Search in sources :

Example 21 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class InitTestData method init.

protected void init() {
    // we are reusing demo data in tests as well
    initDemoData.init();
    // 
    securityService.setSystemAuthentication();
    // 
    try {
        IdmRoleDto superAdminRole = this.roleService.getByCode(InitApplicationData.ADMIN_ROLE);
        IdmTreeNodeDto rootOrganization = treeNodeService.findRoots((UUID) null, new PageRequest(0, 1)).getContent().get(0);
        // 
        if (!configurationService.getBooleanValue(PARAMETER_TEST_DATA_CREATED, false)) {
            log.info("Creating test data ...");
            // 
            IdmRoleDto role1 = new IdmRoleDto();
            role1.setName(TEST_USER_ROLE);
            role1 = this.roleService.save(role1);
            log.info(MessageFormat.format("Test role created [id: {0}]", role1.getId()));
            // 
            IdmRoleDto role2 = new IdmRoleDto();
            role2.setName(TEST_CUSTOM_ROLE);
            List<IdmRoleCompositionDto> subRoles = new ArrayList<>();
            subRoles.add(new IdmRoleCompositionDto(role2.getId(), superAdminRole.getId()));
            role2.setSubRoles(subRoles);
            role2 = this.roleService.save(role2);
            log.info(MessageFormat.format("Test role created [id: {0}]", role2.getId()));
            // 
            // Users for JUnit testing
            IdmIdentityDto testUser1 = new IdmIdentityDto();
            testUser1.setUsername(TEST_USER_1);
            testUser1.setPassword(new GuardedString("heslo"));
            testUser1.setFirstName("Test");
            testUser1.setLastName("First User");
            testUser1.setEmail("test1@bscsolutions.eu");
            testUser1 = this.identityService.save(testUser1);
            log.info(MessageFormat.format("Identity created [id: {0}]", testUser1.getId()));
            IdmIdentityDto testUser2 = new IdmIdentityDto();
            testUser2.setUsername(TEST_USER_2);
            testUser2.setPassword(new GuardedString("heslo"));
            testUser2.setFirstName("Test");
            testUser2.setLastName("Second User");
            testUser2.setEmail("test2@bscsolutions.eu");
            testUser2 = this.identityService.save(testUser2);
            log.info(MessageFormat.format("Identity created [id: {0}]", testUser2.getId()));
            IdmTreeTypeDto type = this.treeTypeService.get(rootOrganization.getTreeType());
            IdmTreeNodeDto organization = new IdmTreeNodeDto();
            organization.setCode("test");
            organization.setName("Organization Test");
            organization.setCreator("ja");
            organization.setParent(rootOrganization.getId());
            organization.setTreeType(type.getId());
            organization = this.treeNodeService.save(organization);
            IdmIdentityContractDto identityWorkPosition2 = new IdmIdentityContractDto();
            identityWorkPosition2.setIdentity(testUser1.getId());
            identityWorkPosition2.setWorkPosition(organization.getId());
            identityWorkPosition2 = identityContractService.save(identityWorkPosition2);
            IdmContractGuaranteeDto contractGuarantee = new IdmContractGuaranteeDto();
            contractGuarantee.setIdentityContract(identityWorkPosition2.getId());
            contractGuarantee.setGuarantee(testUser2.getId());
            contractGuaranteeService.save(contractGuarantee);
            // 
            log.info("Test data was created.");
            // 
            configurationService.setBooleanValue(PARAMETER_TEST_DATA_CREATED, true);
        }
    // 
    } finally {
        SecurityContextHolder.clearContext();
    }
}
Also used : IdmTreeTypeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeTypeDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) PageRequest(org.springframework.data.domain.PageRequest) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ArrayList(java.util.ArrayList) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)

Example 22 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class DefaultTestHelper method createRoleComposition.

