use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceFilterTest method createAccount.
private AccAccountDto createAccount(UUID systemId, UUID identityId, String uid, AccountType accountType, Boolean ownership) {
AccAccountDto account = new AccAccountDto();
account.setSystem(systemId);
account.setUid(uid);
account.setAccountType(accountType);
account = accAccountService.save(account);
AccIdentityAccountDto accountIdentity = new AccIdentityAccountDto();
accountIdentity.setIdentity(identityId);
accountIdentity.setOwnership(ownership);
accountIdentity.setAccount(account.getId());
identityAccoutnService.save(accountIdentity);
return account;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceTest method getConnectorObjectNotFullTest.
@Test
public void getConnectorObjectNotFullTest() {
String userOneName = "UserOne";
String eavAttributeName = "EAV_ATTRIBUTE";
SysSystemDto system = initData();
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(system.getId());
// Find and delete EAV schema attribute.
SysSchemaAttributeDto eavAttribute = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase(eavAttributeName)).findFirst().orElse(null);
Assert.assertNotNull(eavAttribute);
schemaAttributeService.delete(eavAttribute);
Assert.assertNotNull(system);
// Change resources (set state on exclude) .. must be call in transaction
this.getBean().persistResource(createResource(userOneName, new LocalDateTime()));
AccAccountDto account = new AccAccountDto();
account.setEntityType(SystemEntityType.IDENTITY);
account.setSystem(system.getId());
account.setAccountType(AccountType.PERSONAL);
account.setUid(userOneName);
account = accountService.save(account);
IdmIdentityDto identity = helper.createIdentity();
AccIdentityAccountDto accountIdentityOne = new AccIdentityAccountDto();
accountIdentityOne.setIdentity(identity.getId());
accountIdentityOne.setOwnership(true);
accountIdentityOne.setAccount(account.getId());
accountIdentityOne = identityAccountService.save(accountIdentityOne);
// Create role with evaluator
IdmRoleDto role = helper.createRole();
IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
policyAccount.setRole(role.getId());
policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
authorizationPolicyService.save(policyAccount);
// Assign role with evaluator
helper.createIdentityRole(identity, role);
logout();
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
Assert.assertNotNull(connectorObject);
Assert.assertEquals(userOneName, connectorObject.getUidValue());
// EAV attribute must be null, because we deleted the schema definition
Assert.assertNull(connectorObject.getAttributeByName(eavAttributeName));
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class ReadAccountByIdentityEvaluator method getPermissions.
@Override
public Set<String> getPermissions(AccAccount authorizable, AuthorizationPolicy policy) {
Set<String> permissions = super.getPermissions(authorizable, policy);
if (authorizable == null || !securityService.isAuthenticated()) {
return permissions;
}
AccIdentityAccountFilter identityAccountsFilter = new AccIdentityAccountFilter();
identityAccountsFilter.setAccountId(authorizable.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountsFilter, null).getContent();
identityAccounts.forEach(identityAccount -> {
BaseEntity identity = lookupService.lookupEntity(IdmIdentity.class, identityAccount.getIdentity());
Set<String> identityPermissions = authorizationManager.getPermissions(identity);
if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.READ)) {
permissions.add(IdmBasePermission.READ.name());
}
if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.AUTOCOMPLETE)) {
permissions.add(IdmBasePermission.AUTOCOMPLETE.name());
}
});
return permissions;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemAttributeService method save.
@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
// identifier
if (dto.isUid()) {
SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
filter.setIsUid(Boolean.TRUE);
filter.setRoleSystemId(dto.getRoleSystem());
List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
}
}
// We will check exists definition for extended attribute
SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
}
// We will do script validation (on compilation errors), before save
if (dto.getTransformScript() != null) {
groovyScriptService.validateScript(dto.getTransformScript());
}
SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
// RoleSystemAttribute was changed. We need do ACC management for all
// connected identities
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setRoleSystemId(dto.getRoleSystem());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
// TODO: move to filter and use distinct
List<IdmIdentityDto> identities = new ArrayList<>();
identityAccounts.stream().forEach(identityAccount -> {
if (!identities.contains(identityAccount.getIdentity())) {
// TODO: embedded
identities.add(identityService.get(identityAccount.getIdentity()));
}
});
identities.stream().forEach(identity -> {
LOG.debug("Call account management for identity [{}]", identity.getUsername());
boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
if (provisioningRequired) {
LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
getProvisioningService().doProvisioning(identity);
}
});
return roleSystemAttribute;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityProvisioningExecutor method findOverloadingAttributes.
/**
* Return list of all overloading attributes for given identity, system and
* uid
*
* @param identityAccount
* @param idenityAccoutnList
* @param operationType
* @param entityType
* @return
*/
@Override
protected List<SysRoleSystemAttributeDto> findOverloadingAttributes(IdmIdentityDto entity, SysSystemDto system, List<? extends EntityAccountDto> idenityAccoutnList, SystemEntityType entityType) {
List<SysRoleSystemAttributeDto> roleSystemAttributesAll = new ArrayList<>();
idenityAccoutnList.stream().filter(ia -> {
AccAccountDto account = DtoUtils.getEmbedded((AccIdentityAccountDto) ia, AccIdentityAccount_.account, AccAccountDto.class);
return ((AccIdentityAccountDto) ia).getIdentityRole() != null && account.getSystem() != null && account.getSystem().equals(system.getId()) && ia.isOwnership();
}).forEach((identityAccountInner) -> {
AbstractDto identityAccount = (AbstractDto) identityAccountInner;
// All identity account with same system and with filled
// identityRole
AccAccountDto account = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.account, AccAccountDto.class);
IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.identityRole, IdmIdentityRoleDto.class);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(identityRole.getRole());
roleSystemFilter.setSystemId(account.getSystem());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
if (roleSystems.size() > 1) {
SysRoleSystemDto roleSystem = roleSystems.get(0);
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
throw new ProvisioningException(AccResultCode.PROVISIONING_DUPLICATE_ROLE_MAPPING, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName(), "entityType", entityType));
}
if (!roleSystems.isEmpty()) {
SysRoleSystemDto roleSystem = roleSystems.get(0);
SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
List<SysRoleSystemAttributeDto> roleAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
if (!CollectionUtils.isEmpty(roleAttributes)) {
roleSystemAttributesAll.addAll(roleAttributes);
}
}
});
return roleSystemAttributesAll;
}
Aggregations