function getChangedValues() {
var currentObject,
JsonPatch = org.forgerock.json.JsonPatch,
JsonValue = org.forgerock.json.JsonValue,
simplePatchField = function (field) {
return field.replace(/^\//, '').split("/")[0];
};
if (request.method === "create") {
// all supplied fields are considered "changed" during a create
return _.keys(request.content);
} else if (request.method === "update") {
// during an update, it is necessary to actually compare each object
// to see if the field has changed
currentObject = openidm.read(request.resourcePath);
return _.filter(_.keys(request.content), function (propertyName) {
return JsonPatch.diff(
JsonValue(request.content[propertyName]),
JsonValue(currentObject[propertyName])
).asList().size() !== 0;
});
} else if (request.method === "patch") {
// every field that is supplied as a patch operation is considered "changed"
return _.map(request.patchOperations, function (patchOp) {
return simplePatchField(patchOp.field);
});
} else if (request.method === "action" && request.action === "patch") {
return _.map(request.content, function (patchOp) {
return simplePatchField(patchOp.field);
});
} else {
return [];
}
}
$.getJSON(url, function(data){
// Get only the mobile forms
var mobileForms = _.filter(data.forms, function(form) {
if (_.has(form, 'type')) {
if (form.type === 'mobile'){
return true;
}
}
return false;
});
// Endpoint should give the most recent form first.
// And that's what we'll use
settings.formData = mobileForms[0];
callback();
});
exports.evaluateConditionalRoles = function(user, rolesPropName, existingConditionalRoles, userRoleGrants) {
var conditionalGrants = userRoleGrants.conditionalGrants,
directGrants = userRoleGrants.directGrants;
user[rolesPropName] =
directGrants.concat(
_(existingConditionalRoles)
.filter(function (role) {
// find those conditional roles which aren't yet granted to the user in any way
var roleInGrants =
function (grants) {
return _.find(grants, function (grant) {return 'managed/role/' + role._id === grant._ref;}) !== undefined;
};
//only process if the conditional role is not directly or conditionally granted
if (!roleInGrants(directGrants)) {
return !roleInGrants(conditionalGrants) &&
org.forgerock.openidm.condition.Conditions.newCondition(role.condition).evaluate(user, null);
}
return false;
})
.map(function(role) {
// a new relationship representation for those newly granted roles
return {
'_ref': 'managed/role/' + role._id, '_refProperties': {'_grantType' : 'conditional'}
};
})
.value()
).concat(
_.filter(conditionalGrants, function(grant) {
// retain the existing conditional grants which are still valid
var roleCorrespondingToGrant = _.find(existingConditionalRoles, function (role) { return 'managed/role/' + role._id === grant._ref; });
if (roleCorrespondingToGrant === undefined) {
logger.warn("In evaluateConditionalRoles, an existing user grant could not be matched to an " +
"existing conditional role. The grant in question: {}", grant);
return false;
} else {
return org.forgerock.openidm.condition.Conditions.newCondition(roleCorrespondingToGrant.condition).evaluate(user, null);
}
})
);
}
enabledCount = 0,
disableProvider = function() {
// disable social provider via use of "enabled": false -
object.idpData[request.additionalParameters.provider].enabled = false;
// uncomment below line to delete social provider data -
// delete object.idpData[request.additionalParameters.provider];
// update the object in every case:
openidm.update(resourcePath, object._rev, object);
};
if (!user.password) {
// make sure user isn't turning off last IDP with no password set
enabledCount = _.filter(_.values(object.idpData), function(idp) {
return idp.enabled;
}).length;
if (enabledCount > 1) {
disableProvider();
} else {
throw {
"code" : 400,
"message" : "config.messages.socialProviders.cannotUnbind"
};
}
} else {
disableProvider();
}
}