Search in sources :

Example 11 with PropagationStatus

use of org.apache.syncope.common.lib.to.PropagationStatus in project syncope by apache.

the class UserLogic method provision.

@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')")
@Override
public ProvisioningResult<UserTO> provision(final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) {
    // security checks
    UserTO user = binder.getUserTO(key);
    Set<String> effectiveRealms = RealmUtils.getEffective(AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm());
    securityChecks(effectiveRealms, user.getRealm(), user.getKey());
    List<PropagationStatus> statuses = provisioningManager.provision(key, changePwd, password, resources, nullPriorityAsync);
    ProvisioningResult<UserTO> result = new ProvisioningResult<>();
    result.setEntity(binder.returnUserTO(binder.getUserTO(key)));
    result.getPropagationStatuses().addAll(statuses);
    return result;
}
Also used : UserTO(org.apache.syncope.common.lib.to.UserTO) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 12 with PropagationStatus

use of org.apache.syncope.common.lib.to.PropagationStatus in project syncope by apache.

the class GroupLogic method provision.

@PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')")
@Override
public ProvisioningResult<GroupTO> provision(final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) {
    // security checks
    GroupTO group = binder.getGroupTO(key);
    Set<String> effectiveRealms = RealmUtils.getEffective(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), group.getRealm());
    securityChecks(effectiveRealms, group.getRealm(), group.getKey());
    List<PropagationStatus> statuses = provisioningManager.provision(key, resources, nullPriorityAsync);
    ProvisioningResult<GroupTO> result = new ProvisioningResult<>();
    result.setEntity(binder.getGroupTO(key));
    result.getPropagationStatuses().addAll(statuses);
    return result;
}
Also used : ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus) GroupTO(org.apache.syncope.common.lib.to.GroupTO) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 13 with PropagationStatus

use of org.apache.syncope.common.lib.to.PropagationStatus in project syncope by apache.

the class GroupITCase method bulkMembersAction.

@Test
public void bulkMembersAction() throws InterruptedException {
    // 1. create group without resources
    GroupTO groupTO = getBasicSampleTO("forProvision");
    groupTO = createGroup(groupTO).getEntity();
    // 2. create user with such group assigned
    UserTO userTO = UserITCase.getUniqueSampleTO("forProvision@syncope.apache.org");
    userTO.getMemberships().add(new MembershipTO.Builder().group(groupTO.getKey()).build());
    userTO = createUser(userTO).getEntity();
    // 3. modify the group by assiging the LDAP resource
    GroupPatch groupPatch = new GroupPatch();
    groupPatch.setKey(groupTO.getKey());
    groupPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).build());
    ProvisioningResult<GroupTO> groupUpdateResult = updateGroup(groupPatch);
    groupTO = groupUpdateResult.getEntity();
    PropagationStatus propStatus = groupUpdateResult.getPropagationStatuses().get(0);
    assertEquals(RESOURCE_NAME_LDAP, propStatus.getResource());
    assertEquals(PropagationTaskExecStatus.SUCCESS, propStatus.getStatus());
    // 4. verify that the user above is not found on LDAP
    try {
        resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userTO.getKey());
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.NotFound, e.getType());
    }
    try {
        // 5. bulk provision group members
        ExecTO exec = groupService.bulkMembersAction(groupTO.getKey(), BulkMembersActionType.PROVISION);
        assertNotNull(exec.getRefKey());
        int i = 0;
        int maxit = 50;
        // wait for task exec completion (executions incremented)
        SchedTaskTO taskTO;
        do {
            Thread.sleep(1000);
            taskTO = taskService.read(TaskType.SCHEDULED, exec.getRefKey(), true);
            assertNotNull(taskTO);
            assertNotNull(taskTO.getExecutions());
            i++;
        } while (taskTO.getExecutions().isEmpty() && i < maxit);
        assertFalse(taskTO.getExecutions().isEmpty());
        assertEquals(TaskJob.Status.SUCCESS.name(), taskTO.getExecutions().get(0).getStatus());
        // 6. verify that the user above is now fond on LDAP
        ConnObjectTO userOnLdap = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userTO.getKey());
        assertNotNull(userOnLdap);
    } finally {
        groupService.delete(groupTO.getKey());
        userService.delete(userTO.getKey());
    }
}
Also used : ExecTO(org.apache.syncope.common.lib.to.ExecTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) SchedTaskTO(org.apache.syncope.common.lib.to.SchedTaskTO) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) Test(org.junit.jupiter.api.Test)

Example 14 with PropagationStatus

use of org.apache.syncope.common.lib.to.PropagationStatus in project syncope by apache.

the class GroupMemberProvisionTaskJobDelegate method doExecute.

