Examples with AccRoleAccountDto eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto used on opensource projects

Example 1 with AccRoleAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto in project CzechIdMng by bcvsolutions.

the class AccountManagementTest method testAccountCannotBeCreated.

@Test
public /**
 * Script on the mapping "Can be account created?" returns false.
 */
void testAccountCannotBeCreated() {
    SysSystemDto system = initData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.ROLE);
    Assert.assertNotNull(mapping);
    mapping.setCanBeAccountCreatedScript("return Boolean.FALSE;");
    mapping = systemMappingService.save(mapping);
    IdmRoleDto defaultRole = helper.createRole();
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setEntityId(defaultRole.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(0, roleAccounts.size());
    // Delete role
    roleService.delete(defaultRole);
    // Delete role mapping
    systemMappingService.delete(mapping);
}

Example 2 with AccRoleAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method doUnlink.

/**
 * Operation remove RoleAccount relations and linked roles
 *
 * @param account
 * @param removeRoleRole
 * @param log
 * @param logItem
 * @param actionLogs
 */
protected void doUnlink(AccAccountDto account, boolean removeRoleRole, SysSyncLogDto log, SysSyncItemLogDto logItem, List<SysSyncActionLogDto> actionLogs) {
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setAccountId(account.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    if (roleAccounts.isEmpty()) {
        addToItemLog(logItem, "Warning! - Role account relation was not found!");
        initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
        return;
    }
    addToItemLog(logItem, MessageFormat.format("Role-account relations to delete {0}", roleAccounts));
    roleAccounts.forEach(roleAccount -> {
        // We will remove role account, but without delete connected
        // account
        roleAccountService.delete(roleAccount, false);
        addToItemLog(logItem, MessageFormat.format("Role-account relation deleted (without call delete provisioning) (username: {0}, id: {1})", roleAccount.getRole(), roleAccount.getId()));
    });
}

Example 3 with AccRoleAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto in project CzechIdMng by bcvsolutions.

the class AccountDeleteProcessor method process.

@Override
public EventResult<AccAccountDto> process(EntityEvent<AccAccountDto> event) {
    AccAccountDto account = event.getContent();
    UUID entityId = null;
    Object entityIdObj = event.getProperties().get(AccAccountService.ENTITY_ID_PROPERTY);
    if (entityIdObj instanceof UUID) {
        entityId = (UUID) entityIdObj;
    }
    boolean deleteTargetAccount = false;
    Object deleteTargetAccountObj = event.getProperties().get(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY);
    if (deleteTargetAccountObj instanceof Boolean) {
        deleteTargetAccount = (boolean) deleteTargetAccountObj;
    }
    Assert.notNull(account, "Account cannot be null!");
    // We do not allow delete account in protection
    if (account.isAccountProtectedAndValid()) {
        throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", account.getUid()));
    }
    // delete all identity accounts
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setAccountId(account.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
    identityAccounts.forEach(identityAccount -> {
        identityAccountService.delete(identityAccount);
    });
    // delete all role accounts
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setAccountId(account.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    roleAccounts.forEach(roleAccount -> {
        roleAccountService.delete(roleAccount);
    });
    // delete all roleCatalogue accounts
    AccRoleCatalogueAccountFilter roleCatalogueAccountFilter = new AccRoleCatalogueAccountFilter();
    roleCatalogueAccountFilter.setAccountId(account.getId());
    List<AccRoleCatalogueAccountDto> roleCatalogueAccounts = roleCatalogueAccountService.find(roleCatalogueAccountFilter, null).getContent();
    roleCatalogueAccounts.forEach(roleCatalogueAccount -> {
        roleCatalogueAccountService.delete(roleCatalogueAccount);
    });
    // delete all tree accounts
    AccTreeAccountFilter treeAccountFilter = new AccTreeAccountFilter();
    treeAccountFilter.setAccountId(account.getId());
    List<AccTreeAccountDto> treeAccounts = treeAccountService.find(treeAccountFilter, null).getContent();
    treeAccounts.forEach(treeAccount -> {
        treeAccountService.delete(treeAccount);
    });
    // delete all contract accounts
    AccContractAccountFilter contractAccountFilter = new AccContractAccountFilter();
    contractAccountFilter.setAccountId(account.getId());
    List<AccContractAccountDto> contractAccounts = contractAccountService.find(contractAccountFilter, null).getContent();
    contractAccounts.forEach(contractAccount -> {
        contractAccountService.delete(contractAccount);
    });
    // delete all contract slice accounts
    AccContractSliceAccountFilter contractSliceAccountFilter = new AccContractSliceAccountFilter();
    contractSliceAccountFilter.setAccountId(account.getId());
    contractAccountSliceService.find(contractSliceAccountFilter, null).forEach(contractAccount -> {
        contractAccountSliceService.delete(contractAccount);
    });
    // 
    AccAccountDto refreshAccount = accountService.get(account.getId());
    // directly now
    if (refreshAccount != null) {
        accountService.deleteInternal(refreshAccount);
    }
    if (deleteTargetAccount && account.getEntityType() != null) {
        SystemEntityType entityType = account.getEntityType();
        if (!entityType.isSupportsProvisioning()) {
            LOG.warn(MessageFormat.format("Provisioning is not supported for [{1}] now [{0}]!", account.getUid(), entityType));
            return new DefaultEventResult<>(event, this);
        }
        LOG.debug(MessageFormat.format("Call delete provisioning for account with UID [{0}] and entity ID [{1}].", account.getUid(), entityId));
        // Create context for systemEntity in account DTO and set ID of role-request to it.
        UUID roleRequestId = this.getRoleRequestIdProperty(event.getProperties());
        this.initContext(account, roleRequestId);
        this.provisioningService.doDeleteProvisioning(account, account.getEntityType(), entityId);
    }
    return new DefaultEventResult<>(event, this);
}

Example 4 with AccRoleAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueByDn.

