use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.
the class GroupITCase method typeExtensions.
@Test
public void typeExtensions() {
TypeExtensionTO typeExtension = new TypeExtensionTO();
typeExtension.setAnyType(AnyTypeKind.USER.name());
typeExtension.getAuxClasses().add("csv");
GroupTO groupTO = getBasicSampleTO("typeExtensions");
groupTO.getTypeExtensions().add(typeExtension);
groupTO = createGroup(groupTO).getEntity();
assertNotNull(groupTO);
assertEquals(1, groupTO.getTypeExtensions().size());
assertEquals(1, groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().size());
assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("csv"));
typeExtension = new TypeExtensionTO();
typeExtension.setAnyType(AnyTypeKind.USER.name());
typeExtension.getAuxClasses().add("csv");
typeExtension.getAuxClasses().add("other");
GroupPatch groupPatch = new GroupPatch();
groupPatch.setKey(groupTO.getKey());
groupPatch.getTypeExtensions().add(typeExtension);
groupTO = updateGroup(groupPatch).getEntity();
assertNotNull(groupTO);
assertEquals(1, groupTO.getTypeExtensions().size());
assertEquals(2, groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().size());
assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("csv"));
assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("other"));
}
use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.
the class DynRealmITCase method delegatedAdmin.
@Test
public void delegatedAdmin() {
DynRealmTO dynRealm = null;
RoleTO role = null;
try {
// 1. create dynamic realm for all users and groups having resource-ldap assigned
dynRealm = new DynRealmTO();
dynRealm.setKey("LDAPLovers" + getUUIDString());
dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "$resources==resource-ldap");
dynRealm.getDynMembershipConds().put(AnyTypeKind.GROUP.name(), "$resources==resource-ldap");
Response response = dynRealmService.create(dynRealm);
dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
assertNotNull(dynRealm);
// 2. create role for such dynamic realm
role = new RoleTO();
role.setKey("Administer LDAP" + getUUIDString());
role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
role.getEntitlements().add(StandardEntitlement.USER_READ);
role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
role.getEntitlements().add(StandardEntitlement.GROUP_READ);
role.getEntitlements().add(StandardEntitlement.GROUP_UPDATE);
role.getDynRealms().add(dynRealm.getKey());
role = createRole(role);
assertNotNull(role);
// 3. create new user and assign the new role
UserTO dynRealmAdmin = UserITCase.getUniqueSampleTO("dynRealmAdmin@apache.org");
dynRealmAdmin.setPassword("password123");
dynRealmAdmin.getRoles().add(role.getKey());
dynRealmAdmin = createUser(dynRealmAdmin).getEntity();
assertNotNull(dynRealmAdmin);
// 4. create new user and group, assign resource-ldap
UserTO user = UserITCase.getUniqueSampleTO("dynRealmUser@apache.org");
user.setRealm("/even/two");
user.getResources().clear();
user.getResources().add(RESOURCE_NAME_LDAP);
user = createUser(user).getEntity();
assertNotNull(user);
final String userKey = user.getKey();
GroupTO group = GroupITCase.getSampleTO("dynRealmGroup");
group.setRealm("/odd");
group.getResources().clear();
group.getResources().add(RESOURCE_NAME_LDAP);
group = createGroup(group).getEntity();
assertNotNull(group);
final String groupKey = group.getKey();
if (ElasticsearchDetector.isElasticSearchEnabled(syncopeService)) {
try {
Thread.sleep(2000);
} catch (InterruptedException ex) {
// ignore
}
}
// 5. verify that the new user and group are found when searching by dynamic realm
PagedResult<UserTO> matchingUsers = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
PagedResult<GroupTO> matchingGroups = groupService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getGroupSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
assertTrue(matchingGroups.getResult().stream().anyMatch(object -> object.getKey().equals(groupKey)));
// 6. prepare to act as delegated admin
SyncopeClient delegatedClient = clientFactory.create(dynRealmAdmin.getUsername(), "password123");
UserService delegatedUserService = delegatedClient.getService(UserService.class);
GroupService delegatedGroupService = delegatedClient.getService(GroupService.class);
// 7. verify delegated administration
// USER_READ
assertNotNull(delegatedUserService.read(userKey));
// GROUP_READ
assertNotNull(delegatedGroupService.read(groupKey));
// USER_SEARCH
matchingUsers = delegatedUserService.search(new AnyQuery.Builder().realm("/").build());
assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
// USER_UPDATE
UserPatch userPatch = new UserPatch();
userPatch.setKey(userKey);
userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.DELETE).build());
// this will fail because unassigning resource-ldap would result in removing the user from the dynamic realm
try {
delegatedUserService.update(userPatch);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// this will succeed instead
userPatch.getResources().clear();
userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_NOPROPAGATION).build());
user = delegatedUserService.update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(user);
assertTrue(user.getResources().contains(RESOURCE_NAME_NOPROPAGATION));
// GROUP_UPDATE
GroupPatch groupPatch = new GroupPatch();
groupPatch.setKey(groupKey);
groupPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(attrTO("icon", "modified")).build());
group = delegatedGroupService.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
}).getEntity();
assertNotNull(group);
assertEquals("modified", group.getPlainAttr("icon").get().getValues().get(0));
} finally {
if (role != null) {
roleService.delete(role.getKey());
}
if (dynRealm != null) {
dynRealmService.delete(dynRealm.getKey());
}
}
}
use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.
