use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.
the class IdentityContractUpdateByAutomaticRoleProcessor method process.
@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
IdmIdentityContractDto contract = event.getContent();
IdmIdentityContractDto previous = event.getOriginalSource();
UUID previousPosition = previous == null ? null : previous.getWorkPosition();
UUID newPosition = contract.getWorkPosition();
boolean validityChangedToValid = previous == null ? false : contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture();
IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
// flag can be processed afterwards
if (getBooleanProperty(AutomaticRoleManager.SKIP_RECALCULATION, event.getProperties())) {
LOG.debug("Automatic roles are skipped for contract [{}], state [{}] " + "for position will be created only.", contract.getId(), CoreResultCode.AUTOMATIC_ROLE_SKIPPED.getCode());
//
Map<String, Serializable> properties = new HashMap<>();
// original contract as property
properties.put(EntityEvent.EVENT_PROPERTY_ORIGINAL_SOURCE, event.getOriginalSource());
entityStateManager.createState(contract, OperationState.BLOCKED, contract.isValidNowOrInFuture() ? CoreResultCode.AUTOMATIC_ROLE_SKIPPED : CoreResultCode.AUTOMATIC_ROLE_SKIPPED_INVALID_CONTRACT, properties);
//
return new DefaultEventResult<>(event, this);
}
if (!contract.isValidNowOrInFuture()) {
// but we need to add skipped flag above, even when invalid contract is updated
return new DefaultEventResult<>(event, this);
}
//
if (previous == null || !Objects.equals(newPosition, previousPosition) || validityChangedToValid) {
// work positions has some difference or validity changes
List<IdmIdentityRoleDto> assignedRoles = getAssignedAutomaticRoles(contract.getId());
// remove all automatic roles by attribute and by other contract position
if (!assignedRoles.isEmpty()) {
assignedRoles = assignedRoles.stream().filter(autoRole -> {
// remove automatic roles by attribute - solved by different process
AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmIdentityRole_.automaticRole, (AbstractIdmAutomaticRoleDto) null);
if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
return true;
}
return false;
}).filter(identityRole -> {
// remove automatic roles by attribute - solved by different process
return identityRole.getContractPosition() == null;
}).collect(Collectors.toList());
}
//
Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
return identityRole.getAutomaticRole() != null;
}).map(identityRole -> {
return identityRole.getAutomaticRole();
}).collect(Collectors.toSet());
Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
if (newPosition != null && contract.isValidNowOrInFuture()) {
addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
}
// prevent to remove newly added or still exists roles
Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
addedAutomaticRoles.removeIf(a -> {
return previousAutomaticRoles.contains(a.getId());
});
//
for (UUID removedAutomaticRole : removedAutomaticRoles) {
Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
while (iter.hasNext()) {
IdmIdentityRoleDto identityRole = iter.next();
if (Objects.equals(identityRole.getAutomaticRole(), removedAutomaticRole)) {
// check, if role will be added by new automatic roles and prevent removing
IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
if (addedAutomaticRole == null) {
// remove assigned role
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.REMOVE);
//
roleRequest.getConceptRoles().add(conceptRoleRequest);
iter.remove();
} else {
// change relation only
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityRole(identityRole.getId());
conceptRoleRequest.setAutomaticRole(addedAutomaticRole.getId());
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setValidFrom(contract.getValidFrom());
conceptRoleRequest.setValidTill(contract.getValidTill());
conceptRoleRequest.setRole(identityRole.getRole());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.UPDATE);
//
roleRequest.getConceptRoles().add(conceptRoleRequest);
//
// new automatic role is not needed
addedAutomaticRoles.remove(addedAutomaticRole);
}
}
}
}
// change date - for unchanged assigned roles only
if (previous != null && EntityUtils.validableChanged(previous, contract)) {
roleRequest.getConceptRoles().addAll(changeValidable(contract, assignedRoles));
}
// add identity roles
for (AbstractIdmAutomaticRoleDto autoRole : addedAutomaticRoles) {
IdmConceptRoleRequestDto conceptRoleRequest = new IdmConceptRoleRequestDto();
conceptRoleRequest.setIdentityContract(contract.getId());
conceptRoleRequest.setValidFrom(contract.getValidFrom());
conceptRoleRequest.setValidTill(contract.getValidTill());
conceptRoleRequest.setRole(autoRole.getRole());
conceptRoleRequest.setAutomaticRole(autoRole.getId());
conceptRoleRequest.setOperation(ConceptRoleRequestOperation.ADD);
//
roleRequest.getConceptRoles().add(conceptRoleRequest);
}
// contract is enabled => process all contract positions
if (validityChangedToValid) {
IdmContractPositionFilter filter = new IdmContractPositionFilter();
filter.setIdentityContractId(contract.getId());
//
for (IdmContractPositionDto position : contractPositionService.find(filter, null).getContent()) {
CoreEvent<IdmContractPositionDto> positionEvent = new CoreEvent<>(CoreEventType.NOTIFY, position);
// we don't need the second asynchronicity
positionEvent.setPriority(PriorityType.IMMEDIATE);
positionEvent.getProperties().put(EVENT_PROPERTY_REQUEST, roleRequest);
// recount automatic roles for given position
EventContext<IdmContractPositionDto> context = contractPositionService.publish(positionEvent, event);
// get modified prepared request
if (context.getLastResult() != null) {
roleRequest = (IdmRoleRequestDto) context.getLastResult().getEvent().getProperties().get(EVENT_PROPERTY_REQUEST);
}
}
}
} else if (previous != null && EntityUtils.validableChanged(previous, contract)) {
// process validable change only
roleRequest.getConceptRoles().addAll(changeValidable(contract, getAssignedAutomaticRoles(contract.getId())));
}
// start request at end asynchronously
roleRequest.setApplicant(contract.getIdentity());
RoleRequestEvent requestEvent = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest);
roleRequestService.startConcepts(requestEvent, event);
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleRequestService method executeRequestInternal.
