Example 1 with RoleMembership
use of org.kuali.kfs.kim.api.role.RoleMembership in project cu-kfs by CU-CommunityApps.
the class ResponsibilityServiceImpl method getActionsForResponsibilityRoles.
private List<ResponsibilityAction> getActionsForResponsibilityRoles(Responsibility responsibility, List<String> roleIds, Map<String, String> qualification) {
List<ResponsibilityAction> results = new ArrayList<>();
Collection<RoleMembership> roleMembers = roleService.getRoleMembers(roleIds, qualification);
for (RoleMembership rm : roleMembers) {
// only add them to the list if the member ID has been populated
if (StringUtils.isNotBlank(rm.getMemberId())) {
final ResponsibilityAction.Builder rai = ResponsibilityAction.Builder.create();
rai.setMemberRoleId((rm.getEmbeddedRoleId() == null) ? rm.getRoleId() : rm.getEmbeddedRoleId());
rai.setRoleId(rm.getRoleId());
rai.setQualifier(rm.getQualifier());
rai.setDelegates(rm.getDelegates());
rai.setResponsibilityId(responsibility.getId());
rai.setResponsibilityName(responsibility.getName());
rai.setResponsibilityNamespaceCode(responsibility.getNamespaceCode());
if (MemberType.PRINCIPAL.equals(rm.getType())) {
rai.setPrincipalId(rm.getMemberId());
} else {
rai.setGroupId(rm.getMemberId());
}
// get associated resp resolution objects
RoleResponsibilityAction action = getResponsibilityAction(rm.getRoleId(), responsibility.getId(), rm.getId());
if (action == null) {
LOG.error("Unable to get responsibility action record for role/responsibility/roleMember: " + rm.getRoleId() + "/" + responsibility.getId() + "/" + rm.getId());
LOG.error("Skipping this role member in getActionsForResponsibilityRoles()");
continue;
}
// add the data to the ResponsibilityActionInfo objects
rai.setActionTypeCode(action.getActionTypeCode());
rai.setActionPolicyCode(action.getActionPolicyCode());
rai.setPriorityNumber(action.getPriorityNumber() == null ? DEFAULT_PRIORITY_NUMBER : action.getPriorityNumber());
rai.setForceAction(action.isForceAction());
rai.setParallelRoutingGroupingCode((rm.getRoleSortingCode() == null) ? "" : rm.getRoleSortingCode());
rai.setRoleResponsibilityActionId(action.getId());
results.add(rai.build());
}
}
return Collections.unmodifiableList(results);
}
Also used :
RoleResponsibilityAction(org.kuali.kfs.kim.impl.role.RoleResponsibilityAction)
ArrayList(java.util.ArrayList)
RoleMembership(org.kuali.kfs.kim.api.role.RoleMembership)
ResponsibilityAction(org.kuali.kfs.kim.api.responsibility.ResponsibilityAction)
RoleResponsibilityAction(org.kuali.kfs.kim.impl.role.RoleResponsibilityAction)
Example 2 with RoleMembership
use of org.kuali.kfs.kim.api.role.RoleMembership in project cu-kfs by CU-CommunityApps.
the class RoleServiceImpl method getNestedRoleQualifiersForPrincipalByRoleIds.
@Override
public List<Map<String, String>> getNestedRoleQualifiersForPrincipalByRoleIds(String principalId, List<String> roleIds, Map<String, String> qualification) throws IllegalStateException {
incomingParamCheck(principalId, "principalId");
incomingParamCheck(roleIds, "roleIds");
List<Map<String, String>> results = new ArrayList<>();
Map<String, RoleLite> rolesById = getRoleLiteMap(roleIds);
// get the person's groups
List<String> groupIds = getGroupService().getGroupIdsByPrincipalId(principalId);
List<RoleMember> roleMembers = getStoredRoleMembersUsingExactMatchOnQualification(principalId, groupIds, roleIds, qualification);
Map<String, List<RoleMembership>> roleIdToMembershipMap = new HashMap<>();
for (RoleMember roleMember : roleMembers) {
RoleTypeService roleTypeService = getRoleTypeService(roleMember.getRoleId());
// gather up the qualifier sets and the service they go with
if (MemberType.PRINCIPAL.equals(roleMember.getType()) || MemberType.GROUP.equals(roleMember.getType())) {
if (roleTypeService != null) {
List<RoleMembership> las = roleIdToMembershipMap.computeIfAbsent(roleMember.getRoleId(), k -> new ArrayList<>());
RoleMembership mi = RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build();
las.add(mi);
} else {
results.add(roleMember.getAttributes());
}
} else if (MemberType.ROLE.equals(roleMember.getType())) {
// find out if the user has the role
// need to convert qualification using this role's service
Map<String, String> nestedQualification = qualification;
if (roleTypeService != null) {
RoleLite roleLite = rolesById.get(roleMember.getRoleId());
// pulling from here as the nested role is not necessarily (and likely is not)
// in the rolesById Map created earlier
RoleLite nestedRole = getRoleLite(roleMember.getMemberId());
// it can't be guaranteed that it is up and working, so using a try/catch to catch this possibility.
