use of org.apache.syncope.common.lib.patch.StringPatchItem in project syncope by apache.
the class AnyOperations method patch.
public static UserTO patch(final UserTO userTO, final UserPatch userPatch) {
UserTO result = SerializationUtils.clone(userTO);
patch(userTO, userPatch, result);
// 1. password
if (userPatch.getPassword() != null) {
result.setPassword(userPatch.getPassword().getValue());
}
// 2. username
if (userPatch.getUsername() != null) {
result.setUsername(userPatch.getUsername().getValue());
}
// 3. relationships
userPatch.getRelationships().forEach(relPatch -> {
if (relPatch.getRelationshipTO() == null) {
LOG.warn("Invalid {} specified: {}", RelationshipPatch.class.getName(), relPatch);
} else {
result.getRelationships().remove(relPatch.getRelationshipTO());
if (relPatch.getOperation() == PatchOperation.ADD_REPLACE) {
result.getRelationships().add(relPatch.getRelationshipTO());
}
}
});
// 4. memberships
userPatch.getMemberships().forEach(membPatch -> {
if (membPatch.getGroup() == null) {
LOG.warn("Invalid {} specified: {}", MembershipPatch.class.getName(), membPatch);
} else {
Optional<MembershipTO> memb = result.getMemberships().stream().filter(membership -> membPatch.getGroup().equals(membership.getGroupKey())).findFirst();
if (memb.isPresent()) {
result.getMemberships().remove(memb.get());
}
if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
MembershipTO newMembershipTO = new MembershipTO.Builder().group(membPatch.getGroup()).build();
// 3. plain attributes
newMembershipTO.getPlainAttrs().addAll(membPatch.getPlainAttrs());
// 4. virtual attributes
newMembershipTO.getVirAttrs().addAll(membPatch.getVirAttrs());
result.getMemberships().add(newMembershipTO);
}
}
});
// 5. roles
for (StringPatchItem rolePatch : userPatch.getRoles()) {
switch(rolePatch.getOperation()) {
case ADD_REPLACE:
result.getRoles().add(rolePatch.getValue());
break;
case DELETE:
default:
result.getRoles().remove(rolePatch.getValue());
}
}
return result;
}
use of org.apache.syncope.common.lib.patch.StringPatchItem in project syncope by apache.
the class AbstractAnyDataBinder method fill.
@SuppressWarnings({ "unchecked", "rawtypes" })
protected PropagationByResource fill(final Any any, final AnyPatch anyPatch, final AnyUtils anyUtils, final SyncopeClientCompositeException scce) {
PropagationByResource propByRes = new PropagationByResource();
// 1. anyTypeClasses
for (StringPatchItem patch : anyPatch.getAuxClasses()) {
AnyTypeClass auxClass = anyTypeClassDAO.find(patch.getValue());
if (auxClass == null) {
LOG.debug("Invalid " + AnyTypeClass.class.getSimpleName() + " {}, ignoring...", patch.getValue());
} else {
switch(patch.getOperation()) {
case ADD_REPLACE:
any.add(auxClass);
break;
case DELETE:
default:
any.getAuxClasses().remove(auxClass);
}
}
}
// 2. resources
for (StringPatchItem patch : anyPatch.getResources()) {
ExternalResource resource = resourceDAO.find(patch.getValue());
if (resource == null) {
LOG.debug("Invalid " + ExternalResource.class.getSimpleName() + " {}, ignoring...", patch.getValue());
} else {
switch(patch.getOperation()) {
case ADD_REPLACE:
propByRes.add(ResourceOperation.CREATE, resource.getKey());
any.add(resource);
break;
case DELETE:
default:
propByRes.add(ResourceOperation.DELETE, resource.getKey());
any.getResources().remove(resource);
}
}
}
Set<ExternalResource> resources = anyUtils.getAllResources(any);
SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
// 3. plain attributes
anyPatch.getPlainAttrs().stream().filter(patch -> patch.getAttrTO() != null).forEach(patch -> {
PlainSchema schema = getPlainSchema(patch.getAttrTO().getSchema());
if (schema == null) {
LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + " {}, ignoring...", patch.getAttrTO().getSchema());
} else {
PlainAttr<?> attr = (PlainAttr<?>) any.getPlainAttr(schema.getKey()).orElse(null);
if (attr == null) {
LOG.debug("No plain attribute found for schema {}", schema);
if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
attr = anyUtils.newPlainAttr();
((PlainAttr) attr).setOwner(any);
