use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleRequestService method removeDuplicitiesSubRole.
/**
* Create concepts for removing duplicities with subroles.
* This operation execute get to database and slows the whole process.
*
* @param concepts
* @param allByIdentity
* @return
*/
private List<IdmConceptRoleRequestDto> removeDuplicitiesSubRole(List<IdmConceptRoleRequestDto> concepts, List<IdmIdentityRoleDto> allByIdentity) {
List<IdmConceptRoleRequestDto> conceptsToRemove = new ArrayList<>();
for (IdmConceptRoleRequestDto concept : concepts) {
// Only add or modification
if (concept.getOperation() != ConceptRoleRequestOperation.ADD && concept.getOperation() != ConceptRoleRequestOperation.UPDATE) {
continue;
}
if (concept.getDuplicate() != null) {
continue;
}
UUID roleId = concept.getRole();
IdmIdentityContractDto identityContract = DtoUtils.getEmbedded(concept, IdmConceptRoleRequest_.identityContract, IdmIdentityContractDto.class, null);
// Find all sub roles for role.
List<IdmRoleCompositionDto> subRoles = roleCompositionService.findAllSubRoles(roleId);
for (IdmRoleCompositionDto subRoleComposition : subRoles) {
IdmRoleDto subRole = DtoUtils.getEmbedded(subRoleComposition, IdmRoleComposition_.sub, IdmRoleDto.class, null);
IdmIdentityRoleDto tempIdentityRoleSub = new IdmIdentityRoleDto();
tempIdentityRoleSub.setDirectRole(UUID.randomUUID());
tempIdentityRoleSub.setIdentityContract(concept.getIdentityContract());
tempIdentityRoleSub.setRole(subRole.getId());
tempIdentityRoleSub.setValidFrom(concept.getValidFrom());
tempIdentityRoleSub.setValidTill(concept.getValidTill());
tempIdentityRoleSub.setIdentityContractDto(identityContract);
tempIdentityRoleSub.setCreated(ZonedDateTime.now());
// This automatically add default values. This is also expensive operation.
tempIdentityRoleSub = valueGeneratorManager.generate(tempIdentityRoleSub);
for (IdmIdentityRoleDto identityRole : allByIdentity) {
// Get identity role eavs. This is also expensive operation.
identityRole.setEavs(Lists.newArrayList(identityRoleService.getRoleAttributeValues(identityRole)));
IdmIdentityRoleDto duplicated = identityRoleService.getDuplicated(tempIdentityRoleSub, identityRole, Boolean.FALSE);
// Duplication founded, create request
if (duplicated != null && identityRole.getId().equals(duplicated.getId())) {
IdmConceptRoleRequestDto removeConcept = new IdmConceptRoleRequestDto();
removeConcept.setIdentityContract(identityRole.getIdentityContract());
removeConcept.setIdentityRole(identityRole.getId());
removeConcept.setOperation(ConceptRoleRequestOperation.REMOVE);
removeConcept.setRoleRequest(concept.getRoleRequest());
removeConcept.addToLog(MessageFormat.format("Removed by duplicates with subrole id [{}]", identityRole.getRoleComposition()));
removeConcept = conceptRoleRequestService.save(removeConcept);
conceptsToRemove.add(removeConcept);
}
}
}
}
// Add all concept to remove
concepts.addAll(conceptsToRemove);
return concepts;
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleDuplicateBulkActionIntegrationTest method testDuplicateRoleOnTheSameEnvironmentWithComposition.
/**
* Sub roles are used the same as on parent
*/
@Test
public void testDuplicateRoleOnTheSameEnvironmentWithComposition() {
IdmRoleDto role = createRole();
List<IdmRoleCompositionDto> subRoles = findAllSubRoles(role);
Assert.assertFalse(subRoles.isEmpty());
//
String roleBaseCode = role.getBaseCode();
//
IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
IdmRoleFilter filter = new IdmRoleFilter();
filter.setEnvironment(role.getEnvironment());
List<IdmRoleDto> roles = roleService.find(filter, null).getContent();
IdmRoleDto duplicate = roles.stream().filter(r -> r.getBaseCode().startsWith(roleBaseCode) && !r.getBaseCode().equals(roleBaseCode)).findFirst().get();
//
List<IdmRoleCompositionDto> duplicateSubRoles = findAllSubRoles(duplicate);
Assert.assertFalse(duplicateSubRoles.isEmpty());
Assert.assertEquals(subRoles.size(), duplicateSubRoles.size());
Assert.assertTrue(duplicateSubRoles.stream().allMatch(s -> subRoles.stream().anyMatch(r -> r.getSub().equals(s.getSub()))));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleRequestNotifyProvisioningProcessorIntegrationTest method testAssignSubRolesAfterCompositionIsCreatedAsync.
