Search in sources :

Example 1 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class IncompatibleRoleSaveProcessor method process.

@Override
public EventResult<IdmIncompatibleRoleDto> process(EntityEvent<IdmIncompatibleRoleDto> event) {
    IdmIncompatibleRoleDto incompatibleRole = event.getContent();
    incompatibleRole = service.saveInternal(incompatibleRole);
    event.setContent(incompatibleRole);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto)

Example 2 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class ChangeIdentityPermissionTest method defaultWithoutApproveTest.

@Test
public void defaultWithoutApproveTest() {
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "false");
    // Set incompatibility role test
    configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
    // Create test role for load candidates on approval incompatibility (TEST_USER_1)
    IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
    getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
    IdmIdentityDto applicant = getHelper().createIdentity();
    // Create definition of incompatible roles
    IdmRoleDto incompatibleRoleOne = getHelper().createRole();
    IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
    IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
    incompatibleRole.setSub(incompatibleRoleOne.getId());
    incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
    incompatibleRole = incompatibleRoleService.save(incompatibleRole);
    // Assign first incompatible role
    getHelper().createIdentityRole(applicant, incompatibleRoleOne);
    loginAsAdmin();
    // Create request
    IdmRoleRequestDto request = createRoleRequest(applicant);
    request = roleRequestService.save(request);
    IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
    IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
    concept = conceptRoleRequestService.save(concept);
    // Check on incompatible role in the request
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
    assertEquals(2, incompatibleRoles.size());
    // HELPDESK turn off
    // MANAGER turn off
    // USER MANAGER turn off
    // SECURITY turn off
    // ROLE INCOMPATIBILITY turn off
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.EXECUTED, request.getState());
    assertNotNull(request.getWfProcessId());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Example 3 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class ChangeIdentityPermissionTest method approveIncompatibleRolesTest.

@Test
public void approveIncompatibleRolesTest() {
    ZonedDateTime now = ZonedDateTime.now().truncatedTo(ChronoUnit.MILLIS);
    getHelper().waitForResult(null, 1, 1);
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "true");
    // Set incompatibility role test
    configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
    // Create test role for load candidates on approval incompatibility (TEST_USER_1)
    IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
    getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
    IdmIdentityDto applicant = getHelper().createIdentity();
    // Create definition of incompatible roles
    IdmRoleDto incompatibleRoleOne = getHelper().createRole();
    IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
    IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
    incompatibleRole.setSub(incompatibleRoleOne.getId());
    incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
    incompatibleRole = incompatibleRoleService.save(incompatibleRole);
    // Assign first incompatible role
    getHelper().createIdentityRole(applicant, incompatibleRoleOne);
    loginAsAdmin();
    // Create request
    IdmRoleRequestDto request = createRoleRequest(applicant);
    request = roleRequestService.save(request);
    IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
    IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
    concept = conceptRoleRequestService.save(concept);
    // Check on incompatible role in the request
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
    assertEquals(2, incompatibleRoles.size());
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
    WorkflowFilterDto taskFilter = new WorkflowFilterDto();
    taskFilter.setCreatedAfter(now);
    taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
    List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
    assertEquals(0, tasks.size());
    // HELPDESK turn off
    // MANAGER turn off
    // USER MANAGER turn off
    // SECURITY turn off
    // ROLE INCOMPATIBILITY turn on
    loginAsAdmin(InitTestDataProcessor.TEST_USER_1);
    taskFilter.setCandidateOrAssigned(InitTestDataProcessor.TEST_USER_1);
    checkAndCompleteOneTask(taskFilter, applicant.getUsername(), "approve", "approveIncompatibilities");
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.EXECUTED, request.getState());
    assertNotNull(request.getWfProcessId());
    concept = conceptRoleRequestService.get(concept.getId());
    assertNotNull(concept.getWfProcessId());
    // Find all identity roles for applicant
    List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(applicant.getId());
    boolean exists = identityRoles.stream().filter(identityRole -> incompatibleRoleTwo.getId().equals(identityRole.getRole())).findFirst().isPresent();
    // Incompatible role two must be assigned for applicant
    assertTrue(exists);
    // Create next request
    IdmRoleRequestDto requestNext = createRoleRequest(applicant);
    requestNext = roleRequestService.save(requestNext);
    // Check on incompatible role in the request
    // Incompatibilities exist for this user, but not in this request (none concept
    // added new role is presents)
    incompatibleRoles = roleRequestService.getIncompatibleRoles(requestNext);
    assertEquals(0, incompatibleRoles.size());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) WorkflowTaskInstanceDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowTaskInstanceDto) ZonedDateTime(java.time.ZonedDateTime) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) WorkflowFilterDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowFilterDto) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Example 4 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testResolveIncompatibleRoles.

