script/roles/effectiveAssignments.js

ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff/**
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff *
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * Copyright (c) 2014 ForgeRock AS. All rights reserved.
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff *
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * The contents of this file are subject to the terms
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * of the Common Development and Distribution License
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * (the License). You may not use this file except in
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * compliance with the License.
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff *
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * You can obtain a copy of the License at
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * http://forgerock.org/license/CDDLv1.0.html
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * See the License for the specific language governing
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * permission and limitations under the License.
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff *
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * When distributing Covered Code, include this CDDL
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * Header Notice in each file and include the License file
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * at http://forgerock.org/license/CDDLv1.0.html
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * If applicable, add the following below the CDDL Header,
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * with the fields enclosed by brackets [] replaced by
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * your own identifying information:
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff * "Portions Copyrighted [year] [name of copyright owner]"
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff */
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff/**
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * Calculates the effective assignments, based on the effective roles.
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle *
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * In the case of a reconciliation run, the assignments and roles will be pre-loaded into the ReconContext. This script
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * will first attempt to find the roles and assignments in the ReconContext and if they are not found will issue a read.
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff */
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff/*global object */
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienlevar effectiveAssignments = [],
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    effectiveRoles = object[effectiveRolesPropName],
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    reconContext = context.recon,
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    assignments = typeof(reconContext) === "undefined" ? null : reconContext.assignments,
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    roles = typeof(reconContext) === "undefined" ? null : reconContext.roles;
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle
c96652ffdb237d5167f5a00a771bf3e298bdbb22Chad Kienlelogger.debug("Invoked effectiveAssignments script on property {}", propertyName);
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Egloff// Allow for configuration in virtual attribute config, but default
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Egloffif (effectiveRolesPropName === undefined) {
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Egloff    var effectiveRolesPropName = "effectiveRoles";
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Egloff}
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Eglofflogger.trace("Configured effectiveRolesPropName: {}", effectiveRolesPropName);
9abe33608be5ecedc64fcc7727c885fd04ac5558Andi Egloff
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle/**
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * Returns a managed role object representing the supplied role id.
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle *
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * If the ReconContext is present it will use the stored values for roles, otherwise it will issue a read request.
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle *
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * @param roleId the id of the managed role
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * @returns a managed role object
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle */
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienlefunction getRole(roleId) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    // First check if roles were loaded in the context (in case of recon)
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    if (roles != null) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle        for (var index in roles) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            var role = roles[index];
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            if (roleId == "managed/role/" + role._id) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle                return role;
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle        }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    return openidm.read(roleId, null, [ "assignments" ]);
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle}
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle/**
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * Returns a managed assignment object representing the supplied assignment id.
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle *
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * If the ReconContext is present it will use the stored values for assignments, otherwise it will issue a read request.
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle *
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * @param assignmentId the id of the managed assignment
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle * @returns a managed assignment object
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle */
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienlefunction getAssignment(assignmentId) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    // First check if assignments were loaded in the context (in case of recon)
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    if (assignments != null) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle        for (var index in assignments) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            var assignment = assignments[index];
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            if (assignmentId == "managed/assignment/" + assignment._id) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle                return assignment;
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle        }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    }
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle    return openidm.read(assignmentId, null);
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle}
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloffif (effectiveRoles != null)  {
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle    var assignmentMap = {};
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff    for (var i = 0; i < effectiveRoles.length; i++) {
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff        var roleId = effectiveRoles[i];
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff        // Only try to retrieve role details for role ids in URL format
e37be42b67b58d254aa6a9fbbb8395390f191b84Jim Mitchener        if (roleId !== null && roleId._ref !== null && roleId._ref.indexOf("managed/role") != -1) {
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle            var roleRelationship =  getRole(roleId._ref);
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle            logger.debug("Role relationship read: {}", roleRelationship);
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle            if (roleRelationship != null) {
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle                for (var assignmentName in roleRelationship.assignments) {
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle                    var assignmentRelationship = roleRelationship.assignments[assignmentName];
894623f06f0b765163c8593164cf1cdd2f725819Chad Kienle                    var assignment = getAssignment(assignmentRelationship._ref);
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle                    if (assignment !== null) {
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle                        assignmentMap[assignmentRelationship._ref] = assignment;
3c0bf53e0947b5bdcef79051c6e63796fac3a7fbChad Kienle                    }
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff                }
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff            } else {
c1bed58d59da76132e7b960e74825f038c282555Jon Branch                logger.debug("No role details could be read from: {}", roleId._ref);
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff            }
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff        } else {
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff            logger.debug("Role does not point to a resource, will not try to retrieve assignment details for {}", roleId);
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff        }
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff    }
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff}
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle// Add all assignments to the effectiveAssignments array
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienlefor (var assignment in assignmentMap) {
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle    effectiveAssignments.push(assignmentMap[assignment]);
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle    logger.trace("effectiveAssignment: {}", assignmentMap[assignment]);
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle}
b3c91ed9b21741200b26a3da31b64a887e629426Chad Kienle
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Eglofflogger.debug("Calculated effectiveAssignments: {}", effectiveAssignments);
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff
ad17b15404fe8bbc97c620669f32311567a9ab84Andi EgloffeffectiveAssignments;
ad17b15404fe8bbc97c620669f32311567a9ab84Andi Egloff