Search in sources :

Example 1 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestService method removeDuplicitiesSubRole.

/**
 * Create concepts for removing duplicities with subroles.
 * This operation execute get to database and slows the whole process.
 *
 * @param concepts
 * @param allByIdentity
 * @return
 */
private List<IdmConceptRoleRequestDto> removeDuplicitiesSubRole(List<IdmConceptRoleRequestDto> concepts, List<IdmIdentityRoleDto> allByIdentity) {
    List<IdmConceptRoleRequestDto> conceptsToRemove = new ArrayList<>();
    for (IdmConceptRoleRequestDto concept : concepts) {
        // Only add or modification
        if (concept.getOperation() != ConceptRoleRequestOperation.ADD && concept.getOperation() != ConceptRoleRequestOperation.UPDATE) {
            continue;
        }
        if (concept.getDuplicate() != null) {
            continue;
        }
        UUID roleId = concept.getRole();
        IdmIdentityContractDto identityContract = DtoUtils.getEmbedded(concept, IdmConceptRoleRequest_.identityContract, IdmIdentityContractDto.class, null);
        // Find all sub roles for role.
        List<IdmRoleCompositionDto> subRoles = roleCompositionService.findAllSubRoles(roleId);
        for (IdmRoleCompositionDto subRoleComposition : subRoles) {
            IdmRoleDto subRole = DtoUtils.getEmbedded(subRoleComposition, IdmRoleComposition_.sub, IdmRoleDto.class, null);
            IdmIdentityRoleDto tempIdentityRoleSub = new IdmIdentityRoleDto();
            tempIdentityRoleSub.setDirectRole(UUID.randomUUID());
            tempIdentityRoleSub.setIdentityContract(concept.getIdentityContract());
            tempIdentityRoleSub.setRole(subRole.getId());
            tempIdentityRoleSub.setValidFrom(concept.getValidFrom());
            tempIdentityRoleSub.setValidTill(concept.getValidTill());
            tempIdentityRoleSub.setIdentityContractDto(identityContract);
            tempIdentityRoleSub.setCreated(ZonedDateTime.now());
            // This automatically add default values. This is also expensive operation.
            tempIdentityRoleSub = valueGeneratorManager.generate(tempIdentityRoleSub);
            for (IdmIdentityRoleDto identityRole : allByIdentity) {
                // Get identity role eavs. This is also expensive operation.
                identityRole.setEavs(Lists.newArrayList(identityRoleService.getRoleAttributeValues(identityRole)));
                IdmIdentityRoleDto duplicated = identityRoleService.getDuplicated(tempIdentityRoleSub, identityRole, Boolean.FALSE);
                // Duplication founded, create request
                if (duplicated != null && identityRole.getId().equals(duplicated.getId())) {
                    IdmConceptRoleRequestDto removeConcept = new IdmConceptRoleRequestDto();
                    removeConcept.setIdentityContract(identityRole.getIdentityContract());
                    removeConcept.setIdentityRole(identityRole.getId());
                    removeConcept.setOperation(ConceptRoleRequestOperation.REMOVE);
                    removeConcept.setRoleRequest(concept.getRoleRequest());
                    removeConcept.addToLog(MessageFormat.format("Removed by duplicates with subrole id [{}]", identityRole.getRoleComposition()));
                    removeConcept = conceptRoleRequestService.save(removeConcept);
                    conceptsToRemove.add(removeConcept);
                }
            }
        }
    }
    // Add all concept to remove
    concepts.addAll(conceptsToRemove);
    return concepts;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ArrayList(java.util.ArrayList) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Example 2 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleDuplicateBulkActionIntegrationTest method testDuplicateRoleOnTheSameEnvironmentWithComposition.

