Examples with AccIdentityAccountFilter eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter used on opensource projects

Example 41 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningExecutor method getAttributeValue.

@Override
protected Object getAttributeValue(String uid, IdmIdentityDto dto, AttributeMapping attribute, SysSystemDto system, MappingContext mappingContext) {
    if (attribute instanceof SysRoleSystemAttributeDto) {
        SysRoleSystemAttributeDto roleSystemAttributeDto = (SysRoleSystemAttributeDto) attribute;
        if (roleSystemAttributeDto.isSkipValueIfExcluded() && (AttributeMappingStrategyType.MERGE == roleSystemAttributeDto.getStrategyType() || AttributeMappingStrategyType.AUTHORITATIVE_MERGE == roleSystemAttributeDto.getStrategyType())) {
            // Get ID of the role
            Assert.notNull(roleSystemAttributeDto.getRoleSystem(), "SysRoleSystem cannot be null!");
            SysRoleSystemDto roleSystemDto = DtoUtils.getEmbedded(roleSystemAttributeDto, SysRoleSystemAttribute_.roleSystem.getName(), SysRoleSystemDto.class, (SysRoleSystemDto) null);
            if (roleSystemDto == null) {
                roleSystemDto = roleSystemService.get(roleSystemAttributeDto.getId());
            }
            UUID roleId = roleSystemDto.getRole();
            Assert.notNull(roleId, "Role cannot be null!");
            // Find count of NOT excluded contracts for this identity and role
            IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
            contractFilter.setIdentity(dto.getId());
            contractFilter.setExcluded(Boolean.FALSE);
            contractFilter.setRoleId(roleId);
            // If exists some not excluded contract, then value will be not skipped!
            long countOfNotExcludedContracts = identityContractService.count(contractFilter);
            if (countOfNotExcludedContracts == 0) {
                contractFilter.setExcluded(Boolean.TRUE);
                // For skip the value must exist at least one excluded contract
                long countOfexcludedContracts = identityContractService.count(contractFilter);
                if (countOfexcludedContracts >= 0) {
                    return null;
                }
            }
        }
    }
    // identity-roles). That list will be input for that fields.
    if (// 
    attribute != null && (// 
    ASSIGNED_ROLES_FIELD.equals(attribute.getIdmPropertyName()) || // 
    ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName()))) {
        // 
        assertNotNull(dto.getId());
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setIdentityId(dto.getId());
        identityRoleFilter.setValid(Boolean.TRUE);
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, PageRequest.of(0, Integer.MAX_VALUE, Sort.by(IdmIdentityRole_.created.getName()))).getContent();
        List<IdmIdentityRoleDto> identityRolesToProcess;
        if (ASSIGNED_ROLES_FOR_SYSTEM_FIELD.equals(attribute.getIdmPropertyName())) {
            // For ASSIGNED_ROLES_FOR_SYSTEM_FIELD we will convert only identity-roles for
            // that identity and given system
            assertNotNull(system.getId());
            List<IdmIdentityRoleDto> identityRolesForSystem = Lists.newArrayList();
            AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
            identityAccountFilter.setIdentityId(dto.getId());
            identityAccountFilter.setSystemId(system.getId());
            List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
            // Filtering only identity-roles for that system
            identityAccounts.forEach(identityAccount -> {
                identityRolesForSystem.addAll(// 
                identityRoles.stream().filter(// 
                identityRole -> identityRole.getId().equals(identityAccount.getIdentityRole())).collect(// 
                Collectors.toList()));
            });
            identityRolesToProcess = identityRolesForSystem;
        } else {
            // For ASSIGNED_ROLES_FIELD we will convert all identity-roles for that identity
            identityRolesToProcess = identityRoles;
        }
        List<AssignedRoleDto> assignedRoles = new ArrayList<>();
        identityRolesToProcess.forEach(identityRole -> {
            IdmFormInstanceDto formInstanceDto = identityRoleService.getRoleAttributeValues(identityRole);
            identityRole.getEavs().clear();
            identityRole.getEavs().add(formInstanceDto);
            // Convert identityRole to AssignedRoleDto
            assignedRoles.add(IdentityProvisioningExecutor.convertToAssignedRoleDto(identityRole));
        });
        return attributeMappingService.transformValueToResource(uid, assignedRoles, attribute, dto);
    }
    // For user-type (projection) will be attribute value IdmFormProjectionDto.
    if (attribute != null && dto != null && dto.getFormProjection() != null && IdmIdentity_.formProjection.getName().equals(attribute.getIdmPropertyName())) {
        BaseDto projection = lookupService.lookupEmbeddedDto(dto, IdmIdentity_.formProjection);
        return attributeMappingService.transformValueToResource(uid, projection, attribute, dto);
    }
    // Default transformation of Identity state enum to string
    if (attribute != null && dto != null && IDENTITY_STATE_IDM_NAME.equals(attribute.getIdmPropertyName())) {
        String state = dto.getState().toString();
        return attributeMappingService.transformValueToResource(uid, state, attribute, dto);
    }
    return super.getAttributeValue(uid, dto, attribute, system, mappingContext);
}

Example 42 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method findDuplicate.

