Example 31 with SysRoleSystemDto
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.
the class VsProvisioningMergeTest method testAttribteControlledValues.
@Test
public void testAttribteControlledValues() {
VsSystemDto config = new VsSystemDto();
config.setName(helper.createName());
config.setCreateDefaultRole(false);
SysSystemDto system = helper.createVirtualSystem(config);
IdmRoleDto roleOne = helper.createRole();
IdmRoleDto roleTwo = helper.createRole();
SysRoleSystemDto roleSystemOne = helper.createRoleSystem(roleOne, system);
SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(roleTwo, system);
SysSystemMappingDto mapping = mappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
SysSystemAttributeMappingFilter attributeFilter = new SysSystemAttributeMappingFilter();
attributeFilter.setSystemMappingId(mapping.getId());
attributeFilter.setSchemaAttributeName(RIGHTS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(attributeFilter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto rightsAttribute = attributes.get(0);
SysRoleSystemAttributeDto roleAttributeOne = new SysRoleSystemAttributeDto();
roleAttributeOne.setName(RIGHTS_ATTRIBUTE);
roleAttributeOne.setRoleSystem(roleSystemOne.getId());
roleAttributeOne.setEntityAttribute(false);
roleAttributeOne.setExtendedAttribute(false);
roleAttributeOne.setUid(false);
roleAttributeOne.setStrategyType(AttributeMappingStrategyType.MERGE);
roleAttributeOne.setSystemAttributeMapping(rightsAttribute.getId());
roleAttributeOne.setTransformToResourceScript("return '" + ONE_VALUE + "';");
roleAttributeOne = roleSystemAttributeService.saveInternal(roleAttributeOne);
SysRoleSystemAttributeDto roleAttributeTwo = new SysRoleSystemAttributeDto();
roleAttributeTwo.setName(RIGHTS_ATTRIBUTE);
roleAttributeTwo.setRoleSystem(roleSystemTwo.getId());
roleAttributeTwo.setEntityAttribute(false);
roleAttributeTwo.setExtendedAttribute(false);
roleAttributeTwo.setUid(false);
roleAttributeTwo.setStrategyType(AttributeMappingStrategyType.MERGE);
roleAttributeTwo.setSystemAttributeMapping(rightsAttribute.getId());
roleAttributeTwo.setTransformToResourceScript("return '" + TWO_VALUE + "';");
roleAttributeTwo = roleSystemAttributeService.saveInternal(roleAttributeTwo);
IdmIdentityDto identity = helper.createIdentity();
helper.createIdentityRole(identity, roleOne);
helper.createIdentityRole(identity, roleTwo);
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSystemId(system.getId());
List<AccAccountDto> accounts = accountService.find(accountFilter, null).getContent();
assertEquals(1, accounts.size());
AccAccountDto account = accounts.get(0);
IcConnectorObject connectorObject = accountService.getConnectorObject(account);
IcAttribute rightsAttributeFromSystem = connectorObject.getAttributeByName(RIGHTS_ATTRIBUTE);
List<Object> rightsValues = rightsAttributeFromSystem.getValues();
assertEquals(2, rightsValues.size());
assertTrue(rightsValues.contains(ONE_VALUE));
assertTrue(rightsValues.contains(TWO_VALUE));
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
VsSystemDto(eu.bcvsolutions.idm.vs.dto.VsSystemDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 32 with SysRoleSystemDto
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.
the class VsSystemServiceTest method testCreateDefaultRole.