@Override
public IdmRoleCompositionDto createRoleComposition(IdmRoleDto superior, IdmRoleDto sub) {
    IdmRoleCompositionDto roleComposition = new IdmRoleCompositionDto();
    roleComposition.setSuperior(superior.getId());
    roleComposition.setSub(sub.getId());
    // create role composition
    roleComposition = roleCompositionService.save(roleComposition);
    // wait for role composition is completely processed
    UUID transactionId = roleComposition.getTransactionId();
    // 
    waitForResult(res -> {
        IdmLongRunningTaskFilter filter = new IdmLongRunningTaskFilter();
        filter.setOperationStates(Lists.newArrayList(OperationState.CREATED, OperationState.RUNNING));
        filter.setTransactionId(transactionId);
        // 
        List<IdmLongRunningTaskDto> tasks = taskManager.findLongRunningTasks(filter, null).getContent();
        // use this to debug, if needed ...
        tasks.forEach(task -> {
            System.out.println("Task: " + task.getTaskType() + ", " + task.getResultState() + ", TID: " + transactionId + " ~ " + task.getTransactionId());
        });
        // 
        return !tasks.isEmpty();
    }, 500, // ~ 40s max
    80);
    // 
    return roleComposition;
}
Also used : IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmLongRunningTaskFilter(eu.bcvsolutions.idm.core.scheduler.api.dto.filter.IdmLongRunningTaskFilter) UUID(java.util.UUID)

Example 23 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleCompositionBySuperiorRoleEvaluatorIntegrationTest method canReadCompositionByRole.

@Test
public void canReadCompositionByRole() {
    IdmIdentityDto identity = getHelper().createIdentity();
    List<IdmRoleCompositionDto> compositions = null;
    IdmRoleDto role = getHelper().createRole();
    IdmRoleDto subRole = getHelper().createRole();
    IdmRoleDto superiorRole = getHelper().createRole();
    IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(role, subRole);
    // other - without access
    getHelper().createRoleComposition(superiorRole, role);
    getHelper().createIdentityRole(identity, role);
    getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
    // check created identity doesn't have compositions
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
        compositions = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(compositions.isEmpty());
    } finally {
        logout();
    }
    // 
    // create authorization policy - assign to role
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySuperiorRoleEvaluator.class);
    // 
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        // 
        // evaluate	access
        getHelper().login(identity.getUsername(), identity.getPassword());
        compositions = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(1, compositions.size());
        Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
        // 
        Set<String> permissions = service.getPermissions(roleComposition);
        Assert.assertEquals(1, permissions.size());
        Assert.assertEquals(IdmBasePermission.READ.name(), permissions.iterator().next());
    } finally {
        logout();
    }
    // 
    getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
    // 
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        // 
        Set<String> permissions = service.getPermissions(roleComposition);
        Assert.assertEquals(4, permissions.size());
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
    } finally {
        logout();
    }
}
Also used : IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Set(java.util.Set) Autowired(org.springframework.beans.factory.annotation.Autowired) Test(org.junit.Test) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) IdmRoleComposition(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) List(java.util.List) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest) Assert(org.junit.Assert) Transactional(org.springframework.transaction.annotation.Transactional) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 24 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class RoleCompositionBySubRoleEvaluatorIntegrationTest method canReadCompositionByRole.

@Test
public void canReadCompositionByRole() {
    IdmIdentityDto identity = getHelper().createIdentity();
    List<IdmRoleCompositionDto> compositions = null;
    IdmRoleDto role = getHelper().createRole();
    IdmRoleDto subRole = getHelper().createRole();
    IdmRoleDto superiorRole = getHelper().createRole();
    // other - without access
    getHelper().createRoleComposition(role, subRole);
    IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(superiorRole, role);
    getHelper().createIdentityRole(identity, role);
    getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
    // check created identity doesn't have compositions
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
        compositions = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertTrue(compositions.isEmpty());
    } finally {
        logout();
    }
    // 
    // create authorization policy - assign to role
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySubRoleEvaluator.class);
    // 
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        // 
        // evaluate	access
        getHelper().login(identity.getUsername(), identity.getPassword());
        compositions = service.find(null, IdmBasePermission.READ).getContent();
        Assert.assertEquals(1, compositions.size());
        Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
    } finally {
        logout();
    }
    // 
    getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
    // 
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        // 
        Set<String> permissions = service.getPermissions(roleComposition);
        Assert.assertEquals(4, permissions.size());
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
        Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
    } finally {
        logout();
    }
}
Also used : IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Set(java.util.Set) Autowired(org.springframework.beans.factory.annotation.Autowired) Test(org.junit.Test) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) IdmRoleComposition(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) List(java.util.List) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest) Assert(org.junit.Assert) Transactional(org.springframework.transaction.annotation.Transactional) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 25 with IdmRoleCompositionDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.