attr.setSchema(schema);
any.add(attr);
}
}
if (attr != null) {
processAttrPatch(any, patch, schema, attr, anyUtils, resources, propByRes, invalidValues);
}
}
});
if (!invalidValues.isEmpty()) {
scce.addException(invalidValues);
}
SyncopeClientException requiredValuesMissing = checkMandatory(any, anyUtils);
if (!requiredValuesMissing.isEmpty()) {
scce.addException(requiredValuesMissing);
}
requiredValuesMissing = checkMandatoryOnResources(any, resources);
if (!requiredValuesMissing.isEmpty()) {
scce.addException(requiredValuesMissing);
}
return propByRes;
}
use of org.apache.syncope.common.lib.patch.StringPatchItem in project syncope by apache.
the class UserDataBinderImpl method update.
@Override
public PropagationByResource update(final User toBeUpdated, final UserPatch userPatch) {
// Re-merge any pending change from workflow tasks
User user = userDAO.save(toBeUpdated);
PropagationByResource propByRes = new PropagationByResource();
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.USER);
Collection<String> currentResources = userDAO.findAllResourceKeys(user.getKey());
// fetch connObjectKeys before update
Map<String, String> oldConnObjectKeys = getConnObjectKeys(user, anyUtils);
// realm
setRealm(user, userPatch);
// password
if (userPatch.getPassword() != null && StringUtils.isNotBlank(userPatch.getPassword().getValue())) {
if (userPatch.getPassword().isOnSyncope()) {
setPassword(user, userPatch.getPassword().getValue(), scce);
user.setChangePwdDate(new Date());
}
propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
}
// username
if (userPatch.getUsername() != null && StringUtils.isNotBlank(userPatch.getUsername().getValue())) {
String oldUsername = user.getUsername();
user.setUsername(userPatch.getUsername().getValue());
if (oldUsername.equals(AuthContextUtils.getUsername())) {
AuthContextUtils.updateUsername(userPatch.getUsername().getValue());
}
AccessToken accessToken = accessTokenDAO.findByOwner(oldUsername);
if (accessToken != null) {
accessToken.setOwner(userPatch.getUsername().getValue());
accessTokenDAO.save(accessToken);
}
propByRes.addAll(ResourceOperation.UPDATE, currentResources);
}
// security question / answer:
if (userPatch.getSecurityQuestion() != null) {
if (userPatch.getSecurityQuestion().getValue() == null) {
user.setSecurityQuestion(null);
user.setSecurityAnswer(null);
} else {
SecurityQuestion securityQuestion = securityQuestionDAO.find(userPatch.getSecurityQuestion().getValue());
if (securityQuestion != null) {
user.setSecurityQuestion(securityQuestion);
user.setSecurityAnswer(userPatch.getSecurityAnswer().getValue());
}
}
}
if (userPatch.getMustChangePassword() != null) {
user.setMustChangePassword(userPatch.getMustChangePassword().getValue());
}
// roles
for (StringPatchItem patch : userPatch.getRoles()) {
Role role = roleDAO.find(patch.getValue());
if (role == null) {
LOG.warn("Ignoring unknown role with key {}", patch.getValue());
} else {
switch(patch.getOperation()) {
case ADD_REPLACE:
user.add(role);
break;
case DELETE:
default:
user.getRoles().remove(role);
}
}
}
// attributes and resources
propByRes.merge(fill(user, userPatch, anyUtils, scce));
// relationships
userPatch.getRelationships().stream().filter(patch -> patch.getRelationshipTO() != null).forEachOrdered((patch) -> {
RelationshipType relationshipType = relationshipTypeDAO.find(patch.getRelationshipTO().getType());
if (relationshipType == null) {
LOG.debug("Ignoring invalid relationship type {}", patch.getRelationshipTO().getType());
} else {
Optional<? extends URelationship> relationship = user.getRelationship(relationshipType, patch.getRelationshipTO().getOtherEndKey());
if (relationship.isPresent()) {
user.getRelationships().remove(relationship.get());
relationship.get().setLeftEnd(null);
}
if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
AnyObject otherEnd = anyObjectDAO.find(patch.getRelationshipTO().getOtherEndKey());
if (otherEnd == null) {
LOG.debug("Ignoring invalid any object {}", patch.getRelationshipTO().getOtherEndKey());
} else if (user.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
