Examples with SysRoleSystemDto eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto used on opensource projects

Example 16 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method compileAtributeForStrategy.

/**
 * Compile given attribute for strategy
 *
 * @param strategy
 * @param defaultAttribute
 * @param overloadingAttributes
 * @return
 */
protected List<AttributeMapping> compileAtributeForStrategy(AttributeMappingStrategyType strategy, AttributeMapping defaultAttribute, List<SysRoleSystemAttributeDto> overloadingAttributes) {
    List<AttributeMapping> finalAttributes = new ArrayList<>();
    List<SysRoleSystemAttributeDto> attributesOrdered = overloadingAttributes.stream().filter(roleSystemAttribute -> {
        // Search attribute override same schema attribute
        SysSystemAttributeMappingDto attributeMapping = systemAttributeMappingService.get(roleSystemAttribute.getSystemAttributeMapping());
        return attributeMapping.equals(defaultAttribute);
    }).sorted((att1, att2) -> {
        // Sort attributes by role priority
        SysRoleSystemDto roleSystem2 = roleSystemService.get(att2.getRoleSystem());
        SysRoleSystemDto roleSystem1 = roleSystemService.get(att1.getRoleSystem());
        IdmRoleDto role1 = roleService.get(roleSystem1.getRole());
        IdmRoleDto role2 = roleService.get(roleSystem2.getRole());
        return Integer.valueOf(role2.getPriority()).compareTo(Integer.valueOf(role1.getPriority()));
    }).collect(Collectors.toList());
    // We have some overloaded attributes
    if (!attributesOrdered.isEmpty()) {
        List<SysRoleSystemAttributeDto> attributesOrderedGivenStrategy = attributesOrdered.stream().filter(attribute -> {
            return strategy == attribute.getStrategyType();
        }).collect(Collectors.toList());
        // We do not have overloaded attributes for given strategy
        if (attributesOrderedGivenStrategy.isEmpty()) {
            return finalAttributes;
        }
        // First element have role with max priority
        SysRoleSystemDto roleSystemForSetMaxPriority = roleSystemService.get(attributesOrderedGivenStrategy.get(0).getRoleSystem());
        IdmRoleDto roleForSetMaxPriority = roleService.get(roleSystemForSetMaxPriority.getRole());
        int maxPriority = roleForSetMaxPriority.getPriority();
        // We will search for attribute with highest priority (and role
        // name)
        Optional<SysRoleSystemAttributeDto> highestPriorityAttributeOptional = attributesOrderedGivenStrategy.stream().filter(attribute -> {
            SysRoleSystemDto roleSystem = roleSystemService.get(attribute.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            // Filter attributes by max priority
            return maxPriority == roleDto.getPriority();
        }).sorted((att1, att2) -> {
            // Second filtering, if we have same priority, then
            // we will sort by role name
            SysRoleSystemDto roleSystem1 = roleSystemService.get(att1.getRoleSystem());
            SysRoleSystemDto roleSystem2 = roleSystemService.get(att2.getRoleSystem());
            // 
            IdmRoleDto roleDto1 = roleService.get(roleSystem1.getRole());
            IdmRoleDto roleDto2 = roleService.get(roleSystem2.getRole());
            // 
            return roleDto2.getName().compareTo(roleDto1.getName());
        }).findFirst();
        if (highestPriorityAttributeOptional.isPresent()) {
            SysRoleSystemAttributeDto highestPriorityAttribute = highestPriorityAttributeOptional.get();
            // overloaded attributes
            if (strategy == AttributeMappingStrategyType.AUTHORITATIVE_MERGE || strategy == AttributeMappingStrategyType.MERGE) {
                attributesOrderedGivenStrategy.forEach(attribute -> {
                    // Disabled attribute will be skipped
                    if (!attribute.isDisabledDefaultAttribute()) {
                        // Default values (values from schema attribute
                        // handling)
                        attribute.setSchemaAttribute(defaultAttribute.getSchemaAttribute());
                        attribute.setTransformFromResourceScript(defaultAttribute.getTransformFromResourceScript());
                        // Common properties (for MERGE strategy) will be
                        // set from MERGE attribute with highest priority
                        attribute.setSendAlways(highestPriorityAttribute.isSendAlways());
                        attribute.setSendOnlyIfNotNull(highestPriorityAttribute.isSendOnlyIfNotNull());
                        // Add modified attribute to final list
                        finalAttributes.add(attribute);
                    }
                });
                return finalAttributes;
            }
            // We will search for disabled overloaded attribute
            Optional<SysRoleSystemAttributeDto> disabledOverloadedAttOptional = attributesOrderedGivenStrategy.stream().filter(attribute -> {
                // Filter attributes by max priority
                SysRoleSystemDto roleSystem = roleSystemService.get(attribute.getRoleSystem());
                IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
                return maxPriority == roleDto.getPriority();
            }).filter(attribute -> {
                // overloaded attribute
                return attribute.isDisabledDefaultAttribute();
            }).findFirst();
            if (disabledOverloadedAttOptional.isPresent()) {
                // priority
                return finalAttributes;
            }
            // Disabled attribute will be skipped
            if (!highestPriorityAttribute.isDisabledDefaultAttribute()) {
                // Default values (values from schema attribute handling)
                highestPriorityAttribute.setSchemaAttribute(defaultAttribute.getSchemaAttribute());
                highestPriorityAttribute.setCached(defaultAttribute.isCached());
                highestPriorityAttribute.setTransformFromResourceScript(defaultAttribute.getTransformFromResourceScript());
                // Add modified attribute to final list
                finalAttributes.add(highestPriorityAttribute);
                return finalAttributes;
            }
        }
    }
    if (!defaultAttribute.isDisabledAttribute() && strategy == defaultAttribute.getStrategyType()) {
        finalAttributes.add(defaultAttribute);
    }
    return finalAttributes;
}

