Examples with SysRoleSystemDto eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto used on opensource projects

Example 66 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method checkForwardAcmChange.

/**
 * Check if forward ACM value is different then value form a transformation.
 */
private void checkForwardAcmChange(IdmRoleDto dto, SynchronizationContext context, String attributeProperty, Object transformedValue) {
    if (!context.isEntityDifferent() && dto.getId() != null && getConfig(context).isForwardAcmSwitch()) {
        // Check if forward ACM value should be modified (differential sync).
        SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(getConfig(context), SysSyncRoleConfig_.memberOfAttribute);
        Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
        SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
        SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
        Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
        boolean forwardAcmFromValue = getForwardAcmFromValue(transformedValue);
        SysRoleSystemDto roleSystemDto = findRoleSystemDto(dto, memberOfAttributeDto, schemaObjectClassDto);
        if (roleSystemDto == null || roleSystemDto.isForwardAccountManagemen() != forwardAcmFromValue) {
            setDifferentChange(context, attributeProperty);
        }
    }
}

Example 67 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method resolveMembership.

/**
 * Resolve role membership.
 */
private boolean resolveMembership(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncRoleConfigDto config, SysSyncItemLogDto logItem, IcConnectorObject connectorObject, SysSystemAttributeMappingDto memberOfAttributeDto, SysSchemaObjectClassDto schemaObjectClassDto) {
    UUID memberOfAttribute = config.getMemberOfAttribute();
    Assert.notNull(memberOfAttribute, "Member attribute cannot be null!");
    // Find attribute for get role identifier (DN)
    SysSystemAttributeMappingDto roleIdentifierAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_MEMBERSHIP_ID_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
    Assert.notNull(roleIdentifierAttributeDto, "Role identifier attribute cannot be null!");
    if (!isNew && AttributeMappingStrategyType.CREATE == roleIdentifierAttributeDto.getStrategyType()) {
        addToItemLog(logItem, "The attribute with role identifier has strategy set to 'Set only for new entity'. Role isn't new, so resolving of membership will be skipped for this role.");
    } else {
        addToItemLog(logItem, MessageFormat.format("Resolving of membership is activated for this role {0}.", roleDto.getCode()));
        Object roleIdentifierObj = this.getValueByMappedAttribute(roleIdentifierAttributeDto, connectorObject.getAttributes(), context);
        String roleIdentifier;
        if (roleIdentifierObj != null) {
            Assert.isInstanceOf(String.class, roleIdentifierObj, "Role identifier must be String!");
            roleIdentifier = (String) roleIdentifierObj;
        } else {
            // Identifier form transformation is null -> We will delete role-system relations.
            addToItemLog(logItem, "The role identifier form a transformation is null -> We will try to delete role-system relation and member attribute.");
            SysRoleSystemDto roleSystemDto = findRoleSystemDto(roleDto, memberOfAttributeDto, schemaObjectClassDto);
            if (roleSystemDto != null) {
                // Find member attribute. If exist, then will be deleted.
                SysRoleSystemAttributeDto memberAttribute = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
                if (memberAttribute != null) {
                    roleSystemAttributeService.delete(memberAttribute);
                    addToItemLog(logItem, MessageFormat.format("Member attribute {0} was deleted.", memberAttribute.getName()));
                }
                // Check if role-system relationship contains others attribute. If not, the relationship will be deleted.
                SysRoleSystemAttributeDto someOtherAttribute = findMemberAttribute(null, schemaObjectClassDto, roleSystemDto);
                if (someOtherAttribute == null) {
                    roleSystemService.delete(roleSystemDto);
                    addToItemLog(logItem, MessageFormat.format("Role-system relation {0} was deleted.", roleSystemDto.getId()));
                }
            }
            // End of processing.
            return false;
        }
        // Resolve (create or update) relation on a system.
        SysRoleSystemDto roleSystemDto = resolveRoleSystem(roleDto, memberOfAttributeDto, schemaObjectClassDto);
        // Resolve (create or update) relation on member attribute (ldapGroups).
        resolveMemberAttribute(logItem, memberOfAttributeDto, roleIdentifier, schemaObjectClassDto, roleSystemDto);
    }
    return true;
}

Example 68 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class RoleWorkflowAdSyncTest method getSysRoleSystem.

