Examples with ResolvedIncompatibleRoleDto eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto used on opensource projects

Example 1 with ResolvedIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class IdmRoleRequestController method getIncompatibleRoles.

@ResponseBody
@RequestMapping(value = "/{backendId}/incompatible-roles", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_REQUEST_READ + "')")
@ApiOperation(value = "Incompatible roles related to this request", nickname = "getRoleRequestIncompatibleRoles", tags = { IdmRoleRequestController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_REQUEST_READ, description = "") }) }, notes = "Incompatible roles are resolved from currently assigned identity roles (which can logged used read) and the current request concepts.")
public Resources<?> getIncompatibleRoles(@ApiParam(value = "Role request's uuid identifier.", required = true) @PathVariable String backendId) {
    IdmRoleRequestDto entity = getDto(backendId);
    if (entity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = service.getIncompatibleRoles(entity, IdmBasePermission.READ);
    // 
    return toResources(incompatibleRoles, ResolvedIncompatibleRoleDto.class);
}

Example 2 with ResolvedIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class IdmRoleController method getIncompatibleRoles.

@ResponseBody
@RequestMapping(value = "/{backendId}/incompatible-roles", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_READ + "')")
@ApiOperation(value = "Incompatible roles from sub roles", nickname = "getRoleIncompatibleRoles", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }) }, notes = "Incompatible roles are resolved from sub roles.")
public Resources<?> getIncompatibleRoles(@ApiParam(value = "Roles's uuid identifier or code.", required = true) @PathVariable String backendId) {
    IdmRoleDto role = getDto(backendId);
    if (role == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    // find all sub role composition
    List<IdmRoleCompositionDto> subRoles = roleCompositionService.findAllSubRoles(role.getId(), IdmBasePermission.READ);
    // extract all sub roles ids - role above is included thx to composition
    Set<IdmRoleDto> distinctRoles = roleCompositionService.resolveDistinctRoles(subRoles);
    // resolve incompatible roles defined by business role
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = incompatibleRoleService.resolveIncompatibleRoles(Lists.newArrayList(distinctRoles));
    // 
    return toResources(incompatibleRoles, ResolvedIncompatibleRoleDto.class);
}

Example 3 with ResolvedIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class ChangeIdentityPermissionTest method defaultWithoutApproveTest.

@Test
public void defaultWithoutApproveTest() {
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "false");
    // Set incompatibility role test
    configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
    // Create test role for load candidates on approval incompatibility (TEST_USER_1)
    IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
    getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
    IdmIdentityDto applicant = getHelper().createIdentity();
    // Create definition of incompatible roles
    IdmRoleDto incompatibleRoleOne = getHelper().createRole();
    IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
    IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
    incompatibleRole.setSub(incompatibleRoleOne.getId());
    incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
    incompatibleRole = incompatibleRoleService.save(incompatibleRole);
    // Assign first incompatible role
    getHelper().createIdentityRole(applicant, incompatibleRoleOne);
    loginAsAdmin();
    // Create request
    IdmRoleRequestDto request = createRoleRequest(applicant);
    request = roleRequestService.save(request);
    IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
    IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
    concept = conceptRoleRequestService.save(concept);
    // Check on incompatible role in the request
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
    assertEquals(2, incompatibleRoles.size());
    // HELPDESK turn off
    // MANAGER turn off
    // USER MANAGER turn off
    // SECURITY turn off
    // ROLE INCOMPATIBILITY turn off
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.EXECUTED, request.getState());
    assertNotNull(request.getWfProcessId());
}

Example 4 with ResolvedIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class ChangeIdentityPermissionTest method approveIncompatibleRolesTest.

@Test
public void approveIncompatibleRolesTest() {
    ZonedDateTime now = ZonedDateTime.now().truncatedTo(ChronoUnit.MILLIS);
    getHelper().waitForResult(null, 1, 1);
    configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "false");
    configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
    configurationService.setValue(APPROVE_INCOMPATIBLE_ENABLE, "true");
    // Set incompatibility role test
    configurationService.setValue(APPROVE_INCOMPATIBLE_ROLE, INCOMPATIBILITY_ROLE_TEST);
    // Create test role for load candidates on approval incompatibility (TEST_USER_1)
    IdmRoleDto role = getHelper().createRole(INCOMPATIBILITY_ROLE_TEST);
    getHelper().createIdentityRole(identityService.getByUsername(InitTestDataProcessor.TEST_USER_1), role);
    IdmIdentityDto applicant = getHelper().createIdentity();
    // Create definition of incompatible roles
    IdmRoleDto incompatibleRoleOne = getHelper().createRole();
    IdmRoleDto incompatibleRoleTwo = getHelper().createRole();
    IdmIncompatibleRoleDto incompatibleRole = new IdmIncompatibleRoleDto();
    incompatibleRole.setSub(incompatibleRoleOne.getId());
    incompatibleRole.setSuperior(incompatibleRoleTwo.getId());
    incompatibleRole = incompatibleRoleService.save(incompatibleRole);
    // Assign first incompatible role
    getHelper().createIdentityRole(applicant, incompatibleRoleOne);
    loginAsAdmin();
    // Create request
    IdmRoleRequestDto request = createRoleRequest(applicant);
    request = roleRequestService.save(request);
    IdmIdentityContractDto applicantContract = getHelper().getPrimeContract(applicant.getId());
    IdmConceptRoleRequestDto concept = createRoleConcept(incompatibleRoleTwo, applicantContract, request);
    concept = conceptRoleRequestService.save(concept);
    // Check on incompatible role in the request
    Set<ResolvedIncompatibleRoleDto> incompatibleRoles = roleRequestService.getIncompatibleRoles(request);
    assertEquals(2, incompatibleRoles.size());
    roleRequestService.startRequestInternal(request.getId(), true);
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
    WorkflowFilterDto taskFilter = new WorkflowFilterDto();
    taskFilter.setCreatedAfter(now);
    taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
    List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
    assertEquals(0, tasks.size());
    // HELPDESK turn off
    // MANAGER turn off
    // USER MANAGER turn off
    // SECURITY turn off
    // ROLE INCOMPATIBILITY turn on
    loginAsAdmin(InitTestDataProcessor.TEST_USER_1);
    taskFilter.setCandidateOrAssigned(InitTestDataProcessor.TEST_USER_1);
    checkAndCompleteOneTask(taskFilter, applicant.getUsername(), "approve", "approveIncompatibilities");
    request = roleRequestService.get(request.getId());
    assertEquals(RoleRequestState.EXECUTED, request.getState());
    assertNotNull(request.getWfProcessId());
    concept = conceptRoleRequestService.get(concept.getId());
    assertNotNull(concept.getWfProcessId());
    // Find all identity roles for applicant
    List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(applicant.getId());
    boolean exists = identityRoles.stream().filter(identityRole -> incompatibleRoleTwo.getId().equals(identityRole.getRole())).findFirst().isPresent();
    // Incompatible role two must be assigned for applicant
    assertTrue(exists);
    // Create next request
    IdmRoleRequestDto requestNext = createRoleRequest(applicant);
    requestNext = roleRequestService.save(requestNext);
    // Check on incompatible role in the request
    // Incompatibilities exist for this user, but not in this request (none concept
    // added new role is presents)
    incompatibleRoles = roleRequestService.getIncompatibleRoles(requestNext);
    assertEquals(0, incompatibleRoles.size());
}

