Example 1 with IdmRoleCatalogueRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueByDn.
@Test
public /**
* Test create role catalog by DN:
* "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
* "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
*/
void testSyncRolesCatalogueByDn() {
AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
SysSystemDto userSystem = helper.createTestResourceSystem(true);
List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
Assert.assertNotNull(userSystemMappings);
Assert.assertEquals(1, userSystemMappings.size());
SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
// Switch to the sync.
userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
userMappingDto = systemMappingService.save(userMappingDto);
List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
Assert.assertNotNull(userEmailAttribute);
Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
UUID roleSystemId = schemaObjectClassDto.getSystem();
Assert.assertNotNull(roleSystemId);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(roleSystemId);
schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
Assert.assertNotNull(schemaAttributeDto);
SysSystemDto roleSystemDto = new SysSystemDto();
roleSystemDto.setId(roleSystemId);
List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
Assert.assertNotNull(roleSystemMappings);
Assert.assertEquals(1, roleSystemMappings.size());
SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
// Use ACC script "resolveRoleCatalogueByDn".
IdmScriptFilter scriptFilter = new IdmScriptFilter();
scriptFilter.setCode(MsAdSyncMappingRoleAutoAttributesProcessor.RESOLVE_ROLE_CATALOG_BY_DN_SCRIPT);
scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
String catalogTransformationScript = null;
IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
if (scriptDto != null) {
catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
}
Assert.assertNotNull(catalogTransformationScript);
// Create mapping attribute for get catalog.
SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
roleIdAttribute.setEntityAttribute(true);
roleIdAttribute.setUid(false);
roleIdAttribute.setSystemMapping(roleMappingDto.getId());
roleIdAttribute.setExtendedAttribute(false);
roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
roleIdAttribute.setName(helper.createName());
roleIdAttribute = attributeMappingService.save(roleIdAttribute);
IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue();
// Enable assign of role catalogue.
roleConfigDto.setAssignCatalogueSwitch(true);
roleConfigDto.setRemoveCatalogueRoleSwitch(false);
roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
syncConfigCustom = syncConfigService.save(roleConfigDto);
// Init data - roles with DN.
getBean().initDataRolesWithDn();
// Start sync
helper.startSynchronization(syncConfigCustom);
//
SysSyncLogFilter logFilter = new SysSyncLogFilter();
logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
Assert.assertEquals(1, logs.size());
SysSyncLogDto log = logs.get(0);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
// "CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// "CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv"
// Check catalog structure:
IdmRoleCatalogueDto wizardGroups = roleCatalogueService.getByCode("WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(wizardGroups);
IdmRoleCatalogueDto one = roleCatalogueService.getByCode("one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one);
Assert.assertEquals(wizardGroups.getId(), one.getParent());
IdmRoleCatalogueDto two = roleCatalogueService.getByCode("two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(two);
Assert.assertEquals(one.getId(), two.getParent());
IdmRoleCatalogueDto one2 = roleCatalogueService.getByCode("one/two/one/WizardGroups/" + mainRoleCatalogue.getCode());
Assert.assertNotNull(one2);
Assert.assertEquals(two.getId(), one2.getParent());
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(wizardGroups.getId());
List<IdmRoleCatalogueRoleDto> roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(2, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup04,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup05,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup03,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(two.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup02,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
roleCatalogueRoleFilter.setRoleCatalogueId(one2.getId());
roleCatalogRoles = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
Assert.assertEquals(1, roleCatalogRoles.size());
Assert.assertTrue(roleCatalogRoles.stream().map(roleCatalogRole -> (IdmRoleDto) roleCatalogRole.getEmbedded().get(IdmRoleCatalogueRole_.role.getName())).anyMatch(role -> role.getCode().equals("CN=WizardGroup01,OU=one,OU=two,OU=one,OU=WizardGroups,DC=kyblicek,DC=piskoviste,DC=bcv")));
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setSystemId(roleSystemId);
