private RoleMember assignPrincipal2Role(String principalId, Role role, String subjArea) {
Map<String, String> qualifiers = new LinkedHashMap<String, String>();
if (subjArea != null) {
qualifiers.put(KimPermissionConstants.SUBJECT_AREA_ATTR_DEFINITION, subjArea);
}
RoleMember roleMember =
this.roleService.assignPrincipalToRole(
principalId, role.getNamespaceCode(), role.getName(), qualifiers);
assertEquals(principalId, roleMember.getMemberId());
assertEquals(role.getId(), roleMember.getRoleId());
assertEquals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE, roleMember.getType());
assertEquals(qualifiers, roleMember.getAttributes());
List<String> roleIds =
this.roleService.getMemberParentRoleIds(
KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode(), principalId);
// assertEquals(1, roleIds.size());
assertTrue(roleIds.contains(role.getId()));
return roleMember;
}
private Role createRole(String namespaceCode, String name, String kimTypeId) {
Role.Builder bldr = Role.Builder.create();
bldr.setNamespaceCode(namespaceCode);
bldr.setName(name);
bldr.setKimTypeId(kimTypeId);
bldr.setActive(true);
Role fromCreate = this.roleService.createRole(bldr.build());
assertEquals(namespaceCode, fromCreate.getNamespaceCode());
assertEquals(name, fromCreate.getName());
assertEquals(kimTypeId, fromCreate.getKimTypeId());
assertNotNull(fromCreate.getId());
assertNotNull(fromCreate.getVersionNumber());
assertTrue(fromCreate.isActive());
assertNull(fromCreate.getDescription());
bldr = Role.Builder.create(fromCreate);
bldr.setDescription(namespaceCode + " " + name);
Role fromUpdate = this.roleService.updateRole(bldr.build());
assertEquals(fromCreate.getNamespaceCode(), fromUpdate.getNamespaceCode());
assertEquals(fromCreate.getName(), fromUpdate.getName());
assertEquals(fromCreate.getId(), fromUpdate.getId());
assertNotSame(fromCreate.getVersionNumber(), fromUpdate.getVersionNumber());
assertEquals(fromCreate.isActive(), fromUpdate.isActive());
assertEquals(bldr.getDescription(), fromUpdate.getDescription());
Role fromGet = this.roleService.getRole(fromUpdate.getId());
assertEquals(fromUpdate.getNamespaceCode(), fromGet.getNamespaceCode());
assertEquals(fromUpdate.getName(), fromGet.getName());
assertEquals(fromUpdate.getKimTypeId(), fromGet.getKimTypeId());
assertEquals(fromUpdate.getId(), fromGet.getId());
assertEquals(fromUpdate.getVersionNumber(), fromGet.getVersionNumber());
assertEquals(fromUpdate.isActive(), fromGet.isActive());
assertEquals(fromUpdate.getDescription(), fromGet.getDescription());
Role fromFind = this.roleService.getRoleByNamespaceCodeAndName(namespaceCode, name);
assertEquals(fromUpdate.getNamespaceCode(), fromFind.getNamespaceCode());
assertEquals(fromUpdate.getName(), fromFind.getName());
assertEquals(fromUpdate.getKimTypeId(), fromFind.getKimTypeId());
assertEquals(fromUpdate.getId(), fromFind.getId());
assertEquals(fromUpdate.getVersionNumber(), fromFind.getVersionNumber());
assertEquals(fromUpdate.isActive(), fromFind.isActive());
assertEquals(fromUpdate.getDescription(), fromFind.getDescription());
// TODO: test update
return fromFind;
}
public List<String> getLocationsForPrincipalInRole(
String principalId,
String namespaceCode,
String roleName,
DateTime asOfDate,
boolean isActiveOnly) {
List<String> locations = new ArrayList<String>();
Role role = getRoleService().getRoleByNamespaceCodeAndName(namespaceCode, roleName);
if (role != null) {
locations =
getLocationsForPrincipalInRoles(
principalId, Collections.singletonList(role.getId()), asOfDate, isActiveOnly);
}
return locations;
}
public List<String> getDepartmentsForPrincipalInRole(
String principalId,
String namespaceCode,
String roleName,
DateTime asOfDate,
boolean isActiveOnly) {
List<String> departments = new ArrayList<String>();
Role role = getRoleService().getRoleByNamespaceCodeAndName(namespaceCode, roleName);
if (role != null) {
departments =
getDepartmentsForPrincipalInRoles(
principalId, Collections.singletonList(role.getId()), asOfDate, isActiveOnly);
}
// TODO:
// Do we want to pass groupKeyCode instead of location to speed up the performance?
