Search in sources :

Example 11 with AnyUtils

use of org.apache.syncope.core.persistence.api.entity.AnyUtils in project syncope by apache.

the class UserDataBinderImpl method create.

@Override
public void create(final User user, final UserTO userTO, final boolean storePassword) {
    SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
    // set username
    user.setUsername(userTO.getUsername());
    // set password
    if (StringUtils.isBlank(userTO.getPassword()) || !storePassword) {
        LOG.debug("Password was not provided or not required to be stored");
    } else {
        setPassword(user, userTO.getPassword(), scce);
    }
    user.setMustChangePassword(userTO.isMustChangePassword());
    // security question / answer
    if (userTO.getSecurityQuestion() != null) {
        SecurityQuestion securityQuestion = securityQuestionDAO.find(userTO.getSecurityQuestion());
        if (securityQuestion != null) {
            user.setSecurityQuestion(securityQuestion);
        }
    }
    user.setSecurityAnswer(userTO.getSecurityAnswer());
    // roles
    userTO.getRoles().forEach(roleKey -> {
        Role role = roleDAO.find(roleKey);
        if (role == null) {
            LOG.warn("Ignoring unknown role with id {}", roleKey);
        } else {
            user.add(role);
        }
    });
    // realm
    Realm realm = realmDAO.findByFullPath(userTO.getRealm());
    if (realm == null) {
        SyncopeClientException noRealm = SyncopeClientException.build(ClientExceptionType.InvalidRealm);
        noRealm.getElements().add("Invalid or null realm specified: " + userTO.getRealm());
        scce.addException(noRealm);
    }
    user.setRealm(realm);
    AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.USER);
    if (user.getRealm() != null) {
        // relationships
        userTO.getRelationships().forEach(relationshipTO -> {
            AnyObject otherEnd = anyObjectDAO.find(relationshipTO.getOtherEndKey());
            if (otherEnd == null) {
                LOG.debug("Ignoring invalid anyObject " + relationshipTO.getOtherEndKey());
            } else if (user.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
                RelationshipType relationshipType = relationshipTypeDAO.find(relationshipTO.getType());
                if (relationshipType == null) {
                    LOG.debug("Ignoring invalid relationship type {}", relationshipTO.getType());
                } else {
                    URelationship relationship = entityFactory.newEntity(URelationship.class);
                    relationship.setType(relationshipType);
                    relationship.setRightEnd(otherEnd);
                    relationship.setLeftEnd(user);
                    user.add(relationship);
                }
            } else {
                LOG.error("{} cannot be assigned to {}", otherEnd, user);
                SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
                unassignabled.getElements().add("Cannot be assigned: " + otherEnd);
                scce.addException(unassignabled);
            }
        });
        // memberships
        userTO.getMemberships().forEach(membershipTO -> {
            Group group = membershipTO.getGroupKey() == null ? groupDAO.findByName(membershipTO.getGroupName()) : groupDAO.find(membershipTO.getGroupKey());
            if (group == null) {
                LOG.debug("Ignoring invalid group " + membershipTO.getGroupKey() + " / " + membershipTO.getGroupName());
            } else if (user.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
                UMembership membership = entityFactory.newEntity(UMembership.class);
                membership.setRightEnd(group);
                membership.setLeftEnd(user);
                user.add(membership);
                // membership attributes
                fill(user, membership, membershipTO, anyUtils, scce);
            } else {
                LOG.error("{} cannot be assigned to {}", group, user);
                SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
                unassignable.getElements().add("Cannot be assigned: " + group);
                scce.addException(unassignable);
            }
        });
    }
    // attributes and resources
    fill(user, userTO, anyUtils, scce);
    // Throw composite exception if there is at least one element set in the composing exceptions
    if (scce.hasExceptions()) {
        throw scce;
    }
}
Also used : Role(org.apache.syncope.core.persistence.api.entity.Role) Group(org.apache.syncope.core.persistence.api.entity.group.Group) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) UMembership(org.apache.syncope.core.persistence.api.entity.user.UMembership) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) Realm(org.apache.syncope.core.persistence.api.entity.Realm) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) URelationship(org.apache.syncope.core.persistence.api.entity.user.URelationship) SecurityQuestion(org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion)

Example 12 with AnyUtils

use of org.apache.syncope.core.persistence.api.entity.AnyUtils in project syncope by apache.

the class UserDataBinderImpl method update.

