use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.
the class AccountManagementTest method testAccountCannotBeCreated.
@Test
public /**
* Script on the mapping "Can be account created?" returns false.
*/
void testAccountCannotBeCreated() {
SysSystemDto system = initData();
Assert.assertNotNull(system);
SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.ROLE);
Assert.assertNotNull(mapping);
mapping.setCanBeAccountCreatedScript("return Boolean.FALSE;");
mapping = systemMappingService.save(mapping);
IdmRoleDto defaultRole = helper.createRole();
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setEntityId(defaultRole.getId());
roleAccountFilter.setOwnership(Boolean.TRUE);
roleAccountFilter.setSystemId(system.getId());
List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(0, roleAccounts.size());
// Delete role
roleService.delete(defaultRole);
// Delete role mapping
systemMappingService.delete(mapping);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.
the class AccRoleAccountController method toFilter.
@Override
protected AccRoleAccountFilter toFilter(MultiValueMap<String, Object> parameters) {
AccRoleAccountFilter filter = new AccRoleAccountFilter();
filter.setAccountId(getParameterConverter().toUuid(parameters, "accountId"));
filter.setRoleId(getParameterConverter().toEntityUuid(parameters, AccRoleAccountFilter.PARAMETER_ROLE_ID, IdmRoleDto.class));
filter.setSystemId(getParameterConverter().toUuid(parameters, "systemId"));
filter.setOwnership(getParameterConverter().toBoolean(parameters, "ownership"));
return filter;
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method doUnlink.
/**
* Operation remove RoleAccount relations and linked roles
*
* @param account
* @param removeRoleRole
* @param log
* @param logItem
* @param actionLogs
*/
protected void doUnlink(AccAccountDto account, boolean removeRoleRole, SysSyncLogDto log, SysSyncItemLogDto logItem, List<SysSyncActionLogDto> actionLogs) {
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setAccountId(account.getId());
List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
if (roleAccounts.isEmpty()) {
addToItemLog(logItem, "Warning! - Role account relation was not found!");
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
return;
}
addToItemLog(logItem, MessageFormat.format("Role-account relations to delete {0}", roleAccounts));
roleAccounts.forEach(roleAccount -> {
// We will remove role account, but without delete connected
// account
roleAccountService.delete(roleAccount, false);
addToItemLog(logItem, MessageFormat.format("Role-account relation deleted (without call delete provisioning) (username: {0}, id: {1})", roleAccount.getRole(), roleAccount.getId()));
});
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.
the class AccountDeleteProcessor method process.
@Override
public EventResult<AccAccountDto> process(EntityEvent<AccAccountDto> event) {
AccAccountDto account = event.getContent();
UUID entityId = null;
Object entityIdObj = event.getProperties().get(AccAccountService.ENTITY_ID_PROPERTY);
if (entityIdObj instanceof UUID) {
entityId = (UUID) entityIdObj;
}
boolean deleteTargetAccount = false;
Object deleteTargetAccountObj = event.getProperties().get(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY);
if (deleteTargetAccountObj instanceof Boolean) {
deleteTargetAccount = (boolean) deleteTargetAccountObj;
}
Assert.notNull(account, "Account cannot be null!");
// We do not allow delete account in protection
if (account.isAccountProtectedAndValid()) {
throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", account.getUid()));
}
// delete all identity accounts
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setAccountId(account.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
identityAccounts.forEach(identityAccount -> {
identityAccountService.delete(identityAccount);
});
// delete all role accounts
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setAccountId(account.getId());
List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
roleAccounts.forEach(roleAccount -> {
roleAccountService.delete(roleAccount);
});
// delete all roleCatalogue accounts
AccRoleCatalogueAccountFilter roleCatalogueAccountFilter = new AccRoleCatalogueAccountFilter();
roleCatalogueAccountFilter.setAccountId(account.getId());
List<AccRoleCatalogueAccountDto> roleCatalogueAccounts = roleCatalogueAccountService.find(roleCatalogueAccountFilter, null).getContent();
roleCatalogueAccounts.forEach(roleCatalogueAccount -> {
roleCatalogueAccountService.delete(roleCatalogueAccount);
});
// delete all tree accounts
AccTreeAccountFilter treeAccountFilter = new AccTreeAccountFilter();
treeAccountFilter.setAccountId(account.getId());
List<AccTreeAccountDto> treeAccounts = treeAccountService.find(treeAccountFilter, null).getContent();
treeAccounts.forEach(treeAccount -> {
treeAccountService.delete(treeAccount);
});
// delete all contract accounts
AccContractAccountFilter contractAccountFilter = new AccContractAccountFilter();
contractAccountFilter.setAccountId(account.getId());
List<AccContractAccountDto> contractAccounts = contractAccountService.find(contractAccountFilter, null).getContent();
contractAccounts.forEach(contractAccount -> {
contractAccountService.delete(contractAccount);
});
// delete all contract slice accounts
AccContractSliceAccountFilter contractSliceAccountFilter = new AccContractSliceAccountFilter();
contractSliceAccountFilter.setAccountId(account.getId());
contractAccountSliceService.find(contractSliceAccountFilter, null).forEach(contractAccount -> {
contractAccountSliceService.delete(contractAccount);
});
//
AccAccountDto refreshAccount = accountService.get(account.getId());
// directly now
if (refreshAccount != null) {
accountService.deleteInternal(refreshAccount);
}
if (deleteTargetAccount && account.getEntityType() != null) {
SystemEntityType entityType = account.getEntityType();
if (!entityType.isSupportsProvisioning()) {
LOG.warn(MessageFormat.format("Provisioning is not supported for [{1}] now [{0}]!", account.getUid(), entityType));
return new DefaultEventResult<>(event, this);
}
LOG.debug(MessageFormat.format("Call delete provisioning for account with UID [{0}] and entity ID [{1}].", account.getUid(), entityId));
// Create context for systemEntity in account DTO and set ID of role-request to it.
