Search in sources :

Example 31 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceFilterTest method createAccount.

private AccAccountDto createAccount(UUID systemId, UUID identityId, String uid, AccountType accountType, Boolean ownership) {
    AccAccountDto account = new AccAccountDto();
    account.setSystem(systemId);
    account.setUid(uid);
    account.setAccountType(accountType);
    account = accAccountService.save(account);
    AccIdentityAccountDto accountIdentity = new AccIdentityAccountDto();
    accountIdentity.setIdentity(identityId);
    accountIdentity.setOwnership(ownership);
    accountIdentity.setAccount(account.getId());
    identityAccoutnService.save(accountIdentity);
    return account;
}
Also used : AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 32 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceTest method getConnectorObjectNotFullTest.

@Test
public void getConnectorObjectNotFullTest() {
    String userOneName = "UserOne";
    String eavAttributeName = "EAV_ATTRIBUTE";
    SysSystemDto system = initData();
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(system.getId());
    // Find and delete EAV schema attribute.
    SysSchemaAttributeDto eavAttribute = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase(eavAttributeName)).findFirst().orElse(null);
    Assert.assertNotNull(eavAttribute);
    schemaAttributeService.delete(eavAttribute);
    Assert.assertNotNull(system);
    // Change resources (set state on exclude) .. must be call in transaction
    this.getBean().persistResource(createResource(userOneName, new LocalDateTime()));
    AccAccountDto account = new AccAccountDto();
    account.setEntityType(SystemEntityType.IDENTITY);
    account.setSystem(system.getId());
    account.setAccountType(AccountType.PERSONAL);
    account.setUid(userOneName);
    account = accountService.save(account);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountDto accountIdentityOne = new AccIdentityAccountDto();
    accountIdentityOne.setIdentity(identity.getId());
    accountIdentityOne.setOwnership(true);
    accountIdentityOne.setAccount(account.getId());
    accountIdentityOne = identityAccountService.save(accountIdentityOne);
    // Create role with evaluator
    IdmRoleDto role = helper.createRole();
    IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
    policyAccount.setRole(role.getId());
    policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
    policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
    policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
    authorizationPolicyService.save(policyAccount);
    // Assign role with evaluator
    helper.createIdentityRole(identity, role);
    logout();
    loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
    IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
    Assert.assertNotNull(connectorObject);
    Assert.assertEquals(userOneName, connectorObject.getUidValue());
    // EAV attribute must be null, because we deleted the schema definition
    Assert.assertNull(connectorObject.getAttributeByName(eavAttributeName));
}
Also used : LocalDateTime(org.joda.time.LocalDateTime) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AccAccount(eu.bcvsolutions.idm.acc.entity.AccAccount) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 33 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class ReadAccountByIdentityEvaluator method getPermissions.

@Override
public Set<String> getPermissions(AccAccount authorizable, AuthorizationPolicy policy) {
    Set<String> permissions = super.getPermissions(authorizable, policy);
    if (authorizable == null || !securityService.isAuthenticated()) {
        return permissions;
    }
    AccIdentityAccountFilter identityAccountsFilter = new AccIdentityAccountFilter();
    identityAccountsFilter.setAccountId(authorizable.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountsFilter, null).getContent();
    identityAccounts.forEach(identityAccount -> {
        BaseEntity identity = lookupService.lookupEntity(IdmIdentity.class, identityAccount.getIdentity());
        Set<String> identityPermissions = authorizationManager.getPermissions(identity);
        if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.READ)) {
            permissions.add(IdmBasePermission.READ.name());
        }
        if (PermissionUtils.hasPermission(identityPermissions, IdmBasePermission.AUTOCOMPLETE)) {
            permissions.add(IdmBasePermission.AUTOCOMPLETE.name());
        }
    });
    return permissions;
}
Also used : AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) BaseEntity(eu.bcvsolutions.idm.core.api.entity.BaseEntity) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 34 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method save.

@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
    }
    SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
    // RoleSystemAttribute was changed. We need do ACC management for all
    // connected identities
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setRoleSystemId(dto.getRoleSystem());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // TODO: move to filter and use distinct
    List<IdmIdentityDto> identities = new ArrayList<>();
    identityAccounts.stream().forEach(identityAccount -> {
        if (!identities.contains(identityAccount.getIdentity())) {
            // TODO: embedded
            identities.add(identityService.get(identityAccount.getIdentity()));
        }
    });
    identities.stream().forEach(identity -> {
        LOG.debug("Call account management for identity [{}]", identity.getUsername());
        boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
        if (provisioningRequired) {
            LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
            getProvisioningService().doProvisioning(identity);
        }
    });
    return roleSystemAttribute;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ArrayList(java.util.ArrayList) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 35 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningExecutor method findOverloadingAttributes.

/**
 * Return list of all overloading attributes for given identity, system and
 * uid
 *
 * @param identityAccount
 * @param idenityAccoutnList
 * @param operationType
 * @param entityType
 * @return
 */
@Override
protected List<SysRoleSystemAttributeDto> findOverloadingAttributes(IdmIdentityDto entity, SysSystemDto system, List<? extends EntityAccountDto> idenityAccoutnList, SystemEntityType entityType) {
    List<SysRoleSystemAttributeDto> roleSystemAttributesAll = new ArrayList<>();
    idenityAccoutnList.stream().filter(ia -> {
        AccAccountDto account = DtoUtils.getEmbedded((AccIdentityAccountDto) ia, AccIdentityAccount_.account, AccAccountDto.class);
        return ((AccIdentityAccountDto) ia).getIdentityRole() != null && account.getSystem() != null && account.getSystem().equals(system.getId()) && ia.isOwnership();
    }).forEach((identityAccountInner) -> {
        AbstractDto identityAccount = (AbstractDto) identityAccountInner;
        // All identity account with same system and with filled
        // identityRole
        AccAccountDto account = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.account, AccAccountDto.class);
        IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.identityRole, IdmIdentityRoleDto.class);
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(identityRole.getRole());
        roleSystemFilter.setSystemId(account.getSystem());
        List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
        if (roleSystems.size() > 1) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_DUPLICATE_ROLE_MAPPING, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName(), "entityType", entityType));
        }
        if (!roleSystems.isEmpty()) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
            roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
            List<SysRoleSystemAttributeDto> roleAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
            if (!CollectionUtils.isEmpty(roleAttributes)) {
                roleSystemAttributesAll.addAll(roleAttributes);
            }
        }
    });
    return roleSystemAttributesAll;
}
Also used : ProvisioningExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) Autowired(org.springframework.beans.factory.annotation.Autowired) AccIdentityAccount_(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount_) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) ArrayList(java.util.ArrayList) AccAccountManagementService(eu.bcvsolutions.idm.acc.service.api.AccAccountManagementService) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) Service(org.springframework.stereotype.Service) Qualifier(org.springframework.beans.factory.annotation.Qualifier) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) ImmutableMap(com.google.common.collect.ImmutableMap) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) ReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.ReadWriteDtoService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) CollectionUtils(org.springframework.util.CollectionUtils) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Assert(org.springframework.util.Assert) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ArrayList(java.util.ArrayList) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)

Aggregations

AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)69 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)54 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)50 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)46 Test (org.junit.Test)46 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)32 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)25 TestResource (eu.bcvsolutions.idm.acc.entity.TestResource)24 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)16 ArrayList (java.util.ArrayList)16 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)13 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)11 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)10 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)10 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)10 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)10 UUID (java.util.UUID)9 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)8