Search in sources :

Example 21 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class VsProvisioningMergeTest method testAttribteControlledValues.

@Test
public void testAttribteControlledValues() {
    VsSystemDto config = new VsSystemDto();
    config.setName(helper.createName());
    config.setCreateDefaultRole(false);
    SysSystemDto system = helper.createVirtualSystem(config);
    IdmRoleDto roleOne = helper.createRole();
    IdmRoleDto roleTwo = helper.createRole();
    SysRoleSystemDto roleSystemOne = helper.createRoleSystem(roleOne, system);
    SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(roleTwo, system);
    SysSystemMappingDto mapping = mappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
    SysSystemAttributeMappingFilter attributeFilter = new SysSystemAttributeMappingFilter();
    attributeFilter.setSystemMappingId(mapping.getId());
    attributeFilter.setSchemaAttributeName(RIGHTS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(attributeFilter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto rightsAttribute = attributes.get(0);
    SysRoleSystemAttributeDto roleAttributeOne = new SysRoleSystemAttributeDto();
    roleAttributeOne.setName(RIGHTS_ATTRIBUTE);
    roleAttributeOne.setRoleSystem(roleSystemOne.getId());
    roleAttributeOne.setEntityAttribute(false);
    roleAttributeOne.setExtendedAttribute(false);
    roleAttributeOne.setUid(false);
    roleAttributeOne.setStrategyType(AttributeMappingStrategyType.MERGE);
    roleAttributeOne.setSystemAttributeMapping(rightsAttribute.getId());
    roleAttributeOne.setTransformToResourceScript("return '" + ONE_VALUE + "';");
    roleAttributeOne = roleSystemAttributeService.saveInternal(roleAttributeOne);
    SysRoleSystemAttributeDto roleAttributeTwo = new SysRoleSystemAttributeDto();
    roleAttributeTwo.setName(RIGHTS_ATTRIBUTE);
    roleAttributeTwo.setRoleSystem(roleSystemTwo.getId());
    roleAttributeTwo.setEntityAttribute(false);
    roleAttributeTwo.setExtendedAttribute(false);
    roleAttributeTwo.setUid(false);
    roleAttributeTwo.setStrategyType(AttributeMappingStrategyType.MERGE);
    roleAttributeTwo.setSystemAttributeMapping(rightsAttribute.getId());
    roleAttributeTwo.setTransformToResourceScript("return '" + TWO_VALUE + "';");
    roleAttributeTwo = roleSystemAttributeService.saveInternal(roleAttributeTwo);
    IdmIdentityDto identity = helper.createIdentity();
    helper.createIdentityRole(identity, roleOne);
    helper.createIdentityRole(identity, roleTwo);
    AccAccountFilter accountFilter = new AccAccountFilter();
    accountFilter.setSystemId(system.getId());
    List<AccAccountDto> accounts = accountService.find(accountFilter, null).getContent();
    assertEquals(1, accounts.size());
    AccAccountDto account = accounts.get(0);
    IcConnectorObject connectorObject = accountService.getConnectorObject(account);
    IcAttribute rightsAttributeFromSystem = connectorObject.getAttributeByName(RIGHTS_ATTRIBUTE);
    List<Object> rightsValues = rightsAttributeFromSystem.getValues();
    assertEquals(2, rightsValues.size());
    assertTrue(rightsValues.contains(ONE_VALUE));
    assertTrue(rightsValues.contains(TWO_VALUE));
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) VsSystemDto(eu.bcvsolutions.idm.vs.dto.VsSystemDto) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 22 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningExecutor method getAttributeValue.