@Test
public void testCreateDefaultRole() {
VsSystemDto config = new VsSystemDto();
config.setName(getHelper().createName());
config.setCreateDefaultRole(true);
config.setRoleName(getHelper().createName());
SysSystemDto system = helper.createVirtualSystem(config);
IdmRoleFilter roleFilter = new IdmRoleFilter();
roleFilter.setCodeableIdentifier(config.getRoleName());
List<IdmRoleDto> roles = roleService.find(roleFilter, null).getContent();
Assert.assertEquals(1, roles.size());
IdmRoleDto role = roles.get(0);
Assert.assertEquals(config.getRoleName(), role.getCode());
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role.getId());
roleSystemFilter.setSystemId(system.getId());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
Assert.assertEquals(1, roleSystems.size());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
VsSystemDto(eu.bcvsolutions.idm.vs.dto.VsSystemDto)
IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 33 with SysRoleSystemDto
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.
the class IdentityProvisioningExecutor method getAttributeValue.
@Override
protected Object getAttributeValue(String uid, IdmIdentityDto dto, AttributeMapping attribute, SysSystemDto system, MappingContext mappingContext) {
if (attribute instanceof SysRoleSystemAttributeDto) {
SysRoleSystemAttributeDto roleSystemAttributeDto = (SysRoleSystemAttributeDto) attribute;
if (roleSystemAttributeDto.isSkipValueIfExcluded() && (AttributeMappingStrategyType.MERGE == roleSystemAttributeDto.getStrategyType() || AttributeMappingStrategyType.AUTHORITATIVE_MERGE == roleSystemAttributeDto.getStrategyType())) {
// Get ID of the role
Assert.notNull(roleSystemAttributeDto.getRoleSystem(), "SysRoleSystem cannot be null!");
SysRoleSystemDto roleSystemDto = DtoUtils.getEmbedded(roleSystemAttributeDto, SysRoleSystemAttribute_.roleSystem.getName(), SysRoleSystemDto.class, (SysRoleSystemDto) null);
if (roleSystemDto == null) {
roleSystemDto = roleSystemService.get(roleSystemAttributeDto.getId());
}
UUID roleId = roleSystemDto.getRole();
Assert.notNull(roleId, "Role cannot be null!");
// Find count of NOT excluded contracts for this identity and role
IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
contractFilter.setIdentity(dto.getId());
contractFilter.setExcluded(Boolean.FALSE);
contractFilter.setRoleId(roleId);
// If exists some not excluded contract, then value will be not skipped!
long countOfNotExcludedContracts = identityContractService.count(contractFilter);
if (countOfNotExcludedContracts == 0) {
contractFilter.setExcluded(Boolean.TRUE);
// For skip the value must exist at least one excluded contract
long countOfexcludedContracts = identityContractService.count(contractFilter);
if (countOfexcludedContracts >= 0) {
return null;
}
}
}
}
// identity-roles). That list will be input for that fields.
if (//
attribute != null && (//
ASSIGNED_ROLES_FIELD.equals(attribute.getIdmPropertyName()) || //
ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName()))) {
//
assertNotNull(dto.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(dto.getId());
identityRoleFilter.setValid(Boolean.TRUE);
List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(IdmIdentityRole_.created.getName()))).getContent();
List<IdmIdentityRoleDto> identityRolesToProcess;
if (ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName())) {
// For ASSIGNED_ROLES_FOR_SYSTEM_FIELD we will convert only identity-roles for
// that identity and given system
assertNotNull(system.getId());
List<IdmIdentityRoleDto> identityRolesForSystem = Lists.newArrayList();
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(dto.getId());
identityAccountFilter.setSystemId(system.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
// Filtering only identity-roles for that system
identityAccounts.forEach(identityAccount -> {
identityRolesForSystem.addAll(//
identityRoles.stream().filter(//
identityRole -> identityRole.getId().equals(identityAccount.getIdentityRole())).collect(//
Collectors.toList()));
});
identityRolesToProcess = identityRolesForSystem;
} else {
// For ASSIGNED_ROLES_FIELD we will convert all identity-roles for that identity
identityRolesToProcess = identityRoles;
}
List<AssignedRoleDto> assignedRoles = new ArrayList<>();
identityRolesToProcess.forEach(identityRole -> {
IdmFormInstanceDto formInstanceDto = identityRoleService.getRoleAttributeValues(identityRole);
identityRole.getEavs().clear();
identityRole.getEavs().add(formInstanceDto);
// Convert identityRole to AssignedRoleDto
assignedRoles.add(IdentityProvisioningExecutor.convertToAssignedRoleDto(identityRole));
});
return attributeMappingService.transformValueToResource(uid, assignedRoles, attribute, dto);
}
// For user-type (projection) will be attribute value IdmFormProjectionDto.
if (attribute != null && dto != null && dto.getFormProjection() != null && IdmIdentity_.formProjection.getName().equals(attribute.getIdmPropertyName())) {
BaseDto projection = lookupService.lookupEmbeddedDto(dto, IdmIdentity_.formProjection);
return attributeMappingService.transformValueToResource(uid, projection, attribute, dto);
}
// Default transformation of Identity state enum to string
if (attribute != null && dto != null && IDENTITY_STATE_IDM_NAME.equals(attribute.getIdmPropertyName())) {
String state = dto.getState().toString();
return attributeMappingService.transformValueToResource(uid, state, attribute, dto);
}
return super.getAttributeValue(uid, dto, attribute, system, mappingContext);
}
Also used :
IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)
ArrayList(java.util.ArrayList)
BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
IdmIdentityContractFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityContractFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
AssignedRoleDto(eu.bcvsolutions.idm.acc.domain.AssignedRoleDto)
UUID(java.util.UUID)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Example 34 with SysRoleSystemDto
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.
the class DefaultAccTestHelper method createRoleSystem.
@Override
public SysRoleSystemDto createRoleSystem(IdmRoleDto role, SysSystemDto system) {
SysRoleSystemDto roleSystem = new SysRoleSystemDto();
roleSystem.setRole(role.getId());
roleSystem.setSystem(system.getId());
// default mapping
List<SysSystemMappingDto> mappings = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
// required ...
roleSystem.setSystemMapping(mappings.get(0).getId());
//
return roleSystemService.save(roleSystem);
}
Also used :
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
Example 35 with SysRoleSystemDto
use of eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveForwardAcm.
/**
* Resolve 'Forward ACM'.
*/
private void resolveForwardAcm(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncItemLogDto logItem, IcConnectorObject connectorObject, SysSystemAttributeMappingDto memberOfAttributeDto, SysSchemaObjectClassDto schemaObjectClassDto) {
SysSystemAttributeMappingDto forwardAcmAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_FORWARD_ACM_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(forwardAcmAttributeDto, "Role identifier attribute cannot be null!");
if (!isNew && AttributeMappingStrategyType.CREATE == forwardAcmAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute for forward ACM has strategy set to 'Set only for new entity'. Role isn't new, so resolving of forward ACM will be skipped for this role.");
} else {
addToItemLog(logItem, MessageFormat.format("Resolving of forward ACM is activated for this role [{0}].", roleDto.getCode()));
// Get forward ACM value from attribute transformation.
Object forwardAcmObj = this.getValueByMappedAttribute(forwardAcmAttributeDto, connectorObject.getAttributes(), context);
boolean forwardAcm = getForwardAcmFromValue(forwardAcmObj);
// Save role-system with new forward ACM value.
SysRoleSystemDto roleSystemDto = findRoleSystemDto(roleDto, memberOfAttributeDto, schemaObjectClassDto);
if (roleSystemDto != null) {
roleSystemDto.setForwardAccountManagemen(forwardAcm);
roleSystemService.save(roleSystemDto);
addToItemLog(logItem, MessageFormat.format("'Forward ACM' parameter [{0}] was save for this role.", forwardAcm));
}
}
}
Also used :
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
Aggregations
SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)110
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)82
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)80
Test (org.junit.Test)69
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)65
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)64
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)61
SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)59
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)50
SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)48
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)43
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)40
UUID (java.util.UUID)35
AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)34
SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)33
AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)27
SysProvisioningOperationFilter (eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)27
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)26
List (java.util.List)26
SysRoleSystemAttributeService (eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)25
