Search in sources :

Example 26 with GroupPatch

use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.

the class GroupITCase method typeExtensions.

@Test
public void typeExtensions() {
    TypeExtensionTO typeExtension = new TypeExtensionTO();
    typeExtension.setAnyType(AnyTypeKind.USER.name());
    typeExtension.getAuxClasses().add("csv");
    GroupTO groupTO = getBasicSampleTO("typeExtensions");
    groupTO.getTypeExtensions().add(typeExtension);
    groupTO = createGroup(groupTO).getEntity();
    assertNotNull(groupTO);
    assertEquals(1, groupTO.getTypeExtensions().size());
    assertEquals(1, groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().size());
    assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("csv"));
    typeExtension = new TypeExtensionTO();
    typeExtension.setAnyType(AnyTypeKind.USER.name());
    typeExtension.getAuxClasses().add("csv");
    typeExtension.getAuxClasses().add("other");
    GroupPatch groupPatch = new GroupPatch();
    groupPatch.setKey(groupTO.getKey());
    groupPatch.getTypeExtensions().add(typeExtension);
    groupTO = updateGroup(groupPatch).getEntity();
    assertNotNull(groupTO);
    assertEquals(1, groupTO.getTypeExtensions().size());
    assertEquals(2, groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().size());
    assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("csv"));
    assertTrue(groupTO.getTypeExtension(AnyTypeKind.USER.name()).get().getAuxClasses().contains("other"));
}
Also used : TypeExtensionTO(org.apache.syncope.common.lib.to.TypeExtensionTO) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Test(org.junit.jupiter.api.Test)

Example 27 with GroupPatch

use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.

the class DynRealmITCase method delegatedAdmin.

