Examples with RoleTO org.apache.syncope.common.lib.to.RoleTO used on opensource projects

Search in sources :

Example 16 with RoleTO

use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.

the class DynRealmITCase method delegatedAdmin.

@Test
public void delegatedAdmin() {
    DynRealmTO dynRealm = null;
    RoleTO role = null;
    try {
        // 1. create dynamic realm for all users and groups having resource-ldap assigned
        dynRealm = new DynRealmTO();
        dynRealm.setKey("LDAPLovers" + getUUIDString());
        dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "$resources==resource-ldap");
        dynRealm.getDynMembershipConds().put(AnyTypeKind.GROUP.name(), "$resources==resource-ldap");
        Response response = dynRealmService.create(dynRealm);
        dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
        assertNotNull(dynRealm);
        // 2. create role for such dynamic realm
        role = new RoleTO();
        role.setKey("Administer LDAP" + getUUIDString());
        role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
        role.getEntitlements().add(StandardEntitlement.USER_READ);
        role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
        role.getEntitlements().add(StandardEntitlement.GROUP_READ);
        role.getEntitlements().add(StandardEntitlement.GROUP_UPDATE);
        role.getDynRealms().add(dynRealm.getKey());
        role = createRole(role);
        assertNotNull(role);
        // 3. create new user and assign the new role
        UserTO dynRealmAdmin = UserITCase.getUniqueSampleTO("dynRealmAdmin@apache.org");
        dynRealmAdmin.setPassword("password123");
        dynRealmAdmin.getRoles().add(role.getKey());
        dynRealmAdmin = createUser(dynRealmAdmin).getEntity();
        assertNotNull(dynRealmAdmin);
        // 4. create new user and group, assign resource-ldap
        UserTO user = UserITCase.getUniqueSampleTO("dynRealmUser@apache.org");
        user.setRealm("/even/two");
        user.getResources().clear();
        user.getResources().add(RESOURCE_NAME_LDAP);
        user = createUser(user).getEntity();
        assertNotNull(user);
        final String userKey = user.getKey();
        GroupTO group = GroupITCase.getSampleTO("dynRealmGroup");
        group.setRealm("/odd");
        group.getResources().clear();
        group.getResources().add(RESOURCE_NAME_LDAP);
        group = createGroup(group).getEntity();
        assertNotNull(group);
        final String groupKey = group.getKey();
        if (ElasticsearchDetector.isElasticSearchEnabled(syncopeService)) {
            try {
                Thread.sleep(2000);
            } catch (InterruptedException ex) {
            // ignore
            }
        }
        // 5. verify that the new user and group are found when searching by dynamic realm
        PagedResult<UserTO> matchingUsers = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        PagedResult<GroupTO> matchingGroups = groupService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getGroupSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingGroups.getResult().stream().anyMatch(object -> object.getKey().equals(groupKey)));
        // 6. prepare to act as delegated admin
        SyncopeClient delegatedClient = clientFactory.create(dynRealmAdmin.getUsername(), "password123");
        UserService delegatedUserService = delegatedClient.getService(UserService.class);
        GroupService delegatedGroupService = delegatedClient.getService(GroupService.class);
        // 7. verify delegated administration
        // USER_READ
        assertNotNull(delegatedUserService.read(userKey));
        // GROUP_READ
        assertNotNull(delegatedGroupService.read(groupKey));
        // USER_SEARCH
        matchingUsers = delegatedUserService.search(new AnyQuery.Builder().realm("/").build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        // USER_UPDATE
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(userKey);
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.DELETE).build());
        // this will fail because unassigning resource-ldap would result in removing the user from the dynamic realm
        try {
            delegatedUserService.update(userPatch);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // this will succeed instead
        userPatch.getResources().clear();
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_NOPROPAGATION).build());
        user = delegatedUserService.update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertNotNull(user);
        assertTrue(user.getResources().contains(RESOURCE_NAME_NOPROPAGATION));
        // GROUP_UPDATE
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(groupKey);
        groupPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(attrTO("icon", "modified")).build());
        group = delegatedGroupService.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
        }).getEntity();
        assertNotNull(group);
        assertEquals("modified", group.getPlainAttr("icon").get().getValues().get(0));
    } finally {
        if (role != null) {
            roleService.delete(role.getKey());
        }
        if (dynRealm != null) {
            dynRealmService.delete(dynRealm.getKey());
        }
    }
}
Also used : Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement) DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ElasticsearchDetector(org.apache.syncope.fit.ElasticsearchDetector) UserService(org.apache.syncope.common.rest.api.service.UserService) GroupService(org.apache.syncope.common.rest.api.service.GroupService) Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) RoleTO(org.apache.syncope.common.lib.to.RoleTO) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) PagedResult(org.apache.syncope.common.lib.to.PagedResult) GroupTO(org.apache.syncope.common.lib.to.GroupTO) GenericType(javax.ws.rs.core.GenericType) Test(org.junit.jupiter.api.Test) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) Response(javax.ws.rs.core.Response) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) DynRealmService(org.apache.syncope.common.rest.api.service.DynRealmService) DynRealmTO(org.apache.syncope.common.lib.to.DynRealmTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) UserService(org.apache.syncope.common.rest.api.service.UserService) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RoleTO(org.apache.syncope.common.lib.to.RoleTO) GroupService(org.apache.syncope.common.rest.api.service.GroupService) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Response(javax.ws.rs.core.Response) UserTO(org.apache.syncope.common.lib.to.UserTO) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) Test(org.junit.jupiter.api.Test)

