Search in sources :

Example 16 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class IdmIdentityRoleControllerRestTest method testFindByRoleComposition.

@Test
public void testFindByRoleComposition() {
    IdmRoleDto roleOne = getHelper().createRole();
    IdmRoleDto roleTwo = getHelper().createRole();
    IdmRoleDto roleThree = getHelper().createRole();
    // 
    IdmRoleCompositionDto roleCompositionOne = getHelper().createRoleComposition(roleOne, roleTwo);
    getHelper().createRoleComposition(roleTwo, roleThree);
    // 
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    IdmIdentityRoleDto directRole = getHelper().createIdentityRole(identity, roleOne);
    // 
    IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
    filter.setIdentityId(identity.getId());
    filter.setRoleCompositionId(roleCompositionOne.getId());
    List<IdmIdentityRoleDto> results = find(filter);
    // 
    Assert.assertEquals(1, results.size());
    Assert.assertTrue(results.stream().anyMatch(ir -> ir.getDirectRole().equals(directRole.getId()) && ir.getRole().equals(roleTwo.getId())));
}
Also used : IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) Autowired(org.springframework.beans.factory.annotation.Autowired) IdentityRoleByRoleEvaluator(eu.bcvsolutions.idm.core.security.evaluator.identity.IdentityRoleByRoleEvaluator) AbstractReadWriteDtoControllerRestTest(eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) AbstractReadWriteDtoController(eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoController) IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) RoleBasePermission(eu.bcvsolutions.idm.core.security.api.domain.RoleBasePermission) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) RoleCanBeRequestedEvaluator(eu.bcvsolutions.idm.core.security.evaluator.role.RoleCanBeRequestedEvaluator) IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Set(java.util.Set) Test(org.junit.Test) RoleConfiguration(eu.bcvsolutions.idm.core.api.config.domain.RoleConfiguration) ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap) IdmContractPositionDto(eu.bcvsolutions.idm.core.api.dto.IdmContractPositionDto) List(java.util.List) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Ignore(org.junit.Ignore) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) LocalDate(java.time.LocalDate) IdmAuthorizationPolicyService(eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Assert(org.junit.Assert) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AbstractReadWriteDtoControllerRestTest(eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest) Test(org.junit.Test)

Example 17 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupProvisioningForBusinessRole.

@Test
public void testRoleInCrossDomainGroupProvisioningForBusinessRole() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    // Creates the login role.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    IdmRoleDto parentNoLoginRole = helper.createRole();
    // Creates no-login role.
    IdmRoleDto noLoginRole = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
    roleSystem.setCreateAccountByDefault(true);
    roleSystemService.save(roleSystem);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(parentNoLoginRole, noLoginRole);
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
    IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
    identityRoleFilter.setIdentityId(identity.getId());
    identityRoleFilter.setRoleId(noLoginRole.getId());
    assertEquals(0, identityRoleService.count(identityRoleFilter));
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    identityAccountFilter.setSystemId(systemDto.getId());
    assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Check if provisioning NOT contains ldapGroups attribute with value ('ONE') from the role.
    SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals(0, ((List<?>) ldapGroupsValue).size());
    // Delete old provisioning.
    provisioningOperationService.delete(provisioningOperationDto);
    // Assign parent role.
    roleRequestDto = getHelper().assignRoles(contract, false, parentNoLoginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    // Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
    provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
    assertEquals(1, identityRoleService.count(identityRoleFilter));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    getHelper().deleteIdentity(identity.getId());
    roleCompositionService.delete(roleComposition);
    getHelper().deleteRole(noLoginRole.getId());
    getHelper().deleteRole(parentNoLoginRole.getId());
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) GuardedString(org.identityconnectors.common.security.GuardedString) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) After(org.junit.After) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) StandardCharsets(java.nio.charset.StandardCharsets) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Assert.assertFalse(org.junit.Assert.assertFalse) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo) Before(org.junit.Before) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Assert.assertNotNull(org.junit.Assert.assertNotNull) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Assert.assertTrue(org.junit.Assert.assertTrue) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Test(org.junit.Test) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Assert.assertNull(org.junit.Assert.assertNull) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) TestHelper(eu.bcvsolutions.idm.acc.TestHelper) Comparator(java.util.Comparator) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert.assertEquals(org.junit.Assert.assertEquals) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 18 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleExportBulkAction method exportBusinessRoles.

/**
 * Export business roles for given role.
 *
 * @param role
 */
private void exportBusinessRoles(IdmRoleDto role) {
    IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
    compositionFilter.setRoleId(role.getId());
    List<IdmRoleCompositionDto> compositions = roleCompositionService.find(compositionFilter, null).getContent();
    if (compositions.isEmpty()) {
        roleCompositionService.export(ExportManager.BLANK_UUID, this.getBatch());
    }
    compositions.forEach(composition -> {
        roleCompositionService.export(composition.getId(), this.getBatch());
    });
    // Set parent fields -> set authoritative mode. Here are two parent fields!
    Set<String> parents = new LinkedHashSet<>();
    parents.add(IdmRoleComposition_.superior.getName());
    parents.add(IdmRoleComposition_.sub.getName());
    this.getExportManager().setAuthoritativeMode(parents, IdmRoleCompositionFilter.PARAMETER_ROLE_ID, IdmRoleCompositionDto.class, this.getBatch());
}
Also used : LinkedHashSet(java.util.LinkedHashSet) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)

Example 19 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleCompositionService method findAllSubRoles.