/**
 * Sub roles are used the same as on parent
 */
@Test
public void testDuplicateRoleOnTheSameEnvironmentWithComposition() {
    IdmRoleDto role = createRole();
    List<IdmRoleCompositionDto> subRoles = findAllSubRoles(role);
    Assert.assertFalse(subRoles.isEmpty());
    // 
    String roleBaseCode = role.getBaseCode();
    // 
    IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
    bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
    bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
    IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
    // 
    checkResultLrt(processAction, 1l, null, null);
    IdmRoleFilter filter = new IdmRoleFilter();
    filter.setEnvironment(role.getEnvironment());
    List<IdmRoleDto> roles = roleService.find(filter, null).getContent();
    IdmRoleDto duplicate = roles.stream().filter(r -> r.getBaseCode().startsWith(roleBaseCode) && !r.getBaseCode().equals(roleBaseCode)).findFirst().get();
    // 
    List<IdmRoleCompositionDto> duplicateSubRoles = findAllSubRoles(duplicate);
    Assert.assertFalse(duplicateSubRoles.isEmpty());
    Assert.assertEquals(subRoles.size(), duplicateSubRoles.size());
    Assert.assertTrue(duplicateSubRoles.stream().allMatch(s -> subRoles.stream().anyMatch(r -> r.getSub().equals(s.getSub()))));
}
Also used : IdmRoleTreeNodeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleTreeNodeFilter) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) Autowired(org.springframework.beans.factory.annotation.Autowired) FormService(eu.bcvsolutions.idm.core.eav.api.service.FormService) CodeableEvaluator(eu.bcvsolutions.idm.core.security.evaluator.CodeableEvaluator) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmAuthorizationPolicyFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter) IdmAutomaticRoleAttributeRuleDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleDto) After(org.junit.After) TransactionContextHolder(eu.bcvsolutions.idm.core.api.domain.TransactionContextHolder) IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter) IdmEntityStateService(eu.bcvsolutions.idm.core.api.service.IdmEntityStateService) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService) IdmTreeType(eu.bcvsolutions.idm.core.model.entity.IdmTreeType) DuplicateRoleAutomaticByTreeProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleAutomaticByTreeProcessor) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) DuplicateRoleFormAttributeProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleFormAttributeProcessor) Sets(com.google.common.collect.Sets) IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto) List(java.util.List) DuplicateRoleCompositionProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleCompositionProcessor) IdmAutomaticRoleAttributeRuleService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeRuleService) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleFormAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleFormAttributeDto) IdmRoleTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmRoleTreeNodeService) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) DuplicateRoleAuthorizationPolicyProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleAuthorizationPolicyProcessor) PersistentType(eu.bcvsolutions.idm.core.eav.api.domain.PersistentType) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleFormAttributeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFormAttributeFilter) Before(org.junit.Before) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmRole_(eu.bcvsolutions.idm.core.model.entity.IdmRole_) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) Test(org.junit.Test) IdmCodeList(eu.bcvsolutions.idm.core.eav.entity.IdmCodeList) IdmRoleFormAttributeService(eu.bcvsolutions.idm.core.api.service.IdmRoleFormAttributeService) ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) IdmAutomaticRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAutomaticRoleFilter) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) IdmTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmTreeNode) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) IdmAuthorizationPolicyService(eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService) Assert(org.junit.Assert) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Example 3 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleRequestNotifyProvisioningProcessorIntegrationTest method testAssignSubRolesAfterCompositionIsCreatedAsync.