Example 17 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method createAccountByRoleSystem.

/**
 * Create Account by given roleSystem
 *
 * @param identity
 * @param roleSystem
 * @param identityAccountsToCreate
 * @return
 */
private UUID createAccountByRoleSystem(IdmIdentityDto identity, SysRoleSystemDto roleSystem, List<AccIdentityAccountDto> identityAccountsToCreate) {
    String uid = generateUID(identity, roleSystem);
    // We try find account for same uid on same system
    // First we try search same account in list for create new accounts
    Optional<AccIdentityAccountDto> sameAccountOptional = identityAccountsToCreate.stream().filter(ia -> {
        AccAccountDto account = accountService.get(ia.getAccount());
        return account.getUid().equals(uid) && roleSystem.getId().equals(ia.getRoleSystem());
    }).findFirst();
    if (sameAccountOptional.isPresent()) {
        return sameAccountOptional.get().getAccount();
    }
    UUID accountId = null;
    // If account is not in the list accounts to create, then we will search in
    // database
    // Account management - can be the account created? - execute the script on the
    // system mapping
    SysSystemDto system = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
    if (mapping == null) {
        return null;
    }
    if (!this.canBeAccountCreated(uid, identity, mapping, system)) {
        LOG.info(MessageFormat.format("For entity [{0}] and entity type [{1}] cannot be created the account (on system [{2}])," + " because script \"Can be account created\" on the mapping returned \"false\"!", identity.getCode(), SystemEntityType.IDENTITY, system.getName()));
        return null;
    }
    AccAccountFilter accountFilter = new AccAccountFilter();
    accountFilter.setUid(uid);
    accountFilter.setSystemId(roleSystem.getSystem());
    List<AccAccountDto> sameAccounts = accountService.find(accountFilter, null).getContent();
    if (CollectionUtils.isEmpty(sameAccounts)) {
        // Create and persist new account
        accountId = createAccount(uid, roleSystem);
    } else {
        // We use existed account
        accountId = sameAccounts.get(0).getId();
    }
    return accountId;
}

Example 18 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method resolveIdentityAccountForCreate.

