effectiveAssignments.js revision c96652ffdb237d5167f5a00a771bf3e298bdbb22
0N/A/**
4651N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0N/A *
0N/A * Copyright (c) 2014 ForgeRock AS. All rights reserved.
0N/A *
0N/A * The contents of this file are subject to the terms
0N/A * of the Common Development and Distribution License
0N/A * (the License). You may not use this file except in
0N/A * compliance with the License.
0N/A *
0N/A * You can obtain a copy of the License at
0N/A * http://forgerock.org/license/CDDLv1.0.html
0N/A * See the License for the specific language governing
0N/A * permission and limitations under the License.
0N/A *
0N/A * When distributing Covered Code, include this CDDL
0N/A * Header Notice in each file and include the License file
0N/A * at http://forgerock.org/license/CDDLv1.0.html
2362N/A * If applicable, add the following below the CDDL Header,
2362N/A * with the fields enclosed by brackets [] replaced by
2362N/A * your own identifying information:
0N/A * "Portions Copyrighted [year] [name of copyright owner]"
0N/A */
0N/A
0N/A/**
0N/A * Calculates the effective assignments, based on the effective roles
0N/A */
0N/A
0N/A/*global object */
0N/A
0N/Alogger.debug("Invoked effectiveAssignments script on property {}", propertyName);
2078N/A
2078N/A// Allow for configuration in virtual attribute config, but default
2078N/Aif (effectiveRolesPropName === undefined) {
0N/A var effectiveRolesPropName = "effectiveRoles";
0N/A}
0N/Alogger.trace("Configured effectiveRolesPropName: {}", effectiveRolesPropName);
0N/A
0N/Avar effectiveAssignments = {};
0N/Avar effectiveRoles = object[effectiveRolesPropName];
0N/A
0N/Aif (effectiveRoles != null) {
0N/A for (var i = 0; i < effectiveRoles.length; i++) {
0N/A var roleId = effectiveRoles[i];
0N/A
0N/A // Only try to retrieve role details for role ids in URL format
0N/A if (roleId != null && roleId.indexOf("/") != -1) {
0N/A var roleInfo = openidm.read(roleId);
0N/A logger.debug("Role info read: {}", roleInfo);
0N/A
0N/A if (roleInfo != null) {
0N/A for (var assignmentName in roleInfo.assignments) {
0N/A var assignment = roleInfo.assignments[assignmentName];
0N/A logger.trace("assignmentName: {} value : {}", assignmentName, assignment);
0N/A if (effectiveAssignments[assignmentName] == null) {
0N/A effectiveAssignments[assignmentName] = {};
0N/A }
0N/A
0N/A // Shallow merge of attributes operations if some already exist, e.g. "system":{"attributes":["x"]}
0N/A for (var assignmentPropName in assignment) {
0N/A var assignmentProp = assignment[assignmentPropName];
0N/A for (var propCount = 0; propCount < assignmentProp.length; propCount++) {
0N/A // Include information on where the assignment comes from, to allow easier management and debugging
0N/A assignmentProp[propCount]["assignedThrough"] = roleId;
0N/A }
0N/A
0N/A var existingProp = effectiveAssignments[assignmentName][assignmentPropName];
0N/A // Only merge "attributes"
0N/A if (existingProp != null && assignmentPropName == "attributes") {
0N/A logger.trace("Merge assignment {}: {}", assignmentPropName, assignmentProp);
0N/A for (var j = 0; j < assignmentProp.length; j++) {
0N/A effectiveAssignments[assignmentName][assignmentPropName] =
0N/A effectiveAssignments[assignmentName][assignmentPropName].concat(assignmentProp[j]);
0N/A }
0N/A } else {
0N/A logger.trace("Set assignment {}: {}", assignmentPropName, assignmentProp);
0N/A effectiveAssignments[assignmentName][assignmentPropName] = assignmentProp;
0N/A }
0N/A logger.trace("Intermediate effectiveAssignments calculated: {}", effectiveAssignments);
0N/A }
0N/A }
0N/A } else {
0N/A logger.debug("No role details could be read from: {}", roleId);
0N/A }
2078N/A } else {
0N/A logger.debug("Role does not point to a resource, will not try to retrieve assignment details for {}", roleId);
0N/A }
2078N/A }
0N/A}
0N/Alogger.debug("Calculated effectiveAssignments: {}", effectiveAssignments);
0N/A
0N/AeffectiveAssignments;
0N/A
0N/A