@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_CREATE + "')") public ProvisioningResult<GroupTO> create(final GroupTO groupTO, final boolean nullPriorityAsync) { Pair<GroupTO, List<LogicActions>> before = beforeCreate(groupTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), nullPriorityAsync); return afterCreate(binder.getGroupTO(created.getKey()), created.getRight(), before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_DELETE + "')") @Override public ProvisioningResult<GroupTO> delete(final String key, final boolean nullPriorityAsync) { GroupTO group = binder.getGroupTO(key); Pair<GroupTO, List<LogicActions>> before = beforeDelete(group); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_DELETE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); List<Group> ownedGroups = groupDAO.findOwnedByGroup(before.getLeft().getKey()); if (!ownedGroups.isEmpty()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.GroupOwnership); sce.getElements().addAll(ownedGroups.stream(). map(g -> g.getKey() + " " + g.getName()).collect(Collectors.toList())); throw sce; } List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); GroupTO groupTO = new GroupTO(); groupTO.setKey(before.getLeft().getKey()); return afterDelete(groupTO, statuses, before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<GroupTO> result = new ProvisioningResult<>(); result.setEntity(binder.getGroupTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO unlink(final String key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream(). map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); patch.setUDynMembershipCond(group.getUDynMembershipCond()); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); return binder.getGroupTO(provisioningManager.unlink(patch)); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> provision( final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); List<PropagationStatus> statuses = provisioningManager.provision(key, resources, nullPriorityAsync); ProvisioningResult<GroupTO> result = new ProvisioningResult<>(); result.setEntity(binder.getGroupTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> update(final GroupPatch groupPatch, final boolean nullPriorityAsync) { GroupTO groupTO = binder.getGroupTO(groupPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(groupTO.getDynRealms()); Pair<GroupPatch, List<LogicActions>> before = beforeUpdate(groupPatch, groupTO.getRealm()); String realm = before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue()) ? before.getLeft().getRealm().getValue() : groupTO.getRealm(); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), realm); boolean authDynRealms = securityChecks(effectiveRealms, realm, before.getLeft().getKey()); Pair<GroupPatch, List<PropagationStatus>> updated = provisioningManager.update(groupPatch, nullPriorityAsync); return afterUpdate( binder.getGroupTO(updated.getLeft().getKey()), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO link(final String key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); patch.setUDynMembershipCond(group.getUDynMembershipCond()); return binder.getGroupTO(provisioningManager.link(patch)); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); patch.setUDynMembershipCond(group.getUDynMembershipCond()); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); patch.setUDynMembershipCond(group.getUDynMembershipCond()); return update(patch, nullPriorityAsync); }