Example 17 with RoleTO

use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.

the class RoleServiceImpl method create.

@Override
public Response create(final RoleTO roleTO) {
    RoleTO created = logic.create(roleTO);
    URI location = uriInfo.getAbsolutePathBuilder().path(created.getKey()).build();
    return Response.created(location).header(RESTHeaders.RESOURCE_KEY, created.getKey()).build();
}
Also used : RoleTO(org.apache.syncope.common.lib.to.RoleTO) URI(java.net.URI)

Example 18 with RoleTO

use of org.apache.syncope.common.lib.to.RoleTO in project syncope by apache.

the class RoleDirectoryPanel method getActions.

@Override
public ActionsPanel<RoleTO> getActions(final IModel<RoleTO> model) {
    final ActionsPanel<RoleTO> panel = super.getActions(model);
    panel.add(new ActionLink<RoleTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final RoleTO ignore) {
            send(RoleDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.EditItemActionEvent<>(new RoleWrapper(new RoleRestClient().read(model.getObject().getKey())), target));
        }
    }, ActionLink.ActionType.EDIT, StandardEntitlement.ROLE_READ);
    panel.add(new ActionLink<RoleTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final RoleTO ignore) {
            final RoleTO clone = SerializationUtils.clone(model.getObject());
            clone.setKey(null);
            send(RoleDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.NewItemActionEvent<>(new RoleWrapper(clone), target));
        }
    }, ActionLink.ActionType.CLONE, StandardEntitlement.ROLE_CREATE);
    panel.add(new ActionLink<RoleTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final RoleTO ignore) {
            final String query = SyncopeClient.getUserSearchConditionBuilder().and(SyncopeClient.getUserSearchConditionBuilder().inRoles(model.getObject().getKey()), SyncopeClient.getUserSearchConditionBuilder().is("key").notNullValue()).query();
            final AnyTypeRestClient typeRestClient = new AnyTypeRestClient();
            final AnyTypeClassRestClient classRestClient = new AnyTypeClassRestClient();
            final AnyTypeTO anyTypeTO = typeRestClient.read(AnyTypeKind.USER.name());
            ModalPanel panel = new AnyPanel(BaseModal.CONTENT_ID, anyTypeTO, null, null, false, pageRef) {

                private static final long serialVersionUID = -7514498203393023415L;

                @Override
                protected Panel getDirectoryPanel(final String id) {
                    final Panel panel = new UserDirectoryPanel.Builder(classRestClient.list(anyTypeTO.getClasses()), anyTypeTO.getKey(), pageRef).setRealm("/").setFiltered(true).setFiql(query).disableCheckBoxes().addNewItemPanelBuilder(FormLayoutInfoUtils.instantiate(new UserTO(), anyTypeTO.getClasses(), FormLayoutInfoUtils.fetch(typeRestClient.list()).getLeft(), pageRef), false).setWizardInModal(false).build(id);
                    MetaDataRoleAuthorizationStrategy.authorize(panel, WebPage.RENDER, StandardEntitlement.USER_SEARCH);
                    return panel;
                }
            };
            membersModal.header(new StringResourceModel("role.members", RoleDirectoryPanel.this, model));
            membersModal.setContent(panel);
            membersModal.show(true);
            target.add(membersModal);
        }
    }, ActionLink.ActionType.MEMBERS, StandardEntitlement.USER_SEARCH);
    panel.add(new ActionLink<RoleTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final RoleTO ignore) {
            final ConsoleLayoutInfo info = new ConsoleLayoutInfo(model.getObject().getKey());
            info.setContent(restClient.readConsoleLayoutInfo(model.getObject().getKey()));
            utilityModal.header(new ResourceModel("console.layout.info", "JSON Content"));
            utilityModal.setContent(new JsonEditorPanel(utilityModal, new PropertyModel<String>(info, "content"), false, pageRef) {

                private static final long serialVersionUID = -8927036362466990179L;

