Search in sources :

Example 16 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleService method internalExport.

@Override
protected IdmIncompatibleRoleDto internalExport(UUID id) {
    IdmIncompatibleRoleDto dto = this.get(id);
    // Advanced pairing
    // We cannot clear all embedded data, because we need to export DTO for
    // connected sub and superior role.
    BaseDto roleSubDto = dto.getEmbedded().get(IdmIncompatibleRole_.sub.getName());
    BaseDto roleSuperDto = dto.getEmbedded().get(IdmIncompatibleRole_.superior.getName());
    dto.getEmbedded().clear();
    dto.getEmbedded().put(IdmIncompatibleRole_.sub.getName(), roleSubDto);
    dto.getEmbedded().put(IdmIncompatibleRole_.superior.getName(), roleSuperDto);
    return dto;
}
Also used : BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto)

Example 17 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleService method resolveIncompatibleRoles.

@Override
public Set<ResolvedIncompatibleRoleDto> resolveIncompatibleRoles(List<Serializable> rolesOrIdentifiers) {
    // search all defined incompatible roles for given roles - business roles can be given
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = new HashSet<>();
    if (CollectionUtils.isEmpty(rolesOrIdentifiers)) {
        return incompatibleRoles;
    }
    LOG.debug("Start resolving incompabible roles [{}]", rolesOrIdentifiers);
    // 
    Set<UUID> allRoleIds = new HashSet<>();
    Set<IdmRoleDto> roles = new HashSet<>();
    // search all sub roles
    for (Serializable roleOrIdentifier : rolesOrIdentifiers) {
        if (roleOrIdentifier == null) {
            continue;
        }
        roles.clear();
        // 
        IdmRoleDto directRole = null;
        if (roleOrIdentifier instanceof IdmRoleDto) {
            directRole = (IdmRoleDto) roleOrIdentifier;
        } else {
            directRole = (IdmRoleDto) lookupService.lookupDto(IdmRoleDto.class, roleOrIdentifier);
        }
        if (directRole == null) {
            throw new EntityNotFoundException(IdmRole.class, roleOrIdentifier);
        }
        // 
        roles.add(directRole);
        if (directRole.getChildrenCount() > 0) {
            roles.addAll(roleCompositionService.resolveDistinctRoles(roleCompositionService.findAllSubRoles(directRole.getId())));
        }
        // 
        // resolve incompatible roles
        List<UUID> roleIds = roles.stream().map(IdmRoleDto::getId).collect(Collectors.toList());
        // 
        for (IdmIncompatibleRoleDto incompatibleRole : findAllByRoles(roleIds)) {
            // find incompatible roles - we need to know, which from the given role is incompatible => ResolvedIncompatibleRoleDto
            incompatibleRoles.add(new ResolvedIncompatibleRoleDto(directRole, incompatibleRole));
        }
        allRoleIds.addAll(roleIds);
    }
    // 
    // both sides of incompatible roles should be in the allRoleIds and superior vs. sub role has to be different.
    Set<ResolvedIncompatibleRoleDto> resolvedRoles = incompatibleRoles.stream().filter(ir -> {
        // superior vs. sub role has to be different.
        return !ir.getIncompatibleRole().getSuperior().equals(ir.getIncompatibleRole().getSub());
    }).filter(ir -> {
        // superior and sub role has to be in all roles.
        return allRoleIds.contains(ir.getIncompatibleRole().getSuperior()) && allRoleIds.contains(ir.getIncompatibleRole().getSub());
    }).collect(Collectors.toSet());
    // 
    LOG.debug("Resolved incompabible roles [{}]", resolvedRoles.size());
    return resolvedRoles;
}
Also used : Autowired(org.springframework.beans.factory.annotation.Autowired) IdmIncompatibleRole(eu.bcvsolutions.idm.core.model.entity.IdmIncompatibleRole) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) Predicate(javax.persistence.criteria.Predicate) CollectionUtils(org.apache.commons.collections.CollectionUtils) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) IdmIncompatibleRole_(eu.bcvsolutions.idm.core.model.entity.IdmIncompatibleRole_) IdmExportImportDto(eu.bcvsolutions.idm.core.api.dto.IdmExportImportDto) Root(javax.persistence.criteria.Root) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) IdmRole_(eu.bcvsolutions.idm.core.model.entity.IdmRole_) AbstractEventableDtoService(eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService) Set(java.util.Set) PageRequest(org.springframework.data.domain.PageRequest) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) Page(org.springframework.data.domain.Page) Collectors(java.util.stream.Collectors) Serializable(java.io.Serializable) IdmIncompatibleRoleService(eu.bcvsolutions.idm.core.api.service.IdmIncompatibleRoleService) List(java.util.List) ExportDescriptorDto(eu.bcvsolutions.idm.core.api.dto.ExportDescriptorDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) IdmIncompatibleRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIncompatibleRoleFilter) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) IdmIncompatibleRoleRepository(eu.bcvsolutions.idm.core.model.repository.IdmIncompatibleRoleRepository) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) PageImpl(org.springframework.data.domain.PageImpl) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType) Assert(org.springframework.util.Assert) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Serializable(java.io.Serializable) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) UUID(java.util.UUID) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) HashSet(java.util.HashSet)

Example 18 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class RoleExportBulkAction method exportIncompatibleRoles.

