Examples with GroupService org.apache.syncope.common.rest.api.service.GroupService used on opensource projects

Example 1 with GroupService

use of org.apache.syncope.common.rest.api.service.GroupService in project syncope by apache.

the class GroupITCase method selfRead.

@Test
public void selfRead() {
    UserTO userTO = userService.read("1417acbe-cbf6-4277-9372-e75e04f97000");
    assertNotNull(userTO);
    assertTrue(userTO.getMembership("37d15e4c-cdc1-460b-a591-8505c8133806").isPresent());
    assertFalse(userTO.getMembership("29f96485-729e-4d31-88a1-6fc60e4677f3").isPresent());
    GroupService groupService2 = clientFactory.create("rossini", ADMIN_PWD).getService(GroupService.class);
    try {
        groupService2.read("29f96485-729e-4d31-88a1-6fc60e4677f3");
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    List<GroupTO> groups = groupService2.own();
    assertNotNull(groups);
    assertTrue(groups.stream().anyMatch(group -> "37d15e4c-cdc1-460b-a591-8505c8133806".equals(group.getKey())));
}

Example 2 with GroupService

use of org.apache.syncope.common.rest.api.service.GroupService in project syncope by apache.

the class GroupITCase method anonymous.

@Test
public void anonymous() {
    GroupService unauthenticated = clientFactory.create().getService(GroupService.class);
    try {
        unauthenticated.search(new AnyQuery.Builder().realm("/even").build());
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    SyncopeClient anonymous = clientFactory.create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY));
    try {
        anonymous.getService(GroupService.class).search(new AnyQuery.Builder().realm("/even").build());
        fail("This should not happen");
    } catch (ForbiddenException e) {
        assertNotNull(e);
    }
    assertFalse(anonymous.getService(SyncopeService.class).searchAssignableGroups("/even", null, 1, 100).getResult().isEmpty());
}

Example 3 with GroupService

use of org.apache.syncope.common.rest.api.service.GroupService in project syncope by apache.

the class RESTITCase method noContent.

@Test
public void noContent() throws IOException {
    SyncopeClient noContentclient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    GroupService noContentService = noContentclient.prefer(noContentclient.getService(GroupService.class), Preference.RETURN_NO_CONTENT);
    GroupTO group = GroupITCase.getSampleTO("noContent");
    Response response = noContentService.create(group);
    assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
    group = getObject(response.getLocation(), GroupService.class, GroupTO.class);
    assertNotNull(group);
    GroupPatch groupPatch = new GroupPatch();
    groupPatch.setKey(group.getKey());
    groupPatch.getPlainAttrs().add(attrAddReplacePatch("badge", "xxxxxxxxxx"));
    response = noContentService.update(groupPatch);
    assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
    response = noContentService.delete(group.getKey());
    assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
}

Example 4 with GroupService

use of org.apache.syncope.common.rest.api.service.GroupService in project syncope by apache.

the class GroupITCase method updateAsGroupOwner.

@Test
public void updateAsGroupOwner() {
    // 1. read group as admin
    GroupTO groupTO = groupService.read("ebf97068-aa4b-4a85-9f01-680e8c4cf227");
    // issue SYNCOPE-15
    assertNotNull(groupTO.getCreationDate());
    assertNotNull(groupTO.getLastChangeDate());
    assertEquals("admin", groupTO.getCreator());
    assertEquals("admin", groupTO.getLastModifier());
    // 2. prepare update
    GroupPatch groupPatch = new GroupPatch();
    groupPatch.setKey(groupTO.getKey());
    groupPatch.setName(new StringReplacePatchItem.Builder().value("Director").build());
    // 3. try to update as verdi, not owner of group 6 - fail
    GroupService groupService2 = clientFactory.create("verdi", ADMIN_PWD).getService(GroupService.class);
    try {
        groupService2.update(groupPatch);
        fail("This should not happen");
    } catch (ForbiddenException e) {
        assertNotNull(e);
    }
    // 4. update as puccini, owner of group 6 - success
    GroupService groupService3 = clientFactory.create("puccini", ADMIN_PWD).getService(GroupService.class);
    groupTO = groupService3.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
    }).getEntity();
    assertEquals("Director", groupTO.getName());
    // issue SYNCOPE-15
    assertNotNull(groupTO.getCreationDate());
    assertNotNull(groupTO.getLastChangeDate());
    assertEquals("admin", groupTO.getCreator());
    assertEquals("puccini", groupTO.getLastModifier());
    assertTrue(groupTO.getCreationDate().before(groupTO.getLastChangeDate()));
}

Example 5 with GroupService

use of org.apache.syncope.common.rest.api.service.GroupService in project syncope by apache.

the class DynRealmITCase method delegatedAdmin.

