Examples with AccIdentityAccountDto eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto used on opensource projects

Example 31 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceFilterTest method createAccount.

private AccAccountDto createAccount(UUID systemId, UUID identityId, String uid, AccountType accountType, Boolean ownership) {
    AccAccountDto account = new AccAccountDto();
    account.setSystem(systemId);
    account.setUid(uid);
    account.setAccountType(accountType);
    account = accAccountService.save(account);
    AccIdentityAccountDto accountIdentity = new AccIdentityAccountDto();
    accountIdentity.setIdentity(identityId);
    accountIdentity.setOwnership(ownership);
    accountIdentity.setAccount(account.getId());
    identityAccoutnService.save(accountIdentity);
    return account;
}

Example 32 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceTest method getConnectorObjectNotFullTest.

@Test
public void getConnectorObjectNotFullTest() {
    String userOneName = "UserOne";
    String eavAttributeName = "EAV_ATTRIBUTE";
    SysSystemDto system = initData();
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(system.getId());
    // Find and delete EAV schema attribute.
    SysSchemaAttributeDto eavAttribute = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase(eavAttributeName)).findFirst().orElse(null);
    Assert.assertNotNull(eavAttribute);
    schemaAttributeService.delete(eavAttribute);
    Assert.assertNotNull(system);
    // Change resources (set state on exclude) .. must be call in transaction
    this.getBean().persistResource(createResource(userOneName, new LocalDateTime()));
    AccAccountDto account = new AccAccountDto();
    account.setEntityType(SystemEntityType.IDENTITY);
    account.setSystem(system.getId());
    account.setAccountType(AccountType.PERSONAL);
    account.setUid(userOneName);
    account = accountService.save(account);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountDto accountIdentityOne = new AccIdentityAccountDto();
    accountIdentityOne.setIdentity(identity.getId());
    accountIdentityOne.setOwnership(true);
    accountIdentityOne.setAccount(account.getId());
    accountIdentityOne = identityAccountService.save(accountIdentityOne);
    // Create role with evaluator
    IdmRoleDto role = helper.createRole();
    IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
    policyAccount.setRole(role.getId());
    policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
    policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
    policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
    authorizationPolicyService.save(policyAccount);
    // Assign role with evaluator
    helper.createIdentityRole(identity, role);
    logout();
    loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
    IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
    Assert.assertNotNull(connectorObject);
    Assert.assertEquals(userOneName, connectorObject.getUidValue());
    // EAV attribute must be null, because we deleted the schema definition
    Assert.assertNull(connectorObject.getAttributeByName(eavAttributeName));
}

Example 33 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class ReadAccountByIdentityEvaluator method getPermissions.

@Override
public Set<String> getPermissions(AccAccount authorizable, AuthorizationPolicy policy) {
    Set<String> permissions = super.getPermissions(authorizable, policy);
    if (authorizable == null || !securityService.isAuthenticated()) {
        return permissions;
    }
    AccIdentityAccountFilter identityAccountsFilter = new AccIdentityAccountFilter();
    identityAccountsFilter.setAccountId(authorizable.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountsFilter, null).getContent();
    identityAccounts.forEach(identityAccount -> {
        BaseEntity identity = lookupService.lookupEntity(IdmIdentity.class, identityAccount.getIdentity());
        Set<String> identityPermissions = authorizationManager.getPermissions(identity);
        if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.READ)) {
            permissions.add(IdmBasePermission.READ.name());
        }
        if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.AUTOCOMPLETE)) {
            permissions.add(IdmBasePermission.AUTOCOMPLETE.name());
        }
    });
    return permissions;
}

Example 34 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method save.

@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
    }
    SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
    // RoleSystemAttribute was changed. We need do ACC management for all
    // connected identities
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setRoleSystemId(dto.getRoleSystem());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // TODO: move to filter and use distinct
    List<IdmIdentityDto> identities = new ArrayList<>();
    identityAccounts.stream().forEach(identityAccount -> {
        if (!identities.contains(identityAccount.getIdentity())) {
            // TODO: embedded
            identities.add(identityService.get(identityAccount.getIdentity()));
        }
    });
    identities.stream().forEach(identity -> {
        LOG.debug("Call account management for identity [{}]", identity.getUsername());
        boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
        if (provisioningRequired) {
            LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
            getProvisioningService().doProvisioning(identity);
        }
    });
    return roleSystemAttribute;
}

Example 35 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningExecutor method findOverloadingAttributes.

/**
 * Return list of all overloading attributes for given identity, system and
 * uid
 *
 * @param identityAccount
 * @param idenityAccoutnList
 * @param operationType
 * @param entityType
 * @return
 */
@Override
protected List<SysRoleSystemAttributeDto> findOverloadingAttributes(IdmIdentityDto entity, SysSystemDto system, List<? extends EntityAccountDto> idenityAccoutnList, SystemEntityType entityType) {
    List<SysRoleSystemAttributeDto> roleSystemAttributesAll = new ArrayList<>();
    idenityAccoutnList.stream().filter(ia -> {
        AccAccountDto account = DtoUtils.getEmbedded((AccIdentityAccountDto) ia, AccIdentityAccount_.account, AccAccountDto.class);
        return ((AccIdentityAccountDto) ia).getIdentityRole() != null && account.getSystem() != null && account.getSystem().equals(system.getId()) && ia.isOwnership();
    }).forEach((identityAccountInner) -> {
        AbstractDto identityAccount = (AbstractDto) identityAccountInner;
        // All identity account with same system and with filled
        // identityRole
        AccAccountDto account = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.account, AccAccountDto.class);
        IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.identityRole, IdmIdentityRoleDto.class);
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(identityRole.getRole());
        roleSystemFilter.setSystemId(account.getSystem());
        List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
        if (roleSystems.size() > 1) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_DUPLICATE_ROLE_MAPPING, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName(), "entityType", entityType));
        }
        if (!roleSystems.isEmpty()) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
            roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
            List<SysRoleSystemAttributeDto> roleAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
            if (!CollectionUtils.isEmpty(roleAttributes)) {
                roleSystemAttributesAll.addAll(roleAttributes);
            }
        }
    });
    return roleSystemAttributesAll;
}