protected List<RoleMember> getPrimaryRoleMembers( Role role, Map<String, String> qualification, DateTime asOfDate, boolean isActiveOnly) { // define the return value List<RoleMember> primaryRoleMembers = new ArrayList<RoleMember>(); if (role != null) { RoleTypeService roleTypeService = getRoleTypeService(role); // use predicate based filtering only on non-derived role. if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) { List<Predicate> predicates = new ArrayList<Predicate>(); predicates.add(equal(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId())); if (isActiveOnly) { predicates.add( or(isNull("activeFromDateValue"), lessThanOrEqual("activeFromDateValue", asOfDate))); predicates.add( or(isNull("activeToDateValue"), greaterThan("activeToDateValue", asOfDate))); } // LookupCustomizer<RoleMemberBo> lookupCustomizer = builder.build(); // guard for default type roles if (roleTypeService != null) { if (MapUtils.isEmpty(qualification)) { primaryRoleMembers = getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates( predicates.toArray(new Predicate[predicates.size()]))) .getResults(); } else { // get the keys (name) of the qualifiers needed for membership in this role List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch(); if (CollectionUtils.isNotEmpty(attributesForExactMatch)) { if (attributesForExactMatch.size() <= 1) { for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) { // do not add a qualification predicate for an attribute unless it is required for // matching if (attributesForExactMatch.contains(qualificationEntry.getKey())) { predicates.add( equal( "attributes[" + qualificationEntry.getKey() + "]", qualificationEntry.getValue())); } } primaryRoleMembers = getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates( predicates.toArray(new Predicate[predicates.size()]))) .getResults(); } else { // rice's transformation doesn't work with more than one attribute. // here is a terrible hack List<RoleMember> intersectedMembers = null; for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) { // do not add a qualification predicate for an attribute unless it is required for // matching if (attributesForExactMatch.contains(qualificationEntry.getKey())) { Predicate attrPredicates = equal( "attributes[" + qualificationEntry.getKey() + "]", qualificationEntry.getValue()); Predicate[] tempPredicates = predicates.toArray(new Predicate[predicates.size() + 1]); tempPredicates[predicates.size()] = attrPredicates; List<RoleMember> tempMembers = new ArrayList<RoleMember>( getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates(tempPredicates)) .getResults()); if (intersectedMembers == null) { intersectedMembers = new ArrayList<>(); intersectedMembers.addAll(tempMembers); } else { intersectedMembers = intersect(intersectedMembers, tempMembers); } } } primaryRoleMembers = intersectedMembers; } } } } } else { // for derived roles just add the as-of date and active only flag to a copy of the // qualification Map<String, String> derivedRoleQualification = new HashMap<String, String>(qualification); derivedRoleQualification.put("asOfDate", asOfDate.toString()); derivedRoleQualification.put("activeOnly", String.valueOf(isActiveOnly)); List<RoleMembership> derivedRoleMembers = roleTypeService.getRoleMembersFromDerivedRole( role.getNamespaceCode(), role.getName(), derivedRoleQualification); // convert the role memberships into role members for (RoleMembership derivedRoleMember : derivedRoleMembers) { RoleMember roleMember = RoleMember.Builder.create( derivedRoleMember.getRoleId(), derivedRoleMember.getId(), derivedRoleMember.getMemberId(), derivedRoleMember.getType(), null, null, derivedRoleMember.getQualifier(), role.getName(), role.getNamespaceCode()) .build(); primaryRoleMembers.add(roleMember); } } } return primaryRoleMembers; }
public boolean principalHasRole( String principalId, String namespaceCode, String roleName, Map<String, String> qualification, DateTime asOfDate) { boolean principalHasRole = false; String roleId = getRoleService().getRoleIdByNamespaceCodeAndName(namespaceCode, roleName); if (roleId == null) { return false; } if (asOfDate.compareTo(LocalDate.now().toDateTimeAtStartOfDay()) == 0) { principalHasRole = getRoleService() .principalHasRole(principalId, Collections.singletonList(roleId), qualification); } else { List<RoleMember> roleMembers = getRoleMembers(namespaceCode, roleName, qualification, asOfDate, true); for (RoleMember roleMember : roleMembers) { if (MemberType.PRINCIPAL.equals(roleMember.getType())) { if (StringUtils.equals(roleMember.getMemberId(), principalId)) { principalHasRole = true; break; } } else if (MemberType.GROUP.equals(roleMember.getType())) { if (HrServiceLocator.getKPMEGroupService() .isMemberOfGroupWithId(principalId, roleMember.getMemberId(), asOfDate)) { // if (getGroupService().isMemberOfGroup(principalId, roleMember.getMemberId())) { principalHasRole = true; break; } } else if (MemberType.ROLE.equals(roleMember.getType())) { Role derivedRole = getRoleService() .getRoleByNamespaceCodeAndName( KPMENamespace.KPME_HR.getNamespaceCode(), KPMERole.DERIVED_ROLE_POSITION.getRoleName()); // check if the member represents the (nested) derived role 'position' if (derivedRole != null && roleMember.getMemberId().equals(derivedRole.getId())) { // add custom attributes Map<String, String> qual = new HashMap<String, String>(); qual.putAll(roleMember.getAttributes()); qual.put("asOfDate", asOfDate.toString()); // return true if the principal id is a member of the (nested) derived role 'position' RoleTypeService roleTypeService = getRoleTypeService(derivedRole); if (roleTypeService.hasDerivedRole( principalId, new ArrayList<String>(), derivedRole.getNamespaceCode(), derivedRole.getName(), qual)) { principalHasRole = true; break; } } } } } return principalHasRole; }
/** * Helper method to recursively search for role members. * * @param role The role * @param qualification The map of role qualifiers * @param asOfDate The effective date of the role * @param activeOnly or not to get only active role members * @return the list of role members in {@code role}. */ private List<RoleMember> getRoleMembers( Role role, Map<String, String> qualification, DateTime asOfDate, boolean activeOnly) { List<RoleMember> roleMembers = new ArrayList<RoleMember>(); if (asOfDate == null) { asOfDate = LocalDate.now().toDateTimeAtStartOfDay(); } if (role != null) { RoleTypeService roleTypeService = getRoleTypeService(role); if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) { List<RoleMember> primaryRoleMembers = getPrimaryRoleMembers(role, qualification, asOfDate, activeOnly); if (CollectionUtils.isNotEmpty(primaryRoleMembers)) { // flatten into constituent group and principal role members for (RoleMember primaryRoleMember : primaryRoleMembers) { if (MemberType.PRINCIPAL.equals(primaryRoleMember.getType())) { roleMembers.add(primaryRoleMember); } else if (MemberType.GROUP.equals(primaryRoleMember.getType())) { roleMembers.add(primaryRoleMember); } else if (MemberType.ROLE.equals(primaryRoleMember.getType())) { // recursive call to get role members Map<String, String> copiedQualification = addCustomDerivedQualifications( primaryRoleMember.getAttributes(), asOfDate, activeOnly); List<RoleMembership> memberships = getRoleService() .getRoleMembers( Collections.singletonList(primaryRoleMember.getMemberId()), copiedQualification); for (RoleMembership membership : memberships) { RoleMember roleMember = RoleMember.Builder.create( membership.getRoleId(), membership.getId(), membership.getMemberId(), membership.getType(), null, null, membership.getQualifier(), "", "") .build(); roleMembers.add(roleMember); } } } } } else { Map<String, String> qual = addCustomDerivedQualifications(qualification, asOfDate, activeOnly); List<RoleMembership> derivedRoleMembers = roleTypeService.getRoleMembersFromDerivedRole( role.getNamespaceCode(), role.getName(), qual); if (CollectionUtils.isNotEmpty(derivedRoleMembers)) { for (RoleMembership derivedRoleMember : derivedRoleMembers) { RoleMember roleMember = RoleMember.Builder.create( derivedRoleMember.getRoleId(), derivedRoleMember.getId(), derivedRoleMember.getMemberId(), derivedRoleMember.getType(), null, null, derivedRoleMember.getQualifier(), role.getName(), role.getNamespaceCode()) .build(); roleMembers.add(roleMember); } } } } return roleMembers; }