use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmIncompatibleRoleService method internalExport.
@Override
protected IdmIncompatibleRoleDto internalExport(UUID id) {
IdmIncompatibleRoleDto dto = this.get(id);
// Advanced pairing
// We cannot clear all embedded data, because we need to export DTO for
// connected sub and superior role.
BaseDto roleSubDto = dto.getEmbedded().get(IdmIncompatibleRole_.sub.getName());
BaseDto roleSuperDto = dto.getEmbedded().get(IdmIncompatibleRole_.superior.getName());
dto.getEmbedded().clear();
dto.getEmbedded().put(IdmIncompatibleRole_.sub.getName(), roleSubDto);
dto.getEmbedded().put(IdmIncompatibleRole_.superior.getName(), roleSuperDto);
return dto;
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmIncompatibleRoleService method resolveIncompatibleRoles.
@Override
public Set<ResolvedIncompatibleRoleDto> resolveIncompatibleRoles(List<Serializable> rolesOrIdentifiers) {
// search all defined incompatible roles for given roles - business roles can be given
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = new HashSet<>();
if (CollectionUtils.isEmpty(rolesOrIdentifiers)) {
return incompatibleRoles;
}
LOG.debug("Start resolving incompabible roles [{}]", rolesOrIdentifiers);
//
Set<UUID> allRoleIds = new HashSet<>();
Set<IdmRoleDto> roles = new HashSet<>();
// search all sub roles
for (Serializable roleOrIdentifier : rolesOrIdentifiers) {
if (roleOrIdentifier == null) {
continue;
}
roles.clear();
//
IdmRoleDto directRole = null;
if (roleOrIdentifier instanceof IdmRoleDto) {
directRole = (IdmRoleDto) roleOrIdentifier;
} else {
directRole = (IdmRoleDto) lookupService.lookupDto(IdmRoleDto.class, roleOrIdentifier);
}
if (directRole == null) {
throw new EntityNotFoundException(IdmRole.class, roleOrIdentifier);
}
//
roles.add(directRole);
if (directRole.getChildrenCount() > 0) {
roles.addAll(roleCompositionService.resolveDistinctRoles(roleCompositionService.findAllSubRoles(directRole.getId())));
}
//
// resolve incompatible roles
List<UUID> roleIds = roles.stream().map(IdmRoleDto::getId).collect(Collectors.toList());
//
for (IdmIncompatibleRoleDto incompatibleRole : findAllByRoles(roleIds)) {
// find incompatible roles - we need to know, which from the given role is incompatible => ResolvedIncompatibleRoleDto
incompatibleRoles.add(new ResolvedIncompatibleRoleDto(directRole, incompatibleRole));
}
allRoleIds.addAll(roleIds);
}
//
// both sides of incompatible roles should be in the allRoleIds and superior vs. sub role has to be different.
Set<ResolvedIncompatibleRoleDto> resolvedRoles = incompatibleRoles.stream().filter(ir -> {
// superior vs. sub role has to be different.
return !ir.getIncompatibleRole().getSuperior().equals(ir.getIncompatibleRole().getSub());
}).filter(ir -> {
// superior and sub role has to be in all roles.
return allRoleIds.contains(ir.getIncompatibleRole().getSuperior()) && allRoleIds.contains(ir.getIncompatibleRole().getSub());
}).collect(Collectors.toSet());
//
LOG.debug("Resolved incompabible roles [{}]", resolvedRoles.size());
return resolvedRoles;
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class RoleExportBulkAction method exportIncompatibleRoles.
/**
* Export incompatible roles for given role.
*
* @param role
*/
private void exportIncompatibleRoles(IdmRoleDto role) {
IdmIncompatibleRoleFilter incompatibleFilter = new IdmIncompatibleRoleFilter();
incompatibleFilter.setRoleId(role.getId());
List<IdmIncompatibleRoleDto> incompatibles = incompatibleRoleService.find(incompatibleFilter, null).getContent();
if (incompatibles.isEmpty()) {
incompatibleRoleService.export(ExportManager.BLANK_UUID, this.getBatch());
}
incompatibles.forEach(incompatible -> {
incompatibleRoleService.export(incompatible.getId(), this.getBatch());
});
// Set parent fields -> set authoritative mode. Here are two parent fields!
Set<String> parents = new LinkedHashSet<>();
parents.add(IdmIncompatibleRole_.superior.getName());
parents.add(IdmIncompatibleRole_.sub.getName());
this.getExportManager().setAuthoritativeMode(parents, IdmIncompatibleRoleFilter.PARAMETER_ROLE_ID, IdmIncompatibleRoleDto.class, this.getBatch());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class RoleExportBulkActionIntegrationTest method testExportAndImportRoleIncompatibilities.