@Override
public PropagationByResource update(final User toBeUpdated, final UserPatch userPatch) {
    // Re-merge any pending change from workflow tasks
    User user = userDAO.save(toBeUpdated);
    PropagationByResource propByRes = new PropagationByResource();
    SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
    AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.USER);
    Collection<String> currentResources = userDAO.findAllResourceKeys(user.getKey());
    // fetch connObjectKeys before update
    Map<String, String> oldConnObjectKeys = getConnObjectKeys(user, anyUtils);
    // realm
    setRealm(user, userPatch);
    // password
    if (userPatch.getPassword() != null && StringUtils.isNotBlank(userPatch.getPassword().getValue())) {
        if (userPatch.getPassword().isOnSyncope()) {
            setPassword(user, userPatch.getPassword().getValue(), scce);
            user.setChangePwdDate(new Date());
        }
        propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
    }
    // username
    if (userPatch.getUsername() != null && StringUtils.isNotBlank(userPatch.getUsername().getValue())) {
        String oldUsername = user.getUsername();
        user.setUsername(userPatch.getUsername().getValue());
        if (oldUsername.equals(AuthContextUtils.getUsername())) {
            AuthContextUtils.updateUsername(userPatch.getUsername().getValue());
        }
        AccessToken accessToken = accessTokenDAO.findByOwner(oldUsername);
        if (accessToken != null) {
            accessToken.setOwner(userPatch.getUsername().getValue());
            accessTokenDAO.save(accessToken);
        }
        propByRes.addAll(ResourceOperation.UPDATE, currentResources);
    }
    // security question / answer:
    if (userPatch.getSecurityQuestion() != null) {
        if (userPatch.getSecurityQuestion().getValue() == null) {
            user.setSecurityQuestion(null);
            user.setSecurityAnswer(null);
        } else {
            SecurityQuestion securityQuestion = securityQuestionDAO.find(userPatch.getSecurityQuestion().getValue());
            if (securityQuestion != null) {
                user.setSecurityQuestion(securityQuestion);
                user.setSecurityAnswer(userPatch.getSecurityAnswer().getValue());
            }
        }
    }
    if (userPatch.getMustChangePassword() != null) {
        user.setMustChangePassword(userPatch.getMustChangePassword().getValue());
    }
    // roles
    for (StringPatchItem patch : userPatch.getRoles()) {
        Role role = roleDAO.find(patch.getValue());
        if (role == null) {
            LOG.warn("Ignoring unknown role with key {}", patch.getValue());
        } else {
            switch(patch.getOperation()) {
                case ADD_REPLACE:
                    user.add(role);
                    break;
                case DELETE:
                default:
                    user.getRoles().remove(role);
            }
        }
    }
    // attributes and resources
    propByRes.merge(fill(user, userPatch, anyUtils, scce));
    // relationships
    userPatch.getRelationships().stream().filter(patch -> patch.getRelationshipTO() != null).forEachOrdered((patch) -> {
        RelationshipType relationshipType = relationshipTypeDAO.find(patch.getRelationshipTO().getType());
        if (relationshipType == null) {
            LOG.debug("Ignoring invalid relationship type {}", patch.getRelationshipTO().getType());
        } else {
            Optional<? extends URelationship> relationship = user.getRelationship(relationshipType, patch.getRelationshipTO().getOtherEndKey());
            if (relationship.isPresent()) {
                user.getRelationships().remove(relationship.get());
                relationship.get().setLeftEnd(null);
            }
            if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
                AnyObject otherEnd = anyObjectDAO.find(patch.getRelationshipTO().getOtherEndKey());
                if (otherEnd == null) {
                    LOG.debug("Ignoring invalid any object {}", patch.getRelationshipTO().getOtherEndKey());
                } else if (user.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
                    URelationship newRelationship = entityFactory.newEntity(URelationship.class);
                    newRelationship.setType(relationshipType);
                    newRelationship.setRightEnd(otherEnd);
                    newRelationship.setLeftEnd(user);
                    user.add(newRelationship);
                } else {
                    LOG.error("{} cannot be assigned to {}", otherEnd, user);
                    SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
                    unassignable.getElements().add("Cannot be assigned: " + otherEnd);
                    scce.addException(unassignable);
                }
            }
        }
    });
    // prepare for membership-related resource management
    Collection<ExternalResource> resources = userDAO.findAllResources(user);
    Map<String, Set<String>> reasons = new HashMap<>();
