Esempio n. 1
0
  protected List<RoleMember> getPrimaryRoleMembers(
      Role role, Map<String, String> qualification, DateTime asOfDate, boolean isActiveOnly) {
    // define the return value
    List<RoleMember> primaryRoleMembers = new ArrayList<RoleMember>();

    if (role != null) {
      RoleTypeService roleTypeService = getRoleTypeService(role);
      // use predicate based filtering only on non-derived role.
      if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) {
        List<Predicate> predicates = new ArrayList<Predicate>();
        predicates.add(equal(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId()));
        if (isActiveOnly) {
          predicates.add(
              or(isNull("activeFromDateValue"), lessThanOrEqual("activeFromDateValue", asOfDate)));
          predicates.add(
              or(isNull("activeToDateValue"), greaterThan("activeToDateValue", asOfDate)));
        }

        // LookupCustomizer<RoleMemberBo> lookupCustomizer = builder.build();
        // guard for default type roles
        if (roleTypeService != null) {
          if (MapUtils.isEmpty(qualification)) {
            primaryRoleMembers =
                getRoleService()
                    .findRoleMembers(
                        QueryByCriteria.Builder.fromPredicates(
                            predicates.toArray(new Predicate[predicates.size()])))
                    .getResults();
          } else {
            // get the keys (name) of the qualifiers needed for membership in this role
            List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch();
            if (CollectionUtils.isNotEmpty(attributesForExactMatch)) {
              if (attributesForExactMatch.size() <= 1) {
                for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
                  // do not add a qualification predicate for an attribute unless it is required for
                  // matching

                  if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
                    predicates.add(
                        equal(
                            "attributes[" + qualificationEntry.getKey() + "]",
                            qualificationEntry.getValue()));
                  }
                }
                primaryRoleMembers =
                    getRoleService()
                        .findRoleMembers(
                            QueryByCriteria.Builder.fromPredicates(
                                predicates.toArray(new Predicate[predicates.size()])))
                        .getResults();

              } else {
                // rice's transformation doesn't work with more than one attribute.
                // here is a terrible hack
                List<RoleMember> intersectedMembers = null;
                for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
                  // do not add a qualification predicate for an attribute unless it is required for
                  // matching

                  if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
                    Predicate attrPredicates =
                        equal(
                            "attributes[" + qualificationEntry.getKey() + "]",
                            qualificationEntry.getValue());
                    Predicate[] tempPredicates =
                        predicates.toArray(new Predicate[predicates.size() + 1]);
                    tempPredicates[predicates.size()] = attrPredicates;
                    List<RoleMember> tempMembers =
                        new ArrayList<RoleMember>(
                            getRoleService()
                                .findRoleMembers(
                                    QueryByCriteria.Builder.fromPredicates(tempPredicates))
                                .getResults());
                    if (intersectedMembers == null) {
                      intersectedMembers = new ArrayList<>();
                      intersectedMembers.addAll(tempMembers);
                    } else {
                      intersectedMembers = intersect(intersectedMembers, tempMembers);
                    }
                  }
                }
                primaryRoleMembers = intersectedMembers;
              }
            }
          }
        }
      } else {
        // for derived roles just add the as-of date and active only flag to a copy of the
        // qualification
        Map<String, String> derivedRoleQualification = new HashMap<String, String>(qualification);
        derivedRoleQualification.put("asOfDate", asOfDate.toString());
        derivedRoleQualification.put("activeOnly", String.valueOf(isActiveOnly));
        List<RoleMembership> derivedRoleMembers =
            roleTypeService.getRoleMembersFromDerivedRole(
                role.getNamespaceCode(), role.getName(), derivedRoleQualification);
        // convert the role memberships into role members
        for (RoleMembership derivedRoleMember : derivedRoleMembers) {
          RoleMember roleMember =
              RoleMember.Builder.create(
                      derivedRoleMember.getRoleId(),
                      derivedRoleMember.getId(),
                      derivedRoleMember.getMemberId(),
                      derivedRoleMember.getType(),
                      null,
                      null,
                      derivedRoleMember.getQualifier(),
                      role.getName(),
                      role.getNamespaceCode())
                  .build();

          primaryRoleMembers.add(roleMember);
        }
      }
    }

    return primaryRoleMembers;
  }
Esempio n. 2
0
  /**
   * Helper method to recursively search for role members.
   *
   * @param role The role
   * @param qualification The map of role qualifiers
   * @param asOfDate The effective date of the role
   * @param activeOnly or not to get only active role members
   * @return the list of role members in {@code role}.
   */
  private List<RoleMember> getRoleMembers(
      Role role, Map<String, String> qualification, DateTime asOfDate, boolean activeOnly) {
    List<RoleMember> roleMembers = new ArrayList<RoleMember>();

    if (asOfDate == null) {
      asOfDate = LocalDate.now().toDateTimeAtStartOfDay();
    }
    if (role != null) {
      RoleTypeService roleTypeService = getRoleTypeService(role);

      if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) {
        List<RoleMember> primaryRoleMembers =
            getPrimaryRoleMembers(role, qualification, asOfDate, activeOnly);

        if (CollectionUtils.isNotEmpty(primaryRoleMembers)) {
          // flatten into constituent group and principal role members
          for (RoleMember primaryRoleMember : primaryRoleMembers) {
            if (MemberType.PRINCIPAL.equals(primaryRoleMember.getType())) {
              roleMembers.add(primaryRoleMember);
            } else if (MemberType.GROUP.equals(primaryRoleMember.getType())) {
              roleMembers.add(primaryRoleMember);
            } else if (MemberType.ROLE.equals(primaryRoleMember.getType())) {
              // recursive call to get role members
              Map<String, String> copiedQualification =
                  addCustomDerivedQualifications(
                      primaryRoleMember.getAttributes(), asOfDate, activeOnly);
              List<RoleMembership> memberships =
                  getRoleService()
                      .getRoleMembers(
                          Collections.singletonList(primaryRoleMember.getMemberId()),
                          copiedQualification);
              for (RoleMembership membership : memberships) {
                RoleMember roleMember =
                    RoleMember.Builder.create(
                            membership.getRoleId(),
                            membership.getId(),
                            membership.getMemberId(),
                            membership.getType(),
                            null,
                            null,
                            membership.getQualifier(),
                            "",
                            "")
                        .build();

                roleMembers.add(roleMember);
              }
            }
          }
        }
      } else {
        Map<String, String> qual =
            addCustomDerivedQualifications(qualification, asOfDate, activeOnly);
        List<RoleMembership> derivedRoleMembers =
            roleTypeService.getRoleMembersFromDerivedRole(
                role.getNamespaceCode(), role.getName(), qual);

        if (CollectionUtils.isNotEmpty(derivedRoleMembers)) {
          for (RoleMembership derivedRoleMember : derivedRoleMembers) {
            RoleMember roleMember =
                RoleMember.Builder.create(
                        derivedRoleMember.getRoleId(),
                        derivedRoleMember.getId(),
                        derivedRoleMember.getMemberId(),
                        derivedRoleMember.getType(),
                        null,
                        null,
                        derivedRoleMember.getQualifier(),
                        role.getName(),
                        role.getNamespaceCode())
                    .build();

            roleMembers.add(roleMember);
          }
        }
      }
    }

    return roleMembers;
  }