use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleCompositionServiceIntegrationTest method testFindAllSuperiorRoles.
@Test
@Transactional
public void testFindAllSuperiorRoles() {
// prepare role composition
IdmRoleDto superior = getHelper().createRole();
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subTwo = getHelper().createRole();
IdmRoleDto subOneSub = getHelper().createRole();
IdmRoleDto subOneSubSub = getHelper().createRole();
getHelper().createRoleComposition(superior, subOne);
getHelper().createRoleComposition(superior, subTwo);
getHelper().createRoleComposition(subOne, subOneSub);
getHelper().createRoleComposition(subOneSub, subOneSubSub);
//
List<IdmRoleCompositionDto> allSuperiorRoles = service.findAllSuperiorRoles(superior.getId());
Assert.assertTrue(allSuperiorRoles.isEmpty());
//
allSuperiorRoles = service.findAllSuperiorRoles(subOne.getId());
Assert.assertEquals(1, allSuperiorRoles.size());
Assert.assertTrue(allSuperiorRoles.stream().anyMatch(s -> s.getSuperior().equals(superior.getId())));
//
allSuperiorRoles = service.findAllSuperiorRoles(subOneSubSub.getId());
Assert.assertEquals(3, allSuperiorRoles.size());
// ordered
Assert.assertEquals(subOneSub.getId(), allSuperiorRoles.get(0).getSuperior());
Assert.assertEquals(subOne.getId(), allSuperiorRoles.get(1).getSuperior());
Assert.assertEquals(superior.getId(), allSuperiorRoles.get(2).getSuperior());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class AddNewRoleCompositionTaskExecutor method getItemsToProcess.
/**
* Returns superior roles, which should be processed
*/
@Override
public Page<IdmRoleDto> getItemsToProcess(Pageable pageable) {
IdmRoleCompositionDto roleComposition = roleCompositionService.get(roleCompositionId);
Assert.notNull(roleComposition, "Role composition is required.");
//
List<IdmRoleDto> superiorRoles = roleCompositionService.findAllSuperiorRoles(roleComposition.getSub()).stream().map(composition -> {
return DtoUtils.getEmbedded(composition, IdmRoleComposition_.superior, IdmRoleDto.class);
}).collect(Collectors.toList());
return new PageImpl<>(superiorRoles);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RemoveRoleCompositionTaskExecutorIntegrationTest method testRemoveAssignedRolesWithExceptionOnEnd.
@Test
public void testRemoveAssignedRolesWithExceptionOnEnd() {
// prepare role composition
IdmRoleDto superior = getHelper().createRole();
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subOneSub = getHelper().createRole();
getHelper().createRoleComposition(superior, subOne);
IdmRoleCompositionDto subOneSubRoleComposition = getHelper().createRoleComposition(subOne, subOneSub);
//
// assign superior role
IdmIdentityDto identity = getHelper().createIdentity();
getHelper().createIdentityRole(identity, superior);
//
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(3, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(superior.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOne.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOneSub.getId())));
//
// remove role composition by task with mock service => we want to throw exception
Mockito.when(mockIdentityRoleService.count(ArgumentMatchers.any(IdmIdentityRoleFilter.class))).thenReturn(1L);
Mockito.when(mockIdentityRoleService.find(ArgumentMatchers.any(IdmIdentityRoleFilter.class), ArgumentMatchers.isNull())).then(new AssignedRolesAnswer(subOneSubRoleComposition.getId()));
RemoveRoleCompositionTaskExecutor taskExecutor = new RemoveRoleCompositionTaskExecutor();
AutowireHelper.autowire(taskExecutor);
IdmLongRunningTaskDto lrt = longRunningTaskManager.resolveLongRunningTask(taskExecutor, null, OperationState.RUNNING);
UUID taskId = lrt.getId();
taskExecutor.setIdentityRoleService(mockIdentityRoleService);
taskExecutor.setRoleCompositionId(subOneSubRoleComposition.getId());
//
try {
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, true);
taskExecutor.call();
getHelper().waitForResult(res -> {
return longRunningTaskManager.getLongRunningTask(taskId).getResultState().isRunnable();
});
} finally {
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, false);
}
//
// long running task has a proper state with exception
lrt = longRunningTaskManager.getLongRunningTask(lrt.getId());
Assert.assertEquals(OperationState.EXCEPTION, lrt.getResultState());
Assert.assertEquals(CoreResultCode.ROLE_COMPOSITION_REMOVE_HAS_ASSIGNED_ROLES.name(), lrt.getResult().getCode());
//
// start event is ended
IdmEntityEventFilter eventFilter = new IdmEntityEventFilter();
eventFilter.setTransactionId(lrt.getTransactionId());
eventFilter.setEventType(LongRunningTaskEventType.START.name());
List<IdmEntityEventDto> startEvents = entityEventManager.findEvents(eventFilter, null).getContent();
Assert.assertEquals(1, startEvents.size());
Assert.assertEquals(OperationState.EXECUTED, startEvents.get(0).getResult().getState());
//
// business role still exists
Assert.assertNotNull(roleCompositionService.get(subOneSubRoleComposition));
//
// but assigned roles should be removed
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(superior.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOne.getId())));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RemoveRoleCompositionTaskExecutorIntegrationTest method testRemoveAssignedRoles.
@Test
public void testRemoveAssignedRoles() {
// prepare role composition
IdmRoleDto superior = getHelper().createRole();
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subOneSub = getHelper().createRole();
getHelper().createRoleComposition(superior, subOne);
IdmRoleCompositionDto subOneSubRoleComposition = getHelper().createRoleComposition(subOne, subOneSub);
//
// assign superior role
IdmIdentityDto identity = getHelper().createIdentity();
getHelper().createIdentityRole(identity, superior);
//
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(3, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(superior.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOne.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOneSub.getId())));
//
// remove role composition by task
RemoveRoleCompositionTaskExecutor taskExecutor = new RemoveRoleCompositionTaskExecutor();
taskExecutor.setRoleCompositionId(subOneSubRoleComposition.getId());
longRunningTaskManager.executeSync(taskExecutor);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(superior.getId())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(subOne.getId())));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupCannotCreateAccountForBusinessRole.
@Test
public void testRoleInCrossDomainGroupCannotCreateAccountForBusinessRole() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
IdmRoleDto parentNoLoginRole = helper.createRole();
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(true);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(parentNoLoginRole, noLoginRole);
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
// Assign parent role.
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, parentNoLoginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNull(roleRequestDto.getSystemState());
assertEquals(1, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
roleCompositionService.delete(roleComposition);
getHelper().deleteRole(noLoginRole.getId());
getHelper().deleteRole(parentNoLoginRole.getId());
}
Aggregations