use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class RoleDeleteProcessor method process.
@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
//
IdmRoleDto role = event.getContent();
UUID roleId = role.getId();
Assert.notNull(roleId, "Role id is required!");
// check role can be removed without force
if (!forceDelete) {
checkWithoutForceDelete(role);
}
//
// Find all concepts and remove relation on role - has to be the first => concepts are created bellow
IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
conceptRequestFilter.setRoleId(roleId);
List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.find(conceptRequestFilter, null).getContent();
for (int counter = 0; counter < concepts.size(); counter++) {
IdmConceptRoleRequestDto concept = concepts.get(counter);
String message = null;
if (concept.getState().isTerminatedState()) {
message = MessageFormat.format("Role [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", role.getCode(), concept.getId());
} else {
message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested role [{1}] was deleted (not from this role request)!", concept.getId(), role.getCode());
// Cancel concept and WF
concept = conceptRoleRequestService.cancel(concept);
}
conceptRoleRequestService.addToLog(concept, message);
conceptRoleRequestService.save(concept);
if (counter % 100 == 0) {
clearSession();
}
}
// remove related assigned roles etc.
if (forceDelete) {
// remove directly assigned assigned roles (not automatic)
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleId);
identityRoleFilter.setDirectRole(Boolean.TRUE);
identityRoleFilter.setAutomaticRole(Boolean.FALSE);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.find(identityRoleFilter, null).getContent();
for (int counter = 0; counter < assignedRoles.size(); counter++) {
IdmIdentityRoleDto identityRole = assignedRoles.get(counter);
IdmIdentityContractDto contract = lookupService.lookupEmbeddedDto(identityRole, IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT);
UUID identityId = contract.getIdentity();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setApplicant(identityId);
//
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setContractPosition(identityRole.getContractPosition());
roleRequest.getConceptRoles().add(conceptRoleRequest);
//
// start event
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequestService.startConcepts(requestEvent, event);
//
if (counter % 100 == 0) {
clearSession();
}
}
//
// related automatic roles by tree structure
IdmRoleTreeNodeFilter roleTreeNodefilter = new IdmRoleTreeNodeFilter();
roleTreeNodefilter.setRoleId(roleId);
roleTreeNodeService.findIds(roleTreeNodefilter, null).stream().forEach(roleTreeNodeId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(roleTreeNodeId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// related automatic roles by attribute
IdmAutomaticRoleFilter automaticRoleFilter = new IdmAutomaticRoleFilter();
automaticRoleFilter.setRoleId(roleId);
automaticRoleAttributeService.findIds(automaticRoleFilter, null).stream().forEach(automaticRoleId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveAutomaticRoleTaskExecutor automaticRoleTask = AutowireHelper.createBean(RemoveAutomaticRoleTaskExecutor.class);
automaticRoleTask.setAutomaticRoleId(automaticRoleId);
longRunningTaskManager.executeSync(automaticRoleTask);
clearSession();
});
//
// business roles
// prevent to cyclic composition will be processed twice (sub = superior)
Set<UUID> processedCompositionIds = new HashSet<>();
// by sub
IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSubId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
// by superior
compositionFilter = new IdmRoleCompositionFilter();
compositionFilter.setSuperiorId(roleId);
roleCompositionService.findIds(compositionFilter, null).stream().filter(// ~ prevent to cyclic composition will be processed twice (sub = superior)
roleCompositionId -> !processedCompositionIds.contains(roleCompositionId)).forEach(roleCompositionId -> {
// sync => all asynchronous requests have to be prepared in event queue
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleCompositionId);
longRunningTaskManager.executeSync(roleCompositionTask);
//
processedCompositionIds.add(roleCompositionTask.getRoleCompositionId());
clearSession();
});
}
//
// remove all policies
IdmAuthorizationPolicyFilter policyFilter = new IdmAuthorizationPolicyFilter();
policyFilter.setRoleId(roleId);
authorizationPolicyService.find(policyFilter, null).forEach(dto -> {
authorizationPolicyService.delete(dto);
});
clearSession();
//
// Cancel all related automatic role requests
IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
automaticRoleRequestFilter.setRoleId(roleId);
automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
automaticRoleRequestService.cancel(request);
});
clearSession();
//
// remove role guarantee
IdmRoleGuaranteeRoleFilter roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setGuaranteeRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
