Source code

001package com.identityworksllc.iiq.common.access;
002
003import com.identityworksllc.iiq.common.CommonSecurityConfig;
004import sailpoint.object.Identity;
005import sailpoint.rest.plugin.BasePluginResource;
006import sailpoint.tools.GeneralException;
007import sailpoint.web.UserContext;
008
009import java.util.HashMap;
010import java.util.Map;
011
012/**
013 * Access check input
014 */
015public final class AccessCheckInput {
016    /**
017     * Configuration
018     */
019    private CommonSecurityConfig configuration;
020
021    /**
022     * The plugin resource
023     */
024    private UserContext userContext;
025
026    /**
027     * The state from this access check
028     */
029    private Map<String, Object> state;
030
031    /**
032     * The target Identity being checked (may be null)
033     */
034    private Identity target;
035
036    /**
037     * The name of the thing being checked
038     */
039    private String thingName;
040
041    /**
042     * Constructs a basic access check input
043     */
044    public AccessCheckInput() {
045        this.thingName = AccessCheck.ANONYMOUS_THING;
046    }
047
048    /**
049     * Copy constructor allowing override of an input
050     *
051     * @param parent The parent config
052     * @param config The 'child' config to replace with
053     */
054    public AccessCheckInput(AccessCheckInput parent, CommonSecurityConfig config) {
055        this(parent.userContext, parent.target, parent.thingName, config, parent.state);
056    }
057
058    /**
059     * Access check input taking a plugin or target
060     *
061     * @param userContext    The user context (likely a BasePluginResource)
062     * @param config         The config
063     */
064    public AccessCheckInput(UserContext userContext, CommonSecurityConfig config) {
065        this(userContext, null, AccessCheck.ANONYMOUS_THING, config, null);
066    }
067    /**
068     * Access check input taking a plugin or target
069     *
070     * @param userContext    The user context (likely a BasePluginResource)
071     * @param target         The target
072     * @param config         The config
073     */
074    public AccessCheckInput(UserContext userContext, Identity target, CommonSecurityConfig config) {
075        this(userContext, target, AccessCheck.ANONYMOUS_THING, config, null);
076    }
077
078    /**
079     * Access check input taking a plugin or target
080     *
081     * @param userContext    The user context (likely a BasePluginResource)
082     * @param target         The target
083     * @param thingName      The thing name
084     * @param config         The config
085     */
086    public AccessCheckInput(UserContext userContext, Identity target, String thingName, CommonSecurityConfig config) {
087        this(userContext, target, thingName, config, null);
088    }
089
090    /**
091     * Access check input taking a plugin or target
092     *
093     * @param userContext    The user context (likely a BasePluginResource)
094     * @param target         The target
095     * @param thingName      The thing name
096     * @param config         The config
097     * @param state          Any persistent state in the access checks
098     */
099    public AccessCheckInput(UserContext userContext, Identity target, String thingName, CommonSecurityConfig config, Map<String, Object> state) {
100        this.userContext = userContext;
101        this.target = target;
102        this.configuration = config;
103        if (thingName == null || thingName.isEmpty()) {
104            this.thingName = AccessCheck.ANONYMOUS_THING;
105        } else {
106            this.thingName = thingName;
107        }
108        this.state = (state != null) ? state : new HashMap<>();
109    }
110
111    /**
112     * Gets the configuration object
113     * @return The common security configuration object
114     */
115    public CommonSecurityConfig getConfiguration() {
116        return configuration;
117    }
118
119    /**
120     * @deprecated Use {@link #getUserContext()} instead
121     * @return The configured plugin resource / user context
122     */
123    @Deprecated
124    public UserContext getPluginResource() {
125        return userContext;
126    }
127
128    public UserContext getUserContext() {
129        return userContext;
130    }
131
132    public Map<String, Object> getState() {
133        return state;
134    }
135
136    public Identity getTarget() throws GeneralException {
137        if (this.target != null) {
138            return target;
139        } else {
140            return userContext.getLoggedInUser();
141        }
142    }
143
144    public String getThingName() {
145        return thingName;
146    }
147
148    public void putState(String name, Object value) {
149        if (this.state == null) {
150            this.state = new HashMap<>();
151        }
152
153        this.state.put(name, value);
154    }
155
156    public AccessCheckInput setConfiguration(Map<String, Object> configuration) throws GeneralException {
157        this.configuration = CommonSecurityConfig.decode(configuration);
158        return this;
159    }
160
161
162    public AccessCheckInput setConfiguration(CommonSecurityConfig configuration) {
163        this.configuration = configuration;
164        return this;
165    }
166
167    @Deprecated
168    public AccessCheckInput setPluginResource(BasePluginResource pluginResource) {
169        return setUserContext(pluginResource);
170    }
171
172    public AccessCheckInput setUserContext(UserContext userContext) {
173        this.userContext = userContext;
174        return this;
175    }
176
177    public AccessCheckInput setState(Map<String, Object> state) {
178        this.state = state;
179        return this;
180    }
181
182    public AccessCheckInput setTarget(Identity target) {
183        this.target = target;
184        return this;
185    }
186
187    public AccessCheckInput setThingName(String thingName) {
188        this.thingName = thingName;
189        return this;
190    }
191}