Example 21 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class InitTestData method init.
protected void init() {
// we are reusing demo data in tests as well
initDemoData.init();
//
securityService.setSystemAuthentication();
//
try {
IdmRoleDto superAdminRole = this.roleService.getByCode(InitApplicationData.ADMIN_ROLE);
IdmTreeNodeDto rootOrganization = treeNodeService.findRoots((UUID) null, new PageRequest(0, 1)).getContent().get(0);
//
if (!configurationService.getBooleanValue(PARAMETER_TEST_DATA_CREATED, false)) {
log.info("Creating test data ...");
//
IdmRoleDto role1 = new IdmRoleDto();
role1.setName(TEST_USER_ROLE);
role1 = this.roleService.save(role1);
log.info(MessageFormat.format("Test role created [id: {0}]", role1.getId()));
//
IdmRoleDto role2 = new IdmRoleDto();
role2.setName(TEST_CUSTOM_ROLE);
List<IdmRoleCompositionDto> subRoles = new ArrayList<>();
subRoles.add(new IdmRoleCompositionDto(role2.getId(), superAdminRole.getId()));
role2.setSubRoles(subRoles);
role2 = this.roleService.save(role2);
log.info(MessageFormat.format("Test role created [id: {0}]", role2.getId()));
//
// Users for JUnit testing
IdmIdentityDto testUser1 = new IdmIdentityDto();
testUser1.setUsername(TEST_USER_1);
testUser1.setPassword(new GuardedString("heslo"));
testUser1.setFirstName("Test");
testUser1.setLastName("First User");
testUser1.setEmail("test1@bscsolutions.eu");
testUser1 = this.identityService.save(testUser1);
log.info(MessageFormat.format("Identity created [id: {0}]", testUser1.getId()));
IdmIdentityDto testUser2 = new IdmIdentityDto();
testUser2.setUsername(TEST_USER_2);
testUser2.setPassword(new GuardedString("heslo"));
testUser2.setFirstName("Test");
testUser2.setLastName("Second User");
testUser2.setEmail("test2@bscsolutions.eu");
testUser2 = this.identityService.save(testUser2);
log.info(MessageFormat.format("Identity created [id: {0}]", testUser2.getId()));
IdmTreeTypeDto type = this.treeTypeService.get(rootOrganization.getTreeType());
IdmTreeNodeDto organization = new IdmTreeNodeDto();
organization.setCode("test");
organization.setName("Organization Test");
organization.setCreator("ja");
organization.setParent(rootOrganization.getId());
organization.setTreeType(type.getId());
organization = this.treeNodeService.save(organization);
IdmIdentityContractDto identityWorkPosition2 = new IdmIdentityContractDto();
identityWorkPosition2.setIdentity(testUser1.getId());
identityWorkPosition2.setWorkPosition(organization.getId());
identityWorkPosition2 = identityContractService.save(identityWorkPosition2);
IdmContractGuaranteeDto contractGuarantee = new IdmContractGuaranteeDto();
contractGuarantee.setIdentityContract(identityWorkPosition2.getId());
contractGuarantee.setGuarantee(testUser2.getId());
contractGuaranteeService.save(contractGuarantee);
//
log.info("Test data was created.");
//
configurationService.setBooleanValue(PARAMETER_TEST_DATA_CREATED, true);
}
//
} finally {
SecurityContextHolder.clearContext();
}
}
Also used :
IdmTreeTypeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeTypeDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
PageRequest(org.springframework.data.domain.PageRequest)
IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
ArrayList(java.util.ArrayList)
IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
Example 22 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class DefaultTestHelper method createRoleComposition.
@Override
public IdmRoleCompositionDto createRoleComposition(IdmRoleDto superior, IdmRoleDto sub) {
IdmRoleCompositionDto roleComposition = new IdmRoleCompositionDto();
roleComposition.setSuperior(superior.getId());
roleComposition.setSub(sub.getId());
// create role composition
roleComposition = roleCompositionService.save(roleComposition);
// wait for role composition is completely processed
UUID transactionId = roleComposition.getTransactionId();
//
waitForResult(res -> {
IdmLongRunningTaskFilter filter = new IdmLongRunningTaskFilter();
filter.setOperationStates(Lists.newArrayList(OperationState.CREATED, OperationState.RUNNING));
filter.setTransactionId(transactionId);
//
List<IdmLongRunningTaskDto> tasks = taskManager.findLongRunningTasks(filter, null).getContent();
// use this to debug, if needed ...
tasks.forEach(task -> {
System.out.println("Task: " + task.getTaskType() + ", " + task.getResultState() + ", TID: " + transactionId + " ~ " + task.getTransactionId());
});
//
return !tasks.isEmpty();
}, 500, // ~ 40s max
80);
//
return roleComposition;
}
Also used :
IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmLongRunningTaskFilter(eu.bcvsolutions.idm.core.scheduler.api.dto.filter.IdmLongRunningTaskFilter)
UUID(java.util.UUID)
Example 23 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionBySuperiorRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmRoleCompositionDto> compositions = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(role, subRole);
// other - without access
getHelper().createRoleComposition(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(compositions.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySuperiorRoleEvaluator.class);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, compositions.size());
Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(1, permissions.size());
Assert.assertEquals(IdmBasePermission.READ.name(), permissions.iterator().next());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
Also used :
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Set(java.util.Set)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Test(org.junit.Test)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
IdmRoleComposition(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition)
CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission)
List(java.util.List)
IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Assert(org.junit.Assert)
Transactional(org.springframework.transaction.annotation.Transactional)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Example 24 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionBySubRoleEvaluatorIntegrationTest method canReadCompositionByRole.