the class DefaultGroupProvisioningManager method update.
@Transactional(propagation = Propagation.REQUIRES_NEW)
@Override
public Pair<GroupPatch, List<PropagationStatus>> update(final GroupPatch groupPatch, final Set<String> excludedResources, final boolean nullPriorityAsync) {
WorkflowResult<GroupPatch> updated = gwfAdapter.update(groupPatch);
List<PropagationTaskTO> tasks = propagationManager.getUpdateTasks(AnyTypeKind.GROUP, updated.getResult().getKey(), false, null, updated.getPropByRes(), groupPatch.getVirAttrs(), excludedResources);
PropagationReporter propagationReporter = taskExecutor.execute(tasks, nullPriorityAsync);
return Pair.of(updated.getResult(), propagationReporter.getStatuses());
}
use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.
the class TypeExtensionDirectoryPanel method onSubmit.
@Override
public void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
GroupPatch patch = new GroupPatch();
patch.setKey(groupTO.getKey());
patch.getTypeExtensions().addAll(groupTO.getTypeExtensions());
try {
new GroupRestClient().update(groupTO.getETagValue(), patch);
this.baseModal.show(false);
this.baseModal.close(target);
SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
} catch (Exception e) {
LOG.error("Group update failure", e);
SyncopeConsoleSession.get().error(getString(Constants.ERROR) + ": " + e.getMessage());
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.
the class GroupWizardBuilder method onApplyInternal.
@Override
protected Serializable onApplyInternal(final AnyWrapper<GroupTO> modelObject) {
GroupTO inner = modelObject instanceof GroupWrapper ? GroupWrapper.class.cast(modelObject).fillDynamicConditions() : modelObject.getInnerObject();
ProvisioningResult<GroupTO> actual;
if (inner.getKey() == null) {
actual = groupRestClient.create(inner);
} else {
GroupPatch patch = AnyOperations.diff(inner, getOriginalItem().getInnerObject(), false);
GroupTO originaObj = getOriginalItem().getInnerObject();
// SYNCOPE-1170
boolean othersNotEqualsOrBlanks = !inner.getADynMembershipConds().equals(originaObj.getADynMembershipConds()) || (StringUtils.isNotBlank(originaObj.getUDynMembershipCond()) && StringUtils.isBlank(inner.getUDynMembershipCond())) || (StringUtils.isBlank(originaObj.getUDynMembershipCond()) && StringUtils.isNotBlank(inner.getUDynMembershipCond())) || StringUtils.isAllBlank(originaObj.getUDynMembershipCond(), inner.getUDynMembershipCond()) || !inner.getUDynMembershipCond().equals(originaObj.getUDynMembershipCond()) || !CollectionUtils.diff(inner.getTypeExtensions(), originaObj.getTypeExtensions()).isEmpty();
// update just if it is changed
if (patch.isEmpty() && !othersNotEqualsOrBlanks) {
actual = new ProvisioningResult<>();
actual.setEntity(inner);
} else {
actual = groupRestClient.update(getOriginalItem().getInnerObject().getETagValue(), patch);
}
}
return actual;
}
Aggregations