@Test
public void delegatedAdmin() {
    DynRealmTO dynRealm = null;
    RoleTO role = null;
    try {
        // 1. create dynamic realm for all users and groups having resource-ldap assigned
        dynRealm = new DynRealmTO();
        dynRealm.setKey("LDAPLovers" + getUUIDString());
        dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "$resources==resource-ldap");
        dynRealm.getDynMembershipConds().put(AnyTypeKind.GROUP.name(), "$resources==resource-ldap");
        Response response = dynRealmService.create(dynRealm);
        dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
        assertNotNull(dynRealm);
        // 2. create role for such dynamic realm
        role = new RoleTO();
        role.setKey("Administer LDAP" + getUUIDString());
        role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
        role.getEntitlements().add(StandardEntitlement.USER_READ);
        role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
        role.getEntitlements().add(StandardEntitlement.GROUP_READ);
        role.getEntitlements().add(StandardEntitlement.GROUP_UPDATE);
        role.getDynRealms().add(dynRealm.getKey());
        role = createRole(role);
        assertNotNull(role);
        // 3. create new user and assign the new role
        UserTO dynRealmAdmin = UserITCase.getUniqueSampleTO("dynRealmAdmin@apache.org");
        dynRealmAdmin.setPassword("password123");
        dynRealmAdmin.getRoles().add(role.getKey());
        dynRealmAdmin = createUser(dynRealmAdmin).getEntity();
        assertNotNull(dynRealmAdmin);
        // 4. create new user and group, assign resource-ldap
        UserTO user = UserITCase.getUniqueSampleTO("dynRealmUser@apache.org");
        user.setRealm("/even/two");
        user.getResources().clear();
        user.getResources().add(RESOURCE_NAME_LDAP);
        user = createUser(user).getEntity();
        assertNotNull(user);
        final String userKey = user.getKey();
        GroupTO group = GroupITCase.getSampleTO("dynRealmGroup");
        group.setRealm("/odd");
        group.getResources().clear();
        group.getResources().add(RESOURCE_NAME_LDAP);
        group = createGroup(group).getEntity();
        assertNotNull(group);
        final String groupKey = group.getKey();
        if (ElasticsearchDetector.isElasticSearchEnabled(syncopeService)) {
            try {
                Thread.sleep(2000);
            } catch (InterruptedException ex) {
            // ignore
            }
        }
        // 5. verify that the new user and group are found when searching by dynamic realm
        PagedResult<UserTO> matchingUsers = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        PagedResult<GroupTO> matchingGroups = groupService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getGroupSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingGroups.getResult().stream().anyMatch(object -> object.getKey().equals(groupKey)));
        // 6. prepare to act as delegated admin
        SyncopeClient delegatedClient = clientFactory.create(dynRealmAdmin.getUsername(), "password123");
        UserService delegatedUserService = delegatedClient.getService(UserService.class);
        GroupService delegatedGroupService = delegatedClient.getService(GroupService.class);
        // 7. verify delegated administration
        // USER_READ
        assertNotNull(delegatedUserService.read(userKey));
        // GROUP_READ
        assertNotNull(delegatedGroupService.read(groupKey));
        // USER_SEARCH
        matchingUsers = delegatedUserService.search(new AnyQuery.Builder().realm("/").build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        // USER_UPDATE
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(userKey);
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.DELETE).build());
        // this will fail because unassigning resource-ldap would result in removing the user from the dynamic realm
        try {
            delegatedUserService.update(userPatch);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // this will succeed instead
        userPatch.getResources().clear();
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_NOPROPAGATION).build());
        user = delegatedUserService.update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertNotNull(user);
        assertTrue(user.getResources().contains(RESOURCE_NAME_NOPROPAGATION));
        // GROUP_UPDATE
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(groupKey);
        groupPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(attrTO("icon", "modified")).build());
        group = delegatedGroupService.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
        }).getEntity();
        assertNotNull(group);
        assertEquals("modified", group.getPlainAttr("icon").get().getValues().get(0));
    } finally {
        if (role != null) {
            roleService.delete(role.getKey());
        }
        if (dynRealm != null) {
            dynRealmService.delete(dynRealm.getKey());
        }
    }
}
Also used : Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement) DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ElasticsearchDetector(org.apache.syncope.fit.ElasticsearchDetector) UserService(org.apache.syncope.common.rest.api.service.UserService) GroupService(org.apache.syncope.common.rest.api.service.GroupService) Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) RoleTO(org.apache.syncope.common.lib.to.RoleTO) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) PagedResult(org.apache.syncope.common.lib.to.PagedResult) GroupTO(org.apache.syncope.common.lib.to.GroupTO) GenericType(javax.ws.rs.core.GenericType) Test(org.junit.jupiter.api.Test) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) Response(javax.ws.rs.core.Response) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService) DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) UserService(org.apache.syncope.common.rest.api.service.UserService) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RoleTO(org.apache.syncope.common.lib.to.RoleTO) GroupService(org.apache.syncope.common.rest.api.service.GroupService) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Response(javax.ws.rs.core.Response) UserTO(org.apache.syncope.common.lib.to.UserTO) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) Test(org.junit.jupiter.api.Test)

Example 28 with GroupPatch

use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.

the class DefaultGroupProvisioningManager method update.

@Transactional(propagation = Propagation.REQUIRES_NEW)
@Override
public Pair<GroupPatch, List<PropagationStatus>> update(final GroupPatch groupPatch, final Set<String> excludedResources, final boolean nullPriorityAsync) {
    WorkflowResult<GroupPatch> updated = gwfAdapter.update(groupPatch);
    List<PropagationTaskTO> tasks = propagationManager.getUpdateTasks(AnyTypeKind.GROUP, updated.getResult().getKey(), false, null, updated.getPropByRes(), groupPatch.getVirAttrs(), excludedResources);
    PropagationReporter propagationReporter = taskExecutor.execute(tasks, nullPriorityAsync);
    return Pair.of(updated.getResult(), propagationReporter.getStatuses());
}
Also used : PropagationTaskTO(org.apache.syncope.common.lib.to.PropagationTaskTO) PropagationReporter(org.apache.syncope.core.provisioning.api.propagation.PropagationReporter) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) Transactional(org.springframework.transaction.annotation.Transactional)

Example 29 with GroupPatch

use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.

the class TypeExtensionDirectoryPanel method onSubmit.

