Example 36 with AccAccountFilter
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method assignMissingIdentityRoles.
/**
* Assign missing identity roles.
*/
private void assignMissingIdentityRoles(IdmRoleDto roleDto, SysSyncRoleConfigDto config, SysSyncItemLogDto logItem, List<IdmIdentityRoleDto> existsIdentityRoleDtos, Set<UUID> membersContractIds, SysSystemDto userSystemDto, int[] count, String uid, SynchronizationContext context) {
// On every 20th item will be hibernate flushed and check if sync was not ended.
if (count[0] % 20 == 0 && count[0] > 0) {
if (!checkForCancelAndFlush(config)) {
return;
}
}
count[0]++;
// Need to find account using SysSystemEntityDto uid, because uid of AccAccountDto can be different.
SysSystemEntityFilter entityFilter = new SysSystemEntityFilter();
entityFilter.setEntityType(SystemEntityType.IDENTITY);
entityFilter.setSystemId(userSystemDto.getId());
entityFilter.setUid(uid);
SysSystemEntityDto systemEntity = systemEntityService.find(entityFilter, null).stream().findFirst().orElse(null);
if (systemEntity == null) {
return;
}
AccAccountFilter accAccountFilter = new AccAccountFilter();
accAccountFilter.setSystemEntityId(systemEntity.getId());
final UUID accAccountId = accountService.findIds(accAccountFilter, null).stream().findFirst().orElse(null);
if (accAccountId == null) {
return;
}
AccIdentityAccountFilter identityAccountWithoutRelationFilter = new AccIdentityAccountFilter();
identityAccountWithoutRelationFilter.setAccountId(accAccountId);
AccIdentityAccountDto identityAccountDto = identityAccountService.find(identityAccountWithoutRelationFilter, null).getContent().stream().findFirst().orElse(null);
if (identityAccountDto == null) {
return;
}
UUID identityId = identityAccountDto.getIdentity();
IdmIdentityContractDto primeContract = identityContractService.getPrimeContract(identityId);
if (primeContract == null) {
addToItemLog(logItem, MessageFormat.format("!!Role was not assigned to the user [{0}], because primary contract was not found!!", uid));
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, context.getLog(), context.getActionLogs());
return;
}
membersContractIds.add(primeContract.getId());
IdmIdentityRoleDto existIdentityRoleDto = existsIdentityRoleDtos.stream().filter(identityRole -> primeContract.getId().equals(identityRole.getIdentityContract())).findFirst().orElse(null);
if (existIdentityRoleDto != null) {
// Identity already has the role.
return;
}
addToItemLog(logItem, MessageFormat.format("Role is not assigned for user [{0}] and contract [{1}]. Role request for add role will be created.", uid, primeContract.getId()));
// Get cache with role-requests by identity-contract.
Map<UUID, UUID> roleRequestCache = getRoleRequestCache();
// Get role-request for the primary contract from a cache. If no request is present, then create one.
initRoleRequest(primeContract, roleRequestCache, config);
UUID roleRequestId = roleRequestCache.get(primeContract.getId());
IdmRoleRequestDto mockRoleRequest = new IdmRoleRequestDto();
mockRoleRequest.setId(roleRequestId);
// Create a concept for assign a role to primary contract.
roleRequestService.createConcept(mockRoleRequest, primeContract, null, roleDto.getId(), ConceptRoleRequestOperation.ADD);
}
Also used :
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
UUID(java.util.UUID)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
SysSystemEntityFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemEntityFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
Example 37 with AccAccountFilter
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method changePassword.
