1.9.4
This commit is contained in:
haburger
parent
01fc726711
commit
eed508938b
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -2,9 +2,8 @@ import org.codehaus.groovy.runtime.StackTraceUtils
|
|||
import groovy.xml.XmlSlurper
|
||||
|
||||
def getUserAGOVLoiRoles() {
|
||||
// set attibutes from DTO: -> AGOVaq
|
||||
def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
|
||||
return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
|
||||
// we take the roles from actualRoles
|
||||
return request.getActualRoles().findAll { role -> role.startsWith('AGOV-Loi.') }.collect({ role -> role.substring(9) })
|
||||
}
|
||||
|
||||
def getUserAGOVRecoveryRoles() {
|
||||
|
|
@ -141,6 +140,11 @@ try {
|
|||
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
|
||||
session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
|
||||
|
||||
// if the account has no profile, we must not return address or svnr
|
||||
session.setAttribute('agov.appAddressRequired', 'false')
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
|
||||
response.setResult('ok')
|
||||
return
|
||||
}
|
||||
|
|
@ -158,24 +162,33 @@ try {
|
|||
|
||||
|
||||
for (String role : getUserAGOVLoiRoles()) {
|
||||
if (role.startsWith('level')) {
|
||||
def roleLevel = role.substring(5)
|
||||
int roleLevelNumber = Integer.parseInt(roleLevel)
|
||||
if (highestRoleLevelNumber == 0) {
|
||||
highestRoleLevelNumber = roleLevelNumber
|
||||
}
|
||||
if (highestRoleLevelNumber< roleLevelNumber) {
|
||||
highestRoleLevelNumber=roleLevelNumber
|
||||
if (role.startsWith('level')) {
|
||||
def roleLevel = role.substring(5)
|
||||
int roleLevelNumber = Integer.parseInt(roleLevel)
|
||||
if (highestRoleLevelNumber< roleLevelNumber) {
|
||||
highestRoleLevelNumber=roleLevelNumber
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
LOG.debug('CheckLoa: Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString())
|
||||
LOG.debug('CheckLoa: Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber))
|
||||
}
|
||||
|
||||
LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString())
|
||||
LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))
|
||||
|
||||
//set attribute Actual Role Level
|
||||
session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
|
||||
LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
|
||||
|
||||
|
||||
// Best Token Available only if account's AQlevel is high enough
|
||||
if ((session.getAttribute('agov.appAddressRequired') == 'true') && (highestRoleLevelNumber < 200)) {
|
||||
LOG.debug("Best Token: Address requested but account has to low AQ (${highestRoleLevelNumber})")
|
||||
session.setAttribute('agov.appAddressRequired', 'false')
|
||||
}
|
||||
if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (highestRoleLevelNumber < 400)) {
|
||||
LOG.debug("Best Token: SVNr requested but account has to low AQ (${highestRoleLevelNumber})")
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
}
|
||||
|
||||
if (highestRoleLevelNumber > 0) {
|
||||
// set attribute contextClassRefToSet
|
||||
session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString()))
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue