Search in sources :

Example 16 with IdmRoleTreeNodeDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.

the class RemoveAutomaticRoleTaskExecutor method end.

@Override
protected Boolean end(Boolean result, Exception ex) {
    Boolean ended = super.end(result, ex);
    // 
    if (BooleanUtils.isTrue(ended)) {
        IdmRoleDto role = DtoUtils.getEmbedded(getAutomaticRole(), IdmRoleTreeNode_.role, IdmRoleDto.class);
        // 
        long assignedRoles = identityRoleService.findByAutomaticRole(getAutomaticRoleId(), new PageRequest(0, 1)).getTotalElements();
        if (assignedRoles != 0) {
            LOG.debug("Remove role [{}] by automatic role [{}] is not complete, some roles [{}] remains assigned to identities.", role.getCode(), getAutomaticRole().getId(), assignedRoles);
            return ended;
        }
        // 
        LOG.debug("Remove role [{}] by automatic role [{}]", role.getCode(), getAutomaticRole().getId());
        try {
            // 
            // Find all concepts and remove relation on role tree
            IdmConceptRoleRequestFilter conceptRequestFilter = new IdmConceptRoleRequestFilter();
            conceptRequestFilter.setAutomaticRole(getAutomaticRoleId());
            // 
            List<IdmConceptRoleRequestDto> concepts = conceptRequestService.find(conceptRequestFilter, null).getContent();
            for (IdmConceptRoleRequestDto concept : concepts) {
                IdmRoleRequestDto request = roleRequestService.get(concept.getRoleRequest());
                String message = null;
                if (concept.getState().isTerminatedState()) {
                    message = MessageFormat.format("Role tree node [{0}] (reqested in concept [{1}]) was deleted (not from this role request)!", getAutomaticRoleId(), concept.getId());
                } else {
                    message = MessageFormat.format("Request change in concept [{0}], was not executed, because requested RoleTreeNode [{1}] was deleted (not from this role request)!", concept.getId(), getAutomaticRoleId());
                    concept.setState(RoleRequestState.CANCELED);
                }
                roleRequestService.addToLog(request, message);
                conceptRequestService.addToLog(concept, message);
                concept.setAutomaticRole(null);
                roleRequestService.save(request);
                conceptRequestService.save(concept);
            }
            // Find all automatic role requests and remove relation on automatic role
            if (automaticRoleId != null) {
                IdmAutomaticRoleRequestFilter automaticRoleRequestFilter = new IdmAutomaticRoleRequestFilter();
                automaticRoleRequestFilter.setAutomaticRoleId(automaticRoleId);
                automaticRoleRequestService.find(automaticRoleRequestFilter, null).getContent().forEach(request -> {
                    request.setAutomaticRole(null);
                    automaticRoleRequestService.save(request);
                // WFs cannot be cancel here, because this method can be called from the same WF
                // automaticRoleRequestService.cancel(request);
                });
            }
            // by default is this allowed
            if (this.isDeleteEntity()) {
                // delete entity
                if (getAutomaticRole() instanceof IdmRoleTreeNodeDto) {
                    roleTreeNodeService.deleteInternalById(getAutomaticRole().getId());
                } else {
                    // remove all rules
                    automaticRoleAttributeRuleService.deleteAllByAttribute(getAutomaticRole().getId());
                    automaticRoleAttributeService.deleteInternalById(getAutomaticRole().getId());
                }
            }
            // 
            LOG.debug("End: Remove role [{}] by automatic role [{}].", role.getCode(), getAutomaticRole().getId());
        // 
        } catch (Exception O_o) {
            LOG.debug("Remove role [{}] by automatic role [{}] failed", role.getCode(), getAutomaticRole().getId(), O_o);
            // 
            IdmLongRunningTaskDto task = longRunningTaskService.get(getLongRunningTaskId());
            ResultModel resultModel = new DefaultResultModel(CoreResultCode.LONG_RUNNING_TASK_FAILED, ImmutableMap.of("taskId", getLongRunningTaskId(), "taskType", task.getTaskType(), "instanceId", task.getInstanceId()));
            saveResult(resultModel, OperationState.EXCEPTION, O_o);
        }
    }
    // 
    return ended;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmLongRunningTaskDto(eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) PageRequest(org.springframework.data.domain.PageRequest) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmAutomaticRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAutomaticRoleRequestFilter) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Example 17 with IdmRoleTreeNodeDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.

the class IdentityContractUpdateByAutomaticRoleProcessor method process.