@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
Assert.notNull(dto, "DTO is required.");
Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
Assert.notNull(passwordChange, "Password change dto is required.");
List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
//
EntityAccountFilter filter = this.createEntityAccountFilter();
filter.setEntityId(dto.getId());
List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
if (entityAccountList == null) {
return Collections.<OperationResult>emptyList();
}
// Distinct by accounts
List<UUID> accountIds = new ArrayList<>();
entityAccountList.stream().filter(entityAccount -> {
if (!entityAccount.isOwnership()) {
return false;
}
if (passwordChange.isAll()) {
// Add all account supports change password
if (entityAccount.getAccount() == null) {
return false;
}
// Check if system for this account support change password
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSupportChangePassword(Boolean.TRUE);
accountFilter.setId(entityAccount.getAccount());
List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
if (accountsChecked.size() == 1) {
return true;
}
return false;
} else {
return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
}
}).forEach(entityAccount -> {
if (!accountIds.contains(entityAccount.getAccount())) {
accountIds.add(entityAccount.getAccount());
}
});
//
// Is possible that some account has disabled password attributes
List<OperationResult> notExecutedPasswordChanged = new ArrayList<>();
//
List<AccAccountDto> accounts = new ArrayList<>();
accountIds.forEach(accountId -> {
AccAccountDto account = accountService.get(accountId);
// Skip account in protection
if (account.isInProtection()) {
// Skip this iteration
return;
}
//
accounts.add(account);
// find UID from system entity or from account
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system);
if (account.getSystemEntity() == null) {
throw new SystemEntityNotFoundException(AccResultCode.PROVISIONING_PASSWORD_SYSTEM_ENTITY_NOT_FOUND, String.valueOf(account.getUid()), system.getCode());
}
SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
//
// Find mapped attributes (include overloaded attributes)
List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
if (CollectionUtils.isEmpty(finalAttributes)) {
return;
}
// We try find __PASSWORD__ attribute in mapped attributes
AttributeMapping mappedAttribute = finalAttributes.stream().filter((attribute) -> {
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
}).findFirst().orElse(null);
//
// get all another passwords, list with all passwords (included primary password marked as __PASSWORD__)
SysSystemMappingDto systemMappingDto = getMapping(system, systemEntity.getEntityType());
List<SysSystemAttributeMappingDto> passwordAttributes = attributeMappingService.getAllPasswordAttributes(system.getId(), systemMappingDto.getId());
//
// create account object with all another password
Map<ProvisioningAttributeDto, Object> accountObjectWithAnotherPassword = new HashMap<>(passwordAttributes.size());
for (AttributeMapping passwordAttribute : passwordAttributes) {
// all password attributes contains also main __PASSWORD__ the attribute must be skipped
if (mappedAttribute != null && mappedAttribute.equals(passwordAttribute)) {
continue;
}
GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), passwordAttribute, systemEntity.getUid(), dto);
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(passwordAttribute.getSchemaAttribute());
ProvisioningAttributeDto passwordProvisiongAttributeDto = ProvisioningAttributeDto.createProvisioningAttributeKey(passwordAttribute, schemaAttribute.getName(), schemaAttribute.getClassType());
accountObjectWithAnotherPassword.put(passwordProvisiongAttributeDto, transformPassword);
}
// for this account doesn't exist mapped attribute as password
if (accountObjectWithAnotherPassword.isEmpty() && mappedAttribute == null) {
// Beware we cant use AccAccountDto from acc module, in core is checked by this
notExecutedPasswordChanged.add(new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, ImmutableMap.of(IdmAccountDto.PARAMETER_NAME, createResultAccount(account, system)))).build());
// for this account is this failed password change
return;
}
//
// add all account attributes => standard provisioning
SysProvisioningOperationDto additionalProvisioningOperation = null;
// resolve another attributes that must be sent together with password
List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
if (!additionalPasswordChangeAttributes.isEmpty()) {
additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
}
// add another password
if (!accountObjectWithAnotherPassword.isEmpty()) {
if (additionalProvisioningOperation == null) {
// if additional operation is null create one
additionalProvisioningOperation = prepareProvisioningOperationForAdditionalPassword(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, systemMappingDto, accountObjectWithAnotherPassword);
} else {
// if additional operation exists just add all account object with additional passwords
additionalProvisioningOperation.getProvisioningContext().getAccountObject().putAll(accountObjectWithAnotherPassword);
}
}
//
// password change operation
SysProvisioningOperationDto operation;
if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
// all attributes including another password attributes will be sent with password one provisioning operation
operation = additionalProvisioningOperation;
//
if (mappedAttribute != null) {
// Main password attribute isn't mapped
// transform password value trough transformation
GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), mappedAttribute, systemEntity.getUid(), dto);
//
// add wish for password
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.get(mappedAttribute.getSchemaAttribute());
ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeDto.getName(), schemaAttributeDto.getClassType());
//
// newly isn't needed check if password is constant or etc.
