermissionUtils.hasPermission(valuePermissions, IdmBasePermission.UPDATE)) {
                formAttribute.setReadonly(true);
            }
        }
    }
    // 
    // apply overridden attributes by form projection
    formInstance.setFormDefinition(formProjectionManager.overrideFormDefinition(owner, formInstance.getFormDefinition()));
    // 
    return formInstance;
}