@Override
protected Object getAttributeValue(String uid, IdmIdentityDto dto, AttributeMapping attribute, SysSystemDto system, MappingContext mappingContext) {
    if (attribute instanceof SysRoleSystemAttributeDto) {
        SysRoleSystemAttributeDto roleSystemAttributeDto = (SysRoleSystemAttributeDto) attribute;
        if (roleSystemAttributeDto.isSkipValueIfExcluded() && (AttributeMappingStrategyType.MERGE == roleSystemAttributeDto.getStrategyType() || AttributeMappingStrategyType.AUTHORITATIVE_MERGE == roleSystemAttributeDto.getStrategyType())) {
            // Get ID of the role
            Assert.notNull(roleSystemAttributeDto.getRoleSystem(), "SysRoleSystem cannot be null!");
            SysRoleSystemDto roleSystemDto = DtoUtils.getEmbedded(roleSystemAttributeDto, SysRoleSystemAttribute_.roleSystem.getName(), SysRoleSystemDto.class, (SysRoleSystemDto) null);
            if (roleSystemDto == null) {
                roleSystemDto = roleSystemService.get(roleSystemAttributeDto.getId());
            }
            UUID roleId = roleSystemDto.getRole();
            Assert.notNull(roleId, "Role cannot be null!");
            // Find count of NOT excluded contracts for this identity and role
            IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
            contractFilter.setIdentity(dto.getId());
            contractFilter.setExcluded(Boolean.FALSE);
            contractFilter.setRoleId(roleId);
            // If exists some not excluded contract, then value will be not skipped!
            long countOfNotExcludedContracts = identityContractService.count(contractFilter);
            if (countOfNotExcludedContracts == 0) {
                contractFilter.setExcluded(Boolean.TRUE);
                // For skip the value must exist at least one excluded contract
                long countOfexcludedContracts = identityContractService.count(contractFilter);
                if (countOfexcludedContracts >= 0) {
                    return null;
                }
            }
        }
    }
    // identity-roles). That list will be input for that fields.
    if (// 
    attribute != null && (// 
    ASSIGNED_ROLES_FIELD.equals(attribute.getIdmPropertyName()) || // 
    ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName()))) {
        // 
        assertNotNull(dto.getId());
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setIdentityId(dto.getId());
        identityRoleFilter.setValid(Boolean.TRUE);
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(IdmIdentityRole_.created.getName()))).getContent();
        List<IdmIdentityRoleDto> identityRolesToProcess;
        if (ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName())) {
            // For ASSIGNED_ROLES_FOR_SYSTEM_FIELD we will convert only identity-roles for
            // that identity and given system
            assertNotNull(system.getId());
            List<IdmIdentityRoleDto> identityRolesForSystem = Lists.newArrayList();
            AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
            identityAccountFilter.setIdentityId(dto.getId());
            identityAccountFilter.setSystemId(system.getId());
            List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
            // Filtering only identity-roles for that system
            identityAccounts.forEach(identityAccount -> {
                identityRolesForSystem.addAll(// 
                identityRoles.stream().filter(// 
                identityRole -> identityRole.getId().equals(identityAccount.getIdentityRole())).collect(// 
                Collectors.toList()));
            });
            identityRolesToProcess = identityRolesForSystem;
        } else {
            // For ASSIGNED_ROLES_FIELD we will convert all identity-roles for that identity
            identityRolesToProcess = identityRoles;
        }
        List<AssignedRoleDto> assignedRoles = new ArrayList<>();
        identityRolesToProcess.forEach(identityRole -> {
            IdmFormInstanceDto formInstanceDto = identityRoleService.getRoleAttributeValues(identityRole);
            identityRole.getEavs().clear();
            identityRole.getEavs().add(formInstanceDto);
            // Convert identityRole to AssignedRoleDto
            assignedRoles.add(IdentityProvisioningExecutor.convertToAssignedRoleDto(identityRole));
        });
        return attributeMappingService.transformValueToResource(uid, assignedRoles, attribute, dto);
    }
    // For user-type (projection) will be attribute value IdmFormProjectionDto.
    if (attribute != null && dto != null && dto.getFormProjection() != null && IdmIdentity_.formProjection.getName().equals(attribute.getIdmPropertyName())) {
        BaseDto projection = lookupService.lookupEmbeddedDto(dto, IdmIdentity_.formProjection);
        return attributeMappingService.transformValueToResource(uid, projection, attribute, dto);
    }
    // Default transformation of Identity state enum to string
    if (attribute != null && dto != null && IDENTITY_STATE_IDM_NAME.equals(attribute.getIdmPropertyName())) {
        String state = dto.getState().toString();
        return attributeMappingService.transformValueToResource(uid, state, attribute, dto);
    }
    return super.getAttributeValue(uid, dto, attribute, system, mappingContext);
}
Also used : IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto) ArrayList(java.util.ArrayList) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) IdmIdentityContractFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityContractFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AssignedRoleDto(eu.bcvsolutions.idm.acc.domain.AssignedRoleDto) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)

Example 23 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method resolveSkipValueIfExcluded.