@Override
protected String doExecute(final boolean dryRun) throws JobExecutionException {
    Group group = groupDAO.authFind(groupKey);
    StringBuilder result = new StringBuilder("Group ").append(group.getName()).append(" members ");
    if (actionType == BulkMembersActionType.DEPROVISION) {
        result.append("de");
    }
    result.append("provision\n\n");
    status.set(result.toString());
    MembershipCond membershipCond = new MembershipCond();
    membershipCond.setGroup(groupKey);
    List<User> users = searchDAO.search(SearchCond.getLeafCond(membershipCond), AnyTypeKind.USER);
    Collection<String> groupResourceKeys = groupDAO.findAllResourceKeys(groupKey);
    status.set("About to " + (actionType == BulkMembersActionType.DEPROVISION ? "de" : "") + "provision " + users.size() + " users from " + groupResourceKeys);
    for (int i = 0; i < users.size() && !interrupt; i++) {
        List<PropagationStatus> statuses = actionType == BulkMembersActionType.DEPROVISION ? userProvisioningManager.deprovision(users.get(i).getKey(), groupResourceKeys, false) : userProvisioningManager.provision(users.get(i).getKey(), true, null, groupResourceKeys, false);
        for (PropagationStatus propagationStatus : statuses) {
            result.append("User ").append(users.get(i).getKey()).append('\t').append("Resource ").append(propagationStatus.getResource()).append('\t').append(propagationStatus.getStatus());
            if (StringUtils.isNotBlank(propagationStatus.getFailureReason())) {
                result.append('\n').append(propagationStatus.getFailureReason()).append('\n');
            }
            result.append("\n");
        }
        result.append("\n");
    }
    if (interrupt) {
        LOG.debug("Group assignment interrupted");
        interrupted = true;
        return result.append("\n*** Group assignment interrupted ***\n").toString();
    }
    membershipCond = new MembershipCond();
    membershipCond.setGroup(groupKey);
    List<AnyObject> anyObjects = searchDAO.search(SearchCond.getLeafCond(membershipCond), AnyTypeKind.ANY_OBJECT);
    status.set("About to " + (actionType == BulkMembersActionType.DEPROVISION ? "de" : "") + "provision " + anyObjects.size() + " any objects from " + groupResourceKeys);
    for (int i = 0; i < anyObjects.size() && !interrupt; i++) {
        List<PropagationStatus> statuses = actionType == BulkMembersActionType.DEPROVISION ? anyObjectProvisioningManager.deprovision(anyObjects.get(i).getKey(), groupResourceKeys, false) : anyObjectProvisioningManager.provision(anyObjects.get(i).getKey(), groupResourceKeys, false);
        for (PropagationStatus propagationStatus : statuses) {
            result.append(anyObjects.get(i).getType().getKey()).append(' ').append(anyObjects.get(i).getKey()).append('\t').append("Resource ").append(propagationStatus.getResource()).append('\t').append(propagationStatus.getStatus());
            if (StringUtils.isNotBlank(propagationStatus.getFailureReason())) {
                result.append('\n').append(propagationStatus.getFailureReason()).append('\n');
            }
            result.append("\n");
        }
        result.append("\n");
    }
    if (interrupt) {
        LOG.debug("Group assignment interrupted");
        interrupted = true;
        result.append("\n*** Group assignment interrupted ***\n");
    }
    return result.toString();
}
Also used : Group(org.apache.syncope.core.persistence.api.entity.group.Group) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) User(org.apache.syncope.core.persistence.api.entity.user.User) MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus)

Example 15 with PropagationStatus

use of org.apache.syncope.common.lib.to.PropagationStatus in project syncope by apache.

the class UserIssuesITCase method issueSYNCOPE402.

@Test
public void issueSYNCOPE402() {
    // 1. create an user with strict mandatory attributes only
    UserTO userTO = new UserTO();
    userTO.setRealm(SyncopeConstants.ROOT_REALM);
    String userId = getUUIDString() + "syncope402@syncope.apache.org";
    userTO.setUsername(userId);
    userTO.setPassword("password123");
    userTO.getPlainAttrs().add(attrTO("userId", userId));
    userTO.getPlainAttrs().add(attrTO("fullname", userId));
    userTO.getPlainAttrs().add(attrTO("surname", userId));
    userTO = createUser(userTO).getEntity();
    assertNotNull(userTO);
    assertTrue(userTO.getResources().isEmpty());
    // 2. update assigning a resource NOT forcing mandatory constraints
    // AND priority: must fail with PropagationException
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(userTO.getKey());
    userPatch.setPassword(new PasswordPatch.Builder().value("newPassword123").build());
    userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_WS1).build());
    userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_TESTDB).build());
    ProvisioningResult<UserTO> result = updateUser(userPatch);
    PropagationStatus ws1PropagationStatus = result.getPropagationStatuses().stream().filter(propStatus -> RESOURCE_NAME_WS1.equals(propStatus.getResource())).findFirst().orElse(null);
    assertNotNull(ws1PropagationStatus);
    assertEquals(RESOURCE_NAME_WS1, ws1PropagationStatus.getResource());
    assertNotNull(ws1PropagationStatus.getFailureReason());
    assertEquals(PropagationTaskExecStatus.FAILURE, ws1PropagationStatus.getStatus());
}
Also used : PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) UserTO(org.apache.syncope.common.lib.to.UserTO) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Test(org.junit.jupiter.api.Test)

Aggregations

PropagationStatus (org.apache.syncope.common.lib.to.PropagationStatus)24 UserTO (org.apache.syncope.common.lib.to.UserTO)12 ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)11 Test (org.junit.jupiter.api.Test)9 GroupTO (org.apache.syncope.common.lib.to.GroupTO)7 UserPatch (org.apache.syncope.common.lib.patch.UserPatch)5 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)5 List (java.util.List)4 ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)4 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)3 AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)3 Group (org.apache.syncope.core.persistence.api.entity.group.Group)3 StringWriter (java.io.StringWriter)2 ArrayList (java.util.ArrayList)2 PasswordPatch (org.apache.syncope.common.lib.patch.PasswordPatch)2 StatusPatch (org.apache.syncope.common.lib.patch.StatusPatch)2 AttrTO (org.apache.syncope.common.lib.to.AttrTO)2 BulkActionResult (org.apache.syncope.common.lib.to.BulkActionResult)2 UserService (org.apache.syncope.common.rest.api.service.UserService)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1