private IdmAutomaticRoleRequestDto executeRequestInternal(UUID requestId) {
Assert.notNull(requestId, "Role request ID is required!");
IdmAutomaticRoleRequestDto request = this.get(requestId);
Assert.notNull(request, "Role request is required!");
IdmAutomaticRoleAttributeRuleRequestFilter ruleFilter = new IdmAutomaticRoleAttributeRuleRequestFilter();
ruleFilter.setRoleRequestId(requestId);
List<IdmAutomaticRoleAttributeRuleRequestDto> ruleConcepts = automaticRoleRuleRequestService.find(ruleFilter, null).getContent();
UUID automaticRoleId = request.getAutomaticRole();
if (AutomaticRoleRequestType.ATTRIBUTE == request.getRequestType()) {
// Automatic role by attributes
if (RequestOperationType.REMOVE == request.getOperation()) {
// Remove automatic role by attributes
Assert.notNull(automaticRoleId, "Id of automatic role in the request (for delete) is required!");
automaticRoleAttributeService.delete(automaticRoleAttributeService.get(automaticRoleId));
request.setAutomaticRole(null);
} else {
// Add new or update (rules) for automatic role by attributes
IdmAutomaticRoleAttributeDto automaticRole = null;
if (automaticRoleId != null) {
automaticRole = automaticRoleAttributeService.get(automaticRoleId);
} else {
automaticRole = new IdmAutomaticRoleAttributeDto();
automaticRole = initAttributeAutomaticRole(request, automaticRole);
automaticRole = automaticRoleAttributeService.save(automaticRole);
request.setAutomaticRole(automaticRole.getId());
}
UUID roleId = automaticRole.getRole() != null ? automaticRole.getRole() : request.getRole();
Assert.notNull(roleId, "Id of role is required in the automatic role request!");
IdmRoleDto role = roleService.get(request.getRole());
Assert.notNull(role, "Role is required in the automatic role request!");
// Before we do any change, we have to sets the automatic role to concept state
automaticRole.setConcept(true);
automaticRoleAttributeService.save(automaticRole);
// Realize changes for rules
realizeAttributeRules(request, automaticRole, ruleConcepts);
// Sets automatic role as no concept -> execute recalculation this role
automaticRole.setConcept(false);
automaticRoleAttributeService.recalculate(automaticRoleAttributeService.save(automaticRole).getId());
}
} else if (AutomaticRoleRequestType.TREE == request.getRequestType()) {
// Automatic role by node in a tree
if (RequestOperationType.REMOVE == request.getOperation()) {
// Remove tree automatic role
Assert.notNull(automaticRoleId, "Id of automatic role in the request (for delete) is required!");
// Recount (remove) assigned roles ensures LRT during delete
try {
automaticRoleTreeService.delete(automaticRoleTreeService.get(automaticRoleId));
} catch (AcceptedException ex) {
LOG.info("Automatic role [{}] will be removed asynchronously.", automaticRoleId);
}
request.setAutomaticRole(null);
} else if (RequestOperationType.ADD == request.getOperation()) {
// Create new tree automatic role
IdmRoleTreeNodeDto treeAutomaticRole = new IdmRoleTreeNodeDto();
treeAutomaticRole = initTreeAutomaticRole(request, treeAutomaticRole);
// Recount of assigned roles ensures LRT
try {
treeAutomaticRole = automaticRoleTreeService.save(treeAutomaticRole);
request.setAutomaticRole(treeAutomaticRole.getId());
} catch (AcceptedException ex) {
// automatic role will be processed asynchronously, but it's persisted
String treeAutomaticRoleIdentifier = ex.getIdentifier();
if (StringUtils.isEmpty(treeAutomaticRoleIdentifier)) {
throw ex;
}
request.setAutomaticRole(DtoUtils.toUuid(treeAutomaticRoleIdentifier));
}
} else {
// Update is not supported
throw new ResultCodeException(CoreResultCode.METHOD_NOT_ALLOWED, "Tree automatic role update is not supported");
}
}
request.setState(RequestState.EXECUTED);
request.setResult(new OperationResultDto.Builder(OperationState.EXECUTED).build());
return this.save(request);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmTreeNodeServiceIntegrationTest method testRecountAutomaticRoleMultipleTimes.
