Search in sources :

Example 41 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class GroupLogic method link.

@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')")
@Override
public GroupTO link(final String key, final Collection<String> resources) {
    // security checks
    GroupTO group = binder.getGroupTO(key);
    Set<String> effectiveRealms = RealmUtils.getEffective(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm());
    securityChecks(effectiveRealms, group.getRealm(), group.getKey());
    GroupPatch patch = new GroupPatch();
    patch.setKey(key);
    patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()).collect(Collectors.toList()));
    patch.getADynMembershipConds().putAll(group.getADynMembershipConds());
    patch.setUDynMembershipCond(group.getUDynMembershipCond());
    return binder.getGroupTO(provisioningManager.link(patch));
}
Also used : GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 42 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class MigrationPullActions method after.

@Transactional
@Override
public void after(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final EntityTO entity, final ProvisioningReport result) throws JobExecutionException {
    if (entity instanceof UserTO) {
        // handles ciphered password import
        CipherAlgorithm cipherAlgorithm = null;
        Attribute cipherAlgorithmAttr = delta.getObject().getAttributeByName(CIPHER_ALGORITHM_ATTR);
        if (cipherAlgorithmAttr != null && cipherAlgorithmAttr.getValue() != null && !cipherAlgorithmAttr.getValue().isEmpty()) {
            cipherAlgorithm = CipherAlgorithm.valueOf(cipherAlgorithmAttr.getValue().get(0).toString());
        }
        GuardedString passwordValue = AttributeUtil.getPasswordValue(delta.getObject().getAttributes());
        if (cipherAlgorithm != null && passwordValue != null) {
            User user = userDAO.find(entity.getKey());
            LOG.debug("Setting encoded password for {}", user);
            user.setEncodedPassword(SecurityUtil.decrypt(passwordValue), cipherAlgorithm);
        }
    } else if (entity instanceof GroupTO) {
        // handles group membership
        Attribute membershipsAttr = delta.getObject().getAttributeByName(MEMBERSHIPS_ATTR);
        if (membershipsAttr != null && membershipsAttr.getValue() != null && !membershipsAttr.getValue().isEmpty()) {
            LOG.debug("Found {} for group {}", MEMBERSHIPS_ATTR, entity.getKey());
            for (Object membership : membershipsAttr.getValue()) {
                User member = userDAO.findByUsername(membership.toString());
                if (member == null) {
                    LOG.warn("Could not find member {} for group {}", membership, entity.getKey());
                } else {
                    Set<String> memb = memberships.get(member.getKey());
                    if (memb == null) {
                        memb = new HashSet<>();
                        memberships.put(member.getKey(), memb);
                    }
                    memb.add(entity.getKey());
                }
            }
        }
    } else {
        super.after(profile, delta, entity, result);
    }
}
Also used : CipherAlgorithm(org.apache.syncope.common.lib.types.CipherAlgorithm) User(org.apache.syncope.core.persistence.api.entity.user.User) HashSet(java.util.HashSet) Set(java.util.Set) Attribute(org.identityconnectors.framework.common.objects.Attribute) UserTO(org.apache.syncope.common.lib.to.UserTO) GuardedString(org.identityconnectors.common.security.GuardedString) GroupTO(org.apache.syncope.common.lib.to.GroupTO) HashSet(java.util.HashSet) Transactional(org.springframework.transaction.annotation.Transactional)

Example 43 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class GroupDirectoryPanel method getActions.

@Override
public ActionsPanel<GroupTO> getActions(final IModel<GroupTO> model) {
    final ActionsPanel<GroupTO> panel = super.getActions(model);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            send(GroupDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.EditItemActionEvent<>(new GroupWrapper(restClient.read(model.getObject().getKey())), target));
        }
    }, ActionType.EDIT, StringUtils.join(new String[] { StandardEntitlement.GROUP_READ, StandardEntitlement.GROUP_UPDATE }, ",")).setRealm(realm);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = 6242834621660352855L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            GroupTO clone = SerializationUtils.clone(model.getObject());
            clone.setKey(null);
            send(GroupDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.NewItemActionEvent<>(new GroupWrapper(clone), target));
        }

        @Override
        protected boolean statusCondition(final GroupTO modelObject) {
            return realm.startsWith(SyncopeConstants.ROOT_REALM);
        }
    }, ActionType.CLONE, StandardEntitlement.GROUP_CREATE).setRealm(realm);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = 6242834621660352855L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            target.add(typeExtensionsModal.setContent(new TypeExtensionDirectoryPanel(typeExtensionsModal, model.getObject(), pageRef)));
            typeExtensionsModal.header(new StringResourceModel("typeExtensions", model));
            typeExtensionsModal.show(true);
        }
    }, ActionType.TYPE_EXTENSIONS, StandardEntitlement.GROUP_UPDATE).setRealm(realm);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770645L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            templates.setTargetObject(model.getObject());
            templates.toggle(target, true);
        }

