Search in sources :

Example 6 with MembershipCond

use of org.apache.syncope.core.persistence.api.dao.search.MembershipCond in project syncope by apache.

the class SCIMDataBinder method toSCIMGroup.

public SCIMGroup toSCIMGroup(final GroupTO groupTO, final String location, final List<String> attributes, final List<String> excludedAttributes) {
    SCIMGroup group = new SCIMGroup(groupTO.getKey(), new Meta(Resource.Group, groupTO.getCreationDate(), groupTO.getLastChangeDate() == null ? groupTO.getCreationDate() : groupTO.getLastChangeDate(), groupTO.getETagValue(), location), output(attributes, excludedAttributes, "displayName", groupTO.getName()));
    MembershipCond membCond = new MembershipCond();
    membCond.setGroup(groupTO.getKey());
    SearchCond searchCond = SearchCond.getLeafCond(membCond);
    if (output(attributes, excludedAttributes, "members")) {
        int count = userLogic.search(searchCond, 1, 1, Collections.<OrderByClause>emptyList(), SyncopeConstants.ROOT_REALM, false).getLeft();
        for (int page = 1; page <= (count / AnyDAO.DEFAULT_PAGE_SIZE) + 1; page++) {
            List<UserTO> users = userLogic.search(searchCond, page, AnyDAO.DEFAULT_PAGE_SIZE, Collections.<OrderByClause>emptyList(), SyncopeConstants.ROOT_REALM, false).getRight();
            users.forEach(userTO -> {
                group.getMembers().add(new Member(userTO.getKey(), StringUtils.substringBefore(location, "/Groups") + "/Users/" + userTO.getKey(), userTO.getUsername()));
            });
        }
    }
    return group;
}
Also used : Meta(org.apache.syncope.ext.scimv2.api.data.Meta) SCIMGroup(org.apache.syncope.ext.scimv2.api.data.SCIMGroup) OrderByClause(org.apache.syncope.core.persistence.api.dao.search.OrderByClause) UserTO(org.apache.syncope.common.lib.to.UserTO) MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) SearchCond(org.apache.syncope.core.persistence.api.dao.search.SearchCond) Member(org.apache.syncope.ext.scimv2.api.data.Member)

Example 7 with MembershipCond

use of org.apache.syncope.core.persistence.api.dao.search.MembershipCond in project syncope by apache.

the class GroupMemberProvisionTaskJobDelegate method doExecute.

@Override
protected String doExecute(final boolean dryRun) throws JobExecutionException {
    Group group = groupDAO.authFind(groupKey);
    StringBuilder result = new StringBuilder("Group ").append(group.getName()).append(" members ");
    if (actionType == BulkMembersActionType.DEPROVISION) {
        result.append("de");
    }
    result.append("provision\n\n");
    status.set(result.toString());
    MembershipCond membershipCond = new MembershipCond();
    membershipCond.setGroup(groupKey);
    List<User> users = searchDAO.search(SearchCond.getLeafCond(membershipCond), AnyTypeKind.USER);
    Collection<String> groupResourceKeys = groupDAO.findAllResourceKeys(groupKey);
    status.set("About to " + (actionType == BulkMembersActionType.DEPROVISION ? "de" : "") + "provision " + users.size() + " users from " + groupResourceKeys);
    for (int i = 0; i < users.size() && !interrupt; i++) {
        List<PropagationStatus> statuses = actionType == BulkMembersActionType.DEPROVISION ? userProvisioningManager.deprovision(users.get(i).getKey(), groupResourceKeys, false) : userProvisioningManager.provision(users.get(i).getKey(), true, null, groupResourceKeys, false);
        for (PropagationStatus propagationStatus : statuses) {
            result.append("User ").append(users.get(i).getKey()).append('\t').append("Resource ").append(propagationStatus.getResource()).append('\t').append(propagationStatus.getStatus());
            if (StringUtils.isNotBlank(propagationStatus.getFailureReason())) {
                result.append('\n').append(propagationStatus.getFailureReason()).append('\n');
            }
            result.append("\n");
        }
        result.append("\n");
    }
    if (interrupt) {
        LOG.debug("Group assignment interrupted");
        interrupted = true;
        return result.append("\n*** Group assignment interrupted ***\n").toString();
    }
    membershipCond = new MembershipCond();
    membershipCond.setGroup(groupKey);
    List<AnyObject> anyObjects = searchDAO.search(SearchCond.getLeafCond(membershipCond), AnyTypeKind.ANY_OBJECT);
    status.set("About to " + (actionType == BulkMembersActionType.DEPROVISION ? "de" : "") + "provision " + anyObjects.size() + " any objects from " + groupResourceKeys);
    for (int i = 0; i < anyObjects.size() && !interrupt; i++) {
        List<PropagationStatus> statuses = actionType == BulkMembersActionType.DEPROVISION ? anyObjectProvisioningManager.deprovision(anyObjects.get(i).getKey(), groupResourceKeys, false) : anyObjectProvisioningManager.provision(anyObjects.get(i).getKey(), groupResourceKeys, false);
        for (PropagationStatus propagationStatus : statuses) {
            result.append(anyObjects.get(i).getType().getKey()).append(' ').append(anyObjects.get(i).getKey()).append('\t').append("Resource ").append(propagationStatus.getResource()).append('\t').append(propagationStatus.getStatus());
            if (StringUtils.isNotBlank(propagationStatus.getFailureReason())) {
                result.append('\n').append(propagationStatus.getFailureReason()).append('\n');
            }
            result.append("\n");
        }
        result.append("\n");
    }
    if (interrupt) {
        LOG.debug("Group assignment interrupted");
        interrupted = true;
        result.append("\n*** Group assignment interrupted ***\n");
    }
    return result.toString();
}
Also used : Group(org.apache.syncope.core.persistence.api.entity.group.Group) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) User(org.apache.syncope.core.persistence.api.entity.user.User) MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) PropagationStatus(org.apache.syncope.common.lib.to.PropagationStatus)