/**
 * Export incompatible roles for given role.
 *
 * @param role
 */
private void exportIncompatibleRoles(IdmRoleDto role) {
    IdmIncompatibleRoleFilter incompatibleFilter = new IdmIncompatibleRoleFilter();
    incompatibleFilter.setRoleId(role.getId());
    List<IdmIncompatibleRoleDto> incompatibles = incompatibleRoleService.find(incompatibleFilter, null).getContent();
    if (incompatibles.isEmpty()) {
        incompatibleRoleService.export(ExportManager.BLANK_UUID, this.getBatch());
    }
    incompatibles.forEach(incompatible -> {
        incompatibleRoleService.export(incompatible.getId(), this.getBatch());
    });
    // Set parent fields -> set authoritative mode. Here are two parent fields!
    Set<String> parents = new LinkedHashSet<>();
    parents.add(IdmIncompatibleRole_.superior.getName());
    parents.add(IdmIncompatibleRole_.sub.getName());
    this.getExportManager().setAuthoritativeMode(parents, IdmIncompatibleRoleFilter.PARAMETER_ROLE_ID, IdmIncompatibleRoleDto.class, this.getBatch());
}
Also used : LinkedHashSet(java.util.LinkedHashSet) IdmIncompatibleRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIncompatibleRoleFilter) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto)

Example 19 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class RoleExportBulkActionIntegrationTest method testExportAndImportRoleIncompatibilities.

@Test
public void testExportAndImportRoleIncompatibilities() {
    IdmRoleDto role = createRole();
    IdmRoleDto incompatibileRoleOne = this.getHelper().createRole();
    IdmRoleDto incompatibileRoleTwo = this.getHelper().createRole();
    IdmIncompatibleRoleDto incompatibleRoleOne = this.getHelper().createIncompatibleRole(role, incompatibileRoleOne);
    // Make export, upload and import
    IdmExportImportDto importBatch = executeExportAndImport(role, RoleExportBulkAction.NAME, ImmutableMap.of(EXECUTE_BEFORE_DTO_DELETE, this::deleteAllSubroles));
    role = roleService.get(role.getId());
    Assert.assertNotNull(role);
    List<IdmIncompatibleRoleDto> incompatibilites = this.findIncompatibilites(role);
    Assert.assertEquals(1, incompatibilites.size());
    Assert.assertEquals(incompatibleRoleOne.getId(), incompatibilites.get(0).getId());
    this.getHelper().createIncompatibleRole(role, incompatibileRoleTwo);
    incompatibilites = this.findIncompatibilites(role);
    Assert.assertEquals(2, incompatibilites.size());
    // Execute import (check authoritative mode)
    importBatch = importManager.executeImport(importBatch, false);
    Assert.assertNotNull(importBatch);
    Assert.assertEquals(ExportImportType.IMPORT, importBatch.getType());
    Assert.assertEquals(OperationState.EXECUTED, importBatch.getResult().getState());
    // Second incompatibility had to be deleted!
    incompatibilites = this.findIncompatibilites(role);
    Assert.assertEquals(1, incompatibilites.size());
    Assert.assertEquals(incompatibleRoleOne.getId(), incompatibilites.get(0).getId());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmExportImportDto(eu.bcvsolutions.idm.core.api.dto.IdmExportImportDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) AbstractExportBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractExportBulkActionTest) Test(org.junit.Test)

Example 20 with IdmIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testResolveIncompatibleRolesInBulkSubRoles.

