Example 6 with AbstractIdmAutomaticRoleDto
use of eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleTreeNodeService method addAutomaticRoles.
@Override
@Transactional
public void addAutomaticRoles(IdmIdentityContractDto contract, Set<IdmRoleTreeNodeDto> automaticRoles) {
// original method assignAutomaticRoles has also only @Transactional without reguired new
for (AbstractIdmAutomaticRoleDto autoRole : automaticRoles) {
// create identity role directly
IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
identityRole.setRoleTreeNode(autoRole.getId());
identityRole.setIdentityContract(contract.getId());
identityRole.setRole(autoRole.getRole());
identityRole.setValidFrom(contract.getValidFrom());
identityRole.setValidTill(contract.getValidTill());
//
// start event with skip check authorities
IdentityRoleEvent event = new IdentityRoleEvent(IdentityRoleEventType.CREATE, identityRole);
event.getProperties().put(IdmIdentityRoleService.SKIP_CHECK_AUTHORITIES, Boolean.TRUE);
identityRoleService.publish(event);
}
}
Also used :
IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent)
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 7 with AbstractIdmAutomaticRoleDto
use of eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleAttributeIntegrationTest method testDisabledContract.
@Test
public void testDisabledContract() {
IdmIdentityDto identity = testHelper.createIdentity();
//
List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(identity.getId());
assertEquals(0, identityRoles.size());
//
IdmIdentityContractDto contract2 = testHelper.createIdentityContact(identity, null, new LocalDate().minusMonths(5), new LocalDate().plusMonths(5));
contract2.setState(ContractState.DISABLED);
contract2 = identityContractService.save(contract2);
//
IdmIdentityContractDto contract3 = testHelper.createIdentityContact(identity, null, null, new LocalDate().plusMonths(5));
contract3.setState(ContractState.DISABLED);
contract3 = identityContractService.save(contract3);
//
IdmIdentityContractDto contract4 = testHelper.createIdentityContact(identity, null, null, null);
contract4.setState(ContractState.DISABLED);
contract4 = identityContractService.save(contract4);
//
IdmIdentityContractDto contract5 = testHelper.createIdentityContact(identity, null, new LocalDate().minusMonths(5), null);
contract5.setState(ContractState.DISABLED);
contract5 = identityContractService.save(contract5);
//
IdmRoleDto role = testHelper.createRole();
IdmAutomaticRoleAttributeDto automaticRole = testHelper.createAutomaticRole(role.getId());
testHelper.createAutomaticRoleRule(automaticRole.getId(), AutomaticRoleAttributeRuleComparison.EQUALS, AutomaticRoleAttributeRuleType.IDENTITY, IdmIdentity_.username.getName(), null, identity.getUsername());
//
this.recalculateSync(automaticRole.getId());
//
identityRoles = identityRoleService.findAllByIdentity(identity.getId());
assertEquals(1, identityRoles.size());
//
identityRoles = identityRoleService.findAllByContract(contract2.getId());
assertEquals(0, identityRoles.size());
//
identityRoles = identityRoleService.findAllByContract(contract3.getId());
assertEquals(0, identityRoles.size());
//
identityRoles = identityRoleService.findAllByContract(contract4.getId());
assertEquals(0, identityRoles.size());
//
identityRoles = identityRoleService.findAllByContract(contract5.getId());
assertEquals(0, identityRoles.size());
//
contract5.setState(null);
contract5 = identityContractService.save(contract5);
// we must save identity, automatic role will be recalculate after identity save
identity = identityService.save(identity);
//
identityRoles = identityRoleService.findAllByContract(contract5.getId());
assertEquals(1, identityRoles.size());
//
contract4.setState(null);
contract4 = identityContractService.save(contract4);
// we must save identity, automatic role will be recalculate after identity save
identity = identityService.save(identity);
//
identityRoles = identityRoleService.findAllByContract(contract4.getId());
assertEquals(1, identityRoles.size());
//
contract3.setState(null);
contract3 = identityContractService.save(contract3);
// we must save identity, automatic role will be recalculate after identity save
identity = identityService.save(identity);
//
identityRoles = identityRoleService.findAllByContract(contract3.getId());
assertEquals(1, identityRoles.size());
//
contract2.setState(null);
contract2 = identityContractService.save(contract2);
// we must save identity, automatic role will be recalculate after identity save
identity = identityService.save(identity);
//
identityRoles = identityRoleService.findAllByContract(contract2.getId());
assertEquals(1, identityRoles.size());
//
identityRoles = identityRoleService.findAllByIdentity(identity.getId());
for (IdmIdentityRoleDto identityRole : identityRoles) {
assertEquals(automaticRole.getId(), identityRole.getRoleTreeNode());
AbstractIdmAutomaticRoleDto embedded = DtoUtils.getEmbedded(identityRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
assertEquals(automaticRole, embedded);
assertEquals(role.getId(), embedded.getRole());
assertEquals(role.getId(), identityRole.getRole());
}
//
contract3.setState(ContractState.DISABLED);
contract3 = identityContractService.save(contract3);
// we must save identity, automatic role will be recalculate after identity save
identity = identityService.save(identity);
//
identityRoles = identityRoleService.findAllByContract(contract3.getId());
assertEquals(0, identityRoles.size());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
LocalDate(org.joda.time.LocalDate)
IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 8 with AbstractIdmAutomaticRoleDto
use of eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto in project CzechIdMng by bcvsolutions.
the class ProcessAutomaticRoleByAttributeTaskExecutor method process.