/**
 * Returns existing role's system or returns newly created one.
 *
 * @param systemId
 * @param roleId
 * @param objectClassName
 * @return
 */
private UUID getSysRoleSystem(UUID systemId, UUID roleId) {
    SysRoleSystemFilter filter = new SysRoleSystemFilter();
    filter.setRoleId(roleId);
    filter.setSystemId(systemId);
    List<SysRoleSystemDto> roleSystem = roleSystemService.find(filter, null).getContent();
    SysRoleSystemDto attribute = roleSystem.stream().findFirst().orElse(null);
    Assert.assertNotNull(attribute);
    return attribute.getId();
}

Example 69 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class AccountManagementTest method testIdentityAccountCanBeCreated.

@Test
public /**
 * Script on the mapping "Can be account created?" returns true.
 */
void testIdentityAccountCanBeCreated() {
    SysSystemDto system = initIdentityData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
    Assert.assertNotNull(mapping);
    mapping.setCanBeAccountCreatedScript("return Boolean.FALSE;");
    mapping = systemMappingService.save(mapping);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountFilter roleAccountFilter = new AccIdentityAccountFilter();
    roleAccountFilter.setEntityId(identity.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // None role assigned
    Assert.assertEquals(0, identityAccounts.size());
    IdmRoleDto roleDefault = helper.createRole();
    SysRoleSystemDto roleSystemDefault = new SysRoleSystemDto();
    roleSystemDefault.setRole(roleDefault.getId());
    roleSystemDefault.setSystem(system.getId());
    roleSystemDefault.setSystemMapping(mapping.getId());
    roleSystemDefault = roleSystemService.save(roleSystemDefault);
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContract(identityContractService.getPrimeContract(identity.getId()).getId());
    identityRole.setRole(roleDefault.getId());
    identityRole = identityRoleService.save(identityRole);
    identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // Role assigned, but script returns false
    Assert.assertEquals(0, identityAccounts.size());
    mapping.setCanBeAccountCreatedScript("return Boolean.TRUE;");
    mapping = systemMappingService.save(mapping);
    // Resave run the ACM
    identityRole = identityRoleService.save(identityRole);
    identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // Delete
    identityService.delete(identity);
    roleService.delete(roleDefault);
}

Example 70 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class ForwardAccountManagementTest method forwardAcmEnabledTest.

@Test
public void forwardAcmEnabledTest() {
    SysSystemDto system = initIdentityData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
    Assert.assertNotNull(mapping);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountFilter roleAccountFilter = new AccIdentityAccountFilter();
    roleAccountFilter.setEntityId(identity.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // None role assigned
    Assert.assertEquals(0, identityAccounts.size());
    IdmRoleDto roleDefault = helper.createRole();
    SysRoleSystemDto roleSystemDefault = new SysRoleSystemDto();
    roleSystemDefault.setRole(roleDefault.getId());
    roleSystemDefault.setSystem(system.getId());
    roleSystemDefault.setSystemMapping(mapping.getId());
    // Forward ACM is enabled
    roleSystemDefault.setForwardAccountManagemen(true);
    // 
    roleSystemDefault = roleSystemService.save(roleSystemDefault);
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContract(identityContractService.getPrimeContract(identity.getId()).getId());
    identityRole.setRole(roleDefault.getId());
    identityRole.setValidFrom(LocalDate.now().plusDays(10));
    identityRole = identityRoleService.save(identityRole);
    identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // Role assigned - is valid in the future and forward ACM is enabled
    Assert.assertEquals(1, identityAccounts.size());
    // Delete
    identityService.delete(identity);
    roleService.delete(roleDefault);
}