Example 8 with MembershipCond

use of org.apache.syncope.core.persistence.api.dao.search.MembershipCond in project syncope by apache.

the class SearchCondVisitor method visitPrimitive.

@SuppressWarnings("ConvertToStringSwitch")
private SearchCond visitPrimitive(final SearchCondition<SearchBean> sc) {
    String name = getRealPropertyName(sc.getStatement().getProperty());
    Optional<SpecialAttr> specialAttrName = SpecialAttr.fromString(name);
    String value = null;
    try {
        value = SearchUtils.toSqlWildcardString(URLDecoder.decode(sc.getStatement().getValue().toString(), StandardCharsets.UTF_8.name()), false).replaceAll("\\\\_", "_");
    } catch (UnsupportedEncodingException e) {
        throw new IllegalArgumentException("While decoding " + sc.getStatement().getValue(), e);
    }
    Optional<SpecialAttr> specialAttrValue = SpecialAttr.fromString(value);
    AttributeCond attributeCond = createAttributeCond(name);
    attributeCond.setExpression(value);
    ConditionType ct = sc.getConditionType();
    if (sc instanceof SyncopeFiqlSearchCondition && sc.getConditionType() == ConditionType.CUSTOM) {
        SyncopeFiqlSearchCondition<SearchBean> sfsc = (SyncopeFiqlSearchCondition<SearchBean>) sc;
        if (SyncopeFiqlParser.IEQ.equals(sfsc.getOperator())) {
            ct = ConditionType.EQUALS;
        } else if (SyncopeFiqlParser.NIEQ.equals(sfsc.getOperator())) {
            ct = ConditionType.NOT_EQUALS;
        } else {
            throw new IllegalArgumentException(String.format("Condition type %s is not supported", sfsc.getOperator()));
        }
    }
    SearchCond leaf;
    switch(ct) {
        case EQUALS:
        case NOT_EQUALS:
            if (!specialAttrName.isPresent()) {
                if (specialAttrValue.isPresent() && specialAttrValue.get() == SpecialAttr.NULL) {
                    attributeCond.setType(AttributeCond.Type.ISNULL);
                    attributeCond.setExpression(null);
                } else if (value.indexOf('%') == -1) {
                    attributeCond.setType(sc.getConditionType() == ConditionType.CUSTOM ? AttributeCond.Type.IEQ : AttributeCond.Type.EQ);
                } else {
                    attributeCond.setType(sc.getConditionType() == ConditionType.CUSTOM ? AttributeCond.Type.ILIKE : AttributeCond.Type.LIKE);
                }
                leaf = SearchCond.getLeafCond(attributeCond);
            } else {
                switch(specialAttrName.get()) {
                    case TYPE:
                        AnyTypeCond typeCond = new AnyTypeCond();
                        typeCond.setAnyTypeKey(value);
                        leaf = SearchCond.getLeafCond(typeCond);
                        break;
                    case RESOURCES:
                        ResourceCond resourceCond = new ResourceCond();
                        resourceCond.setResourceKey(value);
                        leaf = SearchCond.getLeafCond(resourceCond);
                        break;
                    case GROUPS:
                        MembershipCond groupCond = new MembershipCond();
                        groupCond.setGroup(value);
                        leaf = SearchCond.getLeafCond(groupCond);
                        break;
                    case RELATIONSHIPS:
                        RelationshipCond relationshipCond = new RelationshipCond();
                        relationshipCond.setAnyObject(value);
                        leaf = SearchCond.getLeafCond(relationshipCond);
                        break;
                    case RELATIONSHIP_TYPES:
                        RelationshipTypeCond relationshipTypeCond = new RelationshipTypeCond();
                        relationshipTypeCond.setRelationshipTypeKey(value);
                        leaf = SearchCond.getLeafCond(relationshipTypeCond);
                        break;
                    case ROLES:
                        RoleCond roleCond = new RoleCond();
                        roleCond.setRole(value);
                        leaf = SearchCond.getLeafCond(roleCond);
                        break;
