Examples with SysRoleSystemAttributeFilter eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter used on opensource projects

Example 1 with SysRoleSystemAttributeFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method generateUID.

/**
 * Return UID for this identity and roleSystem. First will be find and use
 * transform script from roleSystem attribute. If isn't UID attribute for
 * roleSystem defined, then will be use default UID attribute handling.
 *
 * @param entity
 * @param roleSystem
 * @return
 */
@Override
public String generateUID(AbstractDto entity, SysRoleSystemDto roleSystem) {
    // Find attributes for this roleSystem
    SysRoleSystemAttributeFilter roleSystemAttrFilter = new SysRoleSystemAttributeFilter();
    roleSystemAttrFilter.setRoleSystemId(roleSystem.getId());
    List<SysRoleSystemAttributeDto> attributes = roleSystemAttributeService.find(roleSystemAttrFilter, null).getContent();
    List<SysRoleSystemAttributeDto> attributesUid = attributes.stream().filter(attribute -> {
        return attribute.isUid();
    }).collect(Collectors.toList());
    if (attributesUid.size() > 1) {
        IdmRoleDto roleDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.role, IdmRoleDto.class);
        DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
        SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
        throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
    }
    SysRoleSystemAttributeDto uidRoleAttribute = !attributesUid.isEmpty() ? attributesUid.get(0) : null;
    // script.
    if (uidRoleAttribute != null) {
        // Default values (values from schema attribute handling)
        SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(uidRoleAttribute.getSystemAttributeMapping());
        uidRoleAttribute.setSchemaAttribute(systemAttributeMapping.getSchemaAttribute());
        uidRoleAttribute.setTransformFromResourceScript(systemAttributeMapping.getTransformFromResourceScript());
        Object uid = systemAttributeMappingService.getAttributeValue(null, entity, uidRoleAttribute);
        if (uid == null) {
            SysSystemDto systemEntity = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_GENERATED_UID_IS_NULL, ImmutableMap.of("system", systemEntity.getName()));
        }
        if (!(uid instanceof String)) {
            throw new ProvisioningException(AccResultCode.PROVISIONING_ATTRIBUTE_UID_IS_NOT_STRING, ImmutableMap.of("uid", uid));
        }
        return (String) uid;
    }
    SysSystemMappingDto mapping = systemMappingService.get(roleSystem.getSystemMapping());
    // If roleSystem UID was not found, then we use default UID schema
    // attribute handling
    SysSchemaObjectClassDto objectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
    SysSystemDto system = DtoUtils.getEmbedded(objectClassDto, SysSchemaObjectClass_.system, SysSystemDto.class);
    SysSystemAttributeMappingFilter systeAttributeMappingFilter = new SysSystemAttributeMappingFilter();
    systeAttributeMappingFilter.setSystemMappingId(mapping.getId());
    List<SysSystemAttributeMappingDto> schemaHandlingAttributes = systemAttributeMappingService.find(systeAttributeMappingFilter, null).getContent();
    SysSystemAttributeMappingDto uidAttribute = systemAttributeMappingService.getUidAttribute(schemaHandlingAttributes, system);
    return systemAttributeMappingService.generateUid(entity, uidAttribute);
}

Example 2 with SysRoleSystemAttributeFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method save.

@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
    }
    SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
    // RoleSystemAttribute was changed. We need do ACC management for all
    // connected identities
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setRoleSystemId(dto.getRoleSystem());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // TODO: move to filter and use distinct
    List<IdmIdentityDto> identities = new ArrayList<>();
    identityAccounts.stream().forEach(identityAccount -> {
        if (!identities.contains(identityAccount.getIdentity())) {
            // TODO: embedded
            identities.add(identityService.get(identityAccount.getIdentity()));
        }
    });
    identities.stream().forEach(identity -> {
        LOG.debug("Call account management for identity [{}]", identity.getUsername());
        boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
        if (provisioningRequired) {
            LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
            getProvisioningService().doProvisioning(identity);
        }
    });
    return roleSystemAttribute;
}

Example 3 with SysRoleSystemAttributeFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningExecutor method findOverloadingAttributes.

/**
 * Return list of all overloading attributes for given identity, system and
 * uid
 *
 * @param identityAccount
 * @param idenityAccoutnList
 * @param operationType
 * @param entityType
 * @return
 */
@Override
protected List<SysRoleSystemAttributeDto> findOverloadingAttributes(IdmIdentityDto entity, SysSystemDto system, List<? extends EntityAccountDto> idenityAccoutnList, SystemEntityType entityType) {
    List<SysRoleSystemAttributeDto> roleSystemAttributesAll = new ArrayList<>();
    idenityAccoutnList.stream().filter(ia -> {
        AccAccountDto account = DtoUtils.getEmbedded((AccIdentityAccountDto) ia, AccIdentityAccount_.account, AccAccountDto.class);
        return ((AccIdentityAccountDto) ia).getIdentityRole() != null && account.getSystem() != null && account.getSystem().equals(system.getId()) && ia.isOwnership();
    }).forEach((identityAccountInner) -> {
        AbstractDto identityAccount = (AbstractDto) identityAccountInner;
        // All identity account with same system and with filled
        // identityRole
        AccAccountDto account = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.account, AccAccountDto.class);
        IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.identityRole, IdmIdentityRoleDto.class);
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(identityRole.getRole());
        roleSystemFilter.setSystemId(account.getSystem());
        List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
        if (roleSystems.size() > 1) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_DUPLICATE_ROLE_MAPPING, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName(), "entityType", entityType));
        }
        if (!roleSystems.isEmpty()) {
            SysRoleSystemDto roleSystem = roleSystems.get(0);
            SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
            roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
            List<SysRoleSystemAttributeDto> roleAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
            if (!CollectionUtils.isEmpty(roleAttributes)) {
                roleSystemAttributesAll.addAll(roleAttributes);
            }
        }
    });
    return roleSystemAttributesAll;
}