/**
 * Resolve 'Skip value if is contract excluded'.
 */
private void resolveSkipValueIfExcluded(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncItemLogDto logItem, IcConnectorObject connectorObject, SysSystemAttributeMappingDto memberOfAttributeDto, SysSchemaObjectClassDto schemaObjectClassDto) {
    SysSystemAttributeMappingDto skipValueIfExcludeAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_SKIP_VALUE_IF_EXCLUDED_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
    Assert.notNull(skipValueIfExcludeAttributeDto, "Skip value if is contract excluded attribute cannot be null!");
    if (!isNew && AttributeMappingStrategyType.CREATE == skipValueIfExcludeAttributeDto.getStrategyType()) {
        addToItemLog(logItem, "The attribute for 'Skip value if is contract excluded' has strategy set to 'Set only for new entity'. Role isn't new, so resolving of forward ACM will be skipped for this role.");
    } else {
        addToItemLog(logItem, MessageFormat.format("Resolving of 'Skip value if is contract excluded' is activated for this role [{0}].", roleDto.getCode()));
        // Get value from attribute transformation.
        Object skipIfValueExcludedObj = this.getValueByMappedAttribute(skipValueIfExcludeAttributeDto, connectorObject.getAttributes(), context);
        boolean skipIfValueExcluded = getSkipIfValueExcludedFromValue(skipIfValueExcludedObj);
        // Save member attribute with new skip value if excluded value.
        SysRoleSystemDto roleSystemDto = findRoleSystemDto(roleDto, memberOfAttributeDto, schemaObjectClassDto);
        if (roleSystemDto != null) {
            // Find member attribute.
            SysRoleSystemAttributeDto memberAttribute = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
            if (memberAttribute != null) {
                memberAttribute.setSkipValueIfExcluded(skipIfValueExcluded);
                roleSystemAttributeService.save(memberAttribute);
                addToItemLog(logItem, MessageFormat.format("'Skip value if is contract excluded' parameter [{0}] was save for this role.", skipIfValueExcluded));
            }
        }
    }
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)

Example 24 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method checkSkipValueIfExcludedChange.

/**
 * Check if 'SkipIfValueExcluded' value is different then value form a transformation.
 */
private void checkSkipValueIfExcludedChange(IdmRoleDto dto, SynchronizationContext context, String attributeProperty, Object transformedValue) {
    if (!context.isEntityDifferent() && dto.getId() != null && getConfig(context).isSkipValueIfExcludedSwitch()) {
        // Check if 'SkipIfValueExcluded' value should be modified (differential sync).
        SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(getConfig(context), SysSyncRoleConfig_.memberOfAttribute);
        Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
        SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
        SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
        Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
        boolean skipIfValueExcludedFromValue = getSkipIfValueExcludedFromValue(transformedValue);
        SysRoleSystemDto roleSystemDto = findRoleSystemDto(dto, memberOfAttributeDto, schemaObjectClassDto);
        if (roleSystemDto == null) {
            setDifferentChange(context, attributeProperty);
            return;
        }
        // Find member attribute.
        SysRoleSystemAttributeDto memberAttribute = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
        if (memberAttribute == null || memberAttribute.isSkipValueIfExcluded() != skipIfValueExcludedFromValue) {
            setDifferentChange(context, attributeProperty);
        }
    }
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)

Example 25 with SysRoleSystemAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method resolveMemberAttribute.

/**
 * Resolve (create or update) relation on member attribute (ldapGroups).
 */
private void resolveMemberAttribute(SysSyncItemLogDto logItem, SysSystemAttributeMappingDto memberOfAttributeDto, String roleIdentifier, SysSchemaObjectClassDto schemaObjectClassDto, SysRoleSystemDto roleSystemDto) {
    SysRoleSystemAttributeDto roleMemberOfAttributeDto = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
    if (roleMemberOfAttributeDto == null) {
        // Create role attribute by mapping system attribute.
        roleMemberOfAttributeDto = new SysRoleSystemAttributeDto();
    }
    transformMappingAttributeToRoleAttribute(memberOfAttributeDto, roleMemberOfAttributeDto, roleSystemDto);
    // Set merge value (transformation).
    roleMemberOfAttributeDto.setTransformScript(getMembershipTransformationScript(roleIdentifier));
    roleMemberOfAttributeDto = roleSystemAttributeService.save(roleMemberOfAttributeDto);
    addToItemLog(logItem, MessageFormat.format("Role-system attribute {0} with transformation {1} was created.", roleMemberOfAttributeDto.toString(), roleMemberOfAttributeDto.getTransformScript()));
}
Also used : SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)

Aggregations

SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)65 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)50 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)47 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)44 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)42 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)41 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)36 Test (org.junit.Test)34 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)30 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)25 SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)20 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)20 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)19 UUID (java.util.UUID)19 ArrayList (java.util.ArrayList)17 SysRoleSystemAttributeService (eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)16 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)16 List (java.util.List)16 Autowired (org.springframework.beans.factory.annotation.Autowired)16 AttributeMappingStrategyType (eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)15