@Override
public void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
    GroupPatch patch = new GroupPatch();
    patch.setKey(groupTO.getKey());
    patch.getTypeExtensions().addAll(groupTO.getTypeExtensions());
    try {
        new GroupRestClient().update(groupTO.getETagValue(), patch);
        this.baseModal.show(false);
        this.baseModal.close(target);
        SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
    } catch (Exception e) {
        LOG.error("Group update failure", e);
        SyncopeConsoleSession.get().error(getString(Constants.ERROR) + ": " + e.getMessage());
    }
    ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
Also used : GroupRestClient(org.apache.syncope.client.console.rest.GroupRestClient) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch)

Example 30 with GroupPatch

use of org.apache.syncope.common.lib.patch.GroupPatch in project syncope by apache.

the class GroupWizardBuilder method onApplyInternal.

@Override
protected Serializable onApplyInternal(final AnyWrapper<GroupTO> modelObject) {
    GroupTO inner = modelObject instanceof GroupWrapper ? GroupWrapper.class.cast(modelObject).fillDynamicConditions() : modelObject.getInnerObject();
    ProvisioningResult<GroupTO> actual;
    if (inner.getKey() == null) {
        actual = groupRestClient.create(inner);
    } else {
        GroupPatch patch = AnyOperations.diff(inner, getOriginalItem().getInnerObject(), false);
        GroupTO originaObj = getOriginalItem().getInnerObject();
        // SYNCOPE-1170
        boolean othersNotEqualsOrBlanks = !inner.getADynMembershipConds().equals(originaObj.getADynMembershipConds()) || (StringUtils.isNotBlank(originaObj.getUDynMembershipCond()) && StringUtils.isBlank(inner.getUDynMembershipCond())) || (StringUtils.isBlank(originaObj.getUDynMembershipCond()) && StringUtils.isNotBlank(inner.getUDynMembershipCond())) || StringUtils.isAllBlank(originaObj.getUDynMembershipCond(), inner.getUDynMembershipCond()) || !inner.getUDynMembershipCond().equals(originaObj.getUDynMembershipCond()) || !CollectionUtils.diff(inner.getTypeExtensions(), originaObj.getTypeExtensions()).isEmpty();
        // update just if it is changed
        if (patch.isEmpty() && !othersNotEqualsOrBlanks) {
            actual = new ProvisioningResult<>();
            actual.setEntity(inner);
        } else {
            actual = groupRestClient.update(getOriginalItem().getInnerObject().getETagValue(), patch);
        }
    }
    return actual;
}
Also used : GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO)

Aggregations

GroupPatch (org.apache.syncope.common.lib.patch.GroupPatch)33 GroupTO (org.apache.syncope.common.lib.to.GroupTO)23 Test (org.junit.jupiter.api.Test)15 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)7 StringReplacePatchItem (org.apache.syncope.common.lib.patch.StringReplacePatchItem)7 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)6 List (java.util.List)5 AttrPatch (org.apache.syncope.common.lib.patch.AttrPatch)5 ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)5 GroupService (org.apache.syncope.common.rest.api.service.GroupService)5 ForbiddenException (javax.ws.rs.ForbiddenException)4 Response (javax.ws.rs.core.Response)4 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)4 StringPatchItem (org.apache.syncope.common.lib.patch.StringPatchItem)4 AnyTypeClassTO (org.apache.syncope.common.lib.to.AnyTypeClassTO)4 AttrTO (org.apache.syncope.common.lib.to.AttrTO)4 AccessControlException (java.security.AccessControlException)3 Collections (java.util.Collections)3 Map (java.util.Map)3 NamingException (javax.naming.NamingException)3