try {
nestedQualification = roleTypeService.convertQualificationForMemberRoles(roleLite.getNamespaceCode(), roleLite.getName(), nestedRole.getNamespaceCode(), nestedRole.getName(), qualification);
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + roleLite.getId(), ex);
}
}
List<String> nestedRoleId = new ArrayList<>(1);
nestedRoleId.add(roleMember.getMemberId());
// originally queries role
if (getProxiedRoleService().principalHasRole(principalId, nestedRoleId, nestedQualification, false)) {
results.add(roleMember.getAttributes());
}
}
}
for (Map.Entry<String, List<RoleMembership>> entry : roleIdToMembershipMap.entrySet()) {
RoleTypeService roleTypeService = getRoleTypeService(entry.getKey());
// guaranteed that it is up and working, so using a try/catch to catch this possibility.
try {
List<RoleMembership> matchingMembers = roleTypeService.getMatchingRoleMemberships(qualification, entry.getValue());
for (RoleMembership roleMembership : matchingMembers) {
results.add(roleMembership.getQualifier());
}
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + entry.getKey(), ex);
}
}
return Collections.unmodifiableList(results);
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RoleTypeService(org.kuali.kfs.kim.framework.role.RoleTypeService)
List(java.util.List)
ArrayList(java.util.ArrayList)
RoleMembership(org.kuali.kfs.kim.api.role.RoleMembership)
Map(java.util.Map)
HashMap(java.util.HashMap)
MultiValueMap(org.springframework.util.MultiValueMap)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
Example 3 with RoleMembership
use of org.kuali.kfs.kim.api.role.RoleMembership in project cu-kfs by CU-CommunityApps.
the class RoleServiceImpl method getRoleMembers.
protected List<RoleMembership> getRoleMembers(List<String> roleIds, Map<String, String> qualification, boolean followDelegations, Set<String> foundRoleTypeMembers) {
List<RoleMembership> results = new ArrayList<>();
Set<String> allRoleIds = new HashSet<>();
for (String roleId : roleIds) {
if (getProxiedRoleService().isRoleActive(roleId)) {
allRoleIds.add(roleId);
}
}
// short-circuit if no roles match
if (allRoleIds.isEmpty()) {
return Collections.emptyList();
}
Set<String> matchingRoleIds = new HashSet<>(allRoleIds.size());
// for efficiency, retrieve all roles and store in a map
Map<String, RoleLite> roles = getRoleLiteMap(allRoleIds);
List<String> copyRoleIds = new ArrayList<>(allRoleIds);
List<RoleMember> rms = new ArrayList<>();
for (String roleId : allRoleIds) {
RoleTypeService roleTypeService = getRoleTypeService(roleId);
if (roleTypeService != null) {
List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch();
if (CollectionUtils.isNotEmpty(attributesForExactMatch)) {
copyRoleIds.remove(roleId);
rms.addAll(getStoredRoleMembersForRoleIds(Collections.singletonList(roleId), null, populateQualifiersForExactMatch(qualification, attributesForExactMatch)));
}
}
}
if (CollectionUtils.isNotEmpty(copyRoleIds)) {
rms.addAll(getStoredRoleMembersForRoleIds(copyRoleIds, null, null));
}
// build a map of role ID to membership information
// this will be used for later qualification checks
Map<String, List<RoleMembership>> roleIdToMembershipMap = new HashMap<>();
for (RoleMember roleMember : rms) {
RoleMembership mi = RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build();
// if the qualification check does not need to be made, just add the result
if (qualification == null || qualification.isEmpty()) {
if (MemberType.ROLE.equals(roleMember.getType())) {
// if a role member type, do a non-recursive role member check to obtain the group and principal
// members of that role given the qualification
Map<String, String> nestedRoleQualification = qualification;
RoleTypeService roleTypeService = getRoleTypeService(roleMember.getRoleId());
if (roleTypeService != null) {
// get the member role object
RoleLite memberRole = getRoleLite(mi.getMemberId());
nestedRoleQualification = roleTypeService.convertQualificationForMemberRoles(roles.get(roleMember.getRoleId()).getNamespaceCode(), roles.get(roleMember.getRoleId()).getName(), memberRole.getNamespaceCode(), memberRole.getName(), qualification);
