use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class IdentitySyncTest method testDefaultRoleToAllContractsWithDefaultContract.
@Test
public void testDefaultRoleToAllContractsWithDefaultContract() {
SysSystemDto system = initData();
Assert.assertNotNull(system);
IdmRoleDto defaultRole = helper.createRole();
//
SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
// Set default role to sync configuration
config.setDefaultRole(defaultRole.getId());
config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
config.setCreateDefaultContract(true);
config.setAssignDefaultRoleToAll(true);
config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
//
// create default mapping for provisioning
helper.createMapping(system);
helper.createRoleSystem(defaultRole, system);
IdmIdentityFilter identityFilter = new IdmIdentityFilter();
identityFilter.setUsername(IDENTITY_ONE);
List<IdmIdentityDto> identities = identityService.find(identityFilter, null).getContent();
Assert.assertEquals(0, identities.size());
helper.startSynchronization(config);
// Have to be in the success state, because default role will be assigned to the default contract.
SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1, OperationResultType.SUCCESS);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
identities = identityService.find(identityFilter, null).getContent();
Assert.assertEquals(1, identities.size());
IdmIdentityDto identity = identities.get(0);
List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identities.get(0).getId());
Assert.assertEquals(1, roles.size());
IdmIdentityRoleDto assignedRole = roles.get(0);
Assert.assertEquals(defaultRole.getId(), assignedRole.getRole());
// check only one identity account is created
AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
accountFilter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
Assert.assertEquals(assignedRole.getId(), identityAccounts.get(0).getIdentityRole());
// Delete log
syncLogService.delete(log);
syncConfigService.delete(config);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class ChangesOnSystemReportExecutor method findIdentityAndAccount.
/**
*******************************************************************
* ************* New methods
*****************************************
*/
/**
* Find the identity and account from the AccIdentityAccountDto binding
*
* @param accountId
* @param systemId
* @return
*/
private Pair<AccAccountDto, IdmIdentityDto> findIdentityAndAccount(UUID systemId, UUID accountId, UUID identityId) {
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setAccountId(accountId);
filter.setIdentityId(identityId);
filter.setSystemId(systemId);
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
if (identityAccounts.isEmpty()) {
AccAccountDto account = accountService.get(accountId);
return Pair.of(account, null);
}
IdmIdentityDto identity = getLookupService().lookupEmbeddedDto(identityAccounts.get(0), AccIdentityAccount_.identity);
AccAccountDto account = getLookupService().lookupEmbeddedDto(identityAccounts.get(0), AccIdentityAccount_.account);
return Pair.of(account, identity);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method deleteIdentityAccount.
@Override
@Transactional
public List<UUID> deleteIdentityAccount(IdmIdentityRoleDto entity) {
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityRoleId(entity.getId());
List<UUID> accountIds = Lists.newArrayList();
//
identityAccountService.find(filter, null).getContent().forEach(identityAccount -> {
//
accountIds.add(identityAccount.getAccount());
identityAccountService.delete(identityAccount);
});
return accountIds;
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method deleteIdentityAccount.
@Override
@Transactional
public void deleteIdentityAccount(EntityEvent<IdmIdentityRoleDto> event) {
Assert.notNull(event, "Event is required.");
IdmIdentityRoleDto identityRole = event.getContent();
Assert.notNull(identityRole, "Identity role is required.");
Assert.notNull(identityRole, "Identity role identifier is required.");
//
boolean skipPropagate = event.getBooleanProperty(IdmAccountDto.SKIP_PROPAGATE);
boolean bulk = event.getRootId() != null && entityEventManager.isRunnable(event.getRootId()) && !// check parent event is not role request
entityEventManager.getEvent(event.getRootId()).getOwnerType().equals(entityEventManager.getOwnerType(IdmRoleRequestDto.class));
if (!skipPropagate && !bulk) {
// role is deleted without request or without any parent ... we need to remove account synchronously
List<UUID> accountIds = deleteIdentityAccount(identityRole);
// We needs accounts which were connected to deleted identity-role in next
// processor (we want to execute provisioning only for that accounts)
event.getProperties().put(ACCOUNT_IDS_FOR_DELETED_IDENTITY_ROLE, (Serializable) accountIds);
return;
}
// Role is deleted in bulk (e.g. role request) - account management has to be called outside
// we just mark identity account to be deleted and remove identity role
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityRoleId(identityRole.getId());
//
identityAccountService.find(filter, null).getContent().forEach(identityAccount -> {
//
// Set relation on identity-role to null
identityAccount.setIdentityRole(null);
if (bulk) {
// For bulk create entity state for identity account.