/**
 * Sub role composition assigning target system is created after role is assigned to identity asynchronously.
 */
@Test
public void testAssignSubRolesAfterCompositionIsCreatedAsync() {
    try {
        UUID transactionId = TransactionContextHolder.getContext().getTransactionId();
        Assert.assertNotNull(transactionId);
        // 
        getHelper().enableAsynchronousProcessing();
        // prepare role composition
        IdmRoleDto superior = getHelper().createRole();
        IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
        getHelper().createIdentityRole(identity, superior);
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
        Assert.assertEquals(1, assignedRoles.size());
        // 
        IdmRoleDto subOne = getHelper().createRole();
        IdmRoleDto subTwo = getHelper().createRole();
        // assign system
        SysSystemDto system = getHelper().createTestResourceSystem(true);
        getHelper().createRoleSystem(subTwo, system);
        // create composition at last
        getHelper().createRoleComposition(superior, subOne);
        IdmRoleCompositionDto compositionWithSystem = getHelper().createRoleComposition(subOne, subTwo);
        getHelper().waitForResult(res -> {
            return identityRoleService.findAllByIdentity(identity.getId()).size() != 3;
        });
        // 
        // sub roles will be assigned
        assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
        Assert.assertEquals(3, assignedRoles.size());
        // and account created
        AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
        Assert.assertNotNull(account);
        // 
        // remove role composition
        roleCompositionService.delete(compositionWithSystem);
        getHelper().waitForResult(res -> {
            return roleCompositionService.get(compositionWithSystem) != null;
        });
        // 
        assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
        Assert.assertEquals(2, assignedRoles.size());
        // 
        // and account deleted
        Assert.assertNull(accountService.getAccount(identity.getUsername(), system.getId()));
        // 
        // create composition again and remove assigned role by standard request
        getHelper().createRoleComposition(subOne, subTwo);
        getHelper().waitForResult(res -> {
            return identityRoleService.findAllByIdentity(identity.getId()).size() != 3;
        });
        // 
        assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
        Assert.assertEquals(3, assignedRoles.size());
        Assert.assertNotNull(accountService.getAccount(identity.getUsername(), system.getId()));
        // 
        IdmRoleRequestDto roleRequest = getHelper().createRoleRequest(identity, ConceptRoleRequestOperation.REMOVE, superior);
        getHelper().executeRequest(roleRequest, false);
        getHelper().waitForResult(res -> {
            return roleRequestService.get(roleRequest).getState() != RoleRequestState.EXECUTED;
        });
        Assert.assertEquals(RoleRequestState.EXECUTED, roleRequestService.get(roleRequest).getState());
        // 
        assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
        Assert.assertTrue(assignedRoles.isEmpty());
        Assert.assertNull(accountService.getAccount(identity.getUsername(), system.getId()));
    } finally {
        getHelper().disableAsynchronousProcessing();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) UUID(java.util.UUID) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 4 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleCompositionSaveProcessor method process.

@Override
public EventResult<IdmRoleCompositionDto> process(EntityEvent<IdmRoleCompositionDto> event) {
    IdmRoleCompositionDto roleComposition = event.getContent();
    roleComposition = service.saveInternal(roleComposition);
    event.setContent(roleComposition);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)

Example 5 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class AuthorizationPolicyByIdentityFilterBuilder method getPredicate.

@Override
public Predicate getPredicate(Root<IdmAuthorizationPolicy> root, AbstractQuery<?> query, CriteriaBuilder builder, IdmAuthorizationPolicyFilter filter) {
    UUID identityId = filter.getIdentityId();
    if (identityId == null) {
        return null;
    }
    // 
    // assigned role subquery
    Subquery<IdmIdentityRole> subquery = query.subquery(IdmIdentityRole.class);
    Root<IdmIdentityRole> subRoot = subquery.from(IdmIdentityRole.class);
    subquery.select(subRoot);
    subquery.where(builder.and(builder.equal(subRoot.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(IdmIdentity_.id), identityId), // correlation
    builder.equal(subRoot.get(IdmIdentityRole_.role), root.get(IdmAuthorizationPolicy_.role))));
    Predicate predicate = builder.exists(subquery);
    // 
    // or default role
    UUID defaultRoleId = roleConfiguration.getDefaultRoleId();
    if (defaultRoleId == null) {
        // default role is not defined
        return predicate;
    }
    // 
    // find all default role sub roles
    Set<UUID> defaultRoles = Sets.newHashSet(defaultRoleId);
    defaultRoles.addAll(roleCompositionService.findAllSubRoles(defaultRoleId).stream().map(IdmRoleCompositionDto::getSub).collect(Collectors.toSet()));
    return builder.or(predicate, root.get(IdmAuthorizationPolicy_.role).get(IdmRole_.id).in(defaultRoles));
}
Also used : IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) UUID(java.util.UUID) Predicate(javax.persistence.criteria.Predicate)

Aggregations

IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)47 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)35 Test (org.junit.Test)24 UUID (java.util.UUID)23 List (java.util.List)22 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21 Autowired (org.springframework.beans.factory.annotation.Autowired)21 IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)20 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)19 IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)18 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16 Set (java.util.Set)16 IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)15 Assert (org.junit.Assert)15 Transactional (org.springframework.transaction.annotation.Transactional)15 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)14 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)13 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)13 ArrayList (java.util.ArrayList)13 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)12