List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
Assert.assertEquals(5, roleAccountDtos.size());
roleAccountDtos.forEach(roleAccountDto -> {
UUID roleId = roleAccountDto.getRole();
IdmRoleCatalogueRoleFilter roleCatalogueFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueFilter.setRoleId(roleId);
List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueFilter, null).getContent();
Assert.assertEquals(1, roleCatalogueRoleDtos.size());
});
cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Also used :
OperationResultType(eu.bcvsolutions.idm.acc.domain.OperationResultType)
IdmScriptCategory(eu.bcvsolutions.idm.core.api.domain.IdmScriptCategory)
RoleType(eu.bcvsolutions.idm.core.api.domain.RoleType)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSyncConfig_(eu.bcvsolutions.idm.acc.entity.SysSyncConfig_)
ZonedDateTime(java.time.ZonedDateTime)
PluginRegistry(org.springframework.plugin.core.PluginRegistry)
Autowired(org.springframework.beans.factory.annotation.Autowired)
AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
SynchronizationMissingEntityActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationMissingEntityActionType)
MsAdSyncMappingRoleAutoAttributesProcessor(eu.bcvsolutions.idm.acc.event.processor.MsAdSyncMappingRoleAutoAttributesProcessor)
Map(java.util.Map)
After(org.junit.After)
SysSyncConfigService(eu.bcvsolutions.idm.acc.service.api.SysSyncConfigService)
SynchronizationUnlinkedActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationUnlinkedActionType)
SysSyncLogService(eu.bcvsolutions.idm.acc.service.api.SysSyncLogService)
AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)
AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)
IdmScriptFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmScriptFilter)
SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
UUID(java.util.UUID)
Page(org.springframework.data.domain.Page)
ReconciliationMissingAccountActionType(eu.bcvsolutions.idm.acc.domain.ReconciliationMissingAccountActionType)
Sets(com.google.common.collect.Sets)
SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto)
IdmRoleCatalogueService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueService)
EventConfiguration(eu.bcvsolutions.idm.core.api.config.domain.EventConfiguration)
List(java.util.List)
Query(javax.persistence.Query)
SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService)
TestResource(eu.bcvsolutions.idm.acc.entity.TestResource)
RoleDeleteBulkAction(eu.bcvsolutions.idm.core.bulk.action.impl.role.RoleDeleteBulkAction)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
SysSystemMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemMapping_)
OrderAwarePluginRegistry(org.springframework.plugin.core.OrderAwarePluginRegistry)
IdmScriptService(eu.bcvsolutions.idm.core.api.service.IdmScriptService)
AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)
HashMap(java.util.HashMap)
IdmRoleCatalogueRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole_)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService)
SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
SynchronizationLinkedActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationLinkedActionType)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
Before(org.junit.Before)
SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
RoleProcessor(eu.bcvsolutions.idm.core.api.event.processor.RoleProcessor)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
IdmRoleCatalogueRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueRoleService)
Test(org.junit.Test)
EntityManager(javax.persistence.EntityManager)
AccRoleAccountService(eu.bcvsolutions.idm.acc.service.api.AccRoleAccountService)
ApplicationContext(org.springframework.context.ApplicationContext)
IdmScriptDto(eu.bcvsolutions.idm.core.api.dto.IdmScriptDto)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
AbstractScriptEvaluator(eu.bcvsolutions.idm.core.script.evaluator.AbstractScriptEvaluator)
SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
TestRoleResource(eu.bcvsolutions.idm.acc.entity.TestRoleResource)
SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)
TestHelper(eu.bcvsolutions.idm.acc.TestHelper)
Assert(org.junit.Assert)
SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService)
Transactional(org.springframework.transaction.annotation.Transactional)
IdmScriptFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmScriptFilter)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)
SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)
SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)
UUID(java.util.UUID)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)
IdmScriptDto(eu.bcvsolutions.idm.core.api.dto.IdmScriptDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)
Test(org.junit.Test)
Example 2 with IdmRoleCatalogueRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleExportBulkAction method exportRoleCatalogs.
/**
* Export role-catalogs for given role.