UUID roleRequestId = this.getRoleRequestIdProperty(event.getProperties());
this.initContext(account, roleRequestId);
this.provisioningService.doDeleteProvisioning(account, account.getEntityType(), entityId);
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueByDn.
@Test
public /**
* Test create role catalog by DN:
* "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
*/
void testSyncRolesCatalogueByDn() {
AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
SysSystemDto userSystem = helper.createTestResourceSystem(true);
List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
Assert.assertNotNull(userSystemMappings);
Assert.assertEquals(1, userSystemMappings.size());
SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
// Switch to the sync.
userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
userMappingDto = systemMappingService.save(userMappingDto);
List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
Assert.assertNotNull(userEmailAttribute);
Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
UUID roleSystemId = schemaObjectClassDto.getSystem();
Assert.assertNotNull(roleSystemId);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(roleSystemId);
schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
Assert.assertNotNull(schemaAttributeDto);
SysSystemDto roleSystemDto = new SysSystemDto();
roleSystemDto.setId(roleSystemId);
List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
Assert.assertNotNull(roleSystemMappings);
Assert.assertEquals(1, roleSystemMappings.size());
SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
// Use ACC script "resolveRoleCatalogueByDn".
IdmScriptFilter scriptFilter = new IdmScriptFilter();
scriptFilter.setCode(MsAdSyncMappingRoleAutoAttributesProcessor.RESOLVE_ROLE_CATALOG_BY_DN_SCRIPT);
scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
String catalogTransformationScript = null;
IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
if (scriptDto != null) {
catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
}
Assert.assertNotNull(catalogTransformationScript);
// Create mapping attribute for get catalog.
SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
roleIdAttribute.setEntityAttribute(true);
roleIdAttribute.setUid(false);
roleIdAttribute.setSystemMapping(roleMappingDto.getId());
roleIdAttribute.setExtendedAttribute(false);
roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
roleIdAttribute.setName(helper.createName());
roleIdAttribute = attributeMappingService.save(roleIdAttribute);
IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue();
// Enable assign of role catalogue.
roleConfigDto.setAssignCatalogueSwitch(true);
roleConfigDto.setRemoveCatalogueRoleSwitch(false);
roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
syncConfigCustom = syncConfigService.save(roleConfigDto);
// Init data - roles with DN.
getBean().initDataRolesWithDn();
// Start sync
helper.startSynchronization(syncConfigCustom);
//
SysSyncLogFilter logFilter = new SysSyncLogFilter();
logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
Assert.assertEquals(1, logs.size());
SysSyncLogDto log = logs.get(0);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
// "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// Check catalog structure:
IdmRoleCatalogueDto wizardGroups = roleCatalogueService.getByCode("WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(wizardGroups);
IdmRoleCatalogueDto one = roleCatalogueService.getByCode("one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one);
Assert.assertEquals(wizardGroups.getId(), one.getParent());
IdmRoleCatalogueDto two = roleCatalogueService.getByCode("two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(two);
Assert.assertEquals(one.getId(), two.getParent());
IdmRoleCatalogueDto one2 = roleCatalogueService.getByCode("one/two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one2);
Assert.assertEquals(two.getId(), one2.getParent());
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(wizardGroups.getId());
List<IdmRoleCatalogueRoleDto> roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(2, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(two.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one2.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setSystemId(roleSystemId);
List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(5, roleAccountDtos.size());
roleAccountDtos.forEach(roleAccountDto -> {
UUID roleId = roleAccountDto.getRole();
IdmRoleCatalogueRoleFilter roleCatalogueFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueFilter.setRoleId(roleId);
List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueFilter, null).getContent();
Assert.assertEquals(1, roleCatalogueRoleDtos.size());
});
cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Aggregations