use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.
the class RoleITCase method dynMembership.
@Test
public void dynMembership() {
UserTO bellini = userService.read("bellini");
assertTrue(bellini.getDynRoles().isEmpty());
assertTrue(bellini.getPrivileges().isEmpty());
RoleTO role = getSampleRoleTO("dynMembership");
role.getPrivileges().add("getMighty");
role.setDynMembershipCond("cool==true");
Response response = roleService.create(role);
role = getObject(response.getLocation(), RoleService.class, RoleTO.class);
assertNotNull(role);
bellini = userService.read("bellini");
assertTrue(bellini.getDynRoles().contains(role.getKey()));
assertTrue(bellini.getPrivileges().contains("getMighty"));
role.setDynMembershipCond("cool==false");
roleService.update(role);
bellini = userService.read("bellini");
assertTrue(bellini.getDynMemberships().isEmpty());
assertTrue(bellini.getPrivileges().isEmpty());
}
use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.
the class RoleITCase method list.
@Test
public void list() {
List<RoleTO> roleTOs = roleService.list();
assertNotNull(roleTOs);
assertFalse(roleTOs.isEmpty());
for (RoleTO instance : roleTOs) {
assertNotNull(instance);
}
}
use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.
the class ApplicationITCase method crud.
@Test
public void crud() {
// 1. create application
ApplicationTO application = new ApplicationTO();
application.setKey(UUID.randomUUID().toString());
PrivilegeTO privilegeTO = new PrivilegeTO();
privilegeTO.setKey(UUID.randomUUID().toString());
privilegeTO.setSpec("{ \"one\": true }");
application.getPrivileges().add(privilegeTO);
privilegeTO = new PrivilegeTO();
privilegeTO.setKey(UUID.randomUUID().toString());
privilegeTO.setSpec("{ \"two\": true }");
application.getPrivileges().add(privilegeTO);
privilegeTO = new PrivilegeTO();
privilegeTO.setKey(UUID.randomUUID().toString());
privilegeTO.setSpec("{ \"three\": true }");
application.getPrivileges().add(privilegeTO);
Response response = applicationService.create(application);
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatusInfo().getStatusCode());
application = getObject(response.getLocation(), ApplicationService.class, ApplicationTO.class);
assertNotNull(application);
assertNull(application.getDescription());
assertEquals(3, application.getPrivileges().size());
// 2. update application
application.setDescription("A description");
application.getPrivileges().remove(1);
applicationService.update(application);
application = applicationService.read(application.getKey());
assertNotNull(application);
assertNotNull(application.getDescription());
assertEquals(2, application.getPrivileges().size());
// 3. assign application's privileges to a new role
RoleTO role = new RoleTO();
role.setKey("privileged");
role.getPrivileges().addAll(application.getPrivileges().stream().map(EntityTO::getKey).collect(Collectors.toList()));
response = roleService.create(role);
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatusInfo().getStatusCode());
role = getObject(response.getLocation(), RoleService.class, RoleTO.class);
assertNotNull(role);
assertEquals(2, role.getPrivileges().size());
// 4. delete application => delete privileges
applicationService.delete(application.getKey());
try {
applicationService.read(application.getKey());
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.NotFound, e.getType());
}
role = roleService.read(role.getKey());
assertNotNull(role);
assertTrue(role.getPrivileges().isEmpty());
}
use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.
the class AuthenticationITCase method anyTypeEntitlement.