@Override
public Boolean process() {
UUID automaticRoleId = getAutomaticRoleId();
IdmAutomaticRoleAttributeDto automaticRolAttributeDto = automaticRoleAttributeService.get(automaticRoleId);
if (automaticRoleId == null || automaticRolAttributeDto == null) {
throw new ResultCodeException(CoreResultCode.AUTOMATIC_ROLE_TASK_EMPTY);
}
Set<AbstractIdmAutomaticRoleDto> setWithAutomaticRole = Sets.newHashSet(automaticRolAttributeDto);
//
List<String> failedEntitiesAdd = new ArrayList<>();
List<String> failedEntitiesRemove = new ArrayList<>();
//
// by contract
Page<UUID> newPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, true, new PageRequest(0, PAGE_SIZE));
Page<UUID> newNotPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, false, new PageRequest(0, PAGE_SIZE));
//
counter = 0L;
count = Long.valueOf(newPassedContracts.getTotalElements() + newNotPassedContracts.getTotalElements());
//
// assign new passed roles
boolean canContinue = true;
//
// process contracts
canContinue = true;
while (canContinue) {
for (UUID contractId : newPassedContracts) {
IdmIdentityContractDto contract = identityContractService.get(contractId);
// check for contract validity
if (contract.getState() == ContractState.DISABLED || !contract.isValidNowOrInFuture()) {
continue;
}
//
try {
automaticRoleAttributeService.addAutomaticRoles(contract, setWithAutomaticRole);
counter++;
} catch (Exception ex) {
LOG.error("Error while add new automatic role id [{}] to contract id [{}] and identity id [{}]", automaticRoleId, contractId, contract.getIdentity(), ex);
failedEntitiesAdd.add(contractId.toString());
} finally {
canContinue = updateState();
if (!canContinue) {
break;
}
}
}
if (newPassedContracts.hasNext()) {
newPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, true, newPassedContracts.nextPageable());
} else {
break;
}
}
//
while (canContinue) {
for (UUID contractId : newNotPassedContracts) {
try {
automaticRoleAttributeService.removeAutomaticRoles(contractId, setWithAutomaticRole);
counter++;
} catch (Exception ex) {
LOG.error("Error while remove automatic role id [{}] from contract id [{}].", automaticRoleId, contractId, ex);
failedEntitiesRemove.add(contractId.toString());
} finally {
canContinue = updateState();
if (!canContinue) {
break;
}
}
}
if (newNotPassedContracts.hasNext()) {
newNotPassedContracts = automaticRoleAttributeService.getContractsForAutomaticRole(automaticRoleId, false, newNotPassedContracts.nextPageable());
} else {
break;
}
}
//
if (!failedEntitiesAdd.isEmpty() || !failedEntitiesRemove.isEmpty()) {
throw new ResultCodeException(CoreResultCode.AUTOMATIC_ROLE_PROCESS_TASK_NOT_COMPLETE, ImmutableMap.of("automaticRole", automaticRoleId, "failedAddEntities", StringUtils.join(failedEntitiesAdd, ","), "failedRemoveEntities", StringUtils.join(failedEntitiesRemove, ",")));
}
//
return Boolean.TRUE;
}
Also used :
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
ArrayList(java.util.ArrayList)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)
PageRequest(org.springframework.data.domain.PageRequest)
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
UUID(java.util.UUID)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
Example 9 with AbstractIdmAutomaticRoleDto
use of eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto in project CzechIdMng by bcvsolutions.
the class RemoveAutomaticRoleTaskExecutor method validate.
/**
* Automatic role removal can be start, if previously LRT ended.
