protected List<RoleMember> getPrimaryRoleMembers( Role role, Map<String, String> qualification, DateTime asOfDate, boolean isActiveOnly) { // define the return value List<RoleMember> primaryRoleMembers = new ArrayList<RoleMember>(); if (role != null) { RoleTypeService roleTypeService = getRoleTypeService(role); // use predicate based filtering only on non-derived role. if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) { List<Predicate> predicates = new ArrayList<Predicate>(); predicates.add(equal(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId())); if (isActiveOnly) { predicates.add( or(isNull("activeFromDateValue"), lessThanOrEqual("activeFromDateValue", asOfDate))); predicates.add( or(isNull("activeToDateValue"), greaterThan("activeToDateValue", asOfDate))); } // LookupCustomizer<RoleMemberBo> lookupCustomizer = builder.build(); // guard for default type roles if (roleTypeService != null) { if (MapUtils.isEmpty(qualification)) { primaryRoleMembers = getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates( predicates.toArray(new Predicate[predicates.size()]))) .getResults(); } else { // get the keys (name) of the qualifiers needed for membership in this role List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch(); if (CollectionUtils.isNotEmpty(attributesForExactMatch)) { if (attributesForExactMatch.size() <= 1) { for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) { // do not add a qualification predicate for an attribute unless it is required for // matching if (attributesForExactMatch.contains(qualificationEntry.getKey())) { predicates.add( equal( "attributes[" + qualificationEntry.getKey() + "]", qualificationEntry.getValue())); } } primaryRoleMembers = getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates( predicates.toArray(new Predicate[predicates.size()]))) .getResults(); } else { // rice's transformation doesn't work with more than one attribute. // here is a terrible hack List<RoleMember> intersectedMembers = null; for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) { // do not add a qualification predicate for an attribute unless it is required for // matching if (attributesForExactMatch.contains(qualificationEntry.getKey())) { Predicate attrPredicates = equal( "attributes[" + qualificationEntry.getKey() + "]", qualificationEntry.getValue()); Predicate[] tempPredicates = predicates.toArray(new Predicate[predicates.size() + 1]); tempPredicates[predicates.size()] = attrPredicates; List<RoleMember> tempMembers = new ArrayList<RoleMember>( getRoleService() .findRoleMembers( QueryByCriteria.Builder.fromPredicates(tempPredicates)) .getResults()); if (intersectedMembers == null) { intersectedMembers = new ArrayList<>(); intersectedMembers.addAll(tempMembers); } else { intersectedMembers = intersect(intersectedMembers, tempMembers); } } } primaryRoleMembers = intersectedMembers; } } } } } else { // for derived roles just add the as-of date and active only flag to a copy of the // qualification Map<String, String> derivedRoleQualification = new HashMap<String, String>(qualification); derivedRoleQualification.put("asOfDate", asOfDate.toString()); derivedRoleQualification.put("activeOnly", String.valueOf(isActiveOnly)); List<RoleMembership> derivedRoleMembers = roleTypeService.getRoleMembersFromDerivedRole( role.getNamespaceCode(), role.getName(), derivedRoleQualification); // convert the role memberships into role members for (RoleMembership derivedRoleMember : derivedRoleMembers) { RoleMember roleMember = RoleMember.Builder.create( derivedRoleMember.getRoleId(), derivedRoleMember.getId(), derivedRoleMember.getMemberId(), derivedRoleMember.getType(), null, null, derivedRoleMember.getQualifier(), role.getName(), role.getNamespaceCode()) .build(); primaryRoleMembers.add(roleMember); } } } return primaryRoleMembers; }