URelationship newRelationship = entityFactory.newEntity(URelationship.class);
newRelationship.setType(relationshipType);
newRelationship.setRightEnd(otherEnd);
newRelationship.setLeftEnd(user);
user.add(newRelationship);
} else {
LOG.error("{} cannot be assigned to {}", otherEnd, user);
SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
unassignable.getElements().add("Cannot be assigned: " + otherEnd);
scce.addException(unassignable);
}
}
}
});
// prepare for membership-related resource management
Collection<ExternalResource> resources = userDAO.findAllResources(user);
Map<String, Set<String>> reasons = new HashMap<>();
user.getResources().forEach(resource -> {
reasons.put(resource.getKey(), new HashSet<>(Collections.singleton(user.getKey())));
});
userDAO.findAllGroupKeys(user).forEach(group -> {
groupDAO.findAllResourceKeys(group).forEach(resource -> {
if (!reasons.containsKey(resource)) {
reasons.put(resource, new HashSet<>());
}
reasons.get(resource).add(group);
});
});
Set<String> toBeDeprovisioned = new HashSet<>();
Set<String> toBeProvisioned = new HashSet<>();
SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
// memberships
userPatch.getMemberships().stream().filter(membPatch -> membPatch.getGroup() != null).forEachOrdered((membPatch) -> {
Optional<? extends UMembership> membership = user.getMembership(membPatch.getGroup());
if (membership.isPresent()) {
user.getMemberships().remove(membership.get());
membership.get().setLeftEnd(null);
user.getPlainAttrs(membership.get()).forEach(attr -> {
user.remove(attr);
attr.setOwner(null);
attr.setMembership(null);
});
if (membPatch.getOperation() == PatchOperation.DELETE) {
groupDAO.findAllResourceKeys(membership.get().getRightEnd().getKey()).stream().filter(resource -> reasons.containsKey(resource)).forEach(resource -> {
reasons.get(resource).remove(membership.get().getRightEnd().getKey());
toBeProvisioned.add(resource);
});
}
}
if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
Group group = groupDAO.find(membPatch.getGroup());
if (group == null) {
LOG.debug("Ignoring invalid group {}", membPatch.getGroup());
} else if (user.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
UMembership newMembership = entityFactory.newEntity(UMembership.class);
newMembership.setRightEnd(group);
newMembership.setLeftEnd(user);
user.add(newMembership);
membPatch.getPlainAttrs().forEach(attrTO -> {
PlainSchema schema = getPlainSchema(attrTO.getSchema());
if (schema == null) {
LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + "{}, ignoring...", attrTO.getSchema());
} else {
UPlainAttr attr = user.getPlainAttr(schema.getKey(), newMembership).orElse(null);
if (attr == null) {
LOG.debug("No plain attribute found for {} and membership of {}", schema, newMembership.getRightEnd());
attr = anyUtils.newPlainAttr();
attr.setOwner(user);
attr.setMembership(newMembership);
attr.setSchema(schema);
user.add(attr);
AttrPatch patch = new AttrPatch.Builder().attrTO(attrTO).build();
processAttrPatch(user, patch, schema, attr, anyUtils, resources, propByRes, invalidValues);
}
}
});
if (!invalidValues.isEmpty()) {
scce.addException(invalidValues);
}
toBeProvisioned.addAll(groupDAO.findAllResourceKeys(group.getKey()));
// ensure that they are counted for password propagation
if (toBeUpdated.canDecodePassword()) {
if (userPatch.getPassword() == null) {
userPatch.setPassword(new PasswordPatch());
}
group.getResources().stream().filter(resource -> isPasswordMapped(resource)).forEachOrdered(resource -> {
userPatch.getPassword().getResources().add(resource.getKey());
});
}
} else {
LOG.error("{} cannot be assigned to {}", group, user);
SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
unassignabled.getElements().add("Cannot be assigned: " + group);
scce.addException(unassignabled);
}
}
});
// finalize resource management
reasons.entrySet().stream().filter(entry -> entry.getValue().isEmpty()).forEach(entry -> toBeDeprovisioned.add(entry.getKey()));
propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);
// attribute values.