        @Override
        public boolean isIndicatorEnabled() {
            return false;
        }
    }, ActionType.MEMBERS, StandardEntitlement.GROUP_UPDATE).setRealm(realm);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            try {
                restClient.bulkMembersAction(model.getObject().getKey(), BulkMembersActionType.PROVISION);
                SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                target.add(container);
            } catch (SyncopeClientException e) {
                LOG.error("While provisioning members of group {}", model.getObject().getKey(), e);
                SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
            }
            ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
        }
    }, ActionType.PROVISION_MEMBERS, String.format("%s,%s", StandardEntitlement.TASK_CREATE, StandardEntitlement.TASK_EXECUTE));
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            try {
                restClient.bulkMembersAction(model.getObject().getKey(), BulkMembersActionType.DEPROVISION);
                SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                target.add(container);
            } catch (SyncopeClientException e) {
                LOG.error("While provisioning members of group {}", model.getObject().getKey(), e);
                SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
            }
            ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
        }
    }, ActionType.DEPROVISION_MEMBERS, String.format("%s,%s", StandardEntitlement.TASK_CREATE, StandardEntitlement.TASK_EXECUTE));
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770645L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            IModel<AnyWrapper<GroupTO>> formModel = new CompoundPropertyModel<>(new AnyWrapper<>(model.getObject()));
            altDefaultModal.setFormModel(formModel);
            target.add(altDefaultModal.setContent(new AnyStatusModal<>(altDefaultModal, pageRef, formModel.getObject().getInnerObject(), "resource", false)));
            altDefaultModal.header(new Model<>(getString("any.edit", new Model<>(new AnyWrapper<>(model.getObject())))));
            altDefaultModal.show(true);
        }
    }, ActionType.MANAGE_RESOURCES, StandardEntitlement.GROUP_READ).setRealm(realm);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            target.add(utilityModal.setContent(new AnyPropagationTasks(utilityModal, AnyTypeKind.GROUP, model.getObject().getKey(), pageRef)));
            utilityModal.header(new StringResourceModel("any.propagation.tasks", model));
            utilityModal.show(true);
        }
    }, ActionType.PROPAGATION_TASKS, StandardEntitlement.TASK_LIST);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            target.add(utilityModal.setContent(new NotificationTasks(AnyTypeKind.GROUP, model.getObject().getKey(), pageRef)));
            utilityModal.header(new StringResourceModel("any.notification.tasks", model));
            utilityModal.show(true);
        }
    }, ActionType.NOTIFICATION_TASKS, StandardEntitlement.TASK_LIST);
    panel.add(new ActionLink<GroupTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final GroupTO ignore) {
            try {
                restClient.delete(model.getObject().getETagValue(), model.getObject().getKey());
                SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                target.add(container);
            } catch (SyncopeClientException e) {
                LOG.error("While deleting object {}", model.getObject().getKey(), e);
                SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
            }
            ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
        }

        @Override
        protected boolean statusCondition(final GroupTO modelObject) {
            return realm.startsWith(SyncopeConstants.ROOT_REALM);
        }
    }, ActionType.DELETE, StandardEntitlement.GROUP_DELETE, true).setRealm(realm);
    return panel;
}
Also used : CompoundPropertyModel(org.apache.wicket.model.CompoundPropertyModel) AjaxWizard(org.apache.syncope.client.console.wizards.AjaxWizard) GroupWrapper(org.apache.syncope.client.console.wizards.any.GroupWrapper) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AnyWrapper(org.apache.syncope.client.console.wizards.any.AnyWrapper) NotificationTasks(org.apache.syncope.client.console.notifications.NotificationTasks) GroupTO(org.apache.syncope.common.lib.to.GroupTO) AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget) AnyStatusModal(org.apache.syncope.client.console.status.AnyStatusModal) AnyPropagationTasks(org.apache.syncope.client.console.tasks.AnyPropagationTasks) BasePage(org.apache.syncope.client.console.pages.BasePage) StringResourceModel(org.apache.wicket.model.StringResourceModel) ActionLink(org.apache.syncope.client.console.wicket.markup.html.form.ActionLink)

Example 44 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class AbstractService method doSearch.