                @Override
                public void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
                    try {
                        restClient.setConsoleLayoutInfo(info.getKey(), info.getContent());
                        SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                        modal.show(false);
                        modal.close(target);
                    } catch (Exception e) {
                        LOG.error("While updating console layout info for role {}", info.getKey(), e);
                        SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
                    }
                    ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
                }
            });
            utilityModal.show(true);
            target.add(utilityModal);
        }
    }, ActionLink.ActionType.LAYOUT_EDIT, StandardEntitlement.ROLE_UPDATE);
    panel.add(new ActionLink<RoleTO>() {

        private static final long serialVersionUID = -7978723352517770644L;

        @Override
        public void onClick(final AjaxRequestTarget target, final RoleTO ignore) {
            try {
                restClient.delete(model.getObject().getKey());
                SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                target.add(container);
            } catch (SyncopeClientException e) {
                LOG.error("While deleting object {}", model.getObject().getKey(), e);
                SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
            }
            ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
        }
    }, ActionLink.ActionType.DELETE, StandardEntitlement.ROLE_DELETE, true);
    return panel;
}
Also used : Form(org.apache.wicket.markup.html.form.Form) AnyTypeTO(org.apache.syncope.common.lib.to.AnyTypeTO) RoleRestClient(org.apache.syncope.client.console.rest.RoleRestClient) ConsoleLayoutInfo(org.apache.syncope.client.console.layout.ConsoleLayoutInfo) StringResourceModel(org.apache.wicket.model.StringResourceModel) ResourceModel(org.apache.wicket.model.ResourceModel) AnyTypeClassRestClient(org.apache.syncope.client.console.rest.AnyTypeClassRestClient) BasePage(org.apache.syncope.client.console.pages.BasePage) StringResourceModel(org.apache.wicket.model.StringResourceModel) AnyTypeRestClient(org.apache.syncope.client.console.rest.AnyTypeRestClient) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RoleTO(org.apache.syncope.common.lib.to.RoleTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget) ActionsPanel(org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel) JsonEditorPanel(org.apache.syncope.client.console.wicket.markup.html.form.JsonEditorPanel) Panel(org.apache.wicket.markup.html.panel.Panel) WizardMgtPanel(org.apache.syncope.client.console.wizards.WizardMgtPanel) UserTO(org.apache.syncope.common.lib.to.UserTO) RoleWrapper(org.apache.syncope.client.console.wizards.role.RoleWrapper) JsonEditorPanel(org.apache.syncope.client.console.wicket.markup.html.form.JsonEditorPanel)

Aggregations

RoleTO (org.apache.syncope.common.lib.to.RoleTO)18 Test (org.junit.jupiter.api.Test)12 Response (javax.ws.rs.core.Response)8 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8 UserTO (org.apache.syncope.common.lib.to.UserTO)6 UserPatch (org.apache.syncope.common.lib.patch.UserPatch)4 RoleService (org.apache.syncope.common.rest.api.service.RoleService)4 AbstractITCase (org.apache.syncope.fit.AbstractITCase)4 Assertions.assertEquals (org.junit.jupiter.api.Assertions.assertEquals)4 Assertions.assertNotNull (org.junit.jupiter.api.Assertions.assertNotNull)4 Assertions.assertTrue (org.junit.jupiter.api.Assertions.assertTrue)4 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)3 AnyTypeTO (org.apache.syncope.common.lib.to.AnyTypeTO)3 PagedResult (org.apache.syncope.common.lib.to.PagedResult)3 ProvisioningResult (org.apache.syncope.common.lib.to.ProvisioningResult)3 AnyTypeKind (org.apache.syncope.common.lib.types.AnyTypeKind)3 ClientExceptionType (org.apache.syncope.common.lib.types.ClientExceptionType)3 AnyQuery (org.apache.syncope.common.rest.api.beans.AnyQuery)3 UserService (org.apache.syncope.common.rest.api.service.UserService)3 Assertions.assertFalse (org.junit.jupiter.api.Assertions.assertFalse)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial