Examples with SysRoleSystemAttributeDto eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto used on opensource projects

Example 56 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemAttributeMappingService method validate.

/**
 * Validation. If validation does not pass, then runtime exception is throw.
 *
 * @param dto
 * @return
 */
@Override
public void validate(SysSystemAttributeMappingDto dto, SysSystemMappingDto systemMappingDto) {
    // For new attribute is this not required.
    if (!isNew(dto) && dto.isPasswordAttribute()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setSystemAttributeMappingId(dto.getId());
        List<SysRoleSystemAttributeDto> overridden = roleSystemAttributeService.find(filter, null).getContent();
        // If exists overridden attribute throw error
        if (!overridden.isEmpty()) {
            // Get first role system attribute and show it in error message
            SysRoleSystemAttributeDto sysRoleSystemAttributeDto = overridden.get(0);
            throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_PASSWORD_EXITS_OVERRIDDEN, ImmutableMap.of("roleSystemAttributeId", sysRoleSystemAttributeDto.getId()));
        }
    }
    /**
     * When provisioning is set, then can be schema attribute mapped only once.
     */
    if (dto.getSchemaAttribute() != null && systemMappingDto != null && SystemOperationType.PROVISIONING == systemMappingDto.getOperationType()) {
        SysSystemAttributeMappingFilter systemAttributeMappingFilter = new SysSystemAttributeMappingFilter();
        systemAttributeMappingFilter.setSchemaAttributeId(dto.getSchemaAttribute());
        systemAttributeMappingFilter.setSystemMappingId(systemMappingDto.getId());
        long count = // 
        this.find(systemAttributeMappingFilter, null).getContent().stream().filter(// 
        attribute -> !attribute.getId().equals(dto.getId())).count();
        if (count > 0) {
            throw new ResultCodeException(AccResultCode.PROVISIONING_DUPLICATE_ATTRIBUTE_MAPPING, ImmutableMap.of("schemaAttribute", dto.getSchemaAttribute()));
        }
    }
}

Example 57 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemAttributeMappingService method getControlledAttributeValues.

@Override
public List<Serializable> getControlledAttributeValues(UUID systemId, SystemEntityType entityType, String schemaAttributeName) {
    Assert.notNull(systemId, "System ID is mandatory for get controlled values!");
    Assert.notNull(entityType, "Entity type is mandatory for get controlled values!");
    Assert.notNull(schemaAttributeName, "Schema attribute name is mandatory for get controlled values!");
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(systemId, entityType);
    Assert.notNull(mapping, "System provisioning mapping is mandatory for search controlled attribute values!");
    List<Serializable> results = Lists.newArrayList();
    // Obtains controlled values from role-attributes
    SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
    roleSystemAttributeFilter.setSystemMappingId(mapping.getId());
    roleSystemAttributeFilter.setSchemaAttributeName(schemaAttributeName);
    List<SysRoleSystemAttributeDto> roleSystemAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
    // We need values for merge and enabled attributes only
    roleSystemAttributes.stream().filter(roleSystemAttr -> // 
    AttributeMappingStrategyType.MERGE == roleSystemAttr.getStrategyType() && // 
    !roleSystemAttr.isDisabledAttribute()).forEach(roleSystemAttr -> {
        // 
        Serializable value = getControlledValue(roleSystemAttr, systemId, schemaAttributeName);
        if (value != null && !results.contains(value)) {
            results.add(value);
        }
    });
    return results;
}

Example 58 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemService method delete.

@Override
@Transactional
public void delete(SysRoleSystemDto roleSystem, BasePermission... permission) {
    Assert.notNull(roleSystem, "Role system relation is required.");
    Assert.notNull(roleSystem.getId(), "Role system relation identifier is required.");
    SysRoleSystem roleSystemEntity = this.getEntity(roleSystem.getId());
    // Identity-role check.
    IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
    identityRoleFilter.setRoleSystemId(roleSystemEntity.getId());
    long count = identityRoleService.count(identityRoleFilter);
    if (count > 0) {
        IdmRoleDto roleDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.role, IdmRoleDto.class, null);
        throw new ResultCodeException(AccResultCode.ROLE_SYSTEM_IS_USE_IN_IDENTITY_ROLE, ImmutableMap.of("role", roleDto != null ? roleDto.getBaseCode() : "-", "count", count));
    }
    // 
    // delete attributes
    SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
    filter.setRoleSystemId(roleSystem.getId());
    List<SysRoleSystemAttributeDto> attributes = roleSystemAttributeService.find(filter, null).getContent();
    // controlled values are created by service.
    for (SysRoleSystemAttributeDto attribute : attributes) {
        roleSystemAttributeService.delete(attribute);
    }
    // 
    // clear identityAccounts - only link on roleSystem
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setRoleSystemId(roleSystemEntity.getId());
    identityAccountService.find(identityAccountFilter, null).getContent().forEach(identityAccount -> {
        identityAccount.setRoleSystem(null);
        identityAccountService.save(identityAccount);
    });
    // 
    // Cancel requests and request items using that deleting DTO
    requestManager.onDeleteRequestable(roleSystem);
    super.delete(roleSystem, permission);
}

Example 59 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemService method export.

