in sources/src/main/java/com/google/solutions/jitaccess/web/rest/ProposalResource.java [204:265]
public record ApprovalInfo(
@NotNull ApprovalStatusInfo status,
@NotNull GroupsResource.GroupInfo group,
@NotNull List<GroupsResource.ConstraintInfo> satisfiedConstraints,
@NotNull List<GroupsResource.ConstraintInfo> unsatisfiedConstraints,
@NotNull List<GroupsResource.InputInfo> input
) {
static @NotNull ApprovalInfo forApprovalAnalysis(
@NotNull JitGroupContext g,
@NotNull Proposal proposal
) {
var approvalOp = g.approve(proposal);
var groupInfo = GroupsResource.GroupInfo.create(
g,
GroupsResource.JoinInfo.forProposal(approvalOp.joiningUserInput()));
var analysis = approvalOp.dryRun();
ApprovalStatusInfo status;
if (analysis.isAccessAllowed(PolicyAnalysis.AccessOptions.IGNORE_CONSTRAINTS)) {
status = ApprovalStatusInfo.APPROVAL_ALLOWED;
}
else {
status = ApprovalStatusInfo.APPROVAL_DISALLOWED;
}
return new ApprovalInfo(
status,
groupInfo,
analysis.satisfiedConstraints().stream()
.map(c -> new GroupsResource.ConstraintInfo(c.name(), c.displayName()))
.toList(),
analysis.unsatisfiedConstraints().stream()
.map(c -> new GroupsResource.ConstraintInfo(c.name(), c.displayName()))
.toList(),
analysis.input().stream()
.sorted(Comparator.comparing(p -> p.name()))
.map(GroupsResource.InputInfo::fromProperty)
.toList());
}
static @NotNull ApprovalInfo forApprovedProposal(
@NotNull JitGroupContext g,
@NotNull Principal principal,
@NotNull List<Property> joiningUserInput,
@NotNull List<Property> input
) {
return new ApprovalInfo(
ApprovalStatusInfo.APPROVAL_COMPLETED,
GroupsResource.GroupInfo.create(
g,
GroupsResource.JoinInfo.forCompletedJoin(principal, joiningUserInput)),
List.of(), // Don't repeat constraints
List.of(), // Don't repeat constraints
input
.stream()
.sorted(Comparator.comparing(p -> p.name()))
.map(GroupsResource.InputInfo::fromProperty)
.toList());
}
}