@Override public RoleTO getRoleTO(final Role role) { RoleTO roleTO = new RoleTO(); roleTO.setKey(role.getKey()); roleTO.getEntitlements().addAll(role.getEntitlements()); roleTO.getRealms().addAll(role.getRealms().stream(). map(Realm::getFullPath).collect(Collectors.toList())); roleTO.getDynRealms().addAll(role.getDynRealms().stream(). map(Entity::getKey).collect(Collectors.toList())); if (role.getDynMembership() != null) { roleTO.setDynMembershipCond(role.getDynMembership().getFIQLCond()); } roleTO.getPrivileges().addAll(role.getPrivileges().stream(). map(Entity::getKey).collect(Collectors.toList())); return roleTO; } }
@PreAuthorize("isAuthenticated()") public String getConsoleLayoutInfo(final String key) { Role role = roleDAO.find(key); if (role == null) { LOG.error("Could not find role '" + key + "'"); throw new NotFoundException(key); } String consoleLayout = role.getConsoleLayoutInfo(); if (StringUtils.isBlank(consoleLayout)) { LOG.error("Could not find console layout for Role '" + key + "'"); throw new NotFoundException("Console layout for role " + key); } return consoleLayout; }
@PreAuthorize("hasRole('" + StandardEntitlement.ROLE_UPDATE + "')") public void setConsoleLayoutInfo(final String key, final String consoleLayout) { Role role = roleDAO.find(key); if (role == null) { LOG.error("Could not find role '" + key + "'"); throw new NotFoundException(key); } role.setConsoleLayoutInfo(consoleLayout); roleDAO.save(role); }
@Override @SuppressWarnings("unchecked") public List<String> findDynMembers(final Role role) { if (role.getDynMembership() == null) { return Collections.emptyList(); } Query query = entityManager().createNativeQuery("SELECT any_id FROM " + DYNMEMB_TABLE + " WHERE role_id=?"); query.setParameter(1, role.getKey()); List<String> result = new ArrayList<>(); query.getResultList().stream().map(key -> key instanceof Object[] ? (String) ((Object[]) key)[0] : ((String) key)). forEach(user -> result.add((String) user)); return result; }
@Override public Role update(final Role toBeUpdated, final RoleTO roleTO) { toBeUpdated.setKey(roleTO.getKey()); Role role = roleDAO.save(toBeUpdated); role.getEntitlements().clear(); role.getEntitlements().addAll(roleTO.getEntitlements()); role.getRealms().clear(); for (String realmFullPath : roleTO.getRealms()) { Realm realm = realmDAO.findByFullPath(realmFullPath); LOG.debug("Invalid realm full path {}, ignoring", realmFullPath); } else { role.add(realm); role.getDynRealms().clear(); for (String key : roleTO.getDynRealms()) { DynRealm dynRealm = dynRealmDAO.find(key); LOG.debug("Invalid dynamic ream {}, ignoring", key); } else { role.add(dynRealm); if (role.getKey() == null && roleTO.getDynMembershipCond() != null) { setDynMembership(role, roleTO.getDynMembershipCond()); } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() == null) { role.setDynMembership(null); } else if (role.getDynMembership() == null && roleTO.getDynMembershipCond() != null) { setDynMembership(role, roleTO.getDynMembershipCond());
role.getEntitlements().forEach(entitlement -> { Set<String> realms = entForRealms.get(entitlement); if (realms == null) { entForRealms.put(entitlement, realms); realms.addAll(role.getRealms().stream(). map(realm -> realm.getFullPath()).collect(Collectors.toSet())); if (!entitlement.endsWith("_CREATE") && !entitlement.endsWith("_DELETE")) { realms.addAll(role.getDynRealms().stream().map(r -> r.getKey()).collect(Collectors.toList()));
@Override public void delete(final Realm realm) { findDescendants(realm).stream().map(toBeDeleted -> { roleDAO.findByRealm(toBeDeleted).forEach(role -> role.getRealms().remove(toBeDeleted)); return toBeDeleted; }).map(toBeDeleted -> { toBeDeleted.setParent(null); return toBeDeleted; }).forEachOrdered(toBeDeleted -> entityManager().remove(toBeDeleted)); }
private void setDynMembership(final Role role, final String dynMembershipFIQL) { SearchCond dynMembershipCond = SearchCondConverter.convert(dynMembershipFIQL); if (!dynMembershipCond.isValid()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchExpression); sce.getElements().add(dynMembershipFIQL); throw sce; } DynRoleMembership dynMembership; if (role.getDynMembership() == null) { dynMembership = entityFactory.newEntity(DynRoleMembership.class); dynMembership.setRole(role); role.setDynMembership(dynMembership); } else { dynMembership = role.getDynMembership(); } dynMembership.setFIQLCond(dynMembershipFIQL); }
@Override public void delete(final Application application) { application.getPrivileges().forEach(privilege -> { roleDAO.findByPrivilege(privilege).forEach(role -> { role.getPrivileges().remove(privilege); }); privilege.setApplication(null); }); application.getPrivileges().clear(); entityManager().remove(application); }
@Override public void clearDynMembers(final Role role) { Query delete = entityManager().createNativeQuery("DELETE FROM " + DYNMEMB_TABLE + " WHERE role_id=?"); delete.setParameter(1, role.getKey()); delete.executeUpdate(); }
role.getEntitlements().forEach(entitlement -> { Set<String> realms = entForRealms.get(entitlement); if (realms == null) { entForRealms.put(entitlement, realms); realms.addAll(role.getRealms().stream(). map(realm -> realm.getFullPath()).collect(Collectors.toSet())); if (!entitlement.endsWith("_CREATE") && !entitlement.endsWith("_DELETE")) { realms.addAll(role.getDynRealms().stream().map(r -> r.getKey()).collect(Collectors.toList()));
filter(role -> role.getDynMembership() != null && searchDAO.matches(user, SearchCondConverter.convert(role.getDynMembership().getFIQLCond())) && !before.contains(role.getKey())). forEach(role -> { Query insert = entityManager().createNativeQuery("INSERT INTO " + DYNMEMB_TABLE + " VALUES(?, ?)"); insert.setParameter(1, user.getKey()); insert.setParameter(2, role.getKey()); insert.executeUpdate(); after.add(role.getKey()); });
flatMap(role -> role.getPrivileges().stream()).map(Entity::getKey).collect(Collectors.toSet()));
@Override public boolean isValid(final Role role, final ConstraintValidatorContext context) { context.disableDefaultConstraintViolation(); if (role.getKey() == null || !KEY_PATTERN.matcher(role.getKey()).matches()) { context.buildConstraintViolationWithTemplate( getTemplate(EntityViolationType.InvalidKey, "Invalid role key")). addPropertyNode("key").addConstraintViolation(); return false; } return true; } }
@Override public Role saveAndRefreshDynMemberships(final Role role) { Role merged = save(role); // refresh dynamic memberships clearDynMembers(merged); if (merged.getDynMembership() != null) { List<User> matching = searchDAO.search( SearchCondConverter.convert(merged.getDynMembership().getFIQLCond()), AnyTypeKind.USER); matching.forEach((user) -> { Query insert = entityManager().createNativeQuery("INSERT INTO " + DYNMEMB_TABLE + " VALUES(?, ?)"); insert.setParameter(1, user.getKey()); insert.setParameter(2, merged.getKey()); insert.executeUpdate(); publisher.publishEvent(new AnyCreatedUpdatedEvent<>(this, user, AuthContextUtils.getDomain())); }); } return merged; }
} else { userDAO.findAllRoles((User) reference).stream(). flatMap(role -> role.getPrivileges(application).stream()). forEach(privilege -> { PlainAttrValue attrValue = anyUtils.newPlainAttrValue();