}
if (getProxiedRoleService().isRoleActive(roleMember.getRoleId())) {
Collection<RoleMembership> nestedRoleMembers = getNestedRoleMembers(nestedRoleQualification, mi, foundRoleTypeMembers);
if (!nestedRoleMembers.isEmpty()) {
results.addAll(nestedRoleMembers);
matchingRoleIds.add(roleMember.getRoleId());
}
}
} else {
results.add(mi);
matchingRoleIds.add(roleMember.getRoleId());
}
matchingRoleIds.add(roleMember.getRoleId());
} else {
List<RoleMembership> lrmi = roleIdToMembershipMap.computeIfAbsent(mi.getRoleId(), k -> new ArrayList<>());
lrmi.add(mi);
}
}
// entries
if (!roleIdToMembershipMap.isEmpty()) {
// for evaluation, the service will return those which match
for (Map.Entry<String, List<RoleMembership>> entry : roleIdToMembershipMap.entrySet()) {
// can't be guaranteed that it is up and working, so using a try/catch to catch this possibility.
try {
RoleTypeService roleTypeService = getRoleTypeService(entry.getKey());
List<RoleMembership> matchingMembers = roleTypeService.getMatchingRoleMemberships(qualification, entry.getValue());
// loop over the matching entries, adding them to the results
for (RoleMembership roleMemberships : matchingMembers) {
if (MemberType.ROLE.equals(roleMemberships.getType())) {
// if a role member type, do a non-recursive role member check to obtain the group and
// principal members of that role given the qualification get the member role object
RoleLite memberRole = getRoleLite(roleMemberships.getMemberId());
if (memberRole.isActive()) {
Map<String, String> nestedRoleQualification = roleTypeService.convertQualificationForMemberRoles(roles.get(roleMemberships.getRoleId()).getNamespaceCode(), roles.get(roleMemberships.getRoleId()).getName(), memberRole.getNamespaceCode(), memberRole.getName(), qualification);
Collection<RoleMembership> nestedRoleMembers = getNestedRoleMembers(nestedRoleQualification, roleMemberships, foundRoleTypeMembers);
if (!nestedRoleMembers.isEmpty()) {
results.addAll(nestedRoleMembers);
matchingRoleIds.add(roleMemberships.getRoleId());
}
}
} else {
results.add(roleMemberships);
matchingRoleIds.add(roleMemberships.getRoleId());
}
}
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + entry.getKey(), ex);
}
}
}
// handle derived roles
for (String roleId : allRoleIds) {
RoleTypeService roleTypeService = getRoleTypeService(roleId);
RoleLite role = roles.get(roleId);
// check if a derived role
try {
if (isDerivedRoleType(roleTypeService)) {
// for each derived role, get the list of principals and groups which are in that role given the
// qualification (per the role type service)
List<RoleMembership> roleMembers = roleTypeService.getRoleMembersFromDerivedRole(role.getNamespaceCode(), role.getName(), qualification);
if (!roleMembers.isEmpty()) {
matchingRoleIds.add(roleId);
}
for (RoleMembership rm : roleMembers) {
RoleMembership.Builder builder = RoleMembership.Builder.create(rm);
builder.setRoleId(roleId);
builder.setId("*");
results.add(builder.build());
}
}
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + roleId, ex);
}
}
if (followDelegations && !matchingRoleIds.isEmpty()) {
// we have a list of RoleMembershipInfo objects
// need to get delegations for distinct list of roles in that list
Map<String, DelegateType> delegationIdToDelegationMap = getStoredDelegationImplMapFromRoleIds(matchingRoleIds);
if (!delegationIdToDelegationMap.isEmpty()) {
List<RoleMembership.Builder> membershipsWithDelegations = applyDelegationsToRoleMembers(results, delegationIdToDelegationMap.values(), qualification);
resolveDelegationMemberRoles(membershipsWithDelegations, qualification, foundRoleTypeMembers);
results = ModelObjectUtils.buildImmutableCopy(membershipsWithDelegations);
}
}
// all the matching role members
if (results.size() > 1) {
// if a single role: easy case
if (matchingRoleIds.size() == 1) {
String roleId = matchingRoleIds.iterator().next();
RoleTypeService roleTypeService = getRoleTypeService(roleId);
// can't be guaranteed that it is up and working, so using a try/catch to catch this possibility.