*
* @param role
*/
private void exportRoleCatalogs(IdmRoleDto role) {
IdmRoleCatalogueRoleFilter filter = new IdmRoleCatalogueRoleFilter();
filter.setRoleId(role.getId());
List<IdmRoleCatalogueRoleDto> dtos = roleCatalogueRoleService.find(filter, null).getContent();
if (dtos.isEmpty()) {
roleCatalogueRoleService.export(ExportManager.BLANK_UUID, this.getBatch());
}
dtos.forEach(dto -> {
roleCatalogueRoleService.export(dto.getId(), this.getBatch());
});
// Set parent field -> set authoritative mode.
this.getExportManager().setAuthoritativeMode(IdmRoleCatalogueRole_.role.getName(), "roleId", IdmRoleCatalogueRoleDto.class, this.getBatch());
List<ExportDescriptorDto> exportOrder = getBatch().getExportOrder();
// Order can be wrong now! Catalog descriptor must be first (then role-catalogue-role)!
ExportDescriptorDto roleCatalogDescriptor = this.getExportManager().getDescriptor(getBatch(), IdmRoleCatalogueRoleDto.class);
ExportDescriptorDto catalogDescriptor = this.getExportManager().getDescriptor(getBatch(), IdmRoleCatalogueDto.class);
if (roleCatalogDescriptor != null && catalogDescriptor != null) {
int roleCatalogueIndex = exportOrder.indexOf(roleCatalogDescriptor);
int catalogueIndex = exportOrder.indexOf(catalogDescriptor);
if (roleCatalogueIndex < catalogueIndex) {
exportOrder.set(catalogueIndex, roleCatalogDescriptor);
exportOrder.set(roleCatalogueIndex, catalogDescriptor);
}
}
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
ExportDescriptorDto(eu.bcvsolutions.idm.core.api.dto.ExportDescriptorDto)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
Example 3 with IdmRoleCatalogueRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method checkCatalogChange.
/**
* Check if role catalog is different then value form transformation.
*/
private void checkCatalogChange(IdmRoleDto dto, SynchronizationContext context, String attributeProperty, Object transformedValue) {
if (!context.isEntityDifferent() && dto.getId() != null && getConfig(context).isAssignCatalogueSwitch()) {
// Check if catalog should be modified (differential sync).
// If exist at least one role-catalogue in transformation without ID, then a change (create) will be made.
List<IdmRoleCatalogueDto> roleCataloguesFromTransformation = getRoleCatalogueFromValue(transformedValue);
boolean existCatalogueWithoutId = roleCataloguesFromTransformation.stream().anyMatch(roleCatalogue -> roleCatalogue.getId() == null);
if (existCatalogueWithoutId) {
setDifferentChange(context, attributeProperty);
return;
}
List<UUID> roleCatalogsFromTransformationUUIDs = roleCataloguesFromTransformation.stream().map(AbstractDto::getId).collect(Collectors.toList());
List<UUID> currentUseRoleCatalogueRoleIds = Lists.newArrayListWithExpectedSize(10);
for (UUID roleCatalogueId : roleCatalogsFromTransformationUUIDs) {
Assert.notNull(roleCatalogueId, "Role catalogue ID cannot be null here!");
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(roleCatalogueId);
roleCatalogueRoleFilter.setRoleId(dto.getId());
IdmRoleCatalogueRoleDto roleCatalogueRoleDto = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent().stream().findFirst().orElse(null);
if (roleCatalogueRoleDto == null) {
// The role is not assigned to the catalog yet. Change will be made.
setDifferentChange(context, attributeProperty);
return;
}
currentUseRoleCatalogueRoleIds.add(roleCatalogueRoleDto.getId());
}
// If exist at least one redundant role-catalogue (and remove of redundant relations are allowed), then a change (delete) will be made.
if (getConfig(context).isRemoveCatalogueRoleSwitch()) {
List<IdmRoleCatalogueRoleDto> redundantRoleCatalogs = findRedundantRoleCatalogs(dto, currentUseRoleCatalogueRoleIds, getConfig(context));
if (redundantRoleCatalogs.size() > 0) {
setDifferentChange(context, attributeProperty);
}
}
}
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
UUID(java.util.UUID)
Example 4 with IdmRoleCatalogueRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method findRedundantRoleCatalogs.