if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
currentResources.removeAll(toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, currentResources);
}
// check if some connObjectKey was changed by the update above
Map<String, String> newcCnnObjectKeys = getConnObjectKeys(user, anyUtils);
oldConnObjectKeys.entrySet().stream().filter(entry -> newcCnnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newcCnnObjectKeys.get(entry.getKey()))).forEach(entry -> {
propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
propByRes.add(ResourceOperation.UPDATE, entry.getKey());
});
Pair<Set<String>, Set<String>> dynGroupMembs = userDAO.saveAndGetDynGroupMembs(user);
// finally check if any resource assignment is to be processed due to dynamic group membership change
dynGroupMembs.getLeft().stream().filter(group -> !dynGroupMembs.getRight().contains(group)).forEach(delete -> {
groupDAO.find(delete).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.DELETE, resource.getKey());
});
});
dynGroupMembs.getLeft().stream().filter(group -> dynGroupMembs.getRight().contains(group)).forEach(update -> {
groupDAO.find(update).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.UPDATE, resource.getKey());
});
});
dynGroupMembs.getRight().stream().filter(group -> !dynGroupMembs.getLeft().contains(group)).forEach(create -> {
groupDAO.find(create).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.CREATE, resource.getKey());
});
});
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
return propByRes;
}
use of org.apache.syncope.common.lib.patch.StringPatchItem in project syncope by apache.
the class AnyOperations method patch.
private static <T extends AnyTO, K extends AnyPatch> void patch(final T to, final K patch, final T result) {
// check same key
if (to.getKey() == null || !to.getKey().equals(patch.getKey())) {
throw new IllegalArgumentException(to.getClass().getSimpleName() + " and " + patch.getClass().getSimpleName() + " keys must be the same");
}
// 0. realm
if (patch.getRealm() != null) {
result.setRealm(patch.getRealm().getValue());
}
// 1. auxiliary classes
for (StringPatchItem auxClassPatch : patch.getAuxClasses()) {
switch(auxClassPatch.getOperation()) {
case ADD_REPLACE:
result.getAuxClasses().add(auxClassPatch.getValue());
break;
case DELETE:
default:
result.getAuxClasses().remove(auxClassPatch.getValue());
}
}
// 2. plain attributes
result.getPlainAttrs().clear();
result.getPlainAttrs().addAll(patch(EntityTOUtils.buildAttrMap(to.getPlainAttrs()), patch.getPlainAttrs()));
// 3. virtual attributes
result.getVirAttrs().clear();
result.getVirAttrs().addAll(patch.getVirAttrs());
// 4. resources
for (StringPatchItem resourcePatch : patch.getResources()) {
switch(resourcePatch.getOperation()) {
case ADD_REPLACE:
result.getResources().add(resourcePatch.getValue());
break;
case DELETE:
default:
result.getResources().remove(resourcePatch.getValue());
}
}
}
Aggregations