@Test
public void testResolveIncompatibleRolesInBulkSubRoles() {
    IdmRoleDto superior = getHelper().createRole();
    IdmRoleDto superiorTwo = getHelper().createRole();
    IdmRoleDto subOne = getHelper().createRole();
    IdmRoleDto subTwo = getHelper().createRole();
    IdmRoleDto subOneSub = getHelper().createRole();
    IdmRoleDto subOneSubSub = getHelper().createRole();
    IdmRoleDto three = getHelper().createRole();
    IdmRoleDto threeSub = getHelper().createRole();
    IdmRoleDto threeSubSub = getHelper().createRole();
    getHelper().createRoleComposition(superior, subOne);
    getHelper().createRoleComposition(superior, subTwo);
    getHelper().createRoleComposition(subOne, subOneSub);
    getHelper().createRoleComposition(subOneSub, subOneSubSub);
    getHelper().createRoleComposition(three, threeSub);
    getHelper().createRoleComposition(threeSub, threeSubSub);
    // prepare incompatible roles
    getHelper().createIncompatibleRole(subOne, subTwo);
    getHelper().createIncompatibleRole(subOneSubSub, threeSubSub);
    getHelper().createIncompatibleRole(subTwo, threeSub);
    getHelper().createIncompatibleRole(subOne, subOne);
    // create superior roles
    List<IdmRoleDto> assignRoles = Lists.newArrayList(three, superior, superiorTwo);
    // 
    IdmRoleDto role = getHelper().createRole();
    // +1 = 751
    int count = 750;
    for (int i = 1; i <= count; i++) {
        // create some sub roles
        IdmRoleDto subRole = getHelper().createRole();
        getHelper().createRoleComposition(role, subRole);
        getHelper().createIncompatibleRole(threeSubSub, subRole);
        // 
        // assign target system - should exist
        // FIXME: move to some new acc test, just backup here ...
        // SysSystemDto system = systemService.getByCode("manual-vs");
        // SysSystemMappingDto systemMapping =  AutowireHelper.getBean(SysSystemMappingService.class).findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
        // SysRoleSystemDto roleSystem = new SysRoleSystemDto();
        // roleSystem.setSystem(system.getId());
        // roleSystem.setSystemMapping(systemMapping.getId());
        // roleSystem.setRole(role.getId());
        // //
        // // merge attribute - rights + transformation
        // AutowireHelper.getBean(SysRoleSystemAttributeService.class).addRoleMappingAttribute(system.getId(),
        // role.getId(), "rights", "return [\"value-" + i +"\"]", IcObjectClassInfo.ACCOUNT);
        assignRoles.add(role);
    }
    // 
    // prepare owner
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    IdmIdentityContractDto contract = getHelper().getPrimeContract(identity);
    // 
    // prepare request
    IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
    roleRequest.setState(RoleRequestState.CONCEPT);
    // without approval
    roleRequest.setExecuteImmediately(true);
    roleRequest.setApplicant(identity.getId());
    roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
    roleRequest = getHelper().getService(IdmRoleRequestService.class).save(roleRequest);
    // 
    for (IdmRoleDto assignRole : assignRoles) {
        IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
        concept.setIdentityContract(contract.getId());
        concept.setValidFrom(contract.getValidFrom());
        concept.setValidTill(contract.getValidTill());
        concept.setRole(assignRole.getId());
        concept.setOperation(ConceptRoleRequestOperation.ADD);
        concept.setRoleRequest(roleRequest.getId());
        // 
        getHelper().getService(IdmConceptRoleRequestService.class).save(concept);
    }
    long start = System.currentTimeMillis();
    // 
    Set<IdmIncompatibleRoleDto> incompatibleRoles = getHelper().getService(IdmRoleRequestService.class).getIncompatibleRoles(roleRequest).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    // 
    long duration = System.currentTimeMillis() - start;
    Assert.assertTrue(duration < 5000);
    Assert.assertEquals(3 + count, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(threeSubSub.getId());
    }));
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) Autowired(org.springframework.beans.factory.annotation.Autowired) RoleRequestedByType(eu.bcvsolutions.idm.core.api.domain.RoleRequestedByType) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) Lists(com.google.common.collect.Lists) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) Before(org.junit.Before) EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Set(java.util.Set) Test(org.junit.Test) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Collectors(java.util.stream.Collectors) ApplicationContext(org.springframework.context.ApplicationContext) Serializable(java.io.Serializable) List(java.util.List) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Assert(org.junit.Assert) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation) Transactional(org.springframework.transaction.annotation.Transactional) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

IdmIncompatibleRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIncompatibleRoleDto)21 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)16 Test (org.junit.Test)15 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)11 List (java.util.List)11 Autowired (org.springframework.beans.factory.annotation.Autowired)11 ResolvedIncompatibleRoleDto (eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto)10 Assert (org.junit.Assert)10 Set (java.util.Set)9 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)7 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)7 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)7 Collectors (java.util.stream.Collectors)7 AbstractReadWriteDtoControllerRestTest (eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest)6 IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)6 Lists (com.google.common.collect.Lists)5 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)5 AbstractReadWriteDtoController (eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoController)5 Transactional (org.springframework.transaction.annotation.Transactional)5 ConceptRoleRequestOperation (eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)4