Examples with SysSystemGroupSystemFilter eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter used on opensource projects

Example 6 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class AdUserConnectorType method getCrossDomainConnectorObject.

public IcConnectorObject getCrossDomainConnectorObject(SysSystemDto system, String uid, IcObjectClass objectClass, IcConnectorObject icConnectorObject) {
    // Find merge attributes in cross-domains.
    SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
    systemGroupSystemFilter.setGroupType(SystemGroupType.CROSS_DOMAIN);
    systemGroupSystemFilter.setDisabled(Boolean.FALSE);
    systemGroupSystemFilter.setSystemId(system.getId());
    List<SysSystemGroupSystemDto> systemGroupSystemDtos = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent();
    systemGroupSystemDtos.forEach(systemGroupSystemDto -> {
        SysSystemAttributeMappingDto mergeAttribute = DtoUtils.getEmbedded(systemGroupSystemDto, SysSystemGroupSystem_.mergeAttribute, SysSystemAttributeMappingDto.class);
        SysSchemaAttributeDto schemaMergeAttribute = DtoUtils.getEmbedded(mergeAttribute, SysSystemAttributeMapping_.schemaAttribute, SysSchemaAttributeDto.class);
        // Load values for this attribute from others systems in group.
        List<Object> connectorValuesByAttribute = this.getConnectorValuesByAttribute(uid, objectClass, schemaMergeAttribute.getName(), system, icConnectorObject, null);
        IcAttribute icAttribute = icConnectorObject.getAttributes().stream().filter(attribute -> schemaMergeAttribute.getName().equals(attribute.getName())).findFirst().orElse(null);
        if (icAttribute instanceof IcAttributeImpl) {
            // Add results to original connector-object.
            IcAttributeImpl icAttributeImpl = (IcAttributeImpl) icAttribute;
            icAttributeImpl.setMultiValue(true);
            icAttributeImpl.setValues(connectorValuesByAttribute);
        } else {
            // Attribute missing in connector-object -> create new one.
            icConnectorObject.getAttributes().add(new IcAttributeImpl(schemaMergeAttribute.getName(), connectorValuesByAttribute));
        }
    });
    return icConnectorObject;
}

Example 7 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class AdUserConnectorType method addUpdatedAttribute.

@Override
public void addUpdatedAttribute(SysSchemaAttributeDto schemaAttribute, IcAttribute updatedAttribute, IcConnectorObject updateConnectorObject, IcConnectorObject existsConnectorObject) {
    if (updatedAttribute != null) {
        updateConnectorObject.getAttributes().add(updatedAttribute);
        // This is optimization for WinRM connector where is needed to be decided what of groups were added and removed.
        if (existsConnectorObject != null) {
            // Find if the system is in a group with cross-domain type and for given schema attribute.
            SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
            Assert.notNull(schemaObjectClassDto, "Schema class cannot be null!");
            SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
            systemGroupSystemFilter.setGroupType(SystemGroupType.CROSS_DOMAIN);
            systemGroupSystemFilter.setDisabled(Boolean.FALSE);
            systemGroupSystemFilter.setSystemId(schemaObjectClassDto.getSystem());
            systemGroupSystemFilter.setMergeAttributeCode(schemaAttribute.getName());
            if (systemGroupSystemService.count(systemGroupSystemFilter) == 0) {
                // Attribute is not in the cross-domain group.
                return;
            }
            IcAttribute attributeInExists = existsConnectorObject.getAttributeByName(schemaAttribute.getName());
            if (attributeInExists != null) {
                IcAttributeImpl attributeWithGroupsOld = new IcAttributeImpl();
                attributeWithGroupsOld.setName(MessageFormat.format(OLD_ATTRIBUTE_PATTERN, schemaAttribute.getName()));
                attributeWithGroupsOld.setMultiValue(true);
                attributeWithGroupsOld.setValues(attributeInExists.getValues());
                updateConnectorObject.getAttributes().add(attributeWithGroupsOld);
                existsConnectorObject.getAttributes().add(attributeWithGroupsOld);
            }
        }
    }
}

Example 8 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method deleteIdentityAccount.