/**
 * Resolve Identity account - to create
 *
 * @param identity
 * @param identityAccountList
 * @param identityRoles
 * @param identityAccountsToCreate
 * @param identityAccountsToDelete
 * @param resolvedRolesForCreate
 */
private void resolveIdentityAccountForCreate(IdmIdentityDto identity, List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRole> identityRoles, List<AccIdentityAccountDto> identityAccountsToCreate, List<AccIdentityAccountDto> identityAccountsToDelete) {
    // Is role valid in this moment
    identityRoles.stream().filter(identityRole -> {
        return identityRole.isValid();
    }).forEach(identityRole -> {
        IdmRole role = identityRole.getRole();
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(role.getId());
        List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
        roleSystems.stream().filter(roleSystem -> {
            // Filter out identity-accounts for same role-system, account (by UID)
            return !identityAccountList.stream().filter(identityAccount -> {
                if (roleSystem.getId().equals(identityAccount.getRoleSystem())) {
                    // Has identity account same uid as account?
                    String uid = generateUID(identity, roleSystem);
                    AccAccountDto account = AccIdentityAccountService.getEmbeddedAccount(identityAccount);
                    if (!uid.equals(account.getUid())) {
                        // We found identityAccount for same identity and roleSystem, but this
                        // identityAccount
                        // is link to Account with different UID. It's probably means definition of UID
                        // (transformation)\
                        // on roleSystem was changed. We have to delete this identityAccount.
                        identityAccountsToDelete.add(identityAccount);
                    }
                }
                return false;
            }).findFirst().isPresent();
        }).forEach(roleSystem -> {
            // For this system we have to create new account
            UUID accountId = createAccountByRoleSystem(identity, roleSystem, identityAccountsToCreate);
            if (accountId == null) {
                return;
            }
            // TODO: find the better place for this check
            if (identityAccountList.stream().filter(identityAccount -> {
                return identityAccount.getAccount().equals(accountId) && identityRole.getId().equals(identityAccount.getIdentityRole()) && roleSystem.getId().equals(identityAccount.getRoleSystem());
            }).count() == 0) {
                AccIdentityAccountDto identityAccount = new AccIdentityAccountDto();
                identityAccount.setAccount(accountId);
                identityAccount.setIdentity(identity.getId());
                identityAccount.setIdentityRole(identityRole.getId());
                identityAccount.setRoleSystem(roleSystem.getId());
                // TODO: Add flag ownership to SystemRole and set here.
                identityAccount.setOwnership(true);
                identityAccountsToCreate.add(identityAccount);
            }
        });
    });
}

Example 19 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class DefaultTestHelper method createRoleSystem.

@Override
public SysRoleSystemDto createRoleSystem(IdmRoleDto role, SysSystemDto system) {
    SysRoleSystemDto roleSystem = new SysRoleSystemDto();
    roleSystem.setRole(role.getId());
    roleSystem.setSystem(system.getId());
    // default mapping
    List<SysSystemMappingDto> mappings = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    // 
    roleSystem.setSystemMapping(mappings.get(0).getId());
    return roleSystemService.save(roleSystem);
}

Example 20 with SysRoleSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.

the class AccountManagementTest method identityAccountCanBeCreatedTest.

@Test
public /**
 * Script on the mapping "Can be account created?" returns true.
 */
void identityAccountCanBeCreatedTest() {
    SysSystemDto system = initIdentityData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
    Assert.assertNotNull(mapping);
    mapping.setCanBeAccountCreatedScript("return Boolean.FALSE;");
    mapping = systemMappingService.save(mapping);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountFilter roleAccountFilter = new AccIdentityAccountFilter();
    roleAccountFilter.setEntityId(identity.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // None role assigned
    Assert.assertEquals(0, identityAccounts.size());
    IdmRoleDto roleDefault = helper.createRole();
    SysRoleSystemDto roleSystemDefault = new SysRoleSystemDto();
    roleSystemDefault.setRole(roleDefault.getId());
    roleSystemDefault.setSystem(system.getId());
    roleSystemDefault.setSystemMapping(mapping.getId());
    roleSystemDefault = roleSystemService.save(roleSystemDefault);
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContract(identityContractService.getPrimeContract(identity.getId()).getId());
    identityRole.setRole(roleDefault.getId());
    identityRole = identityRoleService.save(identityRole);
    identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    // Role assigned, but script returns false
    Assert.assertEquals(0, identityAccounts.size());
    mapping.setCanBeAccountCreatedScript("return Boolean.TRUE;");
    mapping = systemMappingService.save(mapping);
    // Resave run the ACM
    identityRole = identityRoleService.save(identityRole);
    identityAccounts = identityAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // Delete
    identityService.delete(identity);
    roleService.delete(roleDefault);
}