List<String> locations =
getLocationsForPrincipalInRole(
principalId, namespaceCode, roleName, asOfDate, isActiveOnly);
departments.addAll(
getDepartmentService().getDepartmentValuesWithLocations(locations, asOfDate.toLocalDate()));
return new ArrayList<String>(departments);
}
public boolean principalHasRole(
String principalId,
String namespaceCode,
String roleName,
Map<String, String> qualification,
DateTime asOfDate) {
boolean principalHasRole = false;
String roleId = getRoleService().getRoleIdByNamespaceCodeAndName(namespaceCode, roleName);
if (roleId == null) {
return false;
}
if (asOfDate.compareTo(LocalDate.now().toDateTimeAtStartOfDay()) == 0) {
principalHasRole =
getRoleService()
.principalHasRole(principalId, Collections.singletonList(roleId), qualification);
} else {
List<RoleMember> roleMembers =
getRoleMembers(namespaceCode, roleName, qualification, asOfDate, true);
for (RoleMember roleMember : roleMembers) {
if (MemberType.PRINCIPAL.equals(roleMember.getType())) {
if (StringUtils.equals(roleMember.getMemberId(), principalId)) {
principalHasRole = true;
break;
}
} else if (MemberType.GROUP.equals(roleMember.getType())) {
if (HrServiceLocator.getKPMEGroupService()
.isMemberOfGroupWithId(principalId, roleMember.getMemberId(), asOfDate)) {
// if (getGroupService().isMemberOfGroup(principalId, roleMember.getMemberId())) {
principalHasRole = true;
break;
}
} else if (MemberType.ROLE.equals(roleMember.getType())) {
Role derivedRole =
getRoleService()
.getRoleByNamespaceCodeAndName(
KPMENamespace.KPME_HR.getNamespaceCode(),
KPMERole.DERIVED_ROLE_POSITION.getRoleName());
// check if the member represents the (nested) derived role 'position'
if (derivedRole != null && roleMember.getMemberId().equals(derivedRole.getId())) {
// add custom attributes
Map<String, String> qual = new HashMap<String, String>();
qual.putAll(roleMember.getAttributes());
qual.put("asOfDate", asOfDate.toString());
// return true if the principal id is a member of the (nested) derived role 'position'
RoleTypeService roleTypeService = getRoleTypeService(derivedRole);
if (roleTypeService.hasDerivedRole(
principalId,
new ArrayList<String>(),
derivedRole.getNamespaceCode(),
derivedRole.getName(),
qual)) {
principalHasRole = true;
break;
}
}
}
}
}
return principalHasRole;
}
protected List<RoleMember> getPrimaryRoleMembers(
Role role, Map<String, String> qualification, DateTime asOfDate, boolean isActiveOnly) {
// define the return value
List<RoleMember> primaryRoleMembers = new ArrayList<RoleMember>();
if (role != null) {
RoleTypeService roleTypeService = getRoleTypeService(role);
// use predicate based filtering only on non-derived role.
if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) {
List<Predicate> predicates = new ArrayList<Predicate>();
predicates.add(equal(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId()));
if (isActiveOnly) {
predicates.add(
or(isNull("activeFromDateValue"), lessThanOrEqual("activeFromDateValue", asOfDate)));
predicates.add(
or(isNull("activeToDateValue"), greaterThan("activeToDateValue", asOfDate)));
}
// LookupCustomizer<RoleMemberBo> lookupCustomizer = builder.build();
// guard for default type roles
if (roleTypeService != null) {
if (MapUtils.isEmpty(qualification)) {
primaryRoleMembers =
getRoleService()
.findRoleMembers(
QueryByCriteria.Builder.fromPredicates(
predicates.toArray(new Predicate[predicates.size()])))
.getResults();
} else {
// get the keys (name) of the qualifiers needed for membership in this role
List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch();
if (CollectionUtils.isNotEmpty(attributesForExactMatch)) {
if (attributesForExactMatch.size() <= 1) {
for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
// do not add a qualification predicate for an attribute unless it is required for
// matching
if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
predicates.add(
equal(
"attributes[" + qualificationEntry.getKey() + "]",
qualificationEntry.getValue()));
}
}
primaryRoleMembers =
getRoleService()
.findRoleMembers(
QueryByCriteria.Builder.fromPredicates(
predicates.toArray(new Predicate[predicates.size()])))
.getResults();
} else {
// rice's transformation doesn't work with more than one attribute.
// here is a terrible hack
List<RoleMember> intersectedMembers = null;
for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
// do not add a qualification predicate for an attribute unless it is required for
// matching
if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
Predicate attrPredicates =
equal(
"attributes[" + qualificationEntry.getKey() + "]",
qualificationEntry.getValue());
Predicate[] tempPredicates =
predicates.toArray(new Predicate[predicates.size() + 1]);
tempPredicates[predicates.size()] = attrPredicates;
List<RoleMember> tempMembers =
new ArrayList<RoleMember>(
getRoleService()
.findRoleMembers(
QueryByCriteria.Builder.fromPredicates(tempPredicates))
.getResults());
if (intersectedMembers == null) {
intersectedMembers = new ArrayList<>();
intersectedMembers.addAll(tempMembers);
} else {
intersectedMembers = intersect(intersectedMembers, tempMembers);
}
}
}
primaryRoleMembers = intersectedMembers;
}
}
}
}
} else {
// for derived roles just add the as-of date and active only flag to a copy of the
// qualification
Map<String, String> derivedRoleQualification = new HashMap<String, String>(qualification);
derivedRoleQualification.put("asOfDate", asOfDate.toString());
derivedRoleQualification.put("activeOnly", String.valueOf(isActiveOnly));
List<RoleMembership> derivedRoleMembers =
roleTypeService.getRoleMembersFromDerivedRole(
role.getNamespaceCode(), role.getName(), derivedRoleQualification);
// convert the role memberships into role members
for (RoleMembership derivedRoleMember : derivedRoleMembers) {
RoleMember roleMember =
RoleMember.Builder.create(
derivedRoleMember.getRoleId(),
derivedRoleMember.getId(),
derivedRoleMember.getMemberId(),
derivedRoleMember.getType(),
null,
null,
derivedRoleMember.getQualifier(),
role.getName(),
role.getNamespaceCode())
.build();
primaryRoleMembers.add(roleMember);
}
}
}
return primaryRoleMembers;
}
/** Test of clear method, of class RoleAndPermissionServiceMockImpl. */
@Test
public void testBasicOperations() {
System.out.println("test basic operations");
// Make sure we have a handle on all the templates we need
Template CAN_INVOKE_SERVICE_METHOD_TEMPLATE =
this.permissionService.findPermTemplateByNamespaceCodeAndName(
KimPermissionConstants.KS_ENRL_NAMESPACE,
KimPermissionConstants.CAN_INVOKE_SERVICE_METHOD_TEMPLATE_NAME);
assertNotNull(CAN_INVOKE_SERVICE_METHOD_TEMPLATE);
Template OPEN_VIEW_TEMPLATE =
this.permissionService.findPermTemplateByNamespaceCodeAndName(
KimPermissionConstants.KR_KRAD_NAMESPACE,
KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME);
assertNotNull(OPEN_VIEW_TEMPLATE);
Template EDIT_VIEW_TEMPLATE =
this.permissionService.findPermTemplateByNamespaceCodeAndName(
KimPermissionConstants.KR_KRAD_NAMESPACE,
KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME);
assertNotNull(EDIT_VIEW_TEMPLATE);
// create permissions
Permission CREATE_ACTIVITY_OFFERING_PERMISSION =
this.createPermission(
KimPermissionConstants.CREATE_ACTIVITYOFFERING_PERMISSION,
CAN_INVOKE_SERVICE_METHOD_TEMPLATE,
null);
Permission CREATE_SOC_PERMISSION =
this.createPermission(
KimPermissionConstants.CREATE_SOC_PERMISSION, CAN_INVOKE_SERVICE_METHOD_TEMPLATE, null);
Permission OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION =
this.createPermission(
KimPermissionConstants.OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION,
OPEN_VIEW_TEMPLATE,
CO_CREATE_MAINTENANCE_VIEW);
Permission EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION =
this.createPermission(
KimPermissionConstants.EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION,
EDIT_VIEW_TEMPLATE,
CO_CREATE_MAINTENANCE_VIEW);
Permission OPEN_VIEWS_FOR_SOC_PERMISSION =
this.createPermission(
KimPermissionConstants.OPEN_VIEWS_FOR_SOC_PERMISSION,
OPEN_VIEW_TEMPLATE,
ROLLOVER_MANAGEMENT_VIEW);
Permission EDIT_VIEWS_FOR_SOC_PERMISSION =
this.createPermission(
KimPermissionConstants.EDIT_VIEWS_FOR_SOC_PERMISSION,
EDIT_VIEW_TEMPLATE,
ROLLOVER_MANAGEMENT_VIEW);
// create some roles
Role CENTRAL_ADMIN_ROLE =
createRole(
KimPermissionConstants.KS_ENRL_NAMESPACE,
KimPermissionConstants.KUALI_STUDENT_COURSE_OFFERING_CENTRAL_ADMIN_ROLE_NAME,
KimPermissionConstants.DEFAULT_KIM_TYPE_ID);
Role DEPT_ADMIN_ROLE =
createRole(
KimPermissionConstants.KS_ENRL_NAMESPACE,
KimPermissionConstants.KUALI_STUDENT_COURSE_OFFERING_DEPARTMENTAL_ADMIN_ROLE_NAME,
KimPermissionConstants.DEFAULT_KIM_TYPE_ID);
// Assign some permissions to some roles
this.roleService.assignPermissionToRole(
CREATE_ACTIVITY_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
CREATE_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
CREATE_ACTIVITY_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
OPEN_VIEWS_FOR_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
EDIT_VIEWS_FOR_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
this.roleService.assignPermissionToRole(
OPEN_VIEWS_FOR_SOC_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
List<String> roleIds =
this.permissionService.getRoleIdsForPermission(
CREATE_ACTIVITY_OFFERING_PERMISSION.getNamespaceCode(),
CREATE_ACTIVITY_OFFERING_PERMISSION.getName());
assertEquals(2, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));
roleIds =
this.permissionService.getRoleIdsForPermission(
CREATE_SOC_PERMISSION.getNamespaceCode(), CREATE_SOC_PERMISSION.getName());
assertEquals(1, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
roleIds =
this.permissionService.getRoleIdsForPermission(
OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getNamespaceCode(),
OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getName());
assertEquals(2, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));
roleIds =
this.permissionService.getRoleIdsForPermission(
EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getNamespaceCode(),
EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getName());
assertEquals(2, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));
roleIds =
this.permissionService.getRoleIdsForPermission(
OPEN_VIEWS_FOR_SOC_PERMISSION.getNamespaceCode(),
OPEN_VIEWS_FOR_SOC_PERMISSION.getName());
assertEquals(2, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));
roleIds =
this.permissionService.getRoleIdsForPermission(
EDIT_VIEWS_FOR_SOC_PERMISSION.getNamespaceCode(),
EDIT_VIEWS_FOR_SOC_PERMISSION.getName());
assertEquals(1, roleIds.size());
assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
// assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));
this.assignPrincipal2Role(CENTRAL_ADMIN1, CENTRAL_ADMIN_ROLE, null);
this.assignPrincipal2Role(DEPT_ADMIN1, DEPT_ADMIN_ROLE, "ENGL");
this.assignPrincipal2Role(DEPT_ADMIN2, DEPT_ADMIN_ROLE, "PHYS");
this.assignPrincipal2Role(DEPT_ADMIN3, DEPT_ADMIN_ROLE, "ENGL");
this.assignPrincipal2Role(DEPT_ADMIN3, DEPT_ADMIN_ROLE, "PHYS");
// check is auth by template
assertTrue(
isAuthorizedByTemplate(
CENTRAL_ADMIN1,
KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
CO_CREATE_MAINTENANCE_VIEW));
assertTrue(
isAuthorizedByTemplate(
CENTRAL_ADMIN1,
KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
CO_CREATE_MAINTENANCE_VIEW));
assertTrue(
isAuthorizedByTemplate(
CENTRAL_ADMIN1,
KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
ROLLOVER_MANAGEMENT_VIEW));
assertTrue(
isAuthorizedByTemplate(
CENTRAL_ADMIN1,
KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
ROLLOVER_MANAGEMENT_VIEW));
assertTrue(
isAuthorizedByTemplate(
DEPT_ADMIN1,
KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
CO_CREATE_MAINTENANCE_VIEW));
assertTrue(
isAuthorizedByTemplate(
DEPT_ADMIN1,
KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
CO_CREATE_MAINTENANCE_VIEW));
assertTrue(
isAuthorizedByTemplate(
DEPT_ADMIN1, KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME, ROLLOVER_MANAGEMENT_VIEW));
assertFalse(
isAuthorizedByTemplate(
DEPT_ADMIN1, KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME, ROLLOVER_MANAGEMENT_VIEW));
assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));
assertTrue(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
assertFalse(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
assertFalse(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));
assertFalse(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
assertTrue(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
assertFalse(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));
assertTrue(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
assertTrue(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
assertFalse(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));
}