@SuppressWarnings("unchecked")
protected ListResponse<R> doSearch(final Resource type, final SCIMSearchRequest request) {
    if (type == null) {
        throw new UnsupportedOperationException();
    }
    if (request.getCount() > confManager().get().getFilterMaxResults()) {
        throw new BadRequestException(ErrorType.tooMany, "Too many results requested");
    }
    SearchCondVisitor visitor = new SearchCondVisitor(type, confManager().get());
    int startIndex = request.getStartIndex() <= 1 ? 1 : (request.getStartIndex() / AnyDAO.DEFAULT_PAGE_SIZE) + 1;
    int itemsPerPage = request.getCount() <= 1 ? AnyDAO.DEFAULT_PAGE_SIZE : request.getCount();
    List<OrderByClause> sort;
    if (request.getSortBy() == null) {
        sort = Collections.<OrderByClause>emptyList();
    } else {
        OrderByClause clause = new OrderByClause();
        clause.setField(visitor.createAttributeCond(request.getSortBy()).getSchema());
        clause.setDirection(request.getSortOrder() == null || request.getSortOrder() == SortOrder.ascending ? OrderByClause.Direction.ASC : OrderByClause.Direction.DESC);
        sort = Collections.singletonList(clause);
    }
    Pair<Integer, ? extends List<? extends AnyTO>> result = anyLogic(type).search(StringUtils.isBlank(request.getFilter()) ? null : SearchCondConverter.convert(visitor, request.getFilter()), startIndex, itemsPerPage, sort, SyncopeConstants.ROOT_REALM, false);
    if (result.getLeft() > confManager().get().getFilterMaxResults()) {
        throw new BadRequestException(ErrorType.tooMany, "Too many results found");
    }
    ListResponse<R> response = new ListResponse<>(result.getLeft(), startIndex == 1 ? 1 : startIndex - 1, itemsPerPage);
    result.getRight().forEach(anyTO -> {
        SCIMResource resource = null;
        if (anyTO instanceof UserTO) {
            resource = binder().toSCIMUser((UserTO) anyTO, uriInfo.getAbsolutePathBuilder().path(anyTO.getKey()).build().toASCIIString(), request.getAttributes(), request.getExcludedAttributes());
        } else if (anyTO instanceof GroupTO) {
            resource = binder().toSCIMGroup((GroupTO) anyTO, uriInfo.getAbsolutePathBuilder().path(anyTO.getKey()).build().toASCIIString(), request.getAttributes(), request.getExcludedAttributes());
        }
        if (resource != null) {
            response.getResources().add((R) resource);
        }
    });
    return response;
}
Also used : SCIMResource(org.apache.syncope.ext.scimv2.api.data.SCIMResource) ListResponse(org.apache.syncope.ext.scimv2.api.data.ListResponse) GroupTO(org.apache.syncope.common.lib.to.GroupTO) OrderByClause(org.apache.syncope.core.persistence.api.dao.search.OrderByClause) UserTO(org.apache.syncope.common.lib.to.UserTO) BadRequestException(org.apache.syncope.ext.scimv2.api.BadRequestException) SearchCondVisitor(org.apache.syncope.core.logic.scim.SearchCondVisitor)

Example 45 with GroupTO

use of org.apache.syncope.common.lib.to.GroupTO in project syncope by apache.

the class DefaultGroupPullResultHandler method doCreate.

@Override
protected AnyTO doCreate(final AnyTO anyTO, final SyncDelta delta) {
    GroupTO groupTO = GroupTO.class.cast(anyTO);
    Map.Entry<String, List<PropagationStatus>> created = groupProvisioningManager.create(groupTO, groupOwnerMap, Collections.singleton(profile.getTask().getResource().getKey()), true);
    return getAnyTO(created.getKey());
}
Also used : List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) GroupTO(org.apache.syncope.common.lib.to.GroupTO)

Aggregations

GroupTO (org.apache.syncope.common.lib.to.GroupTO)90 Test (org.junit.jupiter.api.Test)47 UserTO (org.apache.syncope.common.lib.to.UserTO)34 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)27 GroupPatch (org.apache.syncope.common.lib.patch.GroupPatch)23 MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)17 AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)16 List (java.util.List)15 AttrTO (org.apache.syncope.common.lib.to.AttrTO)15 ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)14 ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)14 Response (javax.ws.rs.core.Response)13 NamingException (javax.naming.NamingException)12 PropagationStatus (org.apache.syncope.common.lib.to.PropagationStatus)12 Map (java.util.Map)11 ForbiddenException (javax.ws.rs.ForbiddenException)11 AccessControlException (java.security.AccessControlException)10 BulkActionResult (org.apache.syncope.common.lib.to.BulkActionResult)10 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)10 Collections (java.util.Collections)9