1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.logic.wa;
20
21 import java.util.ArrayList;
22 import java.util.List;
23 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
24 import org.apache.syncope.common.lib.wa.ImpersonationAccount;
25 import org.apache.syncope.core.logic.AbstractAuthProfileLogic;
26 import org.apache.syncope.core.persistence.api.dao.AuthProfileDAO;
27 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
28 import org.apache.syncope.core.persistence.api.entity.am.AuthProfile;
29 import org.apache.syncope.core.provisioning.api.data.AuthProfileDataBinder;
30 import org.springframework.security.access.prepost.PreAuthorize;
31 import org.springframework.transaction.annotation.Transactional;
32
33 public class ImpersonationLogic extends AbstractAuthProfileLogic {
34
35 protected final EntityFactory entityFactory;
36
37 public ImpersonationLogic(
38 final EntityFactory entityFactory,
39 final AuthProfileDAO authProfileDAO,
40 final AuthProfileDataBinder binder) {
41
42 super(authProfileDAO, binder);
43 this.entityFactory = entityFactory;
44 }
45
46 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
47 @Transactional(readOnly = true)
48 public List<ImpersonationAccount> read(final String owner) {
49 return authProfileDAO.findByOwner(owner).map(AuthProfile::getImpersonationAccounts).orElse(List.of());
50 }
51
52 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
53 public void create(final String owner, final ImpersonationAccount account) {
54 AuthProfile profile = authProfileDAO.findByOwner(owner).orElseGet(() -> {
55 AuthProfile authProfile = entityFactory.newEntity(AuthProfile.class);
56 authProfile.setOwner(owner);
57 return authProfile;
58 });
59
60 if (profile.getImpersonationAccounts().stream().
61 noneMatch(acct -> acct.getImpersonated().equalsIgnoreCase(account.getImpersonated()))) {
62
63 List<ImpersonationAccount> accounts = new ArrayList<>(profile.getImpersonationAccounts());
64 accounts.add(account);
65 profile.setImpersonationAccounts(accounts);
66 }
67
68 authProfileDAO.save(profile);
69 }
70
71 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
72 public void delete(final String owner, final String impersonated) {
73 authProfileDAO.findByOwner(owner).ifPresent(profile -> {
74 List<ImpersonationAccount> accounts = profile.getImpersonationAccounts();
75 if (accounts.removeIf(acct -> acct.getImpersonated().equalsIgnoreCase(impersonated))) {
76 profile.setImpersonationAccounts(accounts);
77 authProfileDAO.save(profile);
78 }
79 });
80 }
81 }