Search in sources :

Example 31 with SysSyncItemLogDto

use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.

the class RoleSynchronizationExecutor method save.

/**
 * Save entity
 * @param entity
 * @param skipProvisioning
 * @return
 */
@Override
protected IdmRoleDto save(IdmRoleDto entity, boolean skipProvisioning, SynchronizationContext context) {
    boolean isNew = roleService.isNew(entity);
    EntityEvent<IdmRoleDto> event = new RoleEvent(isNew ? RoleEventType.CREATE : RoleEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
    IdmRoleDto roleDto = roleService.publish(event).getContent();
    SysSyncRoleConfigDto config = this.getConfig(context);
    SysSyncItemLogDto logItem = context.getLogItem();
    IcConnectorObject connectorObject = context.getIcObject();
    // Resolve 'Role catalogue'.
    if (roleDto != null && config.isAssignCatalogueSwitch()) {
        resolveRoleCatalogue(isNew, context, roleDto, logItem, connectorObject);
    }
    if (roleDto != null && (config.isMembershipSwitch() || config.isForwardAcmSwitch() || config.isSkipValueIfExcludedSwitch() || config.isAssignRoleSwitch())) {
        Assert.notNull(connectorObject, "Connector object cannot be null!");
        SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(config, SysSyncRoleConfig_.memberOfAttribute);
        Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
        SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
        SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
        Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
        // Resolve role membership.
        if (config.isMembershipSwitch()) {
            boolean couldContinue = resolveMembership(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
            if (!couldContinue) {
                return roleDto;
            }
        }
        // Resolve 'Forward ACM'.
        if (config.isForwardAcmSwitch()) {
            resolveForwardAcm(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
        }
        // Resolve 'Skip value if is contract excluded'.
        if (config.isSkipValueIfExcludedSwitch()) {
            resolveSkipValueIfExcluded(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
        }
        // Resolve 'Assign the role to members'.
        if (config.isAssignRoleSwitch()) {
            boolean canContinue = resolveAssignRole(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
            if (!canContinue) {
                return roleDto;
            }
        }
    }
    return roleDto;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)

Example 32 with SysSyncItemLogDto

use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method applySpecificSettingsBeforeLink.

/**
 * Apply settings that are specific to this type of entity.Default
 * implementation is empty.
 *
 * @param account
 * @param entity - can be null in the case of Missing entity situation
 * @param context
 *
 * @return
 */
@Override
protected AccAccountDto applySpecificSettingsBeforeLink(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
    SysSyncIdentityConfigDto config = this.getConfig(context);
    SysSyncItemLogDto logItem = context.getLogItem();
    SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
    UUID defaultRoleId = config.getDefaultRole();
    if (defaultRoleId == null) {
        // Default role is not specified - no problem
        return account;
    }
    if (SynchronizationInactiveOwnerBehaviorType.LINK == inactiveOwnerBehavior) {
        return account;
    }
    IdmIdentityContractDto primeContract = this.getPrimeValidContract(entity, context);
    if (primeContract != null) {
        // Default role can be assigned
        return account;
    }
    boolean contractCanBeCreated = config.isCreateDefaultContract() && identityConfiguration.isCreateDefaultContractEnabled();
    switch(inactiveOwnerBehavior) {
        case LINK_PROTECTED:
            if (entity != null || !contractCanBeCreated) {
                activateProtection(account, entity, context);
            }
            return account;
        case DO_NOT_LINK:
            if (entity == null) {
                if (contractCanBeCreated) {
                    // so the link can be created here
                    return account;
                } else {
                    // there will be no contract to assign the default role -> no link
                    addToItemLog(logItem, MessageFormat.format("New identity for account with uid [{0}] would not have any default contract, so the account could not be linked. So the identity will not be created.", account.getUid()));
                    initSyncActionLog(SynchronizationActionType.MISSING_ENTITY, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
                    return null;
                }
            }
            // We don't want to create account at all and also we don't want to continue updating entity if it was configured
            context.addSkipEntityUpdate(true);
            addToItemLog(logItem, MessageFormat.format("Identity [{0}] does not have any valid contract, account with uid [{1}] will not be linked.", entity.getCode(), account.getUid()));
            initSyncActionLog(SynchronizationActionType.UNLINKED, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
            return null;
        default:
            return account;
    }
}
Also used : SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) SynchronizationInactiveOwnerBehaviorType(eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType) UUID(java.util.UUID) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Example 33 with SysSyncItemLogDto

use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method activateProtection.

private void activateProtection(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
    SysSyncItemLogDto logItem = context.getLogItem();
    // TODO configuration
    /* Current date + interval
		   Last valid contract + interval ... default
		     - enable past dates  .... default
		     - if no contract or past date, then set current date + interval
		 */
    // Compute the values for the protection
    Integer protectionInterval = context.getProtectionInterval();
    ZonedDateTime endOfProtection = null;
    LocalDate protectionStart;
    IdmIdentityContractDto lastExpiredContract = null;
    if (protectionInterval != null) {
        LocalDate now = LocalDate.now();
        lastExpiredContract = entity != null ? identityContractService.findLastExpiredContract(entity.getId(), now) : null;
        protectionStart = (lastExpiredContract != null) ? lastExpiredContract.getValidTill() : now;
        // interval + 1 day = ensure that the account is in protection for at least specified number of days
        // after the contract ended. This can be in the past.
        endOfProtection = protectionStart.atStartOfDay(ZoneId.systemDefault()).plusDays(protectionInterval + 1);
    }
    // Set the values to the account
    account.setInProtection(true);
    account.setEndOfProtection(endOfProtection);
    // Log the result
    String endOfProtectionString = endOfProtection == null ? "infinitely" : "until " + endOfProtection;
    if (entity != null) {
        addToItemLog(logItem, MessageFormat.format("Identity [{0}] does not have any valid contract, account with uid [{1}] will be in protection {2}." + " Last expired contract [{3}].", entity.getCode(), account.getUid(), endOfProtectionString, lastExpiredContract == null ? "does not exist" : lastExpiredContract.getPosition() + " (valid till " + lastExpiredContract.getValidTill() + ")"));
    } else {
        addToItemLog(logItem, MessageFormat.format("New identity for account with uid [{0}] will not have any valid contract, so the account will be in protection [{1}].", account.getUid(), endOfProtectionString));
    }
}
Also used : ZonedDateTime(java.time.ZonedDateTime) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) LocalDate(java.time.LocalDate) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Example 34 with SysSyncItemLogDto

use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.

the class RoleCatalogueSynchronizationExecutor method doUpdateEntity.

/**
 * Fill data from IC attributes to entity (EAV and confidential storage too).
 */
@Override
protected void doUpdateEntity(SynchronizationContext context) {
    String uid = context.getUid();
    SysSyncLogDto log = context.getLog();
    SysSyncItemLogDto logItem = context.getLogItem();
    if (context.isSkipEntityUpdate()) {
        addToItemLog(logItem, MessageFormat.format("Update of entity for account with uid {0} is skipped", uid));
        return;
    }
    List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
    List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
    AccAccountDto account = context.getAccount();
    List<IcAttribute> icAttributes = context.getIcObject().getAttributes();
    UUID entityId = getEntityByAccount(account.getId());
    IdmRoleCatalogueDto roleCatalogue = null;
    if (entityId != null) {
        roleCatalogue = catalogueService.get(entityId);
    }
    if (roleCatalogue != null) {
        // Update entity
        roleCatalogue = fillEntity(mappedAttributes, uid, icAttributes, roleCatalogue, false, context);
        if (context.isEntityDifferent()) {
            roleCatalogue = this.save(roleCatalogue, true, context);
        }
        // Role catalogue Updated
        addToItemLog(logItem, MessageFormat.format("Role catalogue with id {0} was updated", roleCatalogue.getId()));
        if (logItem != null) {
            logItem.setDisplayName(roleCatalogue.getName());
        }
        SystemEntityType entityType = context.getEntityType();
        if (context.isEntityDifferent() && this.isProvisioningImplemented(entityType, logItem)) {
            // Call provisioning for this entity
            callProvisioningForEntity(roleCatalogue, entityType, logItem);
        }
        return;
    } else {
        addToItemLog(logItem, "Warning! - Role catalogue was not found and cannot be updated (maybe was deleted  within deleting of parent catalogue).");
        initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
        return;
    }
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto) SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) UUID(java.util.UUID) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)

Example 35 with SysSyncItemLogDto

use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.

the class TreeSynchronizationExecutor method doUpdateEntity.

/**
 * Fill data from IC attributes to entity (EAV and confidential storage too).
 */
@Override
protected void doUpdateEntity(SynchronizationContext context) {
    String uid = context.getUid();
    SysSyncLogDto log = context.getLog();
    SysSyncItemLogDto logItem = context.getLogItem();
    if (context.isSkipEntityUpdate()) {
        addToItemLog(logItem, MessageFormat.format("Update of entity for account with uid {0} is skipped", uid));
        return;
    }
    List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
    List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
    AccAccountDto account = context.getAccount();
    List<IcAttribute> icAttributes = context.getIcObject().getAttributes();
    UUID entityId = getEntityByAccount(account.getId());
    IdmTreeNodeDto treeNode = null;
    if (entityId != null) {
        treeNode = treeNodeService.get(entityId);
    }
    if (treeNode != null) {
        // Update entity
        treeNode = fillEntity(mappedAttributes, uid, icAttributes, treeNode, false, context);
        // Fill extended attributes to the entity. EAV attributes will be saved within entity.
        treeNode.getEavs().clear();
        IdmFormInstanceDto formInstanceDto = fillExtendedAttributes(mappedAttributes, uid, icAttributes, treeNode, false, context);
        treeNode.getEavs().add(formInstanceDto);
        if (context.isEntityDifferent()) {
            treeNode = this.save(treeNode, true, context);
        }
        // TreeNode Updated
        addToItemLog(logItem, MessageFormat.format("TreeNode with id {0} was updated", treeNode.getId()));
        if (logItem != null) {
            logItem.setDisplayName(treeNode.getName());
        }
        SystemEntityType entityType = context.getEntityType();
        if (context.isEntityDifferent() && this.isProvisioningImplemented(entityType, logItem)) {
            // Call provisioning for this entity
            callProvisioningForEntity(treeNode, entityType, logItem);
        }
        return;
    } else {
        addToItemLog(logItem, "Warning! - Tree node was not found and cannot be updated (maybe was deleted  within deleting of parent node).");
        initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
        return;
    }
}
Also used : IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) UUID(java.util.UUID) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)

Aggregations

SysSyncItemLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)60 SysSyncActionLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)43 SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)43 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)38 SysSyncActionLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncActionLogFilter)29 SysSyncItemLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncItemLogFilter)27 SysSyncLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)26 SysSyncConfigFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncConfigFilter)24 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)24 Test (org.junit.Test)24 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)20 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)19 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)17 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)16 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)13 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)12 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)11 UUID (java.util.UUID)11 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)10 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)10