//
operation.getProvisioningContext().getAccountObject().put(passwordAttribute, transformPassword);
}
//
// do provisioning for additional attributes and password
// together
preparedOperations.add(operation);
} else {
//
if (mappedAttribute != null) {
// Main password attribute isn't mapped
// transform password value trough transformation
GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), mappedAttribute, systemEntity.getUid(), dto);
//
operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, transformPassword, ProvisioningOperationType.UPDATE, dto);
preparedOperations.add(operation);
}
// do provisioning for additional attributes and passwords in second
if (additionalProvisioningOperation != null) {
preparedOperations.add(additionalProvisioningOperation);
}
}
});
//
// execute prepared operations
List<OperationResult> results = preparedOperations.stream().map(operation -> {
SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
Map<String, Object> parameters = new LinkedHashMap<String, Object>();
AccAccountDto account = accounts.stream().filter(a -> {
return a.getRealUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
}).findFirst().get();
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system);
//
parameters.put(IdmAccountDto.PARAMETER_NAME, createResultAccount(account, system));
//
if (result.getResult().getState() == OperationState.EXECUTED) {
// Add success changed password account
return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
}
OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
changeResult.setCause(result.getResult().getCause());
changeResult.setCode(result.getResult().getCode());
return changeResult;
}).collect(Collectors.toList());
//
// add not executed changed from prepare stage
results.addAll(notExecutedPasswordChanged);
return results;
}
Also used :
ProvisioningExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
AccIdentityAccount_(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount_)
EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)
StringUtils(org.apache.commons.lang3.StringUtils)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
SysSystemEntity_(eu.bcvsolutions.idm.acc.entity.SysSystemEntity_)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
Map(java.util.Map)
ProvisioningEntityExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningEntityExecutor)
SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping)
ImmutableMap(com.google.common.collect.ImmutableMap)
Collection(java.util.Collection)
SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType)
ReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.ReadWriteDtoService)
Set(java.util.Set)
PageRequest(org.springframework.data.domain.PageRequest)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
Serializable(java.io.Serializable)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
List(java.util.List)
EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)
AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
CollectionUtils(org.springframework.util.CollectionUtils)
AccountType(eu.bcvsolutions.idm.acc.domain.AccountType)
Optional(java.util.Optional)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
MappingContext(eu.bcvsolutions.idm.acc.domain.MappingContext)
IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade)
ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent)
AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)
SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_)
ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType)
SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService)
IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto)
HashMap(java.util.HashMap)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemAttribute_(eu.bcvsolutions.idm.acc.entity.SysRoleSystemAttribute_)
MessageFormat(java.text.MessageFormat)
ArrayList(java.util.ArrayList)
LinkedHashMap(java.util.LinkedHashMap)
SystemEntityNotFoundException(eu.bcvsolutions.idm.acc.exception.SystemEntityNotFoundException)
SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
ImmutableList(com.google.common.collect.ImmutableList)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
ProvisioningOperationType(eu.bcvsolutions.idm.acc.domain.ProvisioningOperationType)
LinkedHashSet(java.util.LinkedHashSet)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext)
Codeable(eu.bcvsolutions.idm.core.api.domain.Codeable)
SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_)
SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
EventContext(eu.bcvsolutions.idm.core.api.event.EventContext)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
Contextable(eu.bcvsolutions.idm.core.api.domain.Contextable)
AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService)
Collections(java.util.Collections)
SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService)
PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)
EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager)
Assert(org.springframework.util.Assert)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
ArrayList(java.util.ArrayList)
OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
List(java.util.List)
ArrayList(java.util.ArrayList)
ImmutableList(com.google.common.collect.ImmutableList)
UUID(java.util.UUID)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SystemEntityNotFoundException(eu.bcvsolutions.idm.acc.exception.SystemEntityNotFoundException)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)
SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Example 38 with AccAccountFilter
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemEntityService method deleteInternal.
@Override
@Transactional
public void deleteInternal(SysSystemEntityDto systemEntity) {
Assert.notNull(systemEntity, "System entity is required.");
//
SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
filter.setSystemId(systemEntity.getSystem());
filter.setEntityType(systemEntity.getEntityType());
filter.setSystemEntity(systemEntity.getId());
// TODO: transform this behavior to events
if (provisioningOperationService.count(filter) > 0) {
SysSystemDto system = DtoUtils.getEmbedded(systemEntity, SysSystemEntity_.system);
throw new ResultCodeException(AccResultCode.SYSTEM_ENTITY_DELETE_FAILED_HAS_OPERATIONS, ImmutableMap.of("uid", systemEntity.getUid(), "system", system.getName()));
}
//
// clear accounts - only link, can be rebuild
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSystemEntityId(systemEntity.getId());
accountService.find(accountFilter, null).forEach(account -> {
account.setSystemEntity(null);
accountService.save(account);
});
//
// clear batches
SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
if (batch != null) {
batchService.delete(batch);
}
//
super.deleteInternal(systemEntity);
}
Also used :
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
SysProvisioningBatchDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBatchDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 39 with AccAccountFilter
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccUniformPasswordService method findOptionsForPasswordChange.