@Override
public void export(UUID id, IdmExportImportDto batch) {
    Assert.notNull(batch, "Export batch must exist!");
    // Export role-system
    super.export(id, batch);
    ExportDescriptorDto descriptorDto = getExportManager().getDescriptor(batch, this.getDtoClass());
    descriptorDto.setOptional(true);
    descriptorDto.getAdvancedParingFields().add(SysRoleSystem_.role.getName());
    // Export role systems
    SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
    roleSystemAttributeFilter.setRoleSystemId(id);
    List<SysRoleSystemAttributeDto> roleSystemAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
    if (roleSystemAttributes.isEmpty()) {
        roleSystemAttributeService.export(ExportManager.BLANK_UUID, batch);
    }
    roleSystemAttributes.forEach(roleSystemAttribute -> {
        roleSystemAttributeService.export(roleSystemAttribute.getId(), batch);
    });
    // Set parent field -> set authoritative mode for override attributes.
    this.getExportManager().setAuthoritativeMode(SysRoleSystemAttribute_.roleSystem.getName(), "systemId", SysRoleSystemAttributeDto.class, batch);
    // The override attribute is optional too.
    ExportDescriptorDto descriptorAttributeDto = getExportManager().getDescriptor(batch, SysRoleSystemAttributeDto.class);
    descriptorAttributeDto.setOptional(true);
    descriptorAttributeDto.getAdvancedParingFields().add(SysRoleSystemAttribute_.roleSystem.getName());
}

Example 60 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method saveInternal.

@Override
public SysRoleSystemAttributeDto saveInternal(SysRoleSystemAttributeDto dto) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
        }
        filter = new SysRoleSystemAttributeFilter();
        filter.setRoleSystemId(dto.getRoleSystem());
        filter.setInCrossDomainGroupOrIsNoLogin(Boolean.TRUE);
        if (this.count(filter) > 0) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_NO_LOGIN_CANNOT_OVERRIDE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    // Password can't be overridden
    SysSchemaAttributeDto schemaAttributeDto = DtoUtils.getEmbedded(systemAttributeMapping, SysSystemAttributeMapping_.schemaAttribute, SysSchemaAttributeDto.class);
    if (systemAttributeMapping.isPasswordAttribute() || schemaAttributeDto.getName().equals(ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME)) {
        throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_PASSWORD_OVERRIDE);
    }
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systemAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    Object newControlledValue = null;
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
        // We have to evaluated script value, because validate of script is not sufficient
        newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
    }
    // Save history of controlled value (if definition changed)
    if (!this.isNew(dto)) {
        SysRoleSystemAttributeDto oldRoleAttribute = this.get(dto.getId());
        Object oldControlledValue = null;
        try {
            // We predicate only static script (none input variables, only system)!
            oldControlledValue = systemAttributeMappingService.transformValueToResource(null, null, oldRoleAttribute, null);
        } catch (ResultCodeException ex) {
            // If Groovy script exception occurred (for old value), then we need to continue
            // with save the attribute.
            ResultModels resultModels = ex.getError();
            if (resultModels != null && resultModels.getError() != null && CoreResultCode.GROOVY_SCRIPT_EXCEPTION.name().equals(resultModels.getError().getStatusEnum())) {
                LOG.warn(MessageFormat.format("Old value for role-system-attribute {0} cannot be evalued. Historic value will be not persist!", oldRoleAttribute.getId()), ex);
                oldControlledValue = null;
            } else {
                throw ex;
            }
        }
        newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
        // and new parent attribute is evicted
        if (!oldRoleAttribute.getSystemAttributeMapping().equals(dto.getSystemAttributeMapping())) {
            SysSystemAttributeMappingDto oldSystemAttributeMapping = systemAttributeMappingService.get(oldRoleAttribute.getSystemAttributeMapping());
            if (AttributeMappingStrategyType.MERGE == oldSystemAttributeMapping.getStrategyType()) {
                // Old attribute changed, so we need evict the cache
                oldSystemAttributeMapping.setEvictControlledValuesCache(true);
                systemAttributeMappingService.save(oldSystemAttributeMapping);
                // Set old value as historic
                attributeControlledValueService.addHistoricValue(oldSystemAttributeMapping, (Serializable) oldControlledValue);
            }
        } else // value to the history on parent attribute
        if (!Objects.equals(oldControlledValue, newControlledValue) && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        } else // we need add old value to history
        if (oldRoleAttribute.isDisabledAttribute() != dto.isDisabledAttribute() && dto.isDisabledAttribute() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        } else // old value will be added to history
        if (oldRoleAttribute.getStrategyType() != dto.getStrategyType() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        }
    }
    // Attribute created/updated, so we need evict the cache
    systemAttributeMapping.setEvictControlledValuesCache(true);
    systemAttributeMappingService.save(systemAttributeMapping);
    return super.saveInternal(dto);
}