@Test
public void testExportAndImportRoleIncompatibilities() {
IdmRoleDto role = createRole();
IdmRoleDto incompatibileRoleOne = this.getHelper().createRole();
IdmRoleDto incompatibileRoleTwo = this.getHelper().createRole();
IdmIncompatibleRoleDto incompatibleRoleOne = this.getHelper().createIncompatibleRole(role, incompatibileRoleOne);
// Make export, upload and import
IdmExportImportDto importBatch = executeExportAndImport(role, RoleExportBulkAction.NAME, ImmutableMap.of(EXECUTE_BEFORE_DTO_DELETE, this::deleteAllSubroles));
role = roleService.get(role.getId());
Assert.assertNotNull(role);
List<IdmIncompatibleRoleDto> incompatibilites = this.findIncompatibilites(role);
Assert.assertEquals(1, incompatibilites.size());
Assert.assertEquals(incompatibleRoleOne.getId(), incompatibilites.get(0).getId());
this.getHelper().createIncompatibleRole(role, incompatibileRoleTwo);
incompatibilites = this.findIncompatibilites(role);
Assert.assertEquals(2, incompatibilites.size());
// Execute import (check authoritative mode)
importBatch = importManager.executeImport(importBatch, false);
Assert.assertNotNull(importBatch);
Assert.assertEquals(ExportImportType.IMPORT, importBatch.getType());
Assert.assertEquals(OperationState.EXECUTED, importBatch.getResult().getState());
// Second incompatibility had to be deleted!
incompatibilites = this.findIncompatibilites(role);
Assert.assertEquals(1, incompatibilites.size());
Assert.assertEquals(incompatibleRoleOne.getId(), incompatibilites.get(0).getId());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testResolveIncompatibleRolesInBulkSubRoles.
@Test
public void testResolveIncompatibleRolesInBulkSubRoles() {
IdmRoleDto superior = getHelper().createRole();
IdmRoleDto superiorTwo = getHelper().createRole();
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subTwo = getHelper().createRole();
IdmRoleDto subOneSub = getHelper().createRole();
IdmRoleDto subOneSubSub = getHelper().createRole();
IdmRoleDto three = getHelper().createRole();
IdmRoleDto threeSub = getHelper().createRole();
IdmRoleDto threeSubSub = getHelper().createRole();
getHelper().createRoleComposition(superior, subOne);
getHelper().createRoleComposition(superior, subTwo);
getHelper().createRoleComposition(subOne, subOneSub);
getHelper().createRoleComposition(subOneSub, subOneSubSub);
getHelper().createRoleComposition(three, threeSub);
getHelper().createRoleComposition(threeSub, threeSubSub);
// prepare incompatible roles
getHelper().createIncompatibleRole(subOne, subTwo);
getHelper().createIncompatibleRole(subOneSubSub, threeSubSub);
getHelper().createIncompatibleRole(subTwo, threeSub);
getHelper().createIncompatibleRole(subOne, subOne);
// create superior roles
List<IdmRoleDto> assignRoles = Lists.newArrayList(three, superior, superiorTwo);
//
IdmRoleDto role = getHelper().createRole();
// +1 = 751
int count = 750;
for (int i = 1; i <= count; i++) {
// create some sub roles
IdmRoleDto subRole = getHelper().createRole();
getHelper().createRoleComposition(role, subRole);
getHelper().createIncompatibleRole(threeSubSub, subRole);
//
// assign target system - should exist
// FIXME: move to some new acc test, just backup here ...
// SysSystemDto system = systemService.getByCode("manual-vs");
// SysSystemMappingDto systemMapping = AutowireHelper.getBean(SysSystemMappingService.class).findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
// SysRoleSystemDto roleSystem = new SysRoleSystemDto();
// roleSystem.setSystem(system.getId());
// roleSystem.setSystemMapping(systemMapping.getId());
// roleSystem.setRole(role.getId());
// //
// // merge attribute - rights + transformation
// AutowireHelper.getBean(SysRoleSystemAttributeService.class).addRoleMappingAttribute(system.getId(),
// role.getId(), "rights", "return [\"value-" + i +"\"]", IcObjectClassInfo.ACCOUNT);
assignRoles.add(role);
}
//
// prepare owner
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity);
//
// prepare request
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
roleRequest.setState(RoleRequestState.CONCEPT);
// without approval
roleRequest.setExecuteImmediately(true);
roleRequest.setApplicant(identity.getId());
roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
roleRequest = getHelper().getService(IdmRoleRequestService.class).save(roleRequest);
//
for (IdmRoleDto assignRole : assignRoles) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setIdentityContract(contract.getId());
concept.setValidFrom(contract.getValidFrom());
concept.setValidTill(contract.getValidTill());
concept.setRole(assignRole.getId());
concept.setOperation(ConceptRoleRequestOperation.ADD);
concept.setRoleRequest(roleRequest.getId());
//
getHelper().getService(IdmConceptRoleRequestService.class).save(concept);
}
long start = System.currentTimeMillis();
//
Set<IdmIncompatibleRoleDto> incompatibleRoles = getHelper().getService(IdmRoleRequestService.class).getIncompatibleRoles(roleRequest).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
//
long duration = System.currentTimeMillis() - start;
Assert.assertTrue(duration < 5000);
Assert.assertEquals(3 + count, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(threeSubSub.getId());
}));
}
Aggregations