/**
* Sub role composition assigning target system is created after role is assigned to identity asynchronously.
*/
@Test
public void testAssignSubRolesAfterCompositionIsCreatedAsync() {
try {
UUID transactionId = TransactionContextHolder.getContext().getTransactionId();
Assert.assertNotNull(transactionId);
//
getHelper().enableAsynchronousProcessing();
// prepare role composition
IdmRoleDto superior = getHelper().createRole();
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
getHelper().createIdentityRole(identity, superior);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
//
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subTwo = getHelper().createRole();
// assign system
SysSystemDto system = getHelper().createTestResourceSystem(true);
getHelper().createRoleSystem(subTwo, system);
// create composition at last
getHelper().createRoleComposition(superior, subOne);
IdmRoleCompositionDto compositionWithSystem = getHelper().createRoleComposition(subOne, subTwo);
getHelper().waitForResult(res -> {
return identityRoleService.findAllByIdentity(identity.getId()).size() != 3;
});
//
// sub roles will be assigned
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(3, assignedRoles.size());
// and account created
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
//
// remove role composition
roleCompositionService.delete(compositionWithSystem);
getHelper().waitForResult(res -> {
return roleCompositionService.get(compositionWithSystem) != null;
});
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, assignedRoles.size());
//
// and account deleted
Assert.assertNull(accountService.getAccount(identity.getUsername(), system.getId()));
//
// create composition again and remove assigned role by standard request
getHelper().createRoleComposition(subOne, subTwo);
getHelper().waitForResult(res -> {
return identityRoleService.findAllByIdentity(identity.getId()).size() != 3;
});
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(3, assignedRoles.size());
Assert.assertNotNull(accountService.getAccount(identity.getUsername(), system.getId()));
//
IdmRoleRequestDto roleRequest = getHelper().createRoleRequest(identity, ConceptRoleRequestOperation.REMOVE, superior);
getHelper().executeRequest(roleRequest, false);
getHelper().waitForResult(res -> {
return roleRequestService.get(roleRequest).getState() != RoleRequestState.EXECUTED;
});
Assert.assertEquals(RoleRequestState.EXECUTED, roleRequestService.get(roleRequest).getState());
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.isEmpty());
Assert.assertNull(accountService.getAccount(identity.getUsername(), system.getId()));
} finally {
getHelper().disableAsynchronousProcessing();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionSaveProcessor method process.
@Override
public EventResult<IdmRoleCompositionDto> process(EntityEvent<IdmRoleCompositionDto> event) {
IdmRoleCompositionDto roleComposition = event.getContent();
roleComposition = service.saveInternal(roleComposition);
event.setContent(roleComposition);
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class AuthorizationPolicyByIdentityFilterBuilder method getPredicate.
@Override
public Predicate getPredicate(Root<IdmAuthorizationPolicy> root, AbstractQuery<?> query, CriteriaBuilder builder, IdmAuthorizationPolicyFilter filter) {
UUID identityId = filter.getIdentityId();
if (identityId == null) {
return null;
}
//
// assigned role subquery
Subquery<IdmIdentityRole> subquery = query.subquery(IdmIdentityRole.class);
Root<IdmIdentityRole> subRoot = subquery.from(IdmIdentityRole.class);
subquery.select(subRoot);
subquery.where(builder.and(builder.equal(subRoot.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), identityId), // correlation
builder.equal(subRoot.get(IdmIdentityRole_.role), root.get(IdmAuthorizationPolicy_.role))));
Predicate predicate = builder.exists(subquery);
//
// or default role
UUID defaultRoleId = roleConfiguration.getDefaultRoleId();
if (defaultRoleId == null) {
// default role is not defined
return predicate;
}
//
// find all default role sub roles
Set<UUID> defaultRoles = Sets.newHashSet(defaultRoleId);
defaultRoles.addAll(roleCompositionService.findAllSubRoles(defaultRoleId).stream().map(IdmRoleCompositionDto::getSub).collect(Collectors.toSet()));
return builder.or(predicate, root.get(IdmAuthorizationPolicy_.role).get(IdmRole_.id).in(defaultRoles));
}
Aggregations