@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_CREATE + "')") public ProvisioningResult<GroupTO> create(final GroupTO groupTO, final boolean nullPriorityAsync) { Pair<GroupTO, List<LogicActions>> before = beforeCreate(groupTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_CREATE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), nullPriorityAsync); return afterCreate(binder.getGroupTO(created.getKey()), created.getRight(), before.getRight()); }
public ProvisioningResult<AnyObjectTO> create(final AnyObjectTO anyObjectTO, final boolean nullPriorityAsync) { Pair<AnyObjectTO, List<LogicActions>> before = beforeCreate(anyObjectTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (before.getLeft().getType() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidAnyType); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.CREATE.getFor(before.getLeft().getType())), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), nullPriorityAsync); return afterCreate(binder.getAnyObjectTO(created.getKey()), created.getRight(), before.getRight()); }
@Override public ProvisioningResult<AnyObjectTO> delete(final String key, final boolean nullPriorityAsync) { AnyObjectTO anyObject = binder.getAnyObjectTO(key); Pair<AnyObjectTO, List<LogicActions>> before = beforeDelete(anyObject); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.DELETE.getFor(before.getLeft().getType())), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); AnyObjectTO anyObjectTO = new AnyObjectTO(); anyObjectTO.setKey(before.getLeft().getKey()); return afterDelete(anyObjectTO, statuses, before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_UPDATE + "')") public ConnInstanceTO update(final ConnInstanceTO connInstanceTO) { if (connInstanceTO.getAdminRealm() == null) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidConnInstance); sce.getElements().add("Invalid or null realm specified: " + connInstanceTO.getAdminRealm()); throw sce; } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_UPDATE), connInstanceTO.getAdminRealm()); securityChecks(effectiveRealms, connInstanceTO.getAdminRealm(), connInstanceTO.getKey()); return binder.getConnInstanceTO(binder.update(connInstanceTO)); }
@PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_CREATE + "')") public ConnInstanceTO create(final ConnInstanceTO connInstanceTO) { if (connInstanceTO.getAdminRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_CREATE), connInstanceTO.getAdminRealm()); securityChecks(effectiveRealms, connInstanceTO.getAdminRealm(), null); return binder.getConnInstanceTO(connInstanceDAO.save(binder.getConnInstance(connInstanceTO))); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); }
@Override public AnyObjectTO unlink(final String key, final Collection<String> resources) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.getAnyObjectTO(provisioningManager.unlink(patch)); }
@Override public ProvisioningResult<AnyObjectTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO unlink(final String key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream(). map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); patch.setUDynMembershipCond(group.getUDynMembershipCond()); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); return binder.getGroupTO(provisioningManager.unlink(patch)); }
@Override public AnyObjectTO link(final String key, final Collection<String> resources) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.getAnyObjectTO(provisioningManager.link(patch)); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO link(final String key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); GroupPatch patch = new GroupPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); patch.getADynMembershipConds().putAll(group.getADynMembershipConds()); patch.setUDynMembershipCond(group.getUDynMembershipCond()); return binder.getGroupTO(provisioningManager.link(patch)); }
@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm()); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<GroupTO> result = new ProvisioningResult<>(); result.setEntity(binder.getGroupTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
@Override public ProvisioningResult<AnyObjectTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<UserTO> result = new ProvisioningResult<>(); result.setEntity(binder.returnUserTO(binder.getUserTO(key))); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_DELETE + "')") public ResourceTO delete(final String key) { ExternalResource resource = resourceDAO.authFind(key); if (resource == null) { throw new NotFoundException("Resource '" + key + "'"); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_DELETE), resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey()); ResourceTO resourceToDelete = binder.getResourceTO(resource); resourceDAO.delete(key); return resourceToDelete; }
@Override public ProvisioningResult<AnyObjectTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<AnyObjectTO> result = new ProvisioningResult<>(); result.setEntity(binder.getAnyObjectTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
@PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_UPDATE + "')") public ResourceTO update(final ResourceTO resourceTO) { ExternalResource resource = resourceDAO.authFind(resourceTO.getKey()); if (resource == null) { throw new NotFoundException("Resource '" + resourceTO.getKey() + "'"); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_UPDATE), resource.getConnector().getAdminRealm().getFullPath()); securityChecks(effectiveRealms, resource.getConnector().getAdminRealm().getFullPath(), resource.getKey()); return binder.getResourceTO(resourceDAO.save(binder.update(resource, resourceTO))); }