use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IdmRoleRequestController method getIncompatibleRoles.
@ResponseBody
@RequestMapping(value = "/{backendId}/incompatible-roles", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_READ + "')")
@ApiOperation(value = "Incompatible roles related to this request", nickname = "getRoleRequestIncompatibleRoles", tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }) }, notes = "Incompatible roles are resolved from currently assigned identity roles (which can logged used read) and the current request concepts.")
public Resources<?> getIncompatibleRoles(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable String backendId) {
IdmRoleRequestDto entity = getDto(backendId);
if (entity == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = service.getIncompatibleRoles(entity, IdmBasePermission.READ);
//
return toResources(incompatibleRoles, ResolvedIncompatibleRoleDto.class);
}
use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class IdmRoleController method getIncompatibleRoles.
@ResponseBody
@RequestMapping(value = "/{backendId}/incompatible-roles", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_READ + "')")
@ApiOperation(value = "Incompatible roles from sub roles", nickname = "getRoleIncompatibleRoles", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }) }, notes = "Incompatible roles are resolved from sub roles.")
public Resources<?> getIncompatibleRoles(@ApiParam(value = "Roles's uuid identifier or code.", required = true) @PathVariable String backendId) {
IdmRoleDto role = getDto(backendId);
if (role == null) {
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
}
//
// find all sub role composition
List<IdmRoleCompositionDto> subRoles = roleCompositionService.findAllSubRoles(role.getId(), IdmBasePermission.READ);
// extract all sub roles ids - role above is included thx to composition
Set<IdmRoleDto> distinctRoles = roleCompositionService.resolveDistinctRoles(subRoles);
// resolve incompatible roles defined by business role
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = incompatibleRoleService.resolveIncompatibleRoles(Lists.newArrayList(distinctRoles));
//
return toResources(incompatibleRoles, ResolvedIncompatibleRoleDto.class);
}
use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method defaultWithoutApproveTest.
@Test
public void defaultWithoutApproveTest() {
configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "false");
// Set incompatibility role test
configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
// Create test role for load candidates on approval incompatibility (TEST_USER_1)
IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
IdmIdentityDto applicant = getHelper().createIdentity();
// Create definition of incompatible roles
IdmRoleDto incompatibleRoleOne = getHelper().createRole();
IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
incompatibleRole.setSub(incompatibleRoleOne.getId());
incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
incompatibleRole = incompatibleRoleService.save(incompatibleRole);
// Assign first incompatible role
getHelper().createIdentityRole(applicant, incompatibleRoleOne);
loginAsAdmin();
// Create request
IdmRoleRequestDto request = createRoleRequest(applicant);
request = roleRequestService.save(request);
IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
concept = conceptRoleRequestService.save(concept);
// Check on incompatible role in the request
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
assertEquals(2, incompatibleRoles.size());
// HELPDESK turn off
// MANAGER turn off
// USER MANAGER turn off
// SECURITY turn off
// ROLE INCOMPATIBILITY turn off
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.EXECUTED, request.getState());
assertNotNull(request.getWfProcessId());
}
use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method approveIncompatibleRolesTest.
