use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class InitTestData method init.
protected void init() {
// we are reusing demo data in tests as well
initDemoData.init();
//
securityService.setSystemAuthentication();
//
try {
IdmRoleDto superAdminRole = this.roleService.getByCode(InitApplicationData.ADMIN_ROLE);
IdmTreeNodeDto rootOrganization = treeNodeService.findRoots((UUID) null, new PageRequest(0, 1)).getContent().get(0);
//
if (!configurationService.getBooleanValue(PARAMETER_TEST_DATA_CREATED, false)) {
log.info("Creating test data ...");
//
IdmRoleDto role1 = new IdmRoleDto();
role1.setName(TEST_USER_ROLE);
role1 = this.roleService.save(role1);
log.info(MessageFormat.format("Test role created [id: {0}]", role1.getId()));
//
IdmRoleDto role2 = new IdmRoleDto();
role2.setName(TEST_CUSTOM_ROLE);
List<IdmRoleCompositionDto> subRoles = new ArrayList<>();
subRoles.add(new IdmRoleCompositionDto(role2.getId(), superAdminRole.getId()));
role2.setSubRoles(subRoles);
role2 = this.roleService.save(role2);
log.info(MessageFormat.format("Test role created [id: {0}]", role2.getId()));
//
// Users for JUnit testing
IdmIdentityDto testUser1 = new IdmIdentityDto();
testUser1.setUsername(TEST_USER_1);
testUser1.setPassword(new GuardedString("heslo"));
testUser1.setFirstName("Test");
testUser1.setLastName("First User");
testUser1.setEmail("test1@bscsolutions.eu");
testUser1 = this.identityService.save(testUser1);
log.info(MessageFormat.format("Identity created [id: {0}]", testUser1.getId()));
IdmIdentityDto testUser2 = new IdmIdentityDto();
testUser2.setUsername(TEST_USER_2);
testUser2.setPassword(new GuardedString("heslo"));
testUser2.setFirstName("Test");
testUser2.setLastName("Second User");
testUser2.setEmail("test2@bscsolutions.eu");
testUser2 = this.identityService.save(testUser2);
log.info(MessageFormat.format("Identity created [id: {0}]", testUser2.getId()));
IdmTreeTypeDto type = this.treeTypeService.get(rootOrganization.getTreeType());
IdmTreeNodeDto organization = new IdmTreeNodeDto();
organization.setCode("test");
organization.setName("Organization Test");
organization.setCreator("ja");
organization.setParent(rootOrganization.getId());
organization.setTreeType(type.getId());
organization = this.treeNodeService.save(organization);
IdmIdentityContractDto identityWorkPosition2 = new IdmIdentityContractDto();
identityWorkPosition2.setIdentity(testUser1.getId());
identityWorkPosition2.setWorkPosition(organization.getId());
identityWorkPosition2 = identityContractService.save(identityWorkPosition2);
IdmContractGuaranteeDto contractGuarantee = new IdmContractGuaranteeDto();
contractGuarantee.setIdentityContract(identityWorkPosition2.getId());
contractGuarantee.setGuarantee(testUser2.getId());
contractGuaranteeService.save(contractGuarantee);
//
log.info("Test data was created.");
//
configurationService.setBooleanValue(PARAMETER_TEST_DATA_CREATED, true);
}
//
} finally {
SecurityContextHolder.clearContext();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class DefaultTestHelper method createRoleComposition.
@Override
public IdmRoleCompositionDto createRoleComposition(IdmRoleDto superior, IdmRoleDto sub) {
IdmRoleCompositionDto roleComposition = new IdmRoleCompositionDto();
roleComposition.setSuperior(superior.getId());
roleComposition.setSub(sub.getId());
// create role composition
roleComposition = roleCompositionService.save(roleComposition);
// wait for role composition is completely processed
UUID transactionId = roleComposition.getTransactionId();
//
waitForResult(res -> {
IdmLongRunningTaskFilter filter = new IdmLongRunningTaskFilter();
filter.setOperationStates(Lists.newArrayList(OperationState.CREATED, OperationState.RUNNING));
filter.setTransactionId(transactionId);
//
List<IdmLongRunningTaskDto> tasks = taskManager.findLongRunningTasks(filter, null).getContent();
// use this to debug, if needed ...
tasks.forEach(task -> {
System.out.println("Task: " + task.getTaskType() + ", " + task.getResultState() + ", TID: " + transactionId + " ~ " + task.getTransactionId());
});
//
return !tasks.isEmpty();
}, 500, // ~ 40s max
80);
//
return roleComposition;
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionBySuperiorRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmRoleCompositionDto> compositions = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(role, subRole);
// other - without access
getHelper().createRoleComposition(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(compositions.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySuperiorRoleEvaluator.class);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, compositions.size());
Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(1, permissions.size());
Assert.assertEquals(IdmBasePermission.READ.name(), permissions.iterator().next());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionBySubRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmRoleCompositionDto> compositions = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
// other - without access
getHelper().createRoleComposition(role, subRole);
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(compositions.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySubRoleEvaluator.class);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, compositions.size());
Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class AccRoleDuplicateBulkActionIntegrationTest method testDontRemoveAccount.
@Test
public void testDontRemoveAccount() {
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
String environment = getHelper().createName();
IdmRoleDto role = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubOne = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubTwo = getHelper().createRole(null, null, environment);
IdmRoleCompositionDto compositionSubOne = getHelper().createRoleComposition(role, roleSubOne);
//
// create system mapping on the target
String targetEnvironment = getHelper().createName();
IdmRoleDto roleTarget = getHelper().createRole(null, role.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubOneTarget = getHelper().createRole(null, roleSubOne.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubTwoTarget = getHelper().createRole(null, roleSubTwo.getBaseCode(), targetEnvironment);
SysSystemDto system = getHelper().createTestResourceSystem(true);
getHelper().createRoleSystem(roleSubOneTarget, system);
getHelper().createRoleSystem(roleSubTwoTarget, system);
getHelper().createIdentityRole(identity, roleTarget);
//
// check account not exist now - composition on target doesn't exist
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNull(account);
//
// bulk action updates composition only
IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
//
account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubOneTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubTwoTarget.getId())));
//
// change a source composition
roleCompositionService.delete(compositionSubOne);
getHelper().createRoleComposition(role, roleSubTwo);
//
processAction = bulkActionManager.processAction(bulkAction);
checkResultLrt(processAction, 1l, null, null);
//
List<IdmRoleCompositionDto> targetSubRoles = roleCompositionService.findAllSubRoles(roleTarget.getId());
Assert.assertEquals(1, targetSubRoles.size());
Assert.assertEquals(roleSubTwoTarget.getId(), targetSubRoles.get(0).getSub());
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubTwoTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubOneTarget.getId())));
//
// search identity accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
//
AccAccountDto switchedAccount = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(switchedAccount);
Assert.assertEquals(account.getId(), switchedAccount.getId());
}
Aggregations