Example 5 with ResolvedIncompatibleRoleDto

use of eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIncompatibleRoleServiceIntegrationTest method testResolveIncompatibleRoles.

@Test
public void testResolveIncompatibleRoles() {
    Assert.assertTrue(service.resolveIncompatibleRoles(null).isEmpty());
    Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList()).isEmpty());
    Assert.assertTrue(service.resolveIncompatibleRoles(Lists.newArrayList((Serializable) null, (Serializable) null)).isEmpty());
    // 
    // prepare role composition
    IdmRoleDto superior = getHelper().createRole();
    IdmRoleDto superiorTwo = getHelper().createRole();
    IdmRoleDto subOne = getHelper().createRole();
    IdmRoleDto subTwo = getHelper().createRole();
    IdmRoleDto subOneSub = getHelper().createRole();
    IdmRoleDto subOneSubSub = getHelper().createRole();
    IdmRoleDto three = getHelper().createRole();
    IdmRoleDto threeSub = getHelper().createRole();
    IdmRoleDto threeSubSub = getHelper().createRole();
    getHelper().createRoleComposition(superior, subOne);
    getHelper().createRoleComposition(superior, subTwo);
    getHelper().createRoleComposition(subOne, subOneSub);
    getHelper().createRoleComposition(subOneSub, subOneSubSub);
    getHelper().createRoleComposition(three, threeSub);
    getHelper().createRoleComposition(threeSub, threeSubSub);
    // prepare incompatible roles
    getHelper().createIncompatibleRole(subOne, subTwo);
    getHelper().createIncompatibleRole(subOneSubSub, threeSubSub);
    getHelper().createIncompatibleRole(subTwo, threeSub);
    getHelper().createIncompatibleRole(subOne, subOne);
    // 
    Set<ResolvedIncompatibleRoleDto> resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), superiorTwo.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    // wrong definition. TODO: add validation
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId()));
    Assert.assertTrue(resolvedIncompatibleRoles.isEmpty());
    // 
    // preloaded role is used
    superior = getHelper().getService(IdmRoleService.class).get(superior);
    // incompatible roles inside business role definition
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(superior));
    Assert.assertEquals(1, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId());
    }));
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), subTwo.getId()));
    Assert.assertEquals(2, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subOne);
    }));
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOne.getId()) && ir.getIncompatibleRole().getSub().equals(subTwo.getId()) && ir.getDirectRole().equals(subTwo);
    }));
    // 
    // 
    resolvedIncompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOne.getId(), three.getId()));
    Assert.assertEquals(2, resolvedIncompatibleRoles.size());
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(subOne);
    }));
    Assert.assertTrue(resolvedIncompatibleRoles.stream().anyMatch(ir -> {
        return ir.getIncompatibleRole().getSuperior().equals(subOneSubSub.getId()) && ir.getIncompatibleRole().getSub().equals(threeSubSub.getId()) && ir.getDirectRole().equals(three);
    }));
    // 
    Set<IdmIncompatibleRoleDto> incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subOneSub.getId(), subTwo.getId(), three.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(2, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(subTwo.getId(), three.getId(), subOne.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(3, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), subTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(1, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
    // 
    incompatibleRoles = service.resolveIncompatibleRoles(Lists.newArrayList(three.getId(), superior.getId(), superiorTwo.getId())).stream().map(ResolvedIncompatibleRoleDto::getIncompatibleRole).collect(Collectors.toSet());
    Assert.assertEquals(3, incompatibleRoles.size());
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOneSubSub.getId()) && ir.getSub().equals(threeSubSub.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subOne.getId()) && ir.getSub().equals(subTwo.getId());
    }));
    Assert.assertTrue(incompatibleRoles.stream().anyMatch(ir -> {
        return ir.getSuperior().equals(subTwo.getId()) && ir.getSub().equals(threeSub.getId());
    }));
}