use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter in project CzechIdMng by bcvsolutions.
the class IdentityProvisioningExecutor method findOverloadingAttributes.
/**
* Return list of all overloading attributes for given identity, system and
* uid
*
* @param identityAccount
* @param idenityAccoutnList
* @param operationType
* @param entityType
* @return
*/
@Override
protected List<SysRoleSystemAttributeDto> findOverloadingAttributes(IdmIdentityDto entity, SysSystemDto system, List<? extends EntityAccountDto> idenityAccoutnList, SystemEntityType entityType) {
List<SysRoleSystemAttributeDto> roleSystemAttributesAll = new ArrayList<>();
idenityAccoutnList.stream().filter(ia -> {
AccAccountDto account = DtoUtils.getEmbedded((AccIdentityAccountDto) ia, AccIdentityAccount_.account, AccAccountDto.class);
return ((AccIdentityAccountDto) ia).getIdentityRole() != null && account.getSystem() != null && account.getSystem().equals(system.getId()) && ia.isOwnership();
}).forEach((identityAccountInner) -> {
AbstractDto identityAccount = (AbstractDto) identityAccountInner;
// All identity account with same system and with filled
// identityRole
AccAccountDto account = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.account, AccAccountDto.class);
IdmIdentityRoleDto identityRole = DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.identityRole, IdmIdentityRoleDto.class);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(identityRole.getRole());
roleSystemFilter.setSystemId(account.getSystem());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
if (roleSystems.size() > 1) {
SysRoleSystemDto roleSystem = roleSystems.get(0);
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
throw new ProvisioningException(AccResultCode.PROVISIONING_DUPLICATE_ROLE_MAPPING, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName(), "entityType", entityType));
}
if (!roleSystems.isEmpty()) {
SysRoleSystemDto roleSystem = roleSystems.get(0);
SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
List<SysRoleSystemAttributeDto> roleAttributes = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
if (!CollectionUtils.isEmpty(roleAttributes)) {
roleSystemAttributesAll.addAll(roleAttributes);
}
}
});
return roleSystemAttributesAll;
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemServiceTest method testReferentialIntegrity.
@Test
public void testReferentialIntegrity() {
SysSystemDto system = new SysSystemDto();
String systemName = "t_s_" + System.currentTimeMillis();
system.setName(systemName);
system = systemService.save(system);
// object class
SysSchemaObjectClassDto objectClass = new SysSchemaObjectClassDto();
objectClass.setSystem(system.getId());
objectClass.setObjectClassName("obj_class");
objectClass = schemaObjectClassService.save(objectClass);
SysSchemaObjectClassFilter objectClassFilter = new SysSchemaObjectClassFilter();
objectClassFilter.setSystemId(system.getId());
// schema attribute
SysSchemaAttributeDto schemaAttribute = new SysSchemaAttributeDto();
schemaAttribute.setObjectClass(objectClass.getId());
schemaAttribute.setName("name");
schemaAttribute.setClassType("class");
schemaAttribute = schemaAttributeService.save(schemaAttribute);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(system.getId());
// system entity handling
SysSystemMappingDto systemMapping = new SysSystemMappingDto();
systemMapping.setName("default_" + System.currentTimeMillis());
systemMapping.setObjectClass(objectClass.getId());
systemMapping.setOperationType(SystemOperationType.PROVISIONING);
systemMapping.setEntityType(SystemEntityType.IDENTITY);
systemMapping = systemMappingService.save(systemMapping);
SysSystemMappingFilter entityHandlingFilter = new SysSystemMappingFilter();
entityHandlingFilter.setSystemId(system.getId());
// schema attribute handling
SysSystemAttributeMappingDto schemaAttributeHandling = new SysSystemAttributeMappingDto();
schemaAttributeHandling.setSchemaAttribute(schemaAttribute.getId());
schemaAttributeHandling.setSystemMapping(systemMapping.getId());
schemaAttributeHandling.setName("name");
schemaAttributeHandling.setIdmPropertyName("name");
schemaAttributeHandling = systemAttributeMappingService.save(schemaAttributeHandling);
SysSystemAttributeMappingFilter schemaAttributeHandlingFilter = new SysSystemAttributeMappingFilter();
schemaAttributeHandlingFilter.setSystemId(system.getId());
// role system
IdmRoleDto role = helper.createRole();
SysRoleSystemDto roleSystem = new SysRoleSystemDto();
roleSystem.setSystem(system.getId());
roleSystem.setRole(role.getId());
roleSystem.setSystemMapping(systemMapping.getId());
roleSystem = roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role.getId());
// role system attributes
SysRoleSystemAttributeDto roleSystemAttribute = new SysRoleSystemAttributeDto();
roleSystemAttribute.setRoleSystem(roleSystem.getId());
roleSystemAttribute.setSystemAttributeMapping(schemaAttributeHandling.getId());
roleSystemAttribute.setName("name");
roleSystemAttribute.setIdmPropertyName("name");
roleSystemAttribute = roleSystemAttributeService.save(roleSystemAttribute);
assertEquals(systemName, systemService.getByCode(systemName).getName());
assertEquals(1, schemaObjectClassService.find(objectClassFilter, null).getTotalElements());
assertEquals(1, schemaAttributeService.find(schemaAttributeFilter, null).getTotalElements());
assertEquals(1, systemMappingService.find(entityHandlingFilter, null).getTotalElements());
assertEquals(1, systemAttributeMappingService.find(schemaAttributeHandlingFilter, null).getTotalElements());
assertEquals(1, roleSystemService.find(roleSystemFilter, null).getTotalElements());
assertNotNull(roleSystemAttributeService.get(roleSystemAttribute.getId()));
systemService.delete(system);
assertNull(systemService.getByCode(systemName));
assertEquals(0, schemaObjectClassService.find(objectClassFilter, null).getTotalElements());
assertEquals(0, schemaAttributeService.find(schemaAttributeFilter, null).getTotalElements());
assertEquals(0, systemMappingService.find(entityHandlingFilter, null).getTotalElements());
assertEquals(0, systemAttributeMappingService.find(schemaAttributeHandlingFilter, null).getTotalElements());
assertEquals(0, roleSystemService.find(roleSystemFilter, null).getTotalElements());
assertNull(roleSystemAttributeService.get(roleSystemAttribute.getId()));
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter in project CzechIdMng by bcvsolutions.