    user.getResources().forEach(resource -> {
        reasons.put(resource.getKey(), new HashSet<>(Collections.singleton(user.getKey())));
    });
    userDAO.findAllGroupKeys(user).forEach(group -> {
        groupDAO.findAllResourceKeys(group).forEach(resource -> {
            if (!reasons.containsKey(resource)) {
                reasons.put(resource, new HashSet<>());
            }
            reasons.get(resource).add(group);
        });
    });
    Set<String> toBeDeprovisioned = new HashSet<>();
    Set<String> toBeProvisioned = new HashSet<>();
    SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
    // memberships
    userPatch.getMemberships().stream().filter(membPatch -> membPatch.getGroup() != null).forEachOrdered((membPatch) -> {
        Optional<? extends UMembership> membership = user.getMembership(membPatch.getGroup());
        if (membership.isPresent()) {
            user.getMemberships().remove(membership.get());
            membership.get().setLeftEnd(null);
            user.getPlainAttrs(membership.get()).forEach(attr -> {
                user.remove(attr);
                attr.setOwner(null);
                attr.setMembership(null);
            });
            if (membPatch.getOperation() == PatchOperation.DELETE) {
                groupDAO.findAllResourceKeys(membership.get().getRightEnd().getKey()).stream().filter(resource -> reasons.containsKey(resource)).forEach(resource -> {
                    reasons.get(resource).remove(membership.get().getRightEnd().getKey());
                    toBeProvisioned.add(resource);
                });
            }
        }
        if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
            Group group = groupDAO.find(membPatch.getGroup());
            if (group == null) {
                LOG.debug("Ignoring invalid group {}", membPatch.getGroup());
            } else if (user.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
                UMembership newMembership = entityFactory.newEntity(UMembership.class);
                newMembership.setRightEnd(group);
                newMembership.setLeftEnd(user);
                user.add(newMembership);
                membPatch.getPlainAttrs().forEach(attrTO -> {
                    PlainSchema schema = getPlainSchema(attrTO.getSchema());
                    if (schema == null) {
                        LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + "{}, ignoring...", attrTO.getSchema());
                    } else {
                        UPlainAttr attr = user.getPlainAttr(schema.getKey(), newMembership).orElse(null);
                        if (attr == null) {
                            LOG.debug("No plain attribute found for {} and membership of {}", schema, newMembership.getRightEnd());
                            attr = anyUtils.newPlainAttr();
                            attr.setOwner(user);
                            attr.setMembership(newMembership);
                            attr.setSchema(schema);
                            user.add(attr);
                            AttrPatch patch = new AttrPatch.Builder().attrTO(attrTO).build();
                            processAttrPatch(user, patch, schema, attr, anyUtils, resources, propByRes, invalidValues);
                        }
                    }
                });
                if (!invalidValues.isEmpty()) {
                    scce.addException(invalidValues);
                }
                toBeProvisioned.addAll(groupDAO.findAllResourceKeys(group.getKey()));
                // ensure that they are counted for password propagation
                if (toBeUpdated.canDecodePassword()) {
                    if (userPatch.getPassword() == null) {
                        userPatch.setPassword(new PasswordPatch());
                    }
                    group.getResources().stream().filter(resource -> isPasswordMapped(resource)).forEachOrdered(resource -> {
                        userPatch.getPassword().getResources().add(resource.getKey());
                    });
                }
            } else {
                LOG.error("{} cannot be assigned to {}", group, user);
                SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
                unassignabled.getElements().add("Cannot be assigned: " + group);
                scce.addException(unassignabled);
            }
        }
    });
    // finalize resource management
    reasons.entrySet().stream().filter(entry -> entry.getValue().isEmpty()).forEach(entry -> toBeDeprovisioned.add(entry.getKey()));
    propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
    propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);
    // attribute values.
    if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
        currentResources.removeAll(toBeDeprovisioned);
        propByRes.addAll(ResourceOperation.UPDATE, currentResources);
    }
    // check if some connObjectKey was changed by the update above
    Map<String, String> newcCnnObjectKeys = getConnObjectKeys(user, anyUtils);