roleGuaranteeRoleFilter = new IdmRoleGuaranteeRoleFilter();
roleGuaranteeRoleFilter.setRole(roleId);
roleGuaranteeRoleService.find(roleGuaranteeRoleFilter, null).forEach(roleGuarantee -> {
roleGuaranteeRoleService.delete(roleGuarantee);
});
clearSession();
//
// remove guarantees
IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
roleGuaranteeFilter.setRole(roleId);
roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
roleGuaranteeService.delete(roleGuarantee);
});
clearSession();
//
// remove catalogues
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleId(roleId);
roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).forEach(roleCatalogue -> {
roleCatalogueRoleService.delete(roleCatalogue);
});
clearSession();
//
// remove incompatible roles from both sides
incompatibleRoleService.findAllByRole(roleId).forEach(incompatibleRole -> {
incompatibleRoleService.delete(incompatibleRole);
});
clearSession();
//
// Remove role-form-attributes
IdmRoleFormAttributeFilter roleFormAttributeFilter = new IdmRoleFormAttributeFilter();
roleFormAttributeFilter.setRole(roleId);
roleFormAttributeService.find(roleFormAttributeFilter, null).forEach(roleCatalogue -> {
roleFormAttributeService.delete(roleCatalogue);
});
//
if (forceDelete) {
LOG.debug("Role [{}] should be deleted by caller after all asynchronus processes are completed.", role.getCode());
//
// dirty flag only - will be processed after asynchronous events ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(role, stateDeleted);
//
// set disabled
role.setDisabled(true);
service.saveInternal(role);
} else {
service.deleteInternal(role);
}
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DuplicateRoleCompositionProcessor method process.
@Override
@SuppressWarnings("unchecked")
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
IdmRoleDto cloned = event.getContent();
IdmRoleDto originalSource = event.getOriginalSource();
//
Map<String, Serializable> props = resolveProperties(event);
Set<UUID> processedRoles = (Set<UUID>) props.get(RoleEvent.PROPERTY_PROCESSED_ROLES);
processedRoles.add(cloned.getId());
//
// find and clone business role composition
// clone roles recursively
Set<String> processedSubRoles = new HashSet<>();
Map<String, IdmRoleCompositionDto> currentSubRoles = new HashMap<>();
roleCompositionService.findDirectSubRoles(cloned.getId()).forEach(composition -> {
IdmRoleDto subRole = DtoUtils.getEmbedded(composition, IdmRoleComposition_.sub);
currentSubRoles.put(subRole.getCode(), composition);
});
//
roleCompositionService.findDirectSubRoles(originalSource.getId()).stream().filter(composition -> {
return includeComposition(event, composition);
}).forEach(composition -> {
// find sub role on the target environment
IdmRoleDto subRole = DtoUtils.getEmbedded(composition, IdmRoleComposition_.sub);
IdmRoleDto targetRole = roleService.getByBaseCodeAndEnvironment(subRole.getBaseCode(), cloned.getEnvironment());
//
if (targetRole != null || duplicateRecursively(event, subRole, targetRole)) {
if (targetRole == null) {
// new clone
targetRole = prepareRole(subRole.getBaseCode(), cloned.getEnvironment());
}
if (targetRole != null && subRole.getId().equals(targetRole.getId())) {
LOG.debug("Role [{}] is duplicated on the same environment - skipping recursion for the same roles", targetRole.getCode());
} else if (targetRole != null && processedRoles.contains(targetRole.getId())) {
LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", targetRole.getCode());
} else {
//
// clone / update
EntityEvent<IdmRoleDto> subEvent = new RoleEvent(RoleEventType.DUPLICATE, targetRole, props);
// original source is the cloned role
subEvent.setOriginalSource(subRole);
// we want to be sync
subEvent.setPriority(PriorityType.IMMEDIATE);
EventContext<IdmRoleDto> resultSubRole = roleService.publish(subEvent, event);
targetRole = resultSubRole.getContent();
}
//
// create the composition (or check composition exists)
// find exists
processedSubRoles.add(targetRole.getCode());
if (!currentSubRoles.containsKey(targetRole.getCode())) {
IdmRoleCompositionDto cloneComposition = new IdmRoleCompositionDto(cloned.getId(), targetRole.getId());
EntityEvent<IdmRoleCompositionDto> createCompositionEvent = new RoleCompositionEvent(RoleCompositionEventType.CREATE, cloneComposition);
// we want to be sync
createCompositionEvent.setPriority(PriorityType.IMMEDIATE);
roleCompositionService.publish(createCompositionEvent, event);
}
}
});
//
// remove unprocessed sub roles, which was removed in surce role
currentSubRoles.entrySet().stream().filter(entry -> {
return !processedSubRoles.contains(entry.getKey());
}).filter(entry -> {
return includeComposition(event, entry.getValue());
}).forEach(entry -> {
// dirty flag role composition only - will be processed after parent action ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setSuperOwnerId(cloned.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(entry.getValue(), stateDeleted);
});
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class RoleDuplicateBulkActionIntegrationTest method testRemoveAutomaticRole.