@Test
public void testResolveIncompatibleRoles() {
    Assert.assertTrue(service.resolveIncompatibleRoles(null).isEmpty());
    Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList()).isEmpty());
    Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList((Serializable) null, (Serializable) null)).isEmpty());
    // 
    // prepare role composition
    IdmRoleDto superior = getHelper().createRole();
    IdmRoleDto superiorTwo = getHelper().createRole();
    IdmRoleDto subOne = getHelper().createRole();
    IdmRoleDto subTwo = getHelper().createRole();
    IdmRoleDto subOneSub = getHelper().createRole();
    IdmRoleDto subOneSubSub = getHelper().createRole();
    IdmRoleDto three = getHelper().createRole();
    IdmRoleDto threeSub = getHelper().createRole();
    IdmRoleDto threeSubSub = getHelper().createRole();
    getHelper().createRoleComposition(superior, subOne);
    getHelper().createRoleComposition(superior, subTwo);
    getHelper().createRoleComposition(subOne, subOneSub);
    getHelper().createRoleComposition(subOneSub, subOneSubSub);
    getHelper().createRoleComposition(three, threeSub);
    getHelper().createRoleComposition(threeSub, threeSubSub);
    // prepare incompatible roles
    getHelper().createIncompatibleRole(subOne, subTwo);
    getHelper().createIncompatibleRole(subOneSubSub, threeSubSub);
    getHelper().createIncompatibleRole(subTwo, threeSub);
    getHelper().createIncompatibleRole(subOne, subOne);
    // 
    Set<ResolvedIncompatibleRoleDto> resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), superiorTwo.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    // wrong definition. TODO: add validation
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    // preloaded role is used
    superior = getHelper().getService(IdmRoleService.class).get(superior);
    // incompatible roles inside business role definition
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(superior));
    Assert.assertEquals(1, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId());
    }));
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), subTwo.getId()));
    Assert.assertEquals(2, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subOne);
    }));
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subTwo);
    }));
    // 
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), three.getId()));
    Assert.assertEquals(2, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(subOne);
    }));
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(three);
    }));
    // 
    Set<IdmIncompatibleRoleDto> incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOneSub.getId(), subTwo.getId(), three.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(2, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), three.getId(), subOne.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(3, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), subTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(1, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), superior.getId(), superiorTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(3, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) Autowired(org.springframework.beans.factory.annotation.Autowired) RoleRequestedByType(eu.bcvsolutions.idm.core.api.domain.RoleRequestedByType) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) Lists(com.google.common.collect.Lists) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) Before(org.junit.Before) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Set(java.util.Set) Test(org.junit.Test) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Collectors(java.util.stream.Collectors) ApplicationContext(org.springframework.context.ApplicationContext) Serializable(java.io.Serializable) List(java.util.List) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Assert(org.junit.Assert) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation) Transactional(org.springframework.transaction.annotation.Transactional) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Serializable(java.io.Serializable) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 5 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testReferentialIntegrityRoleIsDeleted.

@Test
public void testReferentialIntegrityRoleIsDeleted() {
    IdmRoleDto roleOne = getHelper().createRole();
    IdmRoleDto roleTwo = getHelper().createRole();
    IdmRoleDto roleThree = getHelper().createRole();
    // 
    IdmIncompatibleRoleDto incompatibleRoleOne = getHelper().createIncompatibleRole(roleOne, roleTwo);
    IdmIncompatibleRoleDto incompatibleRoleTwo = getHelper().createIncompatibleRole(roleThree, roleOne);
    IdmIncompatibleRoleDto incompatibleRoleThree = getHelper().createIncompatibleRole(roleThree, roleTwo);
    // 
    getHelper().getService(IdmRoleService.class).delete(roleOne);
    // 
    Assert.assertNull(service.get(incompatibleRoleOne));
    Assert.assertNull(service.get(incompatibleRoleTwo));
    Assert.assertNotNull(service.get(incompatibleRoleThree));
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

IdmIncompatibleRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto)21 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)16 Test (org.junit.Test)15 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)11 List (java.util.List)11 Autowired (org.springframework.beans.factory.annotation.Autowired)11 ResolvedIncompatibleRoleDto (eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto)10 Assert (org.junit.Assert)10 Set (java.util.Set)9 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)7 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)7 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)7 Collectors (java.util.stream.Collectors)7 AbstractReadWriteDtoControllerRestTest (eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest)6 IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)6 Lists (com.google.common.collect.Lists)5 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)5 AbstractReadWriteDtoController (eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoController)5 Transactional (org.springframework.transaction.annotation.Transactional)5 ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)4