Search in sources :

Example 31 with IdmRoleRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIdentityServiceIntegrationTest method testReferentialRoleRequestIntegrity.

@Test
public void testReferentialRoleRequestIntegrity() {
    IdmIdentityDto identity = helper.createIdentity();
    String username = identity.getUsername();
    // role with guarantee
    IdmRoleDto role = new IdmRoleDto();
    String roleName = "test_r_" + System.currentTimeMillis();
    role.setName(roleName);
    role = roleService.save(role);
    // assigned role
    IdmRoleRequestDto request = helper.assignRoles(helper.getPrimeContract(identity.getId()), false, role);
    IdmConceptRoleRequestFilter conceptFilter = new IdmConceptRoleRequestFilter();
    conceptFilter.setRoleRequestId(request.getId());
    IdmIdentityRoleFilter identityRolefilter = new IdmIdentityRoleFilter();
    identityRolefilter.setIdentityId(identity.getId());
    assertNotNull(identityService.getByUsername(username));
    assertEquals(1, identityRoleService.find(identityRolefilter, null).getTotalElements());
    assertEquals(1, conceptRequestService.find(conceptFilter, null).getTotalElements());
    IdmConceptRoleRequestDto concept = conceptRequestService.find(conceptFilter, null).getContent().get(0);
    concept.setWfProcessId("test_wf_" + System.currentTimeMillis());
    conceptRequestService.save(concept);
    // 
    identityService.delete(identity);
    role = roleService.get(role.getId());
    // 
    assertNull(identityService.getByUsername(username));
    assertNull(passwordService.findOneByIdentity(identity.getId()));
    assertEquals(0, identityContractService.findAllByIdentity(identity.getId()).size());
    assertEquals(0, identityRoleService.find(identityRolefilter, null).getTotalElements());
    assertEquals(0, conceptRequestService.find(conceptFilter, null).getTotalElements());
    roleService.delete(role);
    assertNull(roleService.get(role.getId()));
}
Also used : IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 32 with IdmRoleRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto in project CzechIdMng by bcvsolutions.

the class IdmRoleRequestController method getConcepts.

@ResponseBody
@RequestMapping(value = "/{backendId}/concepts", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_READ + "')")
@ApiOperation(value = "Role request concepts", nickname = "getRoleRequestConcepts", tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }) })
@ApiImplicitParams({ @ApiImplicitParam(name = "parameters", allowMultiple = true, dataType = "string", paramType = "query", value = "Search criteria parameters. Parameters could be registered by module. Example id=25c5b9e8-b15d-4f95-b715-c7edf6f4aee6"), @ApiImplicitParam(name = "page", dataType = "string", paramType = "query", value = "Results page you want to retrieve (0..N)"), @ApiImplicitParam(name = "size", dataType = "string", paramType = "query", value = "Number of records per page."), @ApiImplicitParam(name = "sort", allowMultiple = true, dataType = "string", paramType = "query", value = "Sorting criteria in the format: property(,asc|desc). " + "Default sort order is ascending. " + "Multiple sort criteria are supported.") })
public Resources<?> getConcepts(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable String backendId, @RequestParam(required = false) MultiValueMap<String, Object> parameters, @PageableDefault Pageable pageable) {
    IdmRoleRequestDto entity = getDto(backendId);
    if (entity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    IdmConceptRoleRequestFilter filter = conceptRoleRequestController.toFilter(parameters);
    filter.setRoleRequestId(entity.getId());
    // 
    return toResources(conceptRoleRequestController.find(filter, pageable, IdmBasePermission.READ), IdmRoleRequestDto.class);
}
Also used : IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ApiImplicitParams(io.swagger.annotations.ApiImplicitParams) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 33 with IdmRoleRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto in project CzechIdMng by bcvsolutions.

the class IdmRoleRequestController method delete.

@Override
@ResponseBody
@RequestMapping(value = "/{backendId}", method = RequestMethod.DELETE)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_DELETE + "')")
@ApiOperation(value = "Delete role request", nickname = "deleteRoleRequest", tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_DELETE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_DELETE, description = "") }) })
public ResponseEntity<?> delete(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    IdmRoleRequestService service = ((IdmRoleRequestService) this.getService());
    IdmRoleRequestDto dto = service.get(backendId);
    // 
    checkAccess(dto, IdmBasePermission.DELETE);
    // Request in Executed state can not be delete or change
    if (RoleRequestState.EXECUTED == dto.getState()) {
        throw new RoleRequestException(CoreResultCode.ROLE_REQUEST_EXECUTED_CANNOT_DELETE, ImmutableMap.of("request", dto));
    }
    // Only request in Concept state, can be deleted. In others states, will be request set to Canceled state and save.
    if (RoleRequestState.CONCEPT == dto.getState()) {
        service.delete(dto);
    } else {
        service.cancel(dto);
    }
    return new ResponseEntity<Object>(HttpStatus.NO_CONTENT);
}
Also used : RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) ResponseEntity(org.springframework.http.ResponseEntity) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 34 with IdmRoleRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto in project CzechIdMng by bcvsolutions.

the class RemoveAutomaticRoleTaskExecutor method end.