@Test
public /**
 * Test create role catalog by DN:
 *  "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
 *  "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
 *  "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
 * 	"CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
 * 	"CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
 */
void testSyncRolesCatalogueByDn() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    SysSystemDto userSystem = helper.createTestResourceSystem(true);
    List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    Assert.assertNotNull(userSystemMappings);
    Assert.assertEquals(1, userSystemMappings.size());
    SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
    // Switch to the sync.
    userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
    userMappingDto = systemMappingService.save(userMappingDto);
    List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
    SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
    Assert.assertNotNull(userEmailAttribute);
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID roleSystemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(roleSystemId);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(roleSystemId);
    schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
    SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
    Assert.assertNotNull(schemaAttributeDto);
    SysSystemDto roleSystemDto = new SysSystemDto();
    roleSystemDto.setId(roleSystemId);
    List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
    Assert.assertNotNull(roleSystemMappings);
    Assert.assertEquals(1, roleSystemMappings.size());
    SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
    // Use ACC script "resolveRoleCatalogueByDn".
    IdmScriptFilter scriptFilter = new IdmScriptFilter();
    scriptFilter.setCode(MsAdSyncMappingRoleAutoAttributesProcessor.RESOLVE_ROLE_CATALOG_BY_DN_SCRIPT);
    scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
    String catalogTransformationScript = null;
    IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
    if (scriptDto != null) {
        catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
    }
    Assert.assertNotNull(catalogTransformationScript);
    // Create mapping attribute for get catalog.
    SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
    roleIdAttribute.setEntityAttribute(true);
    roleIdAttribute.setUid(false);
    roleIdAttribute.setSystemMapping(roleMappingDto.getId());
    roleIdAttribute.setExtendedAttribute(false);
    roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
    roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
    roleIdAttribute.setName(helper.createName());
    roleIdAttribute = attributeMappingService.save(roleIdAttribute);
    IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue();
    // Enable assign of role catalogue.
    roleConfigDto.setAssignCatalogueSwitch(true);
    roleConfigDto.setRemoveCatalogueRoleSwitch(false);
    roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // Init data - roles with DN.
    getBean().initDataRolesWithDn();
    // Start sync
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    // "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
    // "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
    // "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
    // "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
    // "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
    // Check catalog structure:
    IdmRoleCatalogueDto wizardGroups = roleCatalogueService.getByCode("WizardGroups/" + mainRoleCatalogue.getCode());
    Assert.assertNotNull(wizardGroups);
    IdmRoleCatalogueDto one = roleCatalogueService.getByCode("one/WizardGroups/" + mainRoleCatalogue.getCode());
    Assert.assertNotNull(one);
    Assert.assertEquals(wizardGroups.getId(), one.getParent());
    IdmRoleCatalogueDto two = roleCatalogueService.getByCode("two/one/WizardGroups/" + mainRoleCatalogue.getCode());
    Assert.assertNotNull(two);
    Assert.assertEquals(one.getId(), two.getParent());
    IdmRoleCatalogueDto one2 = roleCatalogueService.getByCode("one/two/one/WizardGroups/" + mainRoleCatalogue.getCode());
    Assert.assertNotNull(one2);
    Assert.assertEquals(two.getId(), one2.getParent());
    IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
    roleCatalogueRoleFilter.setRoleCatalogueId(wizardGroups.getId());
    List<IdmRoleCatalogueRoleDto> roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
    Assert.assertEquals(2, roleCatalogRoles.size());
    Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
    Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
    roleCatalogueRoleFilter.setRoleCatalogueId(one.getId());
    roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
    Assert.assertEquals(1, roleCatalogRoles.size());
    Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
    roleCatalogueRoleFilter.setRoleCatalogueId(two.getId());
    roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
    Assert.assertEquals(1, roleCatalogRoles.size());
    Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
    roleCatalogueRoleFilter.setRoleCatalogueId(one2.getId());
    roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
    Assert.assertEquals(1, roleCatalogRoles.size());
    Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(roleSystemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueFilter, null).getContent();
        Assert.assertEquals(1, roleCatalogueRoleDtos.size());
    });
    cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}

Example 5 with AccRoleAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRoles.

@Test
public void testSyncRoles() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    // 
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID systemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(systemId);
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(systemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    roleAccountDtos.forEach(roleAccountDto -> {
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(roleAccountDto.getRole());
        List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
        Assert.assertTrue(roleSystemDtos.isEmpty());
    });
    // Delete a log.
    syncLogService.delete(log);
    // Delete roles.
    roleAccountDtos.forEach(roleAccountDto -> {
        roleService.delete(roleService.get(roleAccountDto.getRole()));
    });
    // Delete sync.
    syncConfigService.delete(syncConfigCustom);
    // Delete system.
    systemService.delete(systemService.get(systemId));
}