@Override
@Transactional
public void deleteIdentityAccount(EntityEvent<IdmIdentityRoleDto> event) {
    Assert.notNull(event, "Event is required.");
    IdmIdentityRoleDto identityRole = event.getContent();
    Assert.notNull(identityRole, "Identity role is required.");
    Assert.notNull(identityRole, "Identity role identifier is required.");
    // 
    boolean skipPropagate = event.getBooleanProperty(IdmAccountDto.SKIP_PROPAGATE);
    boolean bulk = event.getRootId() != null && entityEventManager.isRunnable(event.getRootId()) && !// check parent event is not role request
    entityEventManager.getEvent(event.getRootId()).getOwnerType().equals(entityEventManager.getOwnerType(IdmRoleRequestDto.class));
    if (!skipPropagate && !bulk) {
        // role is deleted without request or without any parent ... we need to remove account synchronously
        List<UUID> accountIds = deleteIdentityAccount(identityRole);
        // We needs accounts which were connected to deleted identity-role in next
        // processor (we want to execute provisioning only for that accounts)
        event.getProperties().put(ACCOUNT_IDS_FOR_DELETED_IDENTITY_ROLE, (Serializable) accountIds);
        return;
    }
    // Role is deleted in bulk (e.g. role request) - account management has to be called outside
    // we just mark identity account to be deleted and remove identity role
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityRoleId(identityRole.getId());
    // 
    identityAccountService.find(filter, null).getContent().forEach(identityAccount -> {
        // 
        // Set relation on identity-role to null
        identityAccount.setIdentityRole(null);
        if (bulk) {
            // For bulk create entity state for identity account.
            IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
            stateDeleted.setSuperOwnerId(identityAccount.getIdentity());
            stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
            entityStateManager.saveState(identityAccount, stateDeleted);
        } else {
            // Noting identity-accounts for delayed delete and account management
            notingIdentityAccountForDelayedAcm(event, identityAccount, IdmAccountDto.IDENTITY_ACCOUNT_FOR_DELAYED_ACM);
        }
        identityAccountService.save(identityAccount);
    });
    // If default creation of accounts is disabled for this role-system  (or system is in a cross-domain group), then relation between identity
    // and account may not exist. In this scenario we have to made provisioning too.
    // So we try to find these role-systems and its accounts.
    SysRoleSystemFilter roleSystemForProvisioningFilter = new SysRoleSystemFilter();
    roleSystemForProvisioningFilter.setRoleId(identityRole.getRole());
    roleSystemService.find(roleSystemForProvisioningFilter, null).getContent().stream().filter(roleSystem -> {
        if (!roleSystem.isCreateAccountByDefault()) {
            return true;
        } else {
            SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
            systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
            if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1 && (identityRole.getRoleSystem() == null || roleSystem.getId().equals(identityRole.getRoleSystem()))) {
                // -> Provisioning should be made.
                return true;
            }
        }
        return false;
    }).forEach(roleSystem -> {
        IdmIdentityContractDto contractDto = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRole_.identityContract);
        AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
        identityAccountFilter.setSystemId(roleSystem.getSystem());
        identityAccountFilter.setIdentityId(contractDto.getIdentity());
        identityAccountService.find(identityAccountFilter, null).getContent().forEach(identityAccount -> {
            // Noting identity-accounts for delayed additional provisioning.
            notingIdentityAccountForDelayedAcm(event, identityAccount, IdmAccountDto.ACCOUNT_FOR_ADDITIONAL_PROVISIONING);
        });
    });
}

Example 9 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class IdentityRoleDeleteProvisioningProcessor method process.

@SuppressWarnings("unchecked")
@Override
public EventResult<IdmIdentityRoleDto> process(EntityEvent<IdmIdentityRoleDto> event) {
    IdmIdentityRoleDto identityRole = event.getContent();
    // If for this role doesn't exists any mapped system, then is provisioning useless!
    UUID roleId = identityRole.getRole();
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setRoleId(roleId);
    long numberOfMappedSystem = roleSystemService.count(roleSystemFilter);
    if (numberOfMappedSystem == 0) {
        return new DefaultEventResult<>(event, this);
    }
    // TODO: Optimalization - load identity by identity-role with filter
    IdmIdentityContractDto identityContract = identityContractService.get(identityRole.getIdentityContract());
    IdmIdentityDto identity = DtoUtils.getEmbedded(identityContract, IdmIdentityContract_.identity);
    Serializable accountsIdsObj = event.getProperties().get(AccAccountManagementService.ACCOUNT_IDS_FOR_DELETED_IDENTITY_ROLE);
    List<UUID> accountsIds = null;
    if (accountsIdsObj instanceof List) {
        accountsIds = (List<UUID>) accountsIdsObj;
    }
    if (accountsIds == null) {
        // We don't know about specific accounts, so we will execute provisioning for all accounts.
        LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
        provisioningService.doProvisioning(identity);
        return new DefaultEventResult<>(event, this);
    }
    // If default creation of accounts is disabled for this role-system (or system is in a cross-domain group), then relation between identity
    // and account may not exist. In this scenario we have to made provisioning too.
    // So we try to find these role-systems and its accounts.
    SysRoleSystemFilter roleSystemForProvisioningFilter = new SysRoleSystemFilter();
    roleSystemForProvisioningFilter.setRoleId(roleId);
    List<UUID> finalAccountsIds = accountsIds;
    roleSystemService.find(roleSystemForProvisioningFilter, null).getContent().stream().filter(roleSystem -> {
        if (!roleSystem.isCreateAccountByDefault()) {
            return true;
        } else {
            SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
            systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
            if ((identityRole.getRoleSystem() == null || roleSystem.getId().equals(identityRole.getRoleSystem()) && systemGroupSystemService.count(systemGroupSystemFilter) >= 1)) {
                // -> Provisioning should be made.
                return true;
            }
        }
        return false;
    }).forEach(roleSystem -> {
        AccAccountFilter accountFilter = new AccAccountFilter();
        accountFilter.setSystemId(roleSystem.getSystem());
        accountFilter.setIdentityId(identity.getId());
        accountService.find(accountFilter, null).getContent().stream().filter(account -> !finalAccountsIds.contains(account.getId())).forEach(account -> {
            finalAccountsIds.add(account.getId());
        });
    });
    finalAccountsIds.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        if (account != null) {
            // Account could be null (was deleted).
            LOG.debug("Call provisioning for identity [{}] and account [{}]", identity.getUsername(), account.getUid());
            provisioningService.doProvisioning(account, identity);
        }
    });
    return new DefaultEventResult<>(event, this);
}