private List<IdmRoleCatalogueRoleDto> findRedundantRoleCatalogs(IdmRoleDto roleDto, List<UUID> currentRoleCatalogueRoles, SysSyncRoleConfigDto config) {
UUID removeCatalogueRoleParentNode = config.getRemoveCatalogueRoleParentNode();
Assert.notNull(removeCatalogueRoleParentNode, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueDto removeCatalogueRoleParentNodeDto = roleCatalogueService.get(removeCatalogueRoleParentNode);
Assert.notNull(removeCatalogueRoleParentNodeDto, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueRoleFilter catalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
catalogueRoleFilter.setRoleId(roleDto.getId());
List<IdmRoleCatalogueRoleDto> cataloguesWithRole = roleCatalogueRoleService.find(catalogueRoleFilter, null).getContent().stream().filter(catalogueRole -> {
// Check if catalog is under main remove catalog.
if (catalogueRole.getRoleCatalogue().equals(removeCatalogueRoleParentNodeDto.getId())) {
// If is role connected directly to parent remove catalog, then should checked too.
return true;
}
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setParent(removeCatalogueRoleParentNodeDto.getId());
catalogueFilter.setId(catalogueRole.getRoleCatalogue());
catalogueFilter.setRecursively(true);
return roleCatalogueService.count(catalogueFilter) > 0;
}).collect(Collectors.toList());
return cataloguesWithRole.stream().filter(catalogueWithRole -> !currentRoleCatalogueRoles.contains(catalogueWithRole.getId())).collect(Collectors.toList());
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)
SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_)
IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
EntityAccountService(eu.bcvsolutions.idm.acc.service.api.EntityAccountService)
Map(java.util.Map)
IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)
IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Set(java.util.Set)
Serializable(java.io.Serializable)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
IdmRoleCatalogueService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueService)
SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode)
IdmRoleRequest_(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest_)
IdmRoleCatalogueRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole_)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
Lists(com.google.common.collect.Lists)
LookupService(eu.bcvsolutions.idm.core.api.service.LookupService)
SysSystemEntityFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemEntityFilter)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
RoleEventType(eu.bcvsolutions.idm.core.model.event.RoleEvent.RoleEventType)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
IcFilterBuilder(eu.bcvsolutions.idm.ic.filter.impl.IcFilterBuilder)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
AccRoleAccountService(eu.bcvsolutions.idm.acc.service.api.AccRoleAccountService)
IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SynchronizationEntityExecutor(eu.bcvsolutions.idm.acc.service.api.SynchronizationEntityExecutor)
ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)
OperationResultType(eu.bcvsolutions.idm.acc.domain.OperationResultType)
RoleType(eu.bcvsolutions.idm.core.api.domain.RoleType)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
SysSchemaAttribute_(eu.bcvsolutions.idm.acc.entity.SysSchemaAttribute_)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
ImmutableMap(com.google.common.collect.ImmutableMap)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
IdmRoleCatalogue_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogue_)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
List(java.util.List)
EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
RoleRequestApprovalProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.RoleRequestApprovalProcessor)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)
AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)
HashMap(java.util.HashMap)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
MessageFormat(java.text.MessageFormat)
SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto)
CorrelationFilter(eu.bcvsolutions.idm.core.api.dto.filter.CorrelationFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysSyncRoleConfig_(eu.bcvsolutions.idm.acc.entity.SysSyncRoleConfig_)
IdmRoleCatalogueRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueRoleService)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
Component(org.springframework.stereotype.Component)
RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)
ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService)
SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)
Assert(org.springframework.util.Assert)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
UUID(java.util.UUID)
Example 5 with IdmRoleCatalogueRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveRoleCatalogue.
/**
* Resolve 'Role catalogues'.