                    case PRIVILEGES:
                        PrivilegeCond privilegeCond = new PrivilegeCond();
                        privilegeCond.setPrivilege(value);
                        leaf = SearchCond.getLeafCond(privilegeCond);
                        break;
                    case DYNREALMS:
                        DynRealmCond dynRealmCond = new DynRealmCond();
                        dynRealmCond.setDynRealm(value);
                        leaf = SearchCond.getLeafCond(dynRealmCond);
                        break;
                    case ASSIGNABLE:
                        AssignableCond assignableCond = new AssignableCond();
                        assignableCond.setRealmFullPath(realm);
                        leaf = SearchCond.getLeafCond(assignableCond);
                        break;
                    case MEMBER:
                        MemberCond memberCond = new MemberCond();
                        memberCond.setMember(value);
                        leaf = SearchCond.getLeafCond(memberCond);
                        break;
                    default:
                        throw new IllegalArgumentException(String.format("Special attr name %s is not supported", specialAttrName));
                }
            }
            if (ct == ConditionType.NOT_EQUALS) {
                if (leaf.getAttributeCond() != null && leaf.getAttributeCond().getType() == AttributeCond.Type.ISNULL) {
                    leaf.getAttributeCond().setType(AttributeCond.Type.ISNOTNULL);
                } else if (leaf.getAnyCond() != null && leaf.getAnyCond().getType() == AnyCond.Type.ISNULL) {
                    leaf.getAnyCond().setType(AttributeCond.Type.ISNOTNULL);
                } else {
                    leaf = SearchCond.getNotLeafCond(leaf);
                }
            }
            break;
        case GREATER_OR_EQUALS:
            attributeCond.setType(AttributeCond.Type.GE);
            leaf = SearchCond.getLeafCond(attributeCond);
            break;
        case GREATER_THAN:
            attributeCond.setType(AttributeCond.Type.GT);
            leaf = SearchCond.getLeafCond(attributeCond);
            break;
        case LESS_OR_EQUALS:
            attributeCond.setType(AttributeCond.Type.LE);
            leaf = SearchCond.getLeafCond(attributeCond);
            break;
        case LESS_THAN:
            attributeCond.setType(AttributeCond.Type.LT);
            leaf = SearchCond.getLeafCond(attributeCond);
            break;
        default:
            throw new IllegalArgumentException(String.format("Condition type %s is not supported", ct.name()));
    }
    return leaf;
}
Also used : AssignableCond(org.apache.syncope.core.persistence.api.dao.search.AssignableCond) MemberCond(org.apache.syncope.core.persistence.api.dao.search.MemberCond) AttributeCond(org.apache.syncope.core.persistence.api.dao.search.AttributeCond) SearchBean(org.apache.cxf.jaxrs.ext.search.SearchBean) MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) UnsupportedEncodingException(java.io.UnsupportedEncodingException) RelationshipCond(org.apache.syncope.core.persistence.api.dao.search.RelationshipCond) ResourceCond(org.apache.syncope.core.persistence.api.dao.search.ResourceCond) SpecialAttr(org.apache.syncope.common.lib.search.SpecialAttr) SyncopeFiqlSearchCondition(org.apache.syncope.common.lib.search.SyncopeFiqlSearchCondition) AnyTypeCond(org.apache.syncope.core.persistence.api.dao.search.AnyTypeCond) RoleCond(org.apache.syncope.core.persistence.api.dao.search.RoleCond) DynRealmCond(org.apache.syncope.core.persistence.api.dao.search.DynRealmCond) RelationshipTypeCond(org.apache.syncope.core.persistence.api.dao.search.RelationshipTypeCond) ConditionType(org.apache.cxf.jaxrs.ext.search.ConditionType) SearchCond(org.apache.syncope.core.persistence.api.dao.search.SearchCond) PrivilegeCond(org.apache.syncope.core.persistence.api.dao.search.PrivilegeCond)

Example 9 with MembershipCond

use of org.apache.syncope.core.persistence.api.dao.search.MembershipCond in project syncope by apache.

the class SearchCondConverterTest method groups.