@Override
public EventResult<IdmIdentityContractDto> process(EntityEvent<IdmIdentityContractDto> event) {
    IdmIdentityContractDto contract = event.getContent();
    // 
    IdmIdentityContractDto previous = event.getOriginalSource();
    UUID previousPosition = previous.getWorkPosition();
    UUID newPosition = contract.getWorkPosition();
    // check automatic roles - if position or disabled was changed
    if (!Objects.equals(newPosition, previousPosition) || (contract.isValidNowOrInFuture() && previous.isValidNowOrInFuture() != contract.isValidNowOrInFuture())) {
        // work positions has some difference or validity changes
        List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByContract(contract.getId());
        // remove all automatic roles by attribute
        if (!assignedRoles.isEmpty()) {
            assignedRoles = assignedRoles.stream().filter(autoRole -> {
                AbstractIdmAutomaticRoleDto automaticRoleDto = DtoUtils.getEmbedded(autoRole, IdmAutomaticRoleAttributeService.ROLE_TREE_NODE_ATTRIBUTE_NAME, AbstractIdmAutomaticRoleDto.class, null);
                if (automaticRoleDto instanceof IdmRoleTreeNodeDto) {
                    return true;
                }
                return false;
            }).collect(Collectors.toList());
        }
        // 
        Set<UUID> previousAutomaticRoles = assignedRoles.stream().filter(identityRole -> {
            return identityRole.getRoleTreeNode() != null;
        }).map(identityRole -> {
            return identityRole.getRoleTreeNode();
        }).collect(Collectors.toSet());
        Set<IdmRoleTreeNodeDto> addedAutomaticRoles = new HashSet<>();
        if (newPosition != null) {
            addedAutomaticRoles = roleTreeNodeService.getAutomaticRolesByTreeNode(newPosition);
        }
        // prevent to remove newly added or still exists roles
        Set<UUID> removedAutomaticRoles = new HashSet<>(previousAutomaticRoles);
        removedAutomaticRoles.removeAll(addedAutomaticRoles.stream().map(IdmRoleTreeNodeDto::getId).collect(Collectors.toList()));
        addedAutomaticRoles.removeIf(a -> {
            return previousAutomaticRoles.contains(a.getId());
        });
        // 
        for (UUID removedAutomaticRole : removedAutomaticRoles) {
            Iterator<IdmIdentityRoleDto> iter = assignedRoles.iterator();
            while (iter.hasNext()) {
                IdmIdentityRoleDto identityRole = iter.next();
                if (Objects.equals(identityRole.getRoleTreeNode(), removedAutomaticRole)) {
                    // check, if role will be added by new automatic roles and prevent removing
                    IdmRoleTreeNodeDto addedAutomaticRole = getByRole(identityRole.getRole(), addedAutomaticRoles);
                    if (addedAutomaticRole == null) {
                        // remove assigned role
                        roleTreeNodeService.removeAutomaticRoles(identityRole, null);
                        iter.remove();
                    } else {
                        // change relation only
                        identityRole.setRoleTreeNode(addedAutomaticRole.getId());
                        updateIdentityRole(identityRole);
                        // 
                        // new automatic role is not needed
                        addedAutomaticRoles.remove(addedAutomaticRole);
                    }
                }
            }
        }
        // change date - for unchanged assigned roles only
        if (EntityUtils.validableChanged(previous, contract)) {
            changeValidable(contract, assignedRoles);
        }
        // 
        // add identity roles
        roleTreeNodeService.addAutomaticRoles(contract, addedAutomaticRoles);
    } else // process validable change
    if (EntityUtils.validableChanged(previous, contract)) {
        changeValidable(contract, identityRoleService.findAllByContract(contract.getId()));
    }
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmRoleTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmRoleTreeNodeService) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdentityContractProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityContractProcessor) HashSet(java.util.HashSet) EntityUtils(eu.bcvsolutions.idm.core.api.utils.EntityUtils) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityRoleEventType(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent.IdentityRoleEventType) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) Description(org.springframework.context.annotation.Description) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) Iterator(java.util.Iterator) IdentityContractEventType(eu.bcvsolutions.idm.core.model.event.IdentityContractEvent.IdentityContractEventType) Set(java.util.Set) IdentityRoleEvent(eu.bcvsolutions.idm.core.model.event.IdentityRoleEvent) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) List(java.util.List) Component(org.springframework.stereotype.Component) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AbstractIdmAutomaticRoleDto(eu.bcvsolutions.idm.core.api.dto.AbstractIdmAutomaticRoleDto) UUID(java.util.UUID) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) HashSet(java.util.HashSet)

Example 18 with IdmRoleTreeNodeDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method testDeleteTreeAutomaticRole.

