Examples with BasePermission eu.bcvsolutions.idm.core.security.api.domain.BasePermission used on opensource projects

Example 16 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultFormService method findFormInstances.

@Override
@Transactional(readOnly = true)
public List<IdmFormInstanceDto> findFormInstances(Identifiable owner, FormableFilter filter, BasePermission... permission) {
    Assert.notNull(owner, "Form values owner is required.");
    // 
    // filter form definitions and form attributes, if given
    List<IdmFormDefinitionDto> formDefinitions;
    if (filter == null || CollectionUtils.isEmpty(filter.getFormDefinitionAttributes())) {
        // filter is not set => all form definitions
        formDefinitions = getDefinitions(owner, !PermissionUtils.isEmpty(permission) ? IdmBasePermission.AUTOCOMPLETE : null);
    } else {
        // used filter definitions only.
        IdmFormDefinitionFilter definitionFilter = new IdmFormDefinitionFilter();
        definitionFilter.setType(getDefaultDefinitionType(owner.getClass()));
        definitionFilter.setIds(filter.getFormDefinitionAttributes().stream().map(FormDefinitionAttributes::getDefinition).collect(Collectors.toList()));
        // 
        formDefinitions = formDefinitionService.find(definitionFilter, getDefinitionPageable(), !PermissionUtils.isEmpty(permission) ? IdmBasePermission.AUTOCOMPLETE : null).getContent();
    }
    // 
    return formDefinitions.stream().map(definition -> {
        return findFormInstance(owner, definition, filter, permission);
    }).collect(Collectors.toList());
}

Example 17 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class AbstractReadDtoService method toCriteria.

/**
 * Constructs find / count jpa criteria from given filter and permissions
 *
 * @param filter
 * @param applyFetchMode fetch related entities in the master select
 * @param permission
 * @return
 */
protected Specification<E> toCriteria(F filter, boolean applyFetchMode, BasePermission... permission) {
    return new Specification<E>() {

        private static final long serialVersionUID = 1L;

        public Predicate toPredicate(Root<E> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
            List<Predicate> predicates = new ArrayList<>();
            // if filter is null, no filter predicates will be built
            if (filter != null) {
                predicates.addAll(AbstractReadDtoService.this.toPredicates(root, query, builder, filter));
            }
            // 
            // permissions are not evaluated, if no permission was given
            // or authorizable type is null (=> authorization policies are not supported)
            BasePermission[] permissions = PermissionUtils.trimNull(permission);
            if (!ObjectUtils.isEmpty(permissions) && (AbstractReadDtoService.this instanceof AuthorizableService)) {
                AuthorizableType authorizableType = ((AuthorizableService<?>) AbstractReadDtoService.this).getAuthorizableType();
                if (authorizableType != null && authorizableType.getType() != null) {
                    boolean usePermissionOperatorOr = false;
                    if (filter instanceof PermissionContext) {
                        PermissionContext permissionContext = (PermissionContext) filter;
                        usePermissionOperatorOr = permissionContext.usePermissionOperatorOr();
                    }
                    if (usePermissionOperatorOr) {
                        predicates.add(getAuthorizationManager().getPredicateOr(root, query, builder, permissions));
                    } else {
                        predicates.add(getAuthorizationManager().getPredicate(root, query, builder, permissions));
                    }
                }
            }
            // 
            // check IN predicates limit
            predicates.forEach(predicate -> {
                checkFilterSizeExceeded(predicate);
            });
            // include referenced entity in "master" select  => reduces number of sub selects
            if (applyFetchMode) {
            // FIXME: is needed in new hibernate?
            // applyFetchMode(root);
            }
            // 
            return query.where(predicates.toArray(new Predicate[predicates.size()])).getRestriction();
        }
    };
}

Example 18 with BasePermission

use of eu.bcvsolutions.idm.core.security.api.domain.BasePermission in project CzechIdMng by bcvsolutions.

the class DefaultAccUniformPasswordService method findOptionsForPasswordChange.

@Override
public List<AccPasswordChangeOptionDto> findOptionsForPasswordChange(IdmIdentityDto identity, BasePermission... permissions) {
    List<AccPasswordChangeOptionDto> result = Lists.newArrayList();
    AccUniformPasswordSystemFilter filter = new AccUniformPasswordSystemFilter();
    filter.setIdentityId(identity.getId());
    filter.setUniformPasswordDisabled(Boolean.FALSE);
    List<AccUniformPasswordSystemDto> uniformPasswordSystems = this.uniformPasswordSystemService.find(filter, null).getContent();
    // Group uniform password system by uniform password definition
    Map<AccUniformPasswordDto, List<AccAccountDto>> accountsForUniformPassword = Maps.newHashMap();
    // Same behavior as previous versions
    AccAccountFilter accountFilter = new AccAccountFilter();
    accountFilter.setOwnership(Boolean.TRUE);
    accountFilter.setSupportChangePassword(Boolean.TRUE);
    accountFilter.setIdentityId(identity.getId());
    accountFilter.setInProtection(Boolean.FALSE);
    // Include given permissions
    List<AccAccountDto> accounts = accountService.find(accountFilter, null, permissions).getContent();
    for (AccAccountDto account : accounts) {
        // One system can be place more than one in uniform password systems
        List<AccUniformPasswordSystemDto> uniformBySystem = uniformPasswordSystems.stream().filter(pfs -> {
            return pfs.getSystem().equals(account.getSystem());
        }).collect(Collectors.toList());
        if (CollectionUtils.isEmpty(uniformBySystem)) {
            // Simple account as option
            AccPasswordChangeOptionDto optionDto = new AccPasswordChangeOptionDto(account);
            optionDto.setNiceLabel(getNiceLabelForOption(account));
            result.add(optionDto);
            continue;
        }
        for (AccUniformPasswordSystemDto uniformPasswordSystemDto : uniformBySystem) {
            AccUniformPasswordDto definition = DtoUtils.getEmbedded(uniformPasswordSystemDto, AccUniformPasswordSystem_.uniformPassword, AccUniformPasswordDto.class, null);
            if (accountsForUniformPassword.containsKey(definition)) {
                accountsForUniformPassword.get(definition).add(account);
            } else {
                accountsForUniformPassword.put(definition, Lists.newArrayList(account));
            }
        }
    }
    // Check if exists account for uniform password and process options for them
    if (!accountsForUniformPassword.isEmpty()) {
        for (Entry<AccUniformPasswordDto, List<AccAccountDto>> entry : accountsForUniformPassword.entrySet()) {
            // There is also needed
            AccUniformPasswordDto uniformPasswordDto = entry.getKey();
            AccPasswordChangeOptionDto optionDto = new AccPasswordChangeOptionDto(uniformPasswordDto, entry.getValue());
            optionDto.setNiceLabel(getNiceLabelForOption(uniformPasswordDto));
            optionDto.setChangeInIdm(uniformPasswordDto.isChangeInIdm());
            result.add(optionDto);
        }
    }
    return result;
}