try {
if (roleTypeService != null) {
results = roleTypeService.sortRoleMembers(results);
}
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + roleId, ex);
}
} else if (matchingRoleIds.size() > 1) {
// if more than one, check if there is only a single role type service
String prevServiceName = null;
boolean multipleServices = false;
for (String roleId : matchingRoleIds) {
String serviceName = KimApiServiceLocator.getKimTypeInfoService().getKimType(getRoleWithoutMembers(roleId).getKimTypeId()).getServiceName();
if (prevServiceName != null && !StringUtils.equals(prevServiceName, serviceName)) {
multipleServices = true;
break;
}
prevServiceName = serviceName;
}
if (!multipleServices) {
String roleId = matchingRoleIds.iterator().next();
// it can't be guaranteed that it is up and working, so using a try/catch to catch this possibility.
try {
RoleTypeService kimRoleTypeService = getRoleTypeService(roleId);
if (kimRoleTypeService != null) {
results = kimRoleTypeService.sortRoleMembers(results);
}
} catch (Exception ex) {
LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: " + roleId, ex);
}
} else {
LOG.warn("Did not sort role members - multiple role type services found. Role Ids: " + matchingRoleIds);
}
}
}
return Collections.unmodifiableList(results);
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
DelegateType(org.kuali.kfs.kim.impl.common.delegate.DelegateType)
HashSet(java.util.HashSet)
RoleTypeService(org.kuali.kfs.kim.framework.role.RoleTypeService)
RoleMembership(org.kuali.kfs.kim.api.role.RoleMembership)
Map(java.util.Map)
HashMap(java.util.HashMap)
MultiValueMap(org.springframework.util.MultiValueMap)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
Example 4 with RoleMembership
use of org.kuali.kfs.kim.api.role.RoleMembership in project cu-kfs by CU-CommunityApps.
the class RoleServiceImpl method applyDelegationsToRoleMembers.
/**
* Checks each of the result records to determine if there are potentially applicable delegation members for that
* role membership. If there are, applicable delegations and members will be linked to the RoleMemberships in the
* given list. An updated list will be returned from this method which includes the appropriate linked delegations.
*/
protected List<RoleMembership.Builder> applyDelegationsToRoleMembers(List<RoleMembership> roleMemberships, Collection<DelegateType> delegations, Map<String, String> qualification) {
MultiValueMap<String, String> roleIdToRoleMembershipIds = new LinkedMultiValueMap<>();
Map<String, RoleMembership.Builder> roleMembershipIdToBuilder = new HashMap<>();
List<RoleMembership.Builder> roleMembershipBuilders = new ArrayList<>();
// builders
for (RoleMembership roleMembership : roleMemberships) {
roleIdToRoleMembershipIds.add(roleMembership.getRoleId(), roleMembership.getId());
RoleMembership.Builder builder = RoleMembership.Builder.create(roleMembership);
roleMembershipBuilders.add(builder);
roleMembershipIdToBuilder.put(roleMembership.getId(), builder);
}
for (DelegateType delegation : delegations) {
// determine the candidate role memberships where this delegation can be mapped
List<String> candidateRoleMembershipIds = roleIdToRoleMembershipIds.get(delegation.getRoleId());
if (CollectionUtils.isNotEmpty(candidateRoleMembershipIds)) {
DelegationTypeService delegationTypeService = getDelegationTypeService(delegation.getDelegationId());
for (DelegateMember delegationMember : delegation.getMembers()) {
// Make sure that the delegation member is active
if (delegationMember.isActive(DateTime.now()) && (delegationTypeService == null || delegationTypeService.doesDelegationQualifierMatchQualification(qualification, delegationMember.getQualifier()))) {