@Test
public void testRecountAutomaticRoleMultipleTimes() {
IdmTreeNodeDto node = getHelper().createTreeNode();
// define automatic role for parent
IdmRoleDto role = getHelper().createRole();
IdmRoleTreeNodeDto automaticRole = getHelper().createRoleTreeNode(role, node, RecursionType.NO, true);
// create identity with contract on node
entityStateManager.createState(automaticRole, OperationState.BLOCKED, CoreResultCode.AUTOMATIC_ROLE_SKIPPED, null);
entityStateManager.createState(automaticRole, OperationState.BLOCKED, CoreResultCode.AUTOMATIC_ROLE_SKIPPED, null);
Assert.assertEquals(2, entityStateManager.findStates(automaticRole, null).getTotalElements());
//
// recount skipped automatic roles
LongRunningFutureTask<Boolean> executor = longRunningTaskManager.execute(new ProcessSkippedAutomaticRoleByTreeTaskExecutor());
IdmLongRunningTaskDto longRunningTask = longRunningTaskManager.getLongRunningTask(executor);
Assert.assertEquals(Long.valueOf(2), longRunningTask.getSuccessItemCount());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmTreeNodeServiceIntegrationTest method testAssignAutomaticRoleOnPositionAfterNodeIsMovedWithDownRecursion.
@Test
public void testAssignAutomaticRoleOnPositionAfterNodeIsMovedWithDownRecursion() {
IdmTreeNodeDto parentNode = getHelper().createTreeNode();
IdmTreeNodeDto node = getHelper().createTreeNode();
// define automatic role for parent
IdmRoleDto role = getHelper().createRole();
IdmRoleTreeNodeDto automaticRole = getHelper().createRoleTreeNode(role, parentNode, RecursionType.DOWN, true);
// create identity with contract on node
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
getHelper().createContractPosition(getHelper().getPrimeContract(identity), node);
// no role should be assigned now
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.isEmpty());
//
node.setParent(parentNode.getId());
node = service.save(node);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(automaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
//
IdmTreeNodeDto otherNode = getHelper().createTreeNode();
IdmRoleTreeNodeDto otherAutomaticRole = getHelper().createRoleTreeNode(role, otherNode, RecursionType.DOWN, true);
node.setParent(otherNode.getId());
node = service.save(node);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
UUID assignedRoleId = assignedRoles.get(0).getId();
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(otherAutomaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
//
// recalculate role => nothing happend
ProcessAutomaticRoleByTreeTaskExecutor automaticRoleTask = AutowireHelper.createBean(ProcessAutomaticRoleByTreeTaskExecutor.class);
automaticRoleTask.setAutomaticRoles(Lists.newArrayList(otherAutomaticRole.getId()));
longRunningTaskManager.execute(automaticRoleTask);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(otherAutomaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
Assert.assertEquals(assignedRoleId, assignedRoles.get(0).getId());
//
// move node deeper in sub tree => nothing should happend
IdmTreeNodeDto subNode = getHelper().createTreeNode(null, null, getHelper().createTreeNode(null, null, otherNode));
node.setParent(subNode.getId());
node = service.save(node);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(otherAutomaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
Assert.assertEquals(assignedRoleId, assignedRoles.get(0).getId());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmTreeNodeServiceIntegrationTest method testAssignAutomaticRoleOnPositionAfterNodeIsMovedWithUpRecursion.
@Test
public void testAssignAutomaticRoleOnPositionAfterNodeIsMovedWithUpRecursion() {
IdmTreeNodeDto parentNode = getHelper().createTreeNode();
IdmTreeNodeDto node = getHelper().createTreeNode();
// define automatic role for parent
IdmRoleDto role = getHelper().createRole();
IdmRoleTreeNodeDto automaticRole = getHelper().createRoleTreeNode(role, node, RecursionType.UP, true);
// create identity with contract on node
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
getHelper().createContractPosition(getHelper().getPrimeContract(identity), parentNode);
// no role should be assigned now
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.isEmpty());
//
node.setParent(parentNode.getId());
node = service.save(node);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(automaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
//
IdmTreeNodeDto otherNode = getHelper().createTreeNode(null, null, node);
IdmRoleDto roleOther = getHelper().createRole();
IdmRoleTreeNodeDto otherAutomaticRole = getHelper().createRoleTreeNode(roleOther, otherNode, RecursionType.UP, false);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRole.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> otherAutomaticRole.getId().equals(ir.getAutomaticRole())));
}
Aggregations