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setSuperOwnerId(identityAccount.getIdentity());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(identityAccount, stateDeleted);
} else {
// Noting identity-accounts for delayed delete and account management
notingIdentityAccountForDelayedAcm(event, identityAccount, IdmAccountDto.IDENTITY_ACCOUNT_FOR_DELAYED_ACM);
}
identityAccountService.save(identityAccount);
});
// If default creation of accounts is disabled for this role-system (or system is in a cross-domain group), then relation between identity
// and account may not exist. In this scenario we have to made provisioning too.
// So we try to find these role-systems and its accounts.
SysRoleSystemFilter roleSystemForProvisioningFilter = new SysRoleSystemFilter();
roleSystemForProvisioningFilter.setRoleId(identityRole.getRole());
roleSystemService.find(roleSystemForProvisioningFilter, null).getContent().stream().filter(roleSystem -> {
if (!roleSystem.isCreateAccountByDefault()) {
return true;
} else {
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1 && (identityRole.getRoleSystem() == null || roleSystem.getId().equals(identityRole.getRoleSystem()))) {
// -> Provisioning should be made.
return true;
}
}
return false;
}).forEach(roleSystem -> {
IdmIdentityContractDto contractDto = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRole_.identityContract);
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setSystemId(roleSystem.getSystem());
identityAccountFilter.setIdentityId(contractDto.getIdentity());
identityAccountService.find(identityAccountFilter, null).getContent().forEach(identityAccount -> {
// Noting identity-accounts for delayed additional provisioning.
notingIdentityAccountForDelayedAcm(event, identityAccount, IdmAccountDto.ACCOUNT_FOR_ADDITIONAL_PROVISIONING);
});
});
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method resolveIdentityAccounts.
@Override
public boolean resolveIdentityAccounts(IdmIdentityDto identity) {
Assert.notNull(identity, "Identity is required.");
// find not deleted identity accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> allIdentityAccountList = identityAccountService.find(filter, null).getContent();
List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(identity.getId());
if (CollectionUtils.isEmpty(identityRoles) && CollectionUtils.isEmpty(allIdentityAccountList)) {
// No roles and accounts ... we don't have anything to do
return false;
}
// account with delete accepted states will be removed on the end
IdmEntityStateFilter identityAccountStatesFilter = new IdmEntityStateFilter();
identityAccountStatesFilter.setSuperOwnerId(identity.getId());
identityAccountStatesFilter.setOwnerType(entityStateManager.getOwnerType(AccIdentityAccountDto.class));
identityAccountStatesFilter.setResultCode(CoreResultCode.DELETED.getCode());
List<IdmEntityStateDto> identityAccountStates = entityStateManager.findStates(identityAccountStatesFilter, null).getContent();
List<AccIdentityAccountDto> identityAccountList = //
allIdentityAccountList.stream().filter(ia -> {
return !//
identityAccountStates.stream().anyMatch(state -> {
return ia.getId().equals(state.getOwnerId());
});
}).collect(Collectors.toList());
// create / remove accounts
if (!CollectionUtils.isEmpty(identityRoles) || !CollectionUtils.isEmpty(identityAccountList)) {
List<AccIdentityAccountDto> identityAccountsToCreate = new ArrayList<>();
List<AccIdentityAccountDto> identityAccountsToDelete = new ArrayList<>();
// Is role valid in this moment
resolveIdentityAccountForCreate(identity, identityAccountList, identityRoles, identityAccountsToCreate, identityAccountsToDelete, false, null);
// Is role invalid in this moment
resolveIdentityAccountForDelete(identityAccountList, identityRoles, identityAccountsToDelete);
// Create new identity accounts
identityAccountsToCreate.forEach(identityAccount -> identityAccountService.save(identityAccount));
// Delete invalid identity accounts
identityAccountsToDelete.forEach(identityAccount -> identityAccountService.deleteById(identityAccount.getId()));
}
// clear identity accounts marked to be deleted
//
identityAccountStates.stream().forEach(state -> {
//
AccIdentityAccountDto deleteIdentityAccount = identityAccountService.get(state.getOwnerId());
if (deleteIdentityAccount != null) {
// identity account can be deleted manually.
identityAccountService.delete(deleteIdentityAccount);
}
entityStateManager.deleteState(state);
});
// Return value is deprecated since version 9.5.0 (is useless)
return true;
}
Aggregations