use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method save.
/**
* Save entity
* @param entity
* @param skipProvisioning
* @return
*/
@Override
protected IdmRoleDto save(IdmRoleDto entity, boolean skipProvisioning, SynchronizationContext context) {
boolean isNew = roleService.isNew(entity);
EntityEvent<IdmRoleDto> event = new RoleEvent(isNew ? RoleEventType.CREATE : RoleEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
IdmRoleDto roleDto = roleService.publish(event).getContent();
SysSyncRoleConfigDto config = this.getConfig(context);
SysSyncItemLogDto logItem = context.getLogItem();
IcConnectorObject connectorObject = context.getIcObject();
// Resolve 'Role catalogue'.
if (roleDto != null && config.isAssignCatalogueSwitch()) {
resolveRoleCatalogue(isNew, context, roleDto, logItem, connectorObject);
}
if (roleDto != null && (config.isMembershipSwitch() || config.isForwardAcmSwitch() || config.isSkipValueIfExcludedSwitch() || config.isAssignRoleSwitch())) {
Assert.notNull(connectorObject, "Connector object cannot be null!");
SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(config, SysSyncRoleConfig_.memberOfAttribute);
Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
// Resolve role membership.
if (config.isMembershipSwitch()) {
boolean couldContinue = resolveMembership(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
if (!couldContinue) {
return roleDto;
}
}
// Resolve 'Forward ACM'.
if (config.isForwardAcmSwitch()) {
resolveForwardAcm(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
}
// Resolve 'Skip value if is contract excluded'.
if (config.isSkipValueIfExcludedSwitch()) {
resolveSkipValueIfExcluded(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
}
// Resolve 'Assign the role to members'.
if (config.isAssignRoleSwitch()) {
boolean canContinue = resolveAssignRole(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
if (!canContinue) {
return roleDto;
}
}
}
return roleDto;
}
use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.
the class IdentitySynchronizationExecutor method applySpecificSettingsBeforeLink.
/**
* Apply settings that are specific to this type of entity.Default
* implementation is empty.
*
* @param account
* @param entity - can be null in the case of Missing entity situation
* @param context
*
* @return
*/
@Override
protected AccAccountDto applySpecificSettingsBeforeLink(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
SysSyncIdentityConfigDto config = this.getConfig(context);
SysSyncItemLogDto logItem = context.getLogItem();
SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
UUID defaultRoleId = config.getDefaultRole();
if (defaultRoleId == null) {
// Default role is not specified - no problem
return account;
}
if (SynchronizationInactiveOwnerBehaviorType.LINK == inactiveOwnerBehavior) {
return account;
}
IdmIdentityContractDto primeContract = this.getPrimeValidContract(entity, context);
if (primeContract != null) {
// Default role can be assigned
return account;
}
boolean contractCanBeCreated = config.isCreateDefaultContract() && identityConfiguration.isCreateDefaultContractEnabled();
switch(inactiveOwnerBehavior) {
case LINK_PROTECTED:
if (entity != null || !contractCanBeCreated) {
activateProtection(account, entity, context);
}
return account;
case DO_NOT_LINK:
if (entity == null) {
if (contractCanBeCreated) {
// so the link can be created here
return account;
} else {
// there will be no contract to assign the default role -> no link
addToItemLog(logItem, MessageFormat.format("New identity for account with uid [{0}] would not have any default contract, so the account could not be linked. So the identity will not be created.", account.getUid()));
initSyncActionLog(SynchronizationActionType.MISSING_ENTITY, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
return null;
}
}
// We don't want to create account at all and also we don't want to continue updating entity if it was configured
context.addSkipEntityUpdate(true);
addToItemLog(logItem, MessageFormat.format("Identity [{0}] does not have any valid contract, account with uid [{1}] will not be linked.", entity.getCode(), account.getUid()));
initSyncActionLog(SynchronizationActionType.UNLINKED, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
return null;
default:
return account;
}
}
use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.
the class IdentitySynchronizationExecutor method activateProtection.
private void activateProtection(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
SysSyncItemLogDto logItem = context.getLogItem();
// TODO configuration
/* Current date + interval
Last valid contract + interval ... default
- enable past dates .... default
- if no contract or past date, then set current date + interval
*/
// Compute the values for the protection
Integer protectionInterval = context.getProtectionInterval();
ZonedDateTime endOfProtection = null;
LocalDate protectionStart;
IdmIdentityContractDto lastExpiredContract = null;
if (protectionInterval != null) {
LocalDate now = LocalDate.now();
lastExpiredContract = entity != null ? identityContractService.findLastExpiredContract(entity.getId(), now) : null;
protectionStart = (lastExpiredContract != null) ? lastExpiredContract.getValidTill() : now;
// interval + 1 day = ensure that the account is in protection for at least specified number of days
// after the contract ended. This can be in the past.