    oldConnObjectKeys.entrySet().stream().filter(entry -> newcCnnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newcCnnObjectKeys.get(entry.getKey()))).forEach(entry -> {
        propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
        propByRes.add(ResourceOperation.UPDATE, entry.getKey());
    });
    Pair<Set<String>, Set<String>> dynGroupMembs = userDAO.saveAndGetDynGroupMembs(user);
    // finally check if any resource assignment is to be processed due to dynamic group membership change
    dynGroupMembs.getLeft().stream().filter(group -> !dynGroupMembs.getRight().contains(group)).forEach(delete -> {
        groupDAO.find(delete).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.DELETE, resource.getKey());
        });
    });
    dynGroupMembs.getLeft().stream().filter(group -> dynGroupMembs.getRight().contains(group)).forEach(update -> {
        groupDAO.find(update).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.UPDATE, resource.getKey());
        });
    });
    dynGroupMembs.getRight().stream().filter(group -> !dynGroupMembs.getLeft().contains(group)).forEach(create -> {
        groupDAO.find(create).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.CREATE, resource.getKey());
        });
    });
    // Throw composite exception if there is at least one element set in the composing exceptions
    if (scce.hasExceptions()) {
        throw scce;
    }
    return propByRes;
}
Also used : StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) SecurityQuestionDAO(org.apache.syncope.core.persistence.api.dao.SecurityQuestionDAO) Date(java.util.Date) Realm(org.apache.syncope.core.persistence.api.entity.Realm) Autowired(org.springframework.beans.factory.annotation.Autowired) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Entity(org.apache.syncope.core.persistence.api.entity.Entity) ResourceOperation(org.apache.syncope.common.lib.types.ResourceOperation) StringUtils(org.apache.commons.lang3.StringUtils) RoleDAO(org.apache.syncope.core.persistence.api.dao.RoleDAO) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) UserDataBinder(org.apache.syncope.core.provisioning.api.data.UserDataBinder) PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource) AuthContextUtils(org.apache.syncope.core.spring.security.AuthContextUtils) Role(org.apache.syncope.core.persistence.api.entity.Role) Collection(java.util.Collection) Resource(javax.annotation.Resource) Set(java.util.Set) Collectors(java.util.stream.Collectors) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) List(java.util.List) Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) Group(org.apache.syncope.core.persistence.api.entity.group.Group) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) Optional(java.util.Optional) ConfDAO(org.apache.syncope.core.persistence.api.dao.ConfDAO) UPlainAttr(org.apache.syncope.core.persistence.api.entity.user.UPlainAttr) AccessToken(org.apache.syncope.core.persistence.api.entity.AccessToken) HashMap(java.util.HashMap) BooleanUtils(org.apache.commons.lang3.BooleanUtils) BeanUtils(org.apache.syncope.core.spring.BeanUtils) URelationship(org.apache.syncope.core.persistence.api.entity.user.URelationship) HashSet(java.util.HashSet) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) UMembership(org.apache.syncope.core.persistence.api.entity.user.UMembership) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) CipherAlgorithm(org.apache.syncope.common.lib.types.CipherAlgorithm) Encryptor(org.apache.syncope.core.spring.security.Encryptor) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) User(org.apache.syncope.core.persistence.api.entity.user.User) AccessTokenDAO(org.apache.syncope.core.persistence.api.dao.AccessTokenDAO) VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Component(org.springframework.stereotype.Component) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) UserTO(org.apache.syncope.common.lib.to.UserTO) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) Collections(java.util.Collections) SecurityQuestion(org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion) Transactional(org.springframework.transaction.annotation.Transactional) Group(org.apache.syncope.core.persistence.api.entity.group.Group) User(org.apache.syncope.core.persistence.api.entity.user.User) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource) SecurityQuestion(org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion) UMembership(org.apache.syncope.core.persistence.api.entity.user.UMembership) AccessToken(org.apache.syncope.core.persistence.api.entity.AccessToken) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) UPlainAttr(org.apache.syncope.core.persistence.api.entity.user.UPlainAttr) URelationship(org.apache.syncope.core.persistence.api.entity.user.URelationship) HashSet(java.util.HashSet) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) Date(java.util.Date) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) Role(org.apache.syncope.core.persistence.api.entity.Role) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils)