// memberships on the role
if (StringUtils.isBlank(delegationMember.getRoleMemberId())) {
RoleTypeService roleTypeService = getRoleTypeService(delegation.getRoleId());
for (String roleMembershipId : candidateRoleMembershipIds) {
RoleMembership.Builder roleMembershipBuilder = roleMembershipIdToBuilder.get(roleMembershipId);
if (roleTypeService == null || roleTypeService.doesRoleQualifierMatchQualification(roleMembershipBuilder.getQualifier(), delegationMember.getQualifier())) {
linkDelegateToRoleMembership(delegation, delegationMember, roleMembershipBuilder);
}
}
} else if (candidateRoleMembershipIds.contains(delegationMember.getRoleMemberId())) {
RoleMembership.Builder roleMembershipBuilder = roleMembershipIdToBuilder.get(delegationMember.getRoleMemberId());
linkDelegateToRoleMembership(delegation, delegationMember, roleMembershipBuilder);
}
}
}
}
}
return roleMembershipBuilders;
}
Also used :
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
HashMap(java.util.HashMap)
DelegationTypeService(org.kuali.kfs.kim.framework.common.delegate.DelegationTypeService)
ArrayList(java.util.ArrayList)
RoleTypeService(org.kuali.kfs.kim.framework.role.RoleTypeService)
DelegateMember(org.kuali.kfs.kim.impl.common.delegate.DelegateMember)
RoleMembership(org.kuali.kfs.kim.api.role.RoleMembership)
DelegateType(org.kuali.kfs.kim.impl.common.delegate.DelegateType)
Example 5 with RoleMembership
use of org.kuali.kfs.kim.api.role.RoleMembership in project cu-kfs by CU-CommunityApps.
the class RoleServiceImpl method getFirstLevelRoleMembers.
// backport redis annotations
@Cacheable(cacheNames = RoleMembership.CACHE_NAME, key = "'roleIds=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0)")
@Override
public List<RoleMembership> getFirstLevelRoleMembers(List<String> roleIds) throws IllegalStateException {
incomingParamCheck(roleIds, "roleIds");
if (roleIds.isEmpty()) {
return Collections.emptyList();
}
List<RoleMember> roleMemberList = getStoredRoleMembersForRoleIds(roleIds, null, null);
List<RoleMembership> roleMemberships = new ArrayList<>();
for (RoleMember roleMember : roleMemberList) {
RoleMembership roleMembeship = RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build();
roleMemberships.add(roleMembeship);
}
return Collections.unmodifiableList(roleMemberships);
}
Also used :
ArrayList(java.util.ArrayList)
RoleMembership(org.kuali.kfs.kim.api.role.RoleMembership)
Cacheable(org.springframework.cache.annotation.Cacheable)
Aggregations
RoleMembership (org.kuali.kfs.kim.api.role.RoleMembership)14
ArrayList (java.util.ArrayList)12
HashMap (java.util.HashMap)6
Map (java.util.Map)4
RoleTypeService (org.kuali.kfs.kim.framework.role.RoleTypeService)4
HashSet (java.util.HashSet)3
List (java.util.List)3
DelegateType (org.kuali.kfs.kim.impl.common.delegate.DelegateType)3
LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3
WorkflowException (org.kuali.kfs.kew.api.exception.WorkflowException)2
DelegateMember (org.kuali.kfs.kim.impl.common.delegate.DelegateMember)2
Cacheable (org.springframework.cache.annotation.Cacheable)2
MultiValueMap (org.springframework.util.MultiValueMap)2
SecurityRequestRole (edu.cornell.kfs.ksr.businessobject.SecurityRequestRole)1
SecurityRequestRoleQualification (edu.cornell.kfs.ksr.businessobject.SecurityRequestRoleQualification)1
SecurityRequestDocument (edu.cornell.kfs.ksr.document.SecurityRequestDocument)1
ResponsibilityAction (org.kuali.kfs.kim.api.responsibility.ResponsibilityAction)1
Builder (org.kuali.kfs.kim.api.role.RoleMembership.Builder)1
DelegationTypeService (org.kuali.kfs.kim.framework.common.delegate.DelegationTypeService)1
RoleResponsibilityAction (org.kuali.kfs.kim.impl.role.RoleResponsibilityAction)1