Example 10 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class SystemDeleteProcessor method process.

@Override
public EventResult<SysSystemDto> process(EntityEvent<SysSystemDto> event) {
    SysSystemDto system = event.getContent();
    Assert.notNull(system, "System is required.");
    // 
    // if exists provisioning operations, then is not possible to delete
    // system
    SysProvisioningOperationFilter operationFilter = new SysProvisioningOperationFilter();
    operationFilter.setSystemId(system.getId());
    if (provisioningOperationService.count(operationFilter) > 0) {
        throw new ResultCodeException(AccResultCode.SYSTEM_DELETE_FAILED_HAS_OPERATIONS, ImmutableMap.of("system", system.getName()));
    }
    if (accountRepository.countBySystem_Id(system.getId()) > 0) {
        throw new ResultCodeException(AccResultCode.SYSTEM_DELETE_FAILED_HAS_ACCOUNTS, ImmutableMap.of("system", system.getName()));
    }
    // Check if system is used in some systems group.
    SysSystemGroupSystemFilter groupSystemFilter = new SysSystemGroupSystemFilter();
    groupSystemFilter.setSystemId(system.getId());
    long count = systemGroupSystemService.count(groupSystemFilter);
    if (count > 0) {
        throw new ResultCodeException(AccResultCode.SYSTEM_DELETE_FAILED_HAS_SYSTEM_GROUPS, ImmutableMap.of("system", system.getName(), "count", count));
    }
    // delete system entities
    SysSystemEntityFilter systemEntityFilter = new SysSystemEntityFilter();
    systemEntityFilter.setSystemId(system.getId());
    systemEntityService.find(systemEntityFilter, null).forEach(systemEntity -> {
        systemEntityService.delete(systemEntity);
    });
    // delete synchronization configs
    SysSyncConfigFilter synchronizationConfigFilter = new SysSyncConfigFilter();
    synchronizationConfigFilter.setSystemId(system.getId());
    synchronizationConfigService.find(synchronizationConfigFilter, null).forEach(config -> {
        synchronizationConfigService.delete(config);
    });
    // delete schema
    SysSchemaObjectClassFilter filter = new SysSchemaObjectClassFilter();
    filter.setSystemId(system.getId());
    objectClassService.find(filter, null).forEach(schemaObjectClass -> {
        objectClassService.delete(schemaObjectClass);
    });
    // delete archived provisioning operations
    provisioningArchiveRepository.deleteBySystem_Id(system.getId());
    // 
    // clear provisioning break cache
    clearProvisioningBreakAndCache(system.getId());
    // 
    // deletes all confidential values
    confidentialStorage.deleteAll(system.getId(), SysSystem.class);
    // 
    // Delete connected uniform password. Or throw error at the beginning?
    AccUniformPasswordSystemFilter uniformPasswordSystemFilter = new AccUniformPasswordSystemFilter();
    uniformPasswordSystemFilter.setSystemId(system.getId());
    passwordFilterSystemService.find(uniformPasswordSystemFilter, null).forEach(uniformPasswordSystem -> {
        passwordFilterSystemService.delete(uniformPasswordSystem);
    });
    // 
    // deletes identity
    service.deleteInternal(system);
    return new DefaultEventResult<>(event, this);
}