@Override
protected Boolean end(Boolean result, Exception ex) {
    Boolean ended = super.end(result, ex);
    // 
    if (BooleanUtils.isTrue(ended)) {
        IdmRoleDto role = DtoUtils.getEmbedded(getAutomaticRole(), IdmRoleTreeNode_.role, IdmRoleDto.class);
        // 
        long assignedRoles = identityRoleService.findByAutomaticRole(getAutomaticRoleId(), new PageRequest(0, 1)).getTotalElements();
        if (assignedRoles != 0) {
            LOG.debug("Remove role [{}] by automatic role [{}] is not complete, some roles [{}] remains assigned to identities.", role.getCode(), getAutomaticRole().getId(), assignedRoles);
            return ended;
        }
        // 
        LOG.debug("Remove role [{}] by automatic role [{}]", role.getCode(), getAutomaticRole().getId());
        try {
            // 
            // Find all concepts and remove relation on role tree
            IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
            conceptRequestFilter.setAutomaticRole(getAutomaticRoleId());
            // 
            List<IdmConceptRoleRequestDto> concepts = conceptRequestService.find(conceptRequestFilter, null).getContent();
            for (IdmConceptRoleRequestDto concept : concepts) {
                IdmRoleRequestDto request = roleRequestService.get(concept.getRoleRequest());
                String message = null;
                if (concept.getState().isTerminatedState()) {
                    message = MessageFormat.format("Role tree node [{0}] (reqested in concept [{1}]) was deleted (not from this role request)!", getAutomaticRoleId(), concept.getId());
                } else {
                    message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested RoleTreeNode [{1}] was deleted (not from this role request)!", concept.getId(), getAutomaticRoleId());
                    concept.setState(RoleRequestState.CANCELED);
                }
                roleRequestService.addToLog(request, message);
                conceptRequestService.addToLog(concept, message);
                concept.setAutomaticRole(null);
                roleRequestService.save(request);
                conceptRequestService.save(concept);
            }
            // Find all automatic role requests and remove relation on automatic role
            if (automaticRoleId != null) {
                IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
                automaticRoleRequestFilter.setAutomaticRoleId(automaticRoleId);
                automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
                    request.setAutomaticRole(null);
                    automaticRoleRequestService.save(request);
                // WFs cannot be cancel here, because this method can be called from the same WF
                // automaticRoleRequestService.cancel(request);
                });
            }
            // by default is this allowed
            if (this.isDeleteEntity()) {
                // delete entity
                if (getAutomaticRole() instanceof IdmRoleTreeNodeDto) {
                    roleTreeNodeService.deleteInternalById(getAutomaticRole().getId());
                } else {
                    // remove all rules
                    automaticRoleAttributeRuleService.deleteAllByAttribute(getAutomaticRole().getId());
                    automaticRoleAttributeService.deleteInternalById(getAutomaticRole().getId());
                }
            }
            // 
            LOG.debug("End: Remove role [{}] by automatic role [{}].", role.getCode(), getAutomaticRole().getId());
        // 
        } catch (Exception O_o) {
            LOG.debug("Remove role [{}] by automatic role [{}] failed", role.getCode(), getAutomaticRole().getId(), O_o);
            // 
            IdmLongRunningTaskDto task = longRunningTaskService.get(getLongRunningTaskId());
            ResultModel resultModel = new DefaultResultModel(CoreResultCode.LONG_RUNNING_TASK_FAILED, ImmutableMap.of("taskId", getLongRunningTaskId(), "taskType", task.getTaskType(), "instanceId", task.getInstanceId()));
            saveResult(resultModel, OperationState.EXCEPTION, O_o);
        }
    }
    // 
    return ended;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) PageRequest(org.springframework.data.domain.PageRequest) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmAutomaticRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAutomaticRoleRequestFilter) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Example 35 with IdmRoleRequestDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto in project CzechIdMng by bcvsolutions.

the class IdentityContractDeleteProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto contract = event.getContent();
    // 
    // delete referenced roles
    identityRoleService.findAllByContract(contract.getId()).forEach(identityRole -> {
        identityRoleService.delete(identityRole);
    });
    // Find all concepts and remove relation on role
    IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
    conceptRequestFilter.setIdentityContractId(contract.getId());
    conceptRequestService.find(conceptRequestFilter, null).getContent().forEach(concept -> {
        IdmRoleRequestDto request = roleRequestService.get(concept.getRoleRequest());
        String message = null;
        if (concept.getState().isTerminatedState()) {
            message = MessageFormat.format("IdentityContract [{0}] (requested in concept [{1}]) was deleted (not from this role request)!", contract.getId(), concept.getId());
        } else {
            message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested IdentityContract [{1}] was deleted (not from this role request)!", concept.getId(), contract.getId());
            concept.setState(RoleRequestState.CANCELED);
        }
        roleRequestService.addToLog(request, message);
        conceptRequestService.addToLog(concept, message);
        concept.setIdentityContract(null);
        roleRequestService.save(request);
        conceptRequestService.save(concept);
    });
    // delete contract guarantees
    IdmContractGuaranteeFilter filter = new IdmContractGuaranteeFilter();
    filter.setIdentityContractId(contract.getId());
    contractGuaranteeService.find(filter, null).forEach(guarantee -> {
        contractGuaranteeService.delete(guarantee);
    });
    // delete identity contract
    service.deleteInternal(contract);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmContractGuaranteeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmContractGuaranteeFilter)

Aggregations

IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)69 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)54 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)52 Test (org.junit.Test)52 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)51 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)49 AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)44 WorkflowFilterDto (eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowFilterDto)37 WorkflowTaskInstanceDto (eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowTaskInstanceDto)35 List (java.util.List)27 ArrayList (java.util.ArrayList)26 IdmNotificationLogDto (eu.bcvsolutions.idm.core.notification.api.dto.IdmNotificationLogDto)24 IdmNotificationFilter (eu.bcvsolutions.idm.core.notification.api.dto.filter.IdmNotificationFilter)24 Transactional (org.springframework.transaction.annotation.Transactional)20 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)9 IdmConceptRoleRequestFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter)9 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)9 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)8 IdmRoleGuaranteeDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto)7 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)7