@Test
public void testDeleteTreeAutomaticRole() {
    IdmRoleDto role = prepareRole();
    IdmTreeNodeDto nodeOne = helper.createTreeNode();
    IdmRoleTreeNodeDto automaticRole = new IdmRoleTreeNodeDto();
    automaticRole.setRole(role.getId());
    automaticRole.setName(role.getName());
    automaticRole.setTreeNode(nodeOne.getId());
    // Create automatic role via manager
    automaticRole = automaticRoleManager.createAutomaticRoleByTree(automaticRole, true);
    Assert.assertNotNull(automaticRole.getId());
    IdmRoleTreeNodeDto treeAutomaticRole = roleTreeNodeService.get(automaticRole.getId());
    Assert.assertNotNull(treeAutomaticRole);
    Assert.assertEquals(nodeOne.getId(), treeAutomaticRole.getTreeNode());
    Assert.assertEquals(role.getId(), treeAutomaticRole.getRole());
    // Delete automatic role via manager
    automaticRoleManager.deleteAutomaticRole(automaticRole, true);
    IdmRoleTreeNodeDto deletedAutomaticRole = roleTreeNodeService.get(automaticRole.getId());
    Assert.assertNull(deletedAutomaticRole);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Example 19 with IdmRoleTreeNodeDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method testCreateTreeAutomaticRole.

@Test
public void testCreateTreeAutomaticRole() {
    IdmRoleDto role = prepareRole();
    IdmTreeNodeDto nodeOne = helper.createTreeNode();
    IdmRoleTreeNodeDto automaticRole = new IdmRoleTreeNodeDto();
    automaticRole.setRole(role.getId());
    automaticRole.setName(role.getName());
    automaticRole.setTreeNode(nodeOne.getId());
    // Create automatic role via manager
    automaticRole = automaticRoleManager.createAutomaticRoleByTree(automaticRole, true);
    Assert.assertNotNull(automaticRole.getId());
    IdmRoleTreeNodeDto treeAutomaticRole = roleTreeNodeService.get(automaticRole.getId());
    Assert.assertNotNull(treeAutomaticRole);
    Assert.assertEquals(nodeOne.getId(), treeAutomaticRole.getTreeNode());
    Assert.assertEquals(role.getId(), treeAutomaticRole.getRole());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Example 20 with IdmRoleTreeNodeDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method testDeleteTreeAutomaticRoleApproval.

@Test
public void testDeleteTreeAutomaticRoleApproval() {
    IdmRoleDto role = prepareRole();
    IdmTreeNodeDto nodeOne = helper.createTreeNode();
    IdmIdentityDto guaranteeIdentity = helper.createIdentity();
    IdmRoleGuaranteeDto guarantee = new IdmRoleGuaranteeDto();
    guarantee.setRole(role.getId());
    guarantee.setGuarantee(guaranteeIdentity.getId());
    role.getGuarantees().add(guarantee);
    role = roleService.save(role);
    IdmRoleTreeNodeDto automaticRole = new IdmRoleTreeNodeDto();
    automaticRole.setRole(role.getId());
    automaticRole.setName(role.getName());
    automaticRole.setTreeNode(nodeOne.getId());
    // Create automatic role via manager
    automaticRole = automaticRoleManager.createAutomaticRoleByTree(automaticRole, true);
    Assert.assertNotNull(automaticRole.getId());
    IdmRoleTreeNodeDto treeAutomaticRole = roleTreeNodeService.get(automaticRole.getId());
    Assert.assertNotNull(treeAutomaticRole);
    Assert.assertEquals(nodeOne.getId(), treeAutomaticRole.getTreeNode());
    Assert.assertEquals(role.getId(), treeAutomaticRole.getRole());
    // Delete automatic role via manager
    try {
        automaticRoleManager.deleteAutomaticRole(automaticRole, false);
    } catch (AcceptedException ex) {
        // The request is in approval
        Assert.assertNotNull(ex.getIdentifier());
        UUID requestId = UUID.fromString(ex.getIdentifier());
        loginAsNoAdmin(guaranteeIdentity.getUsername());
        try {
            completeTasksFromUsers(guaranteeIdentity.getUsername(), "approve");
        } catch (ResultCodeException e) {
            fail("User has permission to approve task. Error message: " + e.getLocalizedMessage());
        } catch (Exception e) {
            fail("Some problem: " + e.getLocalizedMessage());
        }
        IdmAutomaticRoleRequestDto request = roleRequestService.get(requestId);
        Assert.assertEquals(RequestState.EXECUTED, request.getState());
        IdmRoleTreeNodeDto deletedAutomaticRole = roleTreeNodeService.get(automaticRole.getId());
        Assert.assertNull(deletedAutomaticRole);
        return;
    }
    fail("Automatic role request have to be approving by gurantee!");
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) IdmAutomaticRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleRequestDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Aggregations

IdmRoleTreeNodeDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto)29 Test (org.junit.Test)16 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)11 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)10 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)9 AcceptedException (eu.bcvsolutions.idm.core.api.exception.AcceptedException)7 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)6 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)6 IdmTreeNodeDto (eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto)6 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)6 UUID (java.util.UUID)6 AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)5 IdmAutomaticRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleRequestDto)5 IdmRoleGuaranteeDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto)3 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)3 RoleRequestException (eu.bcvsolutions.idm.core.api.exception.RoleRequestException)3 IdmAutomaticRoleAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)2 ApiOperation (io.swagger.annotations.ApiOperation)2 LocalDate (org.joda.time.LocalDate)2 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)2