*/
@Override
public void validate(IdmLongRunningTaskDto task) {
super.validate(task);
//
AbstractIdmAutomaticRoleDto automaticRole = roleTreeNodeService.get(getAutomaticRoleId());
if (automaticRole == null) {
// get from automatic role attribute service
automaticRole = automaticRoleAttributeService.get(getAutomaticRoleId());
}
//
IdmLongRunningTaskFilter filter = new IdmLongRunningTaskFilter();
filter.setTaskType(this.getClass().getCanonicalName());
filter.setRunning(Boolean.TRUE);
//
for (IdmLongRunningTaskDto longRunningTask : getLongRunningTaskService().find(filter, null)) {
if (longRunningTask.getTaskProperties().get(AbstractAutomaticRoleTaskExecutor.PARAMETER_ROLE_TREE_NODE).equals(automaticRole.getId())) {
throw new ResultCodeException(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_RUN_CONCURRENTLY, ImmutableMap.of("roleTreeNode", automaticRole.getId().toString(), "taskId", longRunningTask.getId().toString()));
}
}
//
filter.setTaskType(AddNewAutomaticRoleTaskExecutor.class.getCanonicalName());
for (IdmLongRunningTaskDto longRunningTask : getLongRunningTaskService().find(filter, null)) {
if (longRunningTask.getTaskProperties().get(AbstractAutomaticRoleTaskExecutor.PARAMETER_ROLE_TREE_NODE).equals(automaticRole.getId())) {
throw new ResultCodeException(CoreResultCode.AUTOMATIC_ROLE_REMOVE_TASK_ADD_RUNNING, ImmutableMap.of("roleTreeNode", automaticRole.getId().toString(), "taskId", longRunningTask.getId().toString()));
}
}
}
Also used :
IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
IdmLongRunningTaskFilter(eu.bcvsolutions.idm.core.scheduler.api.dto.filter.IdmLongRunningTaskFilter)
Example 10 with AbstractIdmAutomaticRoleDto
use of eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto in project CzechIdMng by bcvsolutions.
the class IdentityContractUpdateByAutomaticRoleProcessor method process.
@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
IdmIdentityContractDto contract = event.getContent();
//
IdmIdentityContractDto previous = event.getOriginalSource();
UUID previousPosition = previous.getWorkPosition();
UUID newPosition = contract.getWorkPosition();
// check automatic roles - if position or disabled was changed
if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
// work positions has some difference or validity changes
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
// remove all automatic roles by attribute
if (!assignedRoles.isEmpty()) {
assignedRoles = assignedRoles.stream().filter(autoRole -> {
AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
return true;
}
return false;
}).collect(Collectors.toList());
}
//
Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
return identityRole.getRoleTreeNode() != null;
}).map(identityRole -> {
return identityRole.getRoleTreeNode();
}).collect(Collectors.toSet());
Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
if (newPosition != null) {
addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
}
// prevent to remove newly added or still exists roles
Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
addedAutomaticRoles.removeIf(a -> {
return previousAutomaticRoles.contains(a.getId());
});
//
for (UUID removedAutomaticRole : removedAutomaticRoles) {
Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
while (iter.hasNext()) {
IdmIdentityRoleDto identityRole = iter.next();
if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
// check, if role will be added by new automatic roles and prevent removing
IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
if (addedAutomaticRole == null) {
// remove assigned role
roleTreeNodeService.removeAutomaticRoles(identityRole, null);
iter.remove();
} else {
// change relation only
identityRole.setRoleTreeNode(addedAutomaticRole.getId());
updateIdentityRole(identityRole);
//
// new automatic role is not needed
addedAutomaticRoles.remove(addedAutomaticRole);
}
}
}
}
// change date - for unchanged assigned roles only
if (EntityUtils.validableChanged(previous, contract)) {
changeValidable(contract, assignedRoles);
}
//
// add identity roles
roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
} else // process validable change
if (EntityUtils.validableChanged(previous, contract)) {
changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
}
//
return new DefaultEventResult<>(event, this);
}
Also used :
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmRoleTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmRoleTreeNodeService)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor)
IdentityContractProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityContractProcessor)
HashSet(java.util.HashSet)
EntityUtils(eu.bcvsolutions.idm.core.api.utils.EntityUtils)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
EventResult(eu.bcvsolutions.idm.core.api.event.EventResult)
IdentityRoleEventType(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent.IdentityRoleEventType)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
Description(org.springframework.context.annotation.Description)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
Iterator(java.util.Iterator)
IdentityContractEventType(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent.IdentityContractEventType)
Set(java.util.Set)
IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
Objects(java.util.Objects)
IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto)
List(java.util.List)
Component(org.springframework.stereotype.Component)
IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService)
EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager)
IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)
UUID(java.util.UUID)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
HashSet(java.util.HashSet)
Aggregations
AbstractIdmAutomaticRoleDto (eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto)11
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)6
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)6
UUID (java.util.UUID)5
IdentityRoleEvent (eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent)4
IdmAutomaticRoleAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)3
DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)3
HashSet (java.util.HashSet)3
PageRequest (org.springframework.data.domain.PageRequest)3
Transactional (org.springframework.transaction.annotation.Transactional)3
AutomaticRoleAttributeRuleType (eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType)2
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)2
IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)2
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)2
IdmAutomaticRoleAttributeRuleDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleDto)1
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)1
IdmRoleTreeNodeDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto)1
CoreEventProcessor (eu.bcvsolutions.idm.core.api.event.CoreEventProcessor)1
EntityEvent (eu.bcvsolutions.idm.core.api.event.EntityEvent)1
EventResult (eu.bcvsolutions.idm.core.api.event.EventResult)1
