Search in sources :

Example 11 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class AccountManagementTest method accountCanBeCreatedTest.

@Test
public /**
 * Script on the mapping "Can be account created?" returns true (if priority is 1000).
 */
void accountCanBeCreatedTest() {
    SysSystemDto system = initData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.ROLE);
    Assert.assertNotNull(mapping);
    mapping.setCanBeAccountCreatedScript("return entity.getPriority() == 1000;");
    mapping = systemMappingService.save(mapping);
    IdmRoleDto defaultRole = helper.createRole();
    defaultRole.setPriority(500);
    roleService.save(defaultRole);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setEntityId(defaultRole.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    // Priority is 500 -> account should not be created
    Assert.assertEquals(0, roleAccounts.size());
    // Set priority to 1000
    defaultRole.setPriority(1000);
    roleService.save(defaultRole);
    roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    // Priority is 1000 -> account had to be created
    Assert.assertEquals(1, roleAccounts.size());
    // Delete role
    roleService.delete(defaultRole);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 12 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class RoleProvisioningExecutor method doProvisioning.

public void doProvisioning(AccAccountDto account) {
    Assert.notNull(account, "Account is required.");
    AccRoleAccountFilter filter = new AccRoleAccountFilter();
    filter.setAccountId(account.getId());
    List<AccRoleAccountDto> entityAccoutnList = roleAccountService.find(filter, null).getContent();
    if (entityAccoutnList == null) {
        return;
    }
    entityAccoutnList.stream().filter(entityAccount -> {
        return entityAccount.isOwnership();
    }).forEach((roleAccount) -> {
        doProvisioning(account, DtoUtils.getEmbedded(roleAccount, AccRoleAccount_.role, IdmRoleDto.class));
    });
}
Also used : ProvisioningExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor) MappingContext(eu.bcvsolutions.idm.acc.domain.MappingContext) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) RoleType(eu.bcvsolutions.idm.core.api.domain.RoleType) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) Autowired(org.springframework.beans.factory.annotation.Autowired) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ArrayList(java.util.ArrayList) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) Service(org.springframework.stereotype.Service) Qualifier(org.springframework.beans.factory.annotation.Qualifier) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) AccRoleAccountService(eu.bcvsolutions.idm.acc.service.api.AccRoleAccountService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) AccRoleAccount_(eu.bcvsolutions.idm.acc.entity.AccRoleAccount_) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Assert(org.springframework.util.Assert) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)

Example 13 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class AccountManagementTest method testAccountCanBeCreated.

@Test
public /**
 * Script on the mapping "Can be account created?" returns true (if priority is 1000).
 */
void testAccountCanBeCreated() {
    SysSystemDto system = initData();
    Assert.assertNotNull(system);
    SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.ROLE);
    Assert.assertNotNull(mapping);
    mapping.setCanBeAccountCreatedScript("return entity.getPriority() == 1000;");
    mapping = systemMappingService.save(mapping);
    IdmRoleDto defaultRole = helper.createRole();
    defaultRole.setPriority(500);
    roleService.save(defaultRole);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setEntityId(defaultRole.getId());
    roleAccountFilter.setOwnership(Boolean.TRUE);
    roleAccountFilter.setSystemId(system.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    // Priority is 500 -> account should not be created
    Assert.assertEquals(0, roleAccounts.size());
    // Set priority to 1000
    defaultRole.setPriority(1000);
    roleService.save(defaultRole);
    roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    // Priority is 1000 -> account had to be created
    Assert.assertEquals(1, roleAccounts.size());
    // Delete role
    roleService.delete(defaultRole);
    // Delete role mapping
    systemMappingService.delete(mapping);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 14 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class RoleDeleteProcessor method process.

@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
    boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
    IdmRoleDto role = event.getContent();
    // 
    if (role.getId() == null) {
        return new DefaultEventResult<>(event, this);
    }
    // 
    // delete mapped roles
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setRoleId(role.getId());
    roleSystemService.find(roleSystemFilter, null).forEach(roleSystem -> {
        // Identity-role clear relations to a role-system, but only on force-delete!
        if (forceDelete) {
            IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
            identityRoleFilter.setRoleSystemId(roleSystem.getId());
            identityRoleService.find(identityRoleFilter, null).stream().forEach(identityRole -> {
                // Clear role-system. Identity-role will be removed in next processor.
                identityRole.setRoleSystem(null);
                identityRoleService.saveInternal(identityRole);
            });
        }
        roleSystemService.delete(roleSystem);
    });
    // 
    // delete relations on account (includes delete of account )
    AccRoleAccountFilter filter = new AccRoleAccountFilter();
    filter.setRoleId(role.getId());
    roleAccountService.find(filter, null).forEach(roleAccount -> {
        roleAccountService.delete(roleAccount);
    });
    // 
    // remove all recipients from provisioning break
    deleteProvisioningRecipient(event.getContent().getId());
    // 
    // delete link to sync identity configuration
    syncConfigRepository.findByDefaultRole(role.getId()).forEach(config -> {
        SysSyncIdentityConfigDto configDto = (SysSyncIdentityConfigDto) syncConfigService.get(config.getId());
        configDto.setDefaultRole(null);
        syncConfigService.save(configDto);
    });
    return new DefaultEventResult<>(event, this);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)

Example 15 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccRoleAccountService method getRoleId.

@Override
public UUID getRoleId(UUID account) {
    AccRoleAccountFilter accountFilter = new AccRoleAccountFilter();
    accountFilter.setAccountId(account);
    accountFilter.setOwnership(Boolean.TRUE);
    List<AccRoleAccountDto> roleAccounts = this.find(accountFilter, null).getContent();
    if (roleAccounts.isEmpty()) {
        throw new ResultCodeException(AccResultCode.ROLE_ACCOUNT_NOT_FOUND, ImmutableMap.of("account", account));
    }
    return roleAccounts.get(0).getRole();
}
Also used : AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)

Aggregations

AccRoleAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)23 AccRoleAccountDto (eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)21 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)16 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)16 Test (org.junit.Test)16 UUID (java.util.UUID)14 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)12 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)12 SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)12 SysSyncRoleConfigDto (eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)12 SysSyncLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)12 AbstractBulkActionTest (eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)12 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)11 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)11 SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)11 SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)9 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)8 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)8 SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)6 SysRoleSystemAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)5