@Test
public void canReadCompositionByRole() {
IdmIdentityDto identity = getHelper().createIdentity();
List<IdmRoleCompositionDto> compositions = null;
IdmRoleDto role = getHelper().createRole();
IdmRoleDto subRole = getHelper().createRole();
IdmRoleDto superiorRole = getHelper().createRole();
// other - without access
getHelper().createRoleComposition(role, subRole);
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(superiorRole, role);
getHelper().createIdentityRole(identity, role);
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
// check created identity doesn't have compositions
try {
getHelper().login(identity.getUsername(), identity.getPassword());
Assert.assertEquals(role.getId(), roleService.get(role.getId(), IdmBasePermission.READ).getId());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertTrue(compositions.isEmpty());
} finally {
logout();
}
//
// create authorization policy - assign to role
getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.ROLECOMPOSITION, IdmRoleComposition.class, RoleCompositionBySubRoleEvaluator.class);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
// evaluate access
getHelper().login(identity.getUsername(), identity.getPassword());
compositions = service.find(null, IdmBasePermission.READ).getContent();
Assert.assertEquals(1, compositions.size());
Assert.assertEquals(roleComposition.getId(), compositions.get(0).getId());
} finally {
logout();
}
//
getHelper().createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.UPDATE);
//
try {
getHelper().login(identity.getUsername(), identity.getPassword());
//
Set<String> permissions = service.getPermissions(roleComposition);
Assert.assertEquals(4, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.UPDATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.CREATE.name())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.DELETE.name())));
} finally {
logout();
}
}
Also used :
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Set(java.util.Set)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Test(org.junit.Test)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
IdmRoleComposition(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition)
CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission)
List(java.util.List)
IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Assert(org.junit.Assert)
Transactional(org.springframework.transaction.annotation.Transactional)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Example 25 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class AccRoleDuplicateBulkActionIntegrationTest method testDontRemoveAccount.
@Test
public void testDontRemoveAccount() {
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
String environment = getHelper().createName();
IdmRoleDto role = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubOne = getHelper().createRole(null, null, environment);
IdmRoleDto roleSubTwo = getHelper().createRole(null, null, environment);
IdmRoleCompositionDto compositionSubOne = getHelper().createRoleComposition(role, roleSubOne);
//
// create system mapping on the target
String targetEnvironment = getHelper().createName();
IdmRoleDto roleTarget = getHelper().createRole(null, role.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubOneTarget = getHelper().createRole(null, roleSubOne.getBaseCode(), targetEnvironment);
IdmRoleDto roleSubTwoTarget = getHelper().createRole(null, roleSubTwo.getBaseCode(), targetEnvironment);
SysSystemDto system = getHelper().createTestResourceSystem(true);
getHelper().createRoleSystem(roleSubOneTarget, system);
getHelper().createRoleSystem(roleSubTwoTarget, system);
getHelper().createIdentityRole(identity, roleTarget);
//
// check account not exist now - composition on target doesn't exist
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNull(account);
//
// bulk action updates composition only
IdmBulkActionDto bulkAction = findBulkAction(IdmRole.class, RoleDuplicateBulkAction.NAME);
bulkAction.setIdentifiers(Sets.newHashSet(role.getId()));
bulkAction.getProperties().put(RoleDuplicateBulkAction.PROPERTY_ENVIRONMENT, targetEnvironment);
bulkAction.getProperties().put(DuplicateRoleCompositionProcessor.PARAMETER_INCLUDE_ROLE_COMPOSITION, true);
IdmBulkActionDto processAction = bulkActionManager.processAction(bulkAction);
//
checkResultLrt(processAction, 1l, null, null);
//
account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubOneTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubTwoTarget.getId())));
//
// change a source composition
roleCompositionService.delete(compositionSubOne);
getHelper().createRoleComposition(role, roleSubTwo);
//
processAction = bulkActionManager.processAction(bulkAction);
checkResultLrt(processAction, 1l, null, null);
//
List<IdmRoleCompositionDto> targetSubRoles = roleCompositionService.findAllSubRoles(roleTarget.getId());
Assert.assertEquals(1, targetSubRoles.size());
Assert.assertEquals(roleSubTwoTarget.getId(), targetSubRoles.get(0).getSub());
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> ir.getRole().equals(roleSubTwoTarget.getId())));
Assert.assertTrue(assignedRoles.stream().allMatch(ir -> !ir.getRole().equals(roleSubOneTarget.getId())));
//
// search identity accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
//
AccAccountDto switchedAccount = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(switchedAccount);
Assert.assertEquals(account.getId(), switchedAccount.getId());
}
Also used :
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
After(org.junit.After)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
Before(org.junit.Before)
RoleDuplicateBulkAction(eu.bcvsolutions.idm.core.bulk.action.impl.role.RoleDuplicateBulkAction)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
Sets(com.google.common.collect.Sets)
List(java.util.List)
AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService)
IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
DuplicateRoleCompositionProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.DuplicateRoleCompositionProcessor)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
TestHelper(eu.bcvsolutions.idm.acc.TestHelper)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
Assert(org.junit.Assert)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)
Test(org.junit.Test)
Aggregations
IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)47
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)35
Test (org.junit.Test)24
UUID (java.util.UUID)23
List (java.util.List)22
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21
Autowired (org.springframework.beans.factory.annotation.Autowired)21
IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)20
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)19
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)18
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16
Set (java.util.Set)16
IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)15
Assert (org.junit.Assert)15
Transactional (org.springframework.transaction.annotation.Transactional)15
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)14
IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)13
IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)13
ArrayList (java.util.ArrayList)13
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)12