Example 13 with AnyUtils

use of org.apache.syncope.core.persistence.api.entity.AnyUtils in project syncope by apache.

the class AnyObjectDataBinderImpl method create.

@Override
public void create(final AnyObject anyObject, final AnyObjectTO anyObjectTO) {
    AnyType type = anyTypeDAO.find(anyObjectTO.getType());
    if (type == null) {
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
        sce.getElements().add(anyObjectTO.getType());
        throw sce;
    }
    anyObject.setType(type);
    SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
    // name
    SyncopeClientException invalidGroups = SyncopeClientException.build(ClientExceptionType.InvalidGroup);
    if (anyObjectTO.getName() == null) {
        LOG.error("No name specified for this anyObject");
        invalidGroups.getElements().add("No name specified for this anyObject");
    } else {
        anyObject.setName(anyObjectTO.getName());
    }
    // realm
    Realm realm = realmDAO.findByFullPath(anyObjectTO.getRealm());
    if (realm == null) {
        SyncopeClientException noRealm = SyncopeClientException.build(ClientExceptionType.InvalidRealm);
        noRealm.getElements().add("Invalid or null realm specified: " + anyObjectTO.getRealm());
        scce.addException(noRealm);
    }
    anyObject.setRealm(realm);
    AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.ANY_OBJECT);
    if (anyObject.getRealm() != null) {
        // relationships
        anyObjectTO.getRelationships().forEach(relationshipTO -> {
            if (StringUtils.isBlank(relationshipTO.getOtherEndType()) || AnyTypeKind.USER.name().equals(relationshipTO.getOtherEndType()) || AnyTypeKind.GROUP.name().equals(relationshipTO.getOtherEndType())) {
                SyncopeClientException invalidAnyType = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
                invalidAnyType.getElements().add(AnyType.class.getSimpleName() + " not allowed for relationship: " + relationshipTO.getOtherEndType());
                scce.addException(invalidAnyType);
            } else {
                AnyObject otherEnd = anyObjectDAO.find(relationshipTO.getOtherEndKey());
                if (otherEnd == null) {
                    LOG.debug("Ignoring invalid anyObject " + relationshipTO.getOtherEndKey());
                } else if (anyObject.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
                    RelationshipType relationshipType = relationshipTypeDAO.find(relationshipTO.getType());
                    if (relationshipType == null) {
                        LOG.debug("Ignoring invalid relationship type {}", relationshipTO.getType());
                    } else {
                        ARelationship relationship = entityFactory.newEntity(ARelationship.class);
                        relationship.setType(relationshipType);
                        relationship.setRightEnd(otherEnd);
                        relationship.setLeftEnd(anyObject);
                        anyObject.add(relationship);
                    }
                } else {
                    LOG.error("{} cannot be assigned to {}", otherEnd, anyObject);
                    SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
                    unassignabled.getElements().add("Cannot be assigned: " + otherEnd);
                    scce.addException(unassignabled);
                }
            }
        });
        // memberships
        anyObjectTO.getMemberships().forEach(membershipTO -> {
            Group group = membershipTO.getGroupKey() == null ? groupDAO.findByName(membershipTO.getGroupName()) : groupDAO.find(membershipTO.getGroupKey());
            if (group == null) {
                LOG.debug("Ignoring invalid group " + membershipTO.getGroupKey() + " / " + membershipTO.getGroupName());
            } else if (anyObject.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
                AMembership membership = entityFactory.newEntity(AMembership.class);
                membership.setRightEnd(group);
                membership.setLeftEnd(anyObject);
                anyObject.add(membership);
                // membership attributes
                fill(anyObject, membership, membershipTO, anyUtils, scce);
            } else {
                LOG.error("{} cannot be assigned to {}", group, anyObject);
                SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
                unassignable.getElements().add("Cannot be assigned: " + group);
                scce.addException(unassignable);
            }
        });
    }
    // attributes and resources
    fill(anyObject, anyObjectTO, anyUtils, scce);
    // Throw composite exception if there is at least one element set in the composing exceptions
    if (scce.hasExceptions()) {
        throw scce;
    }
}
Also used : Group(org.apache.syncope.core.persistence.api.entity.group.Group) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) AMembership(org.apache.syncope.core.persistence.api.entity.anyobject.AMembership) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) Realm(org.apache.syncope.core.persistence.api.entity.Realm) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) ARelationship(org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship)

Example 14 with AnyUtils

use of org.apache.syncope.core.persistence.api.entity.AnyUtils in project syncope by apache.

the class AnyObjectDataBinderImpl method update.