*/
private void resolveRoleCatalogue(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncItemLogDto logItem, IcConnectorObject connectorObject) {
SysSystemAttributeMappingDto roleCatalogueAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_CATALOGUE_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(roleCatalogueAttributeDto, "Attribute for resolve role catalogues cannot be null!");
if (isNew && AttributeMappingStrategyType.CREATE == roleCatalogueAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute for 'role catalogues' has strategy set to 'Set only for new entity'. Role isn't new, so resolving will be skipped for this role.");
return;
}
addToItemLog(logItem, MessageFormat.format("Resolving of 'role catalogues' is activated for this role [{0}].", roleDto.getCode()));
// Get role-catalogue values from attribute transformation.
Object roleCataloguesObj = this.getValueByMappedAttribute(roleCatalogueAttributeDto, connectorObject.getAttributes(), context);
List<IdmRoleCatalogueDto> roleCatalogueRoleDtos = getRoleCatalogueFromValue(roleCataloguesObj);
List<UUID> currentRoleCatalogueRoles = Lists.newArrayList();
roleCatalogueRoleDtos.forEach(roleCatalogueDto -> {
List<IdmRoleCatalogueDto> parents = extractCatalogStructure(roleCatalogueDto);
AtomicReference<IdmRoleCatalogueDto> parent = new AtomicReference<>();
Lists.reverse(parents).forEach(catalogueDto -> {
if (roleCatalogueService.isNew(catalogueDto)) {
IdmRoleCatalogueDto newCatalogDto = new IdmRoleCatalogueDto();
newCatalogDto.setCode(catalogueDto.getCode());
newCatalogDto.setName(catalogueDto.getName());
newCatalogDto.setExternalId(catalogueDto.getExternalId());
newCatalogDto.setParent(catalogueDto.getParent());
if (newCatalogDto.getParent() == null && parent.get() != null) {
newCatalogDto.setParent(parent.get().getId());
}
if (newCatalogDto.getName() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_CATALOGUE_NAME_IS_NULL);
}
// Make sure that the catalog with the same code and parent does not really exist.
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setCode(newCatalogDto.getCode());
catalogueFilter.setParent(newCatalogDto.getParent());
IdmRoleCatalogueDto byCode = roleCatalogueService.find(catalogueFilter, null).getContent().stream().findFirst().orElse(null);
if (byCode != null) {
parent.set(roleCatalogueService.save(byCode));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was reused (catalog with same code and parent already exist).", parent.get().getCode()));
} else {
parent.set(roleCatalogueService.save(newCatalogDto));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was created.", parent.get().getCode()));
}
} else {
parent.set(catalogueDto);
}
});
// Last parent should be leaf catalog.
IdmRoleCatalogueDto leafCatalogueDto = parent.get();
IdmRoleCatalogueRoleDto roleCatalogueRoleDto = null;
if (leafCatalogueDto.getId() != null) {
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(leafCatalogueDto.getId());
roleCatalogueRoleFilter.setRoleId(roleDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent().stream().findFirst().orElse(null);
}
if (roleCatalogueRoleDto == null) {
// Create new role-catalogue-role.
roleCatalogueRoleDto = new IdmRoleCatalogueRoleDto();
roleCatalogueRoleDto.setRole(roleDto.getId());
roleCatalogueRoleDto.setRoleCatalogue(leafCatalogueDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.save(roleCatalogueRoleDto);
addToItemLog(logItem, MessageFormat.format("This role was included to the catalog with code [{0}].", leafCatalogueDto.getCode()));
}
currentRoleCatalogueRoles.add(roleCatalogueRoleDto.getId());
});
SysSyncRoleConfigDto config = getConfig(context);
if (config.isRemoveCatalogueRoleSwitch()) {
resolveRedundantCatalogueRole(roleDto, logItem, currentRoleCatalogueRoles, config);
}
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
UUID(java.util.UUID)
Aggregations
IdmRoleCatalogueRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)12
IdmRoleCatalogueRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)7
UUID (java.util.UUID)7
SysSyncRoleConfigDto (eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)5
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)5
IdmRoleCatalogueDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)5
AccRoleAccountDto (eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)4
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)4
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)4
SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)4
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)4
AccRoleAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)4
AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)3
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)3
SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)3
SysSyncLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)3
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)3
EntityEvent (eu.bcvsolutions.idm.core.api.event.EntityEvent)3
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)3
IdmRoleCatalogueRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueRoleService)3