/**
 * Search duplicate for given identity-account relation. If some duplicate is
 * found, then is returned first.
 *
 * @param identityAccount
 * @return
 */
private AccIdentityAccountDto findDuplicate(AccIdentityAccountDto identityAccount) {
    Assert.notNull(identityAccount, "Identity account is required.");
    Assert.notNull(identityAccount.getAccount(), "Account is required.");
    Assert.notNull(identityAccount.getIdentity(), "Identity is required.");
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setAccountId(identityAccount.getAccount());
    filter.setOwnership(identityAccount.isOwnership());
    filter.setIdentityId(identityAccount.getIdentity());
    filter.setIdentityRoleId(identityAccount.getIdentityRole());
    filter.setRoleSystemId(identityAccount.getRoleSystem());
    List<AccIdentityAccountDto> entityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1)).getContent();
    if (entityAccounts.isEmpty()) {
        return null;
    }
    return entityAccounts.get(0);
}

Example 43 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentitySyncTest method testCreateIdentityWithDefaultContractAndRoleAsync.

@Test
public void testCreateIdentityWithDefaultContractAndRoleAsync() {
    try {
        getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, true);
        SysSystemDto system = initData();
        Assert.assertNotNull(system);
        IdmRoleDto defaultRole = helper.createRole();
        SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
        // Set default role to sync configuration
        config.setDefaultRole(defaultRole.getId());
        config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
        config.setCreateDefaultContract(true);
        config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
        // create default mapping for provisioning
        helper.createMapping(system);
        helper.createRoleSystem(defaultRole, system);
        IdmIdentityFilter identityFilter = new IdmIdentityFilter();
        identityFilter.setUsername(IDENTITY_ONE);
        List<IdmIdentityDto> identities = identityService.find(identityFilter, null).getContent();
        Assert.assertEquals(0, identities.size());
        helper.startSynchronization(config);
        // Have to be in the success state, because default role will be assigned to the default contract.
        SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1, OperationResultType.SUCCESS);
        Assert.assertFalse(log.isRunning());
        Assert.assertFalse(log.isContainsError());
        identities = identityService.find(identityFilter, null).getContent();
        Assert.assertEquals(1, identities.size());
        IdmIdentityDto identity = identities.get(0);
        List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identities.get(0).getId());
        Assert.assertEquals(1, roles.size());
        IdmIdentityRoleDto assignedRole = roles.get(0);
        Assert.assertEquals(defaultRole.getId(), assignedRole.getRole());
        // Check only one identity account is created.
        // Only one identity-account relation can exists, because only one
        // current valid identity-role exists now (the second is future valid).
        AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
        accountFilter.setIdentityId(identity.getId());
        List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
        // !!!!To delete - Test doesn't pass on the Jenkins, we need to more information
        if (identityAccounts.size() > 1) {
            identityAccounts.forEach(identityAccountDtoOne -> {
                System.out.println("Account: " + identityAccountDtoOne.getAccount());
                System.out.println("RoleSystem: " + identityAccountDtoOne.getRoleSystem());
                System.out.println("Identity: " + identityAccountDtoOne.getIdentity());
                System.out.println("IdentityRole: " + identityAccountDtoOne.getIdentityRole());
            });
        }
        // !!!
        Assert.assertEquals(1, identityAccounts.size());
        Assert.assertEquals(assignedRole.getId(), identityAccounts.get(0).getIdentityRole());
        // Delete log
        syncLogService.delete(log);
        syncConfigService.delete(config);
    } finally {
        getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, false);
    }
}

Example 44 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentitySyncTest method updateIdentityPropagateValidityTest.

@Test
public void updateIdentityPropagateValidityTest() {
    SysSystemDto system = initData();
    Assert.assertNotNull(system);
    SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
    IdmRoleDto defaultRole = helper.createRole();
    // Set default role to sync configuration
    config.setDefaultRole(defaultRole.getId());
    config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
    config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
    IdmIdentityDto identityOne = helper.createIdentity(IDENTITY_ONE);
    IdmIdentityContractDto primeContract = contractService.getPrimeContract(identityOne.getId());
    Assert.assertNotNull(primeContract);
    LocalDate validTill = LocalDate.now().plusDays(10);
    LocalDate validFrom = LocalDate.now().plusDays(-10);
    primeContract.setValidFrom(validFrom);
    primeContract.setValidTill(validTill);
    primeContract = contractService.save(primeContract);
    IdmIdentityFilter identityFilter = new IdmIdentityFilter();
    identityFilter.setUsername(IDENTITY_ONE);
    helper.startSynchronization(config);
    SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.LINK, 1, OperationResultType.SUCCESS);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identityOne.getId());
    Assert.assertEquals(1, roles.size());
    IdmIdentityRoleDto identityRole = roles.get(0);
    Assert.assertEquals(defaultRole.getId(), identityRole.getRole());
    Assert.assertEquals(identityRole.getValidFrom(), validFrom);
    Assert.assertNull(identityRole.getValidTill());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityRoleId(identityRole.getId());
    Assert.assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Delete log
    syncLogService.delete(log);
}

Example 45 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityAccountSaveProcessor method findIdentityAccounts.

private List<AccIdentityAccountDto> findIdentityAccounts(UUID account) {
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setAccountId(account);
    filter.setOwnership(Boolean.TRUE);
    List<AccIdentityAccountDto> identityAccounts = service.find(filter, null).getContent();
    return identityAccounts;
}