@Test
public void groups() {
    String fiql = new UserFiqlSearchConditionBuilder().inGroups("e7ff94e8-19c9-4f0a-b8b7-28327edbf6ed").query();
    assertEquals(SpecialAttr.GROUPS + "==e7ff94e8-19c9-4f0a-b8b7-28327edbf6ed", fiql);
    MembershipCond groupCond = new MembershipCond();
    groupCond.setGroup("e7ff94e8-19c9-4f0a-b8b7-28327edbf6ed");
    SearchCond simpleCond = SearchCond.getLeafCond(groupCond);
    assertEquals(simpleCond, SearchCondConverter.convert(fiql));
}
Also used : MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) UserFiqlSearchConditionBuilder(org.apache.syncope.common.lib.search.UserFiqlSearchConditionBuilder) SearchCond(org.apache.syncope.core.persistence.api.dao.search.SearchCond) Test(org.junit.jupiter.api.Test)

Example 10 with MembershipCond

use of org.apache.syncope.core.persistence.api.dao.search.MembershipCond in project syncope by apache.

the class AnySearchTest method userMatch.

@Test
public void userMatch() {
    User user = userDAO.find("1417acbe-cbf6-4277-9372-e75e04f97000");
    assertNotNull(user);
    MembershipCond groupCond = new MembershipCond();
    groupCond.setGroup("secretary");
    assertFalse(searchDAO.matches(user, SearchCond.getLeafCond(groupCond)));
    groupCond.setGroup("root");
    assertTrue(searchDAO.matches(user, SearchCond.getLeafCond(groupCond)));
    RoleCond roleCond = new RoleCond();
    roleCond.setRole("Other");
    assertTrue(searchDAO.matches(user, SearchCond.getLeafCond(roleCond)));
    PrivilegeCond privilegeCond = new PrivilegeCond();
    privilegeCond.setPrivilege("postMighty");
    assertTrue(searchDAO.matches(user, SearchCond.getLeafCond(privilegeCond)));
    user = userDAO.find("c9b2dec2-00a7-4855-97c0-d854842b4b24");
    assertNotNull(user);
    RelationshipCond relationshipCond = new RelationshipCond();
    relationshipCond.setAnyObject("fc6dbc3a-6c07-4965-8781-921e7401a4a5");
    assertTrue(searchDAO.matches(user, SearchCond.getLeafCond(relationshipCond)));
    RelationshipTypeCond relationshipTypeCond = new RelationshipTypeCond();
    relationshipTypeCond.setRelationshipTypeKey("neighborhood");
    assertTrue(searchDAO.matches(user, SearchCond.getLeafCond(relationshipTypeCond)));
}
Also used : User(org.apache.syncope.core.persistence.api.entity.user.User) RoleCond(org.apache.syncope.core.persistence.api.dao.search.RoleCond) MembershipCond(org.apache.syncope.core.persistence.api.dao.search.MembershipCond) RelationshipCond(org.apache.syncope.core.persistence.api.dao.search.RelationshipCond) RelationshipTypeCond(org.apache.syncope.core.persistence.api.dao.search.RelationshipTypeCond) PrivilegeCond(org.apache.syncope.core.persistence.api.dao.search.PrivilegeCond) Test(org.junit.jupiter.api.Test) AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest)

Aggregations

MembershipCond (org.apache.syncope.core.persistence.api.dao.search.MembershipCond)11 SearchCond (org.apache.syncope.core.persistence.api.dao.search.SearchCond)8 Test (org.junit.jupiter.api.Test)7 User (org.apache.syncope.core.persistence.api.entity.user.User)6 AbstractTest (org.apache.syncope.core.persistence.jpa.AbstractTest)6 AttributeCond (org.apache.syncope.core.persistence.api.dao.search.AttributeCond)4 OrderByClause (org.apache.syncope.core.persistence.api.dao.search.OrderByClause)3 AnyTypeCond (org.apache.syncope.core.persistence.api.dao.search.AnyTypeCond)2 PrivilegeCond (org.apache.syncope.core.persistence.api.dao.search.PrivilegeCond)2 RelationshipCond (org.apache.syncope.core.persistence.api.dao.search.RelationshipCond)2 RelationshipTypeCond (org.apache.syncope.core.persistence.api.dao.search.RelationshipTypeCond)2 RoleCond (org.apache.syncope.core.persistence.api.dao.search.RoleCond)2 Member (org.apache.syncope.ext.scimv2.api.data.Member)2 SCIMGroup (org.apache.syncope.ext.scimv2.api.data.SCIMGroup)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Arrays (java.util.Arrays)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1