@Test
public void approveIncompatibleRolesTest() {
ZonedDateTime now = ZonedDateTime.now().truncatedTo(ChronoUnit.MILLIS);
getHelper().waitForResult(null, 1, 1);
configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "true");
// Set incompatibility role test
configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
// Create test role for load candidates on approval incompatibility (TEST_USER_1)
IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
IdmIdentityDto applicant = getHelper().createIdentity();
// Create definition of incompatible roles
IdmRoleDto incompatibleRoleOne = getHelper().createRole();
IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
incompatibleRole.setSub(incompatibleRoleOne.getId());
incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
incompatibleRole = incompatibleRoleService.save(incompatibleRole);
// Assign first incompatible role
getHelper().createIdentityRole(applicant, incompatibleRoleOne);
loginAsAdmin();
// Create request
IdmRoleRequestDto request = createRoleRequest(applicant);
request = roleRequestService.save(request);
IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
concept = conceptRoleRequestService.save(concept);
// Check on incompatible role in the request
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
assertEquals(2, incompatibleRoles.size());
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
WorkflowFilterDto taskFilter = new WorkflowFilterDto();
taskFilter.setCreatedAfter(now);
taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
assertEquals(0, tasks.size());
// HELPDESK turn off
// MANAGER turn off
// USER MANAGER turn off
// SECURITY turn off
// ROLE INCOMPATIBILITY turn on
loginAsAdmin(InitTestDataProcessor.TEST_USER_1);
taskFilter.setCandidateOrAssigned(InitTestDataProcessor.TEST_USER_1);
checkAndCompleteOneTask(taskFilter, applicant.getUsername(), "approve", "approveIncompatibilities");
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.EXECUTED, request.getState());
assertNotNull(request.getWfProcessId());
concept = conceptRoleRequestService.get(concept.getId());
assertNotNull(concept.getWfProcessId());
// Find all identity roles for applicant
List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(applicant.getId());
boolean exists = identityRoles.stream().filter(identityRole -> incompatibleRoleTwo.getId().equals(identityRole.getRole())).findFirst().isPresent();
// Incompatible role two must be assigned for applicant
assertTrue(exists);
// Create next request
IdmRoleRequestDto requestNext = createRoleRequest(applicant);
requestNext = roleRequestService.save(requestNext);
// Check on incompatible role in the request
// Incompatibilities exist for this user, but not in this request (none concept
// added new role is presents)
incompatibleRoles = roleRequestService.getIncompatibleRoles(requestNext);
assertEquals(0, incompatibleRoles.size());
}
use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testResolveIncompatibleRoles.
@Test
public void testResolveIncompatibleRoles() {
Assert.assertTrue(service.resolveIncompatibleRoles(null).isEmpty());
Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList()).isEmpty());
Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList((Serializable) null, (Serializable) null)).isEmpty());
//
// prepare role composition
IdmRoleDto superior = getHelper().createRole();
IdmRoleDto superiorTwo = getHelper().createRole();
IdmRoleDto subOne = getHelper().createRole();
IdmRoleDto subTwo = getHelper().createRole();
IdmRoleDto subOneSub = getHelper().createRole();
IdmRoleDto subOneSubSub = getHelper().createRole();
IdmRoleDto three = getHelper().createRole();
IdmRoleDto threeSub = getHelper().createRole();
IdmRoleDto threeSubSub = getHelper().createRole();
getHelper().createRoleComposition(superior, subOne);
getHelper().createRoleComposition(superior, subTwo);
getHelper().createRoleComposition(subOne, subOneSub);
getHelper().createRoleComposition(subOneSub, subOneSubSub);
getHelper().createRoleComposition(three, threeSub);
getHelper().createRoleComposition(threeSub, threeSubSub);
// prepare incompatible roles
getHelper().createIncompatibleRole(subOne, subTwo);
getHelper().createIncompatibleRole(subOneSubSub, threeSubSub);
getHelper().createIncompatibleRole(subTwo, threeSub);
getHelper().createIncompatibleRole(subOne, subOne);
//
Set<ResolvedIncompatibleRoleDto> resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId()));
Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
//
resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), superiorTwo.getId()));
Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
//
// wrong definition. TODO: add validation
resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId()));
Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
//
// preloaded role is used
superior = getHelper().getService(IdmRoleService.class).get(superior);
// incompatible roles inside business role definition
resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(superior));
Assert.assertEquals(1, resolvedIncompatibleRoles.size());
Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId());
}));
//
resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), subTwo.getId()));
Assert.assertEquals(2, resolvedIncompatibleRoles.size());
Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subOne);
}));
Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subTwo);
}));
//
//
resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), three.getId()));
Assert.assertEquals(2, resolvedIncompatibleRoles.size());
Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(subOne);
}));
Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(three);
}));
//
Set<IdmIncompatibleRoleDto> incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOneSub.getId(), subTwo.getId(), three.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(2, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
}));
//
incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), three.getId(), subOne.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(3, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
}));
//
incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), subTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(1, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
}));
//
incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), superior.getId(), superiorTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
Assert.assertEquals(3, incompatibleRoles.size());
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
}));
Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
}));
}
Aggregations