@Test
public void anyTypeEntitlement() {
final String anyTypeKey = "FOLDER " + getUUIDString();
// 1. no entitlement exists (yet) for the any type to be created
assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 2. create plain schema, any type class and any type
PlainSchemaTO path = new PlainSchemaTO();
path.setKey("path" + getUUIDString());
path.setType(AttrSchemaType.String);
path = createSchema(SchemaType.PLAIN, path);
AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
anyTypeClass.setKey("folder" + getUUIDString());
anyTypeClass.getPlainSchemas().add(path.getKey());
anyTypeClassService.create(anyTypeClass);
AnyTypeTO anyTypeTO = new AnyTypeTO();
anyTypeTO.setKey(anyTypeKey);
anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
anyTypeTO.getClasses().add(anyTypeClass.getKey());
anyTypeService.create(anyTypeTO);
// 2. now entitlement exists for the any type just created
assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 3. attempt to create an instance of the type above: fail because no entitlement was assigned
AnyObjectTO folder = new AnyObjectTO();
folder.setName("home");
folder.setRealm(SyncopeConstants.ROOT_REALM);
folder.setType(anyTypeKey);
folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
try {
belliniClient.getService(AnyObjectService.class).create(folder);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// 4. give create entitlement for the any type just created
RoleTO role = new RoleTO();
role.setKey("role" + getUUIDString());
role.getRealms().add(SyncopeConstants.ROOT_REALM);
role.getEntitlements().add(anyTypeKey + "_READ");
role.getEntitlements().add(anyTypeKey + "_CREATE");
role = createRole(role);
UserTO bellini = userService.read("bellini");
UserPatch patch = new UserPatch();
patch.setKey(bellini.getKey());
patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
bellini = updateUser(patch).getEntity();
assertTrue(bellini.getRoles().contains(role.getKey()));
// 5. now the instance of the type above can be created successfully
belliniClient.logout();
belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
belliniClient.getService(AnyObjectService.class).create(folder);
}
use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.
the class AuthenticationITCase method delegatedUserCRUD.
@Test
public void delegatedUserCRUD() {
String roleKey = null;
String delegatedAdminKey = null;
try {
// 1. create role for full user administration, under realm /even/two
RoleTO role = new RoleTO();
role.setKey("Delegated user admin");
role.getEntitlements().add(StandardEntitlement.USER_CREATE);
role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
role.getEntitlements().add(StandardEntitlement.USER_DELETE);
role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
role.getEntitlements().add(StandardEntitlement.USER_READ);
role.getRealms().add("/even/two");
roleKey = roleService.create(role).getHeaderString(RESTHeaders.RESOURCE_KEY);
assertNotNull(roleKey);
// 2. as admin, create delegated admin user, and assign the role just created
UserTO delegatedAdmin = UserITCase.getUniqueSampleTO("admin@syncope.apache.org");
delegatedAdmin.getRoles().add(roleKey);
delegatedAdmin = createUser(delegatedAdmin).getEntity();
delegatedAdminKey = delegatedAdmin.getKey();
// 3. instantiate a delegate user service client, for further operatins
UserService delegatedUserService = clientFactory.create(delegatedAdmin.getUsername(), "password123").getService(UserService.class);
// 4. as delegated, create user under realm / -> fail
UserTO user = UserITCase.getUniqueSampleTO("delegated@syncope.apache.org");
try {
delegatedUserService.create(user, true);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// 5. set realm to /even/two -> succeed
user.setRealm("/even/two");
Response response = delegatedUserService.create(user, true);
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertEquals("surname", user.getPlainAttr("surname").get().getValues().get(0));
// 5. as delegated, update user attempting to move under realm / -> fail
UserPatch userPatch = new UserPatch();
userPatch.setKey(user.getKey());
userPatch.setRealm(new StringReplacePatchItem.Builder().value("/odd").build());
userPatch.getPlainAttrs().add(attrAddReplacePatch("surname", "surname2"));
try {
delegatedUserService.update(userPatch);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// 6. revert realm change -> succeed
userPatch.setRealm(null);
response = delegatedUserService.update(userPatch);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertEquals("surname2", user.getPlainAttr("surname").get().getValues().get(0));
// 7. as delegated, delete user
delegatedUserService.delete(user.getKey());
try {
userService.read(user.getKey());
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.NotFound, e.getType());
}
} finally {
if (roleKey != null) {
roleService.delete(roleKey);
}
if (delegatedAdminKey != null) {
userService.delete(delegatedAdminKey);
}
}
}
Aggregations