the class RoleDeleteProcessor method process.
@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
IdmRoleDto role = event.getContent();
if (role.getId() != null) {
// delete mapped roles
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role.getId());
roleSystemService.find(roleSystemFilter, null).forEach(roleSystem -> {
roleSystemService.delete(roleSystem);
});
//
// delete relations on account (includes delete of account )
AccRoleAccountFilter filter = new AccRoleAccountFilter();
filter.setRoleId(role.getId());
roleAccountService.find(filter, null).forEach(roleAccount -> {
roleAccountService.delete(roleAccount);
});
//
// remove all recipients from provisioning break
deleteProvisioningRecipient(event.getContent().getId());
//
// Delete link to sync identity configuration
syncConfigRepository.clearDefaultRole(role.getId());
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method resolveIdentityAccountForCreate.
/**
* Resolve Identity account - to create
*
* @param identity
* @param identityAccountList
* @param identityRoles
* @param identityAccountsToCreate
* @param identityAccountsToDelete
* @param resolvedRolesForCreate
*/
private void resolveIdentityAccountForCreate(IdmIdentityDto identity, List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRole> identityRoles, List<AccIdentityAccountDto> identityAccountsToCreate, List<AccIdentityAccountDto> identityAccountsToDelete) {
// Is role valid in this moment
identityRoles.stream().filter(identityRole -> {
return identityRole.isValid();
}).forEach(identityRole -> {
IdmRole role = identityRole.getRole();
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role.getId());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
roleSystems.stream().filter(roleSystem -> {
// Filter out identity-accounts for same role-system, account (by UID)
return !identityAccountList.stream().filter(identityAccount -> {
if (roleSystem.getId().equals(identityAccount.getRoleSystem())) {
// Has identity account same uid as account?
String uid = generateUID(identity, roleSystem);
AccAccountDto account = AccIdentityAccountService.getEmbeddedAccount(identityAccount);
if (!uid.equals(account.getUid())) {
// We found identityAccount for same identity and roleSystem, but this
// identityAccount
// is link to Account with different UID. It's probably means definition of UID
// (transformation)\
// on roleSystem was changed. We have to delete this identityAccount.
identityAccountsToDelete.add(identityAccount);
}
}
return false;
}).findFirst().isPresent();
}).forEach(roleSystem -> {
// For this system we have to create new account
UUID accountId = createAccountByRoleSystem(identity, roleSystem, identityAccountsToCreate);
if (accountId == null) {
return;
}
// TODO: find the better place for this check
if (identityAccountList.stream().filter(identityAccount -> {
return identityAccount.getAccount().equals(accountId) && identityRole.getId().equals(identityAccount.getIdentityRole()) && roleSystem.getId().equals(identityAccount.getRoleSystem());
}).count() == 0) {
AccIdentityAccountDto identityAccount = new AccIdentityAccountDto();
identityAccount.setAccount(accountId);
identityAccount.setIdentity(identity.getId());
identityAccount.setIdentityRole(identityRole.getId());
identityAccount.setRoleSystem(roleSystem.getId());
// TODO: Add flag ownership to SystemRole and set here.
identityAccount.setOwnership(true);
identityAccountsToCreate.add(identityAccount);
}
});
});
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemServiceFilterTest method testSystemIdFilter.
@Test
public void testSystemIdFilter() {
IdmRoleDto role1 = helper.createRole();
IdmRoleDto role2 = helper.createRole();
SysSystemDto system1 = helper.createTestResourceSystem(true);
SysSystemDto system2 = helper.createTestResourceSystem(true);
//
SysSystemMappingDto sysSystemMappingDto = mappingService.findBySystemId(system1.getId(), SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
createRoleSystem(role1.getId(), system1.getId(), sysSystemMappingDto.getId());
SysRoleSystemDto roleSystem2 = createRoleSystem(role2.getId(), system2.getId(), sysSystemMappingDto.getId());
//
SysRoleSystemFilter roleFilter = new SysRoleSystemFilter();
roleFilter.setSystemId(system2.getId());
Page<SysRoleSystemDto> pages = roleSystemService.find(roleFilter, null);
//
assertEquals(1, pages.getTotalElements());
assertEquals(roleSystem2.getId(), pages.getContent().get(0).getId());
}
Aggregations