@Override
public PropagationByResource update(final AnyObject toBeUpdated, final AnyObjectPatch anyObjectPatch) {
    // Re-merge any pending change from workflow tasks
    AnyObject anyObject = anyObjectDAO.save(toBeUpdated);
    PropagationByResource propByRes = new PropagationByResource();
    SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
    AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.ANY_OBJECT);
    Collection<String> currentResources = anyObjectDAO.findAllResourceKeys(anyObject.getKey());
    // fetch connObjectKeys before update
    Map<String, String> oldConnObjectKeys = getConnObjectKeys(anyObject, anyUtils);
    // realm
    setRealm(anyObject, anyObjectPatch);
    // name
    if (anyObjectPatch.getName() != null && StringUtils.isNotBlank(anyObjectPatch.getName().getValue())) {
        propByRes.addAll(ResourceOperation.UPDATE, anyObjectDAO.findAllResourceKeys(anyObject.getKey()));
        anyObject.setName(anyObjectPatch.getName().getValue());
    }
    // attributes and resources
    propByRes.merge(fill(anyObject, anyObjectPatch, anyUtils, scce));
    // relationships
    anyObjectPatch.getRelationships().stream().filter(patch -> patch.getRelationshipTO() != null).forEachOrdered((patch) -> {
        RelationshipType relationshipType = relationshipTypeDAO.find(patch.getRelationshipTO().getType());
        if (relationshipType == null) {
            LOG.debug("Ignoring invalid relationship type {}", patch.getRelationshipTO().getType());
        } else {
            Optional<? extends ARelationship> relationship = anyObject.getRelationship(relationshipType, patch.getRelationshipTO().getOtherEndKey());
            if (relationship.isPresent()) {
                anyObject.getRelationships().remove(relationship.get());
                relationship.get().setLeftEnd(null);
            }
            if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
                if (StringUtils.isBlank(patch.getRelationshipTO().getOtherEndType()) || AnyTypeKind.USER.name().equals(patch.getRelationshipTO().getOtherEndType()) || AnyTypeKind.GROUP.name().equals(patch.getRelationshipTO().getOtherEndType())) {
                    SyncopeClientException invalidAnyType = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
                    invalidAnyType.getElements().add(AnyType.class.getSimpleName() + " not allowed for relationship: " + patch.getRelationshipTO().getOtherEndType());
                    scce.addException(invalidAnyType);
                } else {
                    AnyObject otherEnd = anyObjectDAO.find(patch.getRelationshipTO().getOtherEndKey());
                    if (otherEnd == null) {
                        LOG.debug("Ignoring invalid any object {}", patch.getRelationshipTO().getOtherEndKey());
                    } else if (anyObject.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
                        ARelationship newRelationship = entityFactory.newEntity(ARelationship.class);
                        newRelationship.setType(relationshipType);
                        newRelationship.setRightEnd(otherEnd);
                        newRelationship.setLeftEnd(anyObject);
                        anyObject.add(newRelationship);
                    } else {
                        LOG.error("{} cannot be assigned to {}", otherEnd, anyObject);
                        SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
                        unassignable.getElements().add("Cannot be assigned: " + otherEnd);
                        scce.addException(unassignable);
                    }
                }
            }
        }
    });
    // prepare for membership-related resource management
    Collection<ExternalResource> resources = anyObjectDAO.findAllResources(anyObject);
    Map<String, Set<String>> reasons = new HashMap<>();
    anyObject.getResources().forEach(resource -> {
        reasons.put(resource.getKey(), new HashSet<>(Collections.singleton(anyObject.getKey())));
    });
    anyObjectDAO.findAllGroupKeys(anyObject).forEach(group -> {
        groupDAO.findAllResourceKeys(group).forEach(resource -> {
            if (!reasons.containsKey(resource)) {
                reasons.put(resource, new HashSet<>());
            }
            reasons.get(resource).add(group);
        });
    });
    Set<String> toBeDeprovisioned = new HashSet<>();
    Set<String> toBeProvisioned = new HashSet<>();
    SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
    // memberships
    anyObjectPatch.getMemberships().stream().filter((membPatch) -> (membPatch.getGroup() != null)).forEachOrdered(membPatch -> {
        Optional<? extends AMembership> membership = anyObject.getMembership(membPatch.getGroup());
        if (membership.isPresent()) {
            anyObject.getMemberships().remove(membership.get());
            membership.get().setLeftEnd(null);
            anyObject.getPlainAttrs(membership.get()).forEach(attr -> {
                anyObject.remove(attr);
                attr.setOwner(null);
            });
            if (membPatch.getOperation() == PatchOperation.DELETE) {
                groupDAO.findAllResourceKeys(membership.get().getRightEnd().getKey()).stream().filter(resource -> reasons.containsKey(resource)).forEach(resource -> {
                    reasons.get(resource).remove(membership.get().getRightEnd().getKey());
                    toBeProvisioned.add(resource);
                });
            }
        }
        if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
            Group group = groupDAO.find(membPatch.getGroup());
            if (group == null) {
                LOG.debug("Ignoring invalid group {}", membPatch.getGroup());
            } else if (anyObject.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
                AMembership newMembership = entityFactory.newEntity(AMembership.class);
                newMembership.setRightEnd(group);
                newMembership.setLeftEnd(anyObject);
                anyObject.add(newMembership);
                membPatch.getPlainAttrs().forEach(attrTO -> {
                    PlainSchema schema = getPlainSchema(attrTO.getSchema());
                    if (schema == null) {
                        LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + "{}, ignoring...", attrTO.getSchema());
                    } else {
                        Optional<? extends APlainAttr> attr = anyObject.getPlainAttr(schema.getKey(), newMembership);
                        if (!attr.isPresent()) {
                            LOG.debug("No plain attribute found for {} and membership of {}", schema, newMembership.getRightEnd());
                            APlainAttr newAttr = anyUtils.newPlainAttr();
                            newAttr.setOwner(anyObject);
                            newAttr.setMembership(newMembership);
                            newAttr.setSchema(schema);
                            anyObject.add(newAttr);
                            AttrPatch patch = new AttrPatch.Builder().attrTO(attrTO).build();
                            processAttrPatch(anyObject, patch, schema, newAttr, anyUtils, resources, propByRes, invalidValues);
                        }
                    }
                });
                if (!invalidValues.isEmpty()) {
                    scce.addException(invalidValues);
                }
                toBeProvisioned.addAll(groupDAO.findAllResourceKeys(group.getKey()));
            } else {
                LOG.error("{} cannot be assigned to {}", group, anyObject);
                SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
                unassignabled.getElements().add("Cannot be assigned: " + group);
                scce.addException(unassignabled);
            }
        }
    });
    // finalize resource management
    reasons.entrySet().stream().filter(entry -> entry.getValue().isEmpty()).forEach(entry -> toBeDeprovisioned.add(entry.getKey()));
    propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
    propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);
    // attribute values.
    if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
        currentResources.removeAll(toBeDeprovisioned);
        propByRes.addAll(ResourceOperation.UPDATE, currentResources);
    }
    // check if some connObjectKey was changed by the update above
    Map<String, String> newcCnnObjectKeys = getConnObjectKeys(anyObject, anyUtils);
    oldConnObjectKeys.entrySet().stream().filter(entry -> newcCnnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newcCnnObjectKeys.get(entry.getKey()))).forEach(entry -> {
        propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
        propByRes.add(ResourceOperation.UPDATE, entry.getKey());
    });
    Pair<Set<String>, Set<String>> dynGroupMembs = anyObjectDAO.saveAndGetDynGroupMembs(anyObject);
    // finally check if any resource assignment is to be processed due to dynamic group membership change
    dynGroupMembs.getLeft().stream().filter(group -> !dynGroupMembs.getRight().contains(group)).forEach(delete -> {
        groupDAO.find(delete).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.DELETE, resource.getKey());
        });
    });
    dynGroupMembs.getLeft().stream().filter(group -> dynGroupMembs.getRight().contains(group)).forEach(update -> {
        groupDAO.find(update).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.UPDATE, resource.getKey());
        });
    });
    dynGroupMembs.getRight().stream().filter(group -> !dynGroupMembs.getLeft().contains(group)).forEach(create -> {
        groupDAO.find(create).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
            propByRes.add(ResourceOperation.CREATE, resource.getKey());
        });
    });
    // Throw composite exception if there is at least one element set in the composing exceptions
    if (scce.hasExceptions()) {
        throw scce;
    }
    return propByRes;
}
Also used : SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Realm(org.apache.syncope.core.persistence.api.entity.Realm) AnyObjectPatch(org.apache.syncope.common.lib.patch.AnyObjectPatch) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) ResourceOperation(org.apache.syncope.common.lib.types.ResourceOperation) BeanUtils(org.apache.syncope.core.spring.BeanUtils) StringUtils(org.apache.commons.lang3.StringUtils) HashSet(java.util.HashSet) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) Collection(java.util.Collection) AMembership(org.apache.syncope.core.persistence.api.entity.anyobject.AMembership) Set(java.util.Set) Collectors(java.util.stream.Collectors) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) List(java.util.List) ARelationship(org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship) Component(org.springframework.stereotype.Component) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) Group(org.apache.syncope.core.persistence.api.entity.group.Group) Optional(java.util.Optional) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils) AnyObjectDataBinder(org.apache.syncope.core.provisioning.api.data.AnyObjectDataBinder) Collections(java.util.Collections) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) APlainAttr(org.apache.syncope.core.persistence.api.entity.anyobject.APlainAttr) Transactional(org.springframework.transaction.annotation.Transactional) Group(org.apache.syncope.core.persistence.api.entity.group.Group) HashSet(java.util.HashSet) Set(java.util.Set) APlainAttr(org.apache.syncope.core.persistence.api.entity.anyobject.APlainAttr) HashMap(java.util.HashMap) RelationshipType(org.apache.syncope.core.persistence.api.entity.RelationshipType) PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) AnyType(org.apache.syncope.core.persistence.api.entity.AnyType) HashSet(java.util.HashSet) SyncopeClientCompositeException(org.apache.syncope.common.lib.SyncopeClientCompositeException) Optional(java.util.Optional) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ARelationship(org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) AttrPatch(org.apache.syncope.common.lib.patch.AttrPatch) AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject) AMembership(org.apache.syncope.core.persistence.api.entity.anyobject.AMembership) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils)