@Test
public void delegatedAdmin() {
    DynRealmTO dynRealm = null;
    RoleTO role = null;
    try {
        // 1. create dynamic realm for all users and groups having resource-ldap assigned
        dynRealm = new DynRealmTO();
        dynRealm.setKey("LDAPLovers" + getUUIDString());
        dynRealm.getDynMembershipConds().put(AnyTypeKind.USER.name(), "$resources==resource-ldap");
        dynRealm.getDynMembershipConds().put(AnyTypeKind.GROUP.name(), "$resources==resource-ldap");
        Response response = dynRealmService.create(dynRealm);
        dynRealm = getObject(response.getLocation(), DynRealmService.class, DynRealmTO.class);
        assertNotNull(dynRealm);
        // 2. create role for such dynamic realm
        role = new RoleTO();
        role.setKey("Administer LDAP" + getUUIDString());
        role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
        role.getEntitlements().add(StandardEntitlement.USER_READ);
        role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
        role.getEntitlements().add(StandardEntitlement.GROUP_READ);
        role.getEntitlements().add(StandardEntitlement.GROUP_UPDATE);
        role.getDynRealms().add(dynRealm.getKey());
        role = createRole(role);
        assertNotNull(role);
        // 3. create new user and assign the new role
        UserTO dynRealmAdmin = UserITCase.getUniqueSampleTO("dynRealmAdmin@apache.org");
        dynRealmAdmin.setPassword("password123");
        dynRealmAdmin.getRoles().add(role.getKey());
        dynRealmAdmin = createUser(dynRealmAdmin).getEntity();
        assertNotNull(dynRealmAdmin);
        // 4. create new user and group, assign resource-ldap
        UserTO user = UserITCase.getUniqueSampleTO("dynRealmUser@apache.org");
        user.setRealm("/even/two");
        user.getResources().clear();
        user.getResources().add(RESOURCE_NAME_LDAP);
        user = createUser(user).getEntity();
        assertNotNull(user);
        final String userKey = user.getKey();
        GroupTO group = GroupITCase.getSampleTO("dynRealmGroup");
        group.setRealm("/odd");
        group.getResources().clear();
        group.getResources().add(RESOURCE_NAME_LDAP);
        group = createGroup(group).getEntity();
        assertNotNull(group);
        final String groupKey = group.getKey();
        if (ElasticsearchDetector.isElasticSearchEnabled(syncopeService)) {
            try {
                Thread.sleep(2000);
            } catch (InterruptedException ex) {
            // ignore
            }
        }
        // 5. verify that the new user and group are found when searching by dynamic realm
        PagedResult<UserTO> matchingUsers = userService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getUserSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        PagedResult<GroupTO> matchingGroups = groupService.search(new AnyQuery.Builder().realm("/").fiql(SyncopeClient.getGroupSearchConditionBuilder().inDynRealms(dynRealm.getKey()).query()).build());
        assertTrue(matchingGroups.getResult().stream().anyMatch(object -> object.getKey().equals(groupKey)));
        // 6. prepare to act as delegated admin
        SyncopeClient delegatedClient = clientFactory.create(dynRealmAdmin.getUsername(), "password123");
        UserService delegatedUserService = delegatedClient.getService(UserService.class);
        GroupService delegatedGroupService = delegatedClient.getService(GroupService.class);
        // 7. verify delegated administration
        // USER_READ
        assertNotNull(delegatedUserService.read(userKey));
        // GROUP_READ
        assertNotNull(delegatedGroupService.read(groupKey));
        // USER_SEARCH
        matchingUsers = delegatedUserService.search(new AnyQuery.Builder().realm("/").build());
        assertTrue(matchingUsers.getResult().stream().anyMatch(object -> object.getKey().equals(userKey)));
        // USER_UPDATE
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(userKey);
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.DELETE).build());
        // this will fail because unassigning resource-ldap would result in removing the user from the dynamic realm
        try {
            delegatedUserService.update(userPatch);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // this will succeed instead
        userPatch.getResources().clear();
        userPatch.getResources().add(new StringPatchItem.Builder().value(RESOURCE_NAME_NOPROPAGATION).build());
        user = delegatedUserService.update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertNotNull(user);
        assertTrue(user.getResources().contains(RESOURCE_NAME_NOPROPAGATION));
        // GROUP_UPDATE
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(groupKey);
        groupPatch.getPlainAttrs().add(new AttrPatch.Builder().attrTO(attrTO("icon", "modified")).build());
        group = delegatedGroupService.update(groupPatch).readEntity(new GenericType<ProvisioningResult<GroupTO>>() {
        }).getEntity();
        assertNotNull(group);
        assertEquals("modified", group.getPlainAttr("icon").get().getValues().get(0));
    } finally {
        if (role != null) {
            roleService.delete(role.getKey());
        }
        if (dynRealm != null) {
            dynRealmService.delete(dynRealm.getKey());
        }
    }
}