endOfProtection = protectionStart.atStartOfDay(ZoneId.systemDefault()).plusDays(protectionInterval + 1);
}
// Set the values to the account
account.setInProtection(true);
account.setEndOfProtection(endOfProtection);
// Log the result
String endOfProtectionString = endOfProtection == null ? "infinitely" : "until " + endOfProtection;
if (entity != null) {
addToItemLog(logItem, MessageFormat.format("Identity [{0}] does not have any valid contract, account with uid [{1}] will be in protection {2}." + " Last expired contract [{3}].", entity.getCode(), account.getUid(), endOfProtectionString, lastExpiredContract == null ? "does not exist" : lastExpiredContract.getPosition() + " (valid till " + lastExpiredContract.getValidTill() + ")"));
} else {
addToItemLog(logItem, MessageFormat.format("New identity for account with uid [{0}] will not have any valid contract, so the account will be in protection [{1}].", account.getUid(), endOfProtectionString));
}
}
use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.
the class RoleCatalogueSynchronizationExecutor method doUpdateEntity.
/**
* Fill data from IC attributes to entity (EAV and confidential storage too).
*/
@Override
protected void doUpdateEntity(SynchronizationContext context) {
String uid = context.getUid();
SysSyncLogDto log = context.getLog();
SysSyncItemLogDto logItem = context.getLogItem();
if (context.isSkipEntityUpdate()) {
addToItemLog(logItem, MessageFormat.format("Update of entity for account with uid {0} is skipped", uid));
return;
}
List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
AccAccountDto account = context.getAccount();
List<IcAttribute> icAttributes = context.getIcObject().getAttributes();
UUID entityId = getEntityByAccount(account.getId());
IdmRoleCatalogueDto roleCatalogue = null;
if (entityId != null) {
roleCatalogue = catalogueService.get(entityId);
}
if (roleCatalogue != null) {
// Update entity
roleCatalogue = fillEntity(mappedAttributes, uid, icAttributes, roleCatalogue, false, context);
if (context.isEntityDifferent()) {
roleCatalogue = this.save(roleCatalogue, true, context);
}
// Role catalogue Updated
addToItemLog(logItem, MessageFormat.format("Role catalogue with id {0} was updated", roleCatalogue.getId()));
if (logItem != null) {
logItem.setDisplayName(roleCatalogue.getName());
}
SystemEntityType entityType = context.getEntityType();
if (context.isEntityDifferent() && this.isProvisioningImplemented(entityType, logItem)) {
// Call provisioning for this entity
callProvisioningForEntity(roleCatalogue, entityType, logItem);
}
return;
} else {
addToItemLog(logItem, "Warning! - Role catalogue was not found and cannot be updated (maybe was deleted within deleting of parent catalogue).");
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
return;
}
}
use of eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto in project CzechIdMng by bcvsolutions.
the class TreeSynchronizationExecutor method doUpdateEntity.
/**
* Fill data from IC attributes to entity (EAV and confidential storage too).
*/
@Override
protected void doUpdateEntity(SynchronizationContext context) {
String uid = context.getUid();
SysSyncLogDto log = context.getLog();
SysSyncItemLogDto logItem = context.getLogItem();
if (context.isSkipEntityUpdate()) {
addToItemLog(logItem, MessageFormat.format("Update of entity for account with uid {0} is skipped", uid));
return;
}
List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
AccAccountDto account = context.getAccount();
List<IcAttribute> icAttributes = context.getIcObject().getAttributes();
UUID entityId = getEntityByAccount(account.getId());
IdmTreeNodeDto treeNode = null;
if (entityId != null) {
treeNode = treeNodeService.get(entityId);
}
if (treeNode != null) {
// Update entity
treeNode = fillEntity(mappedAttributes, uid, icAttributes, treeNode, false, context);
// Fill extended attributes to the entity. EAV attributes will be saved within entity.
treeNode.getEavs().clear();
IdmFormInstanceDto formInstanceDto = fillExtendedAttributes(mappedAttributes, uid, icAttributes, treeNode, false, context);
treeNode.getEavs().add(formInstanceDto);
if (context.isEntityDifferent()) {
treeNode = this.save(treeNode, true, context);
}
// TreeNode Updated
addToItemLog(logItem, MessageFormat.format("TreeNode with id {0} was updated", treeNode.getId()));
if (logItem != null) {
logItem.setDisplayName(treeNode.getName());
}
SystemEntityType entityType = context.getEntityType();
if (context.isEntityDifferent() && this.isProvisioningImplemented(entityType, logItem)) {
// Call provisioning for this entity
callProvisioningForEntity(treeNode, entityType, logItem);
}
return;
} else {
addToItemLog(logItem, "Warning! - Tree node was not found and cannot be updated (maybe was deleted within deleting of parent node).");
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
return;
}
}
Aggregations