@Override
@SuppressWarnings({ "unchecked", "rawtypes" })
public List<IdmRoleCompositionDto> findAllSubRoles(UUID superiorId, BasePermission... permission) {
    Assert.notNull(superiorId, "Superior role identifier is required.");
    // 
    ValueWrapper value = cacheManager.getValue(ALL_SUB_ROLES_CACHE_NAME, superiorId);
    if (value != null) {
        // never null
        return (List) value.get();
    }
    // 
    List<IdmRoleCompositionDto> results = new ArrayList<>();
    findAllSubRoles(results, new ArrayList<>(), superiorId, permission);
    cacheManager.cacheValue(ALL_SUB_ROLES_CACHE_NAME, superiorId, results);
    // 
    return results;
}
Also used : ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List)

Example 20 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleCompositionService method assignSubRoles.

/**
 * @Transactional is not needed - (asynchronous) events is thrown for every sub role anyway ...
 * Can be called repetitively for given identity role => checks or creates missing sub roles by composition.
 */
@Override
@SuppressWarnings("unchecked")
public void assignSubRoles(EntityEvent<IdmIdentityRoleDto> event, UUID roleCompositionId, BasePermission... permission) {
    Assert.notNull(event, "Event is required.");
    IdmIdentityRoleDto identityRole = event.getContent();
    Assert.notNull(identityRole, "Identity role identifier is required.");
    // find direct sub roles
    IdmRoleCompositionFilter compositionFilter = new IdmRoleCompositionFilter();
    compositionFilter.setSuperiorId(identityRole.getRole());
    compositionFilter.setId(roleCompositionId);
    // 
    List<IdmRoleCompositionDto> directSubRoles = find(compositionFilter, null, permission).getContent();
    LOG.debug("Assign sub roles [{}] for identity role [{}], role [{}]", directSubRoles.size(), identityRole.getId(), identityRole.getRole());
    // 
    Map<String, Serializable> props = resolveProperties(event);
    Set<UUID> processedRoles = (Set<UUID>) props.get(IdentityRoleEvent.PROPERTY_PROCESSED_ROLES);
    processedRoles.add(identityRole.getRole());
    // 
    directSubRoles.forEach(subRoleComposition -> {
        IdmRoleDto subRole = DtoUtils.getEmbedded(subRoleComposition, IdmRoleComposition_.sub);
        if (processedRoles.contains(subRole.getId())) {
            LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", subRole.getCode());
        } else {
            // try to find currently assigned subrole by this configuration (return operation)
            IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
            filter.setRoleCompositionId(subRoleComposition.getId());
            filter.setDirectRoleId(identityRole.getDirectRole() == null ? identityRole.getId() : identityRole.getDirectRole());
            if (identityRoleService.find(filter, null).getTotalElements() > 0) {
                LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", subRole.getCode());
            } else {
                // 
                IdmIdentityRoleDto subIdentityRole = new IdmIdentityRoleDto();
                subIdentityRole.setRole(subRole.getId());
                subIdentityRole.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_ROLE, subRole);
                subIdentityRole.setIdentityContract(identityRole.getIdentityContract());
                subIdentityRole.setContractPosition(identityRole.getContractPosition());
                subIdentityRole.getEmbedded().put(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT, identityRole.getEmbedded().get(IdmIdentityRoleDto.PROPERTY_IDENTITY_CONTRACT));
                subIdentityRole.setValidFrom(identityRole.getValidFrom());
                subIdentityRole.setValidTill(identityRole.getValidTill());
                subIdentityRole.setDirectRole(identityRole.getDirectRole() == null ? identityRole.getId() : identityRole.getDirectRole());
                subIdentityRole.setRoleComposition(subRoleComposition.getId());
                // 
                processedRoles.add(subRole.getId());
                IdentityRoleEvent subEvent = new IdentityRoleEvent(IdentityRoleEventType.CREATE, subIdentityRole, props);
                // 
                identityRoleService.publish(subEvent, event, permission);
                // Notes new created assigned role to parent event
                IdmIdentityRoleDto subContent = subEvent.getContent();
                notingAssignedRole(event, subEvent, subContent, IdentityRoleEvent.PROPERTY_ASSIGNED_NEW_ROLES);
            }
        }
    });
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent) Serializable(java.io.Serializable) HashSet(java.util.HashSet) Set(java.util.Set) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) UUID(java.util.UUID) IdmRoleCompositionFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCompositionFilter)

Aggregations

IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)47 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)35 Test (org.junit.Test)24 UUID (java.util.UUID)23 List (java.util.List)22 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21 Autowired (org.springframework.beans.factory.annotation.Autowired)21 IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)20 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)19 IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)18 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16 Set (java.util.Set)16 IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)15 Assert (org.junit.Assert)15 Transactional (org.springframework.transaction.annotation.Transactional)15 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)14 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)13 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)13 ArrayList (java.util.ArrayList)13 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)12