@Test
public void testRemoveAutomaticRole() {
//
// create new entity state with a different transactionId - has to be preserved
TransactionContextHolder.clearContext();
IdmEntityStateDto otherState = new IdmEntityStateDto();
otherState.setOwnerId(UUID.randomUUID());
otherState.setOwnerType("mock");
otherState.setResult(new OperationResultDto.Builder(OperationState.CREATED).build());
otherState.setInstanceId("mock");
otherState = entityStateService.save(otherState);
//
TransactionContextHolder.clearContext();
// automatic role on sub role
IdmRoleDto parentRole = createRole();
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
IdmTreeNodeDto treeNode = getHelper().createTreeNode();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity);
contract.setWorkPosition(treeNode.getId());
contractService.save(contract);
IdmRoleDto subRole = createRole();
getHelper().createRoleComposition(parentRole, subRole);
// create attributes, automatic roles etc.
IdmAutomaticRoleAttributeDto automaticRoleAttribute = createAutomaticRole(subRole, identity.getUsername());
IdmRoleTreeNodeDto automaticRoleTree = createAutomaticRole(subRole, treeNode);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRoleAttribute.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRoleTree.getId().equals(ir.getAutomaticRole())));
//
String targetEnvironment = getHelper().createName();
IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
bulkAction.setIdentifiers(Sets.newHashSet(parentRole.getId()));
bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
bulkAction.getProperties().put(DuplicateRoleAutomaticByTreeProcessor.PARAMETER_INCLUDE_AUTOMATIC_ROLE, true);
bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
//
IdmRoleDto duplicate = roleService.getByBaseCodeAndEnvironment(subRole.getBaseCode(), targetEnvironment);
//
IdmAutomaticRoleAttributeDto duplicateAutomaticRoleAttribute = findAutomaticRolesByAttribute(duplicate).get(0);
IdmRoleTreeNodeDto duplicateAtomaticRoleTree = findAutomaticRolesByTree(duplicate).get(0);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRoleAttribute.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRoleTree.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> duplicateAutomaticRoleAttribute.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> duplicateAtomaticRoleTree.getId().equals(ir.getAutomaticRole())));
//
automaticRoleAttributeService.delete(automaticRoleAttribute);
//
processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
//
duplicate = roleService.getByBaseCodeAndEnvironment(subRole.getBaseCode(), targetEnvironment);
//
Assert.assertTrue(findAutomaticRolesByAttribute(duplicate).isEmpty());
Assert.assertNotNull(entityStateService.get(otherState));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class EntityStateDeleteBulkActionIntegrationTest method processBulkActionByFilter.
@Test
public void processBulkActionByFilter() {
List<OperationState> states = getStates();
List<IdmEntityStateDto> operationStates = createOperationStates(states);
Set<UUID> ids = new HashSet<>();
ids.add(operationStates.get(0).getId());
ids.add(operationStates.get(2).getId());
ids.add(operationStates.get(3).getId());
IdmBulkActionDto bulkAction = findBulkAction(IdmEntityState.class, EntityStateDeleteBulkAction.NAME);
bulkAction.setIdentifiers(ids);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
checkResultLrt(processAction, (long) ids.size(), null, null);
Assert.assertNotNull(service.get(operationStates.get(1)));
Assert.assertNotNull(service.get(operationStates.get(4)));
Assert.assertNotNull(service.get(operationStates.get(5)));
Assert.assertNotNull(service.get(operationStates.get(6)));
Assert.assertNull(service.get(operationStates.get(0)));
Assert.assertNull(service.get(operationStates.get(2)));
Assert.assertNull(service.get(operationStates.get(3)));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DefaultEntityStateManager method createState.
@Override
@Transactional
public IdmEntityStateDto createState(Identifiable owner, OperationState operationState, ResultCode code, Map<String, Serializable> properties, BasePermission... permission) {
IdmEntityStateDto state = new IdmEntityStateDto();
Map<String, Object> modelParameters = null;
if (properties != null) {
modelParameters = new HashMap<String, Object>(properties);
}
state.setResult(new OperationResultDto.Builder(operationState == null ? OperationState.CREATED : operationState).setModel(code == null ? null : new DefaultResultModel(code, modelParameters)).build());
//
return saveState(owner, state, permission);
}
Aggregations