Example 15 with AnyUtils

use of org.apache.syncope.core.persistence.api.entity.AnyUtils in project syncope by apache.

the class AbstractAnySearchDAO method check.

protected Triple<PlainSchema, PlainAttrValue, AnyCond> check(final AnyCond cond, final AnyTypeKind kind) {
    AnyCond condClone = SerializationUtils.clone(cond);
    AnyUtils attrUtils = anyUtilsFactory.getInstance(kind);
    // Keeps track of difference between entity's getKey() and JPA @Id fields
    if ("key".equals(condClone.getSchema())) {
        condClone.setSchema("id");
    }
    Field anyField = ReflectionUtils.findField(attrUtils.anyClass(), condClone.getSchema());
    if (anyField == null) {
        LOG.warn("Ignoring invalid schema '{}'", condClone.getSchema());
        throw new IllegalArgumentException();
    }
    PlainSchema schema = new JPAPlainSchema();
    schema.setKey(anyField.getName());
    for (AttrSchemaType attrSchemaType : AttrSchemaType.values()) {
        if (anyField.getType().isAssignableFrom(attrSchemaType.getType())) {
            schema.setType(attrSchemaType);
        }
    }
    // Deal with any Integer fields logically mapping to boolean values
    boolean foundBooleanMin = false;
    boolean foundBooleanMax = false;
    if (Integer.class.equals(anyField.getType())) {
        for (Annotation annotation : anyField.getAnnotations()) {
            if (Min.class.equals(annotation.annotationType())) {
                foundBooleanMin = ((Min) annotation).value() == 0;
            } else if (Max.class.equals(annotation.annotationType())) {
                foundBooleanMax = ((Max) annotation).value() == 1;
            }
        }
    }
    if (foundBooleanMin && foundBooleanMax) {
        schema.setType(AttrSchemaType.Boolean);
    }
    // Deal with any fields representing relationships to other entities
    if (anyField.getType().getAnnotation(Entity.class) != null) {
        Method relMethod = null;
        try {
            relMethod = ClassUtils.getPublicMethod(anyField.getType(), "getKey", new Class<?>[0]);
        } catch (Exception e) {
            LOG.error("Could not find {}#getKey", anyField.getType(), e);
        }
        if (relMethod != null && String.class.isAssignableFrom(relMethod.getReturnType())) {
            condClone.setSchema(condClone.getSchema() + "_id");
            schema.setType(AttrSchemaType.String);
        }
    }
    PlainAttrValue attrValue = attrUtils.newPlainAttrValue();
    if (condClone.getType() != AttributeCond.Type.LIKE && condClone.getType() != AttributeCond.Type.ILIKE && condClone.getType() != AttributeCond.Type.ISNULL && condClone.getType() != AttributeCond.Type.ISNOTNULL) {
        try {
            ((JPAPlainSchema) schema).validator().validate(condClone.getExpression(), attrValue);
        } catch (ValidationException e) {
            LOG.error("Could not validate expression '" + condClone.getExpression() + "'", e);
            throw new IllegalArgumentException();
        }
    }
    return Triple.of(schema, attrValue, condClone);
}
Also used : Entity(javax.persistence.Entity) ValidationException(javax.validation.ValidationException) Max(javax.validation.constraints.Max) JPAPlainSchema(org.apache.syncope.core.persistence.jpa.entity.JPAPlainSchema) Method(java.lang.reflect.Method) Annotation(java.lang.annotation.Annotation) ValidationException(javax.validation.ValidationException) Field(java.lang.reflect.Field) Min(javax.validation.constraints.Min) AttrSchemaType(org.apache.syncope.common.lib.types.AttrSchemaType) PlainAttrValue(org.apache