@Override
public List<AccPasswordChangeOptionDto> findOptionsForPasswordChange(IdmIdentityDto identity, BasePermission... permissions) {
List<AccPasswordChangeOptionDto> result = Lists.newArrayList();
AccUniformPasswordSystemFilter filter = new AccUniformPasswordSystemFilter();
filter.setIdentityId(identity.getId());
filter.setUniformPasswordDisabled(Boolean.FALSE);
List<AccUniformPasswordSystemDto> uniformPasswordSystems = this.uniformPasswordSystemService.find(filter, null).getContent();
// Group uniform password system by uniform password definition
Map<AccUniformPasswordDto, List<AccAccountDto>> accountsForUniformPassword = Maps.newHashMap();
// Same behavior as previous versions
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setOwnership(Boolean.TRUE);
accountFilter.setSupportChangePassword(Boolean.TRUE);
accountFilter.setIdentityId(identity.getId());
accountFilter.setInProtection(Boolean.FALSE);
// Include given permissions
List<AccAccountDto> accounts = accountService.find(accountFilter, null, permissions).getContent();
for (AccAccountDto account : accounts) {
// One system can be place more than one in uniform password systems
List<AccUniformPasswordSystemDto> uniformBySystem = uniformPasswordSystems.stream().filter(pfs -> {
return pfs.getSystem().equals(account.getSystem());
}).collect(Collectors.toList());
if (CollectionUtils.isEmpty(uniformBySystem)) {
// Simple account as option
AccPasswordChangeOptionDto optionDto = new AccPasswordChangeOptionDto(account);
optionDto.setNiceLabel(getNiceLabelForOption(account));
result.add(optionDto);
continue;
}
for (AccUniformPasswordSystemDto uniformPasswordSystemDto : uniformBySystem) {
AccUniformPasswordDto definition = DtoUtils.getEmbedded(uniformPasswordSystemDto, AccUniformPasswordSystem_.uniformPassword, AccUniformPasswordDto.class, null);
if (accountsForUniformPassword.containsKey(definition)) {
accountsForUniformPassword.get(definition).add(account);
} else {
accountsForUniformPassword.put(definition, Lists.newArrayList(account));
}
}
}
// Check if exists account for uniform password and process options for them
if (!accountsForUniformPassword.isEmpty()) {
for (Entry<AccUniformPasswordDto, List<AccAccountDto>> entry : accountsForUniformPassword.entrySet()) {
// There is also needed
AccUniformPasswordDto uniformPasswordDto = entry.getKey();
AccPasswordChangeOptionDto optionDto = new AccPasswordChangeOptionDto(uniformPasswordDto, entry.getValue());
optionDto.setNiceLabel(getNiceLabelForOption(uniformPasswordDto));
optionDto.setChangeInIdm(uniformPasswordDto.isChangeInIdm());
result.add(optionDto);
}
}
return result;
}
Also used :
AccUniformPassword(eu.bcvsolutions.idm.acc.entity.AccUniformPassword)
AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
AccUniformPasswordRepository(eu.bcvsolutions.idm.acc.repository.AccUniformPasswordRepository)
AccUniformPasswordService(eu.bcvsolutions.idm.acc.service.api.AccUniformPasswordService)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AccUniformPassword_(eu.bcvsolutions.idm.acc.entity.AccUniformPassword_)
StringUtils(org.apache.commons.lang3.StringUtils)
AccUniformPasswordFilter(eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordFilter)
MessageFormat(java.text.MessageFormat)
Lists(com.google.common.collect.Lists)
Predicate(javax.persistence.criteria.Predicate)
CollectionUtils(org.apache.commons.collections.CollectionUtils)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
Service(org.springframework.stereotype.Service)
Map(java.util.Map)
AccUniformPasswordSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordSystemFilter)
AccUniformPasswordSystem_(eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem_)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
AccGroupPermission(eu.bcvsolutions.idm.acc.domain.AccGroupPermission)
Root(javax.persistence.criteria.Root)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
AccUniformPasswordSystemDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordSystemDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
AbstractEventableDtoService(eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService)
Collectors(java.util.stream.Collectors)
Maps(com.google.common.collect.Maps)
AccUniformPasswordSystemService(eu.bcvsolutions.idm.acc.service.api.AccUniformPasswordSystemService)
List(java.util.List)
AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_)
AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService)
Entry(java.util.Map.Entry)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
AccPasswordChangeOptionDto(eu.bcvsolutions.idm.acc.dto.AccPasswordChangeOptionDto)
EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
AccUniformPasswordSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordSystemFilter)
AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
AccPasswordChangeOptionDto(eu.bcvsolutions.idm.acc.dto.AccPasswordChangeOptionDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
AccUniformPasswordSystemDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordSystemDto)
List(java.util.List)
Example 40 with AccAccountFilter
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultPasswordFilterManager method getAccountForSystemWithPasswordFilter.
/**
* Return account for given system and identity. Only one may exists.
*
* @param system
* @param identity
* @return
*/
private List<AccAccountDto> getAccountForSystemWithPasswordFilter(SysSystemDto system, IdmIdentityDto identity) {
AccAccountFilter filter = new AccAccountFilter();
filter.setSystemId(system.getId());
filter.setIdentityId(identity.getId());
filter.setSupportPasswordFilter(Boolean.TRUE);
return accountService.find(filter, null).getContent();
}
Also used :
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
Aggregations
AccAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)45
AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)33
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)25
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)18
Test (org.junit.Test)18
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)12
UUID (java.util.UUID)11
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)9
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)9
SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)6
SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)6
ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)6
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)6
SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)5
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)5
AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)4
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)4
SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)4
AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)4