the class AccRoleDuplicateBulkActionIntegrationTest method testDontRemoveAccount.

@Test
public void testDontRemoveAccount() {
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    String environment = getHelper().createName();
    IdmRoleDto role = getHelper().createRole(null, null, environment);
    IdmRoleDto roleSubOne = getHelper().createRole(null, null, environment);
    IdmRoleDto roleSubTwo = getHelper().createRole(null, null, environment);
    IdmRoleCompositionDto compositionSubOne = getHelper().createRoleComposition(role, roleSubOne);
    // 
    // create system mapping on the target
    String targetEnvironment = getHelper().createName();
    IdmRoleDto roleTarget = getHelper().createRole(null, role.getBaseCode(), targetEnvironment);
    IdmRoleDto roleSubOneTarget = getHelper().createRole(null, roleSubOne.getBaseCode(), targetEnvironment);
    IdmRoleDto roleSubTwoTarget = getHelper().createRole(null, roleSubTwo.getBaseCode(), targetEnvironment);
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    getHelper().createRoleSystem(roleSubOneTarget, system);
    getHelper().createRoleSystem(roleSubTwoTarget, system);
    getHelper().createIdentityRole(identity, roleTarget);
    // 
    // check account not exist now - composition on target doesn't exist
    AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNull(account);
    // 
    // bulk action updates composition only
    IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
    bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
    bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
    bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
    IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
    // 
    checkResultLrt(processAction, 1l, null, null);
    // 
    account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(account);
    List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
    Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubOneTarget.getId())));
    Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubTwoTarget.getId())));
    // 
    // change a source composition
    roleCompositionService.delete(compositionSubOne);
    getHelper().createRoleComposition(role, roleSubTwo);
    // 
    processAction = bulkActionManager.processAction(bulkAction);
    checkResultLrt(processAction, 1l, null, null);
    // 
    List<IdmRoleCompositionDto> targetSubRoles = roleCompositionService.findAllSubRoles(roleTarget.getId());
    Assert.assertEquals(1, targetSubRoles.size());
    Assert.assertEquals(roleSubTwoTarget.getId(), targetSubRoles.get(0).getSub());
    // 
    assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
    Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubTwoTarget.getId())));
    Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubOneTarget.getId())));
    // 
    // search identity accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // 
    AccAccountDto switchedAccount = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(switchedAccount);
    Assert.assertEquals(account.getId(), switchedAccount.getId());
}
Also used : IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) After(org.junit.After) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Before(org.junit.Before) RoleDuplicateBulkAction(eu.bcvsolutions.idm.core.bulk.action.impl.role.RoleDuplicateBulkAction) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Test(org.junit.Test) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) Sets(com.google.common.collect.Sets) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DuplicateRoleCompositionProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleCompositionProcessor) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) TestHelper(eu.bcvsolutions.idm.acc.TestHelper) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Assert(org.junit.Assert) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Aggregations

IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)47 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)35 Test (org.junit.Test)24 UUID (java.util.UUID)23 List (java.util.List)22 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21 Autowired (org.springframework.beans.factory.annotation.Autowired)21 IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)20 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)19 IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)18 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16 Set (java.util.Set)16 IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)15 Assert (org.junit.Assert)15 Transactional (org.springframework.transaction.annotation.Transactional)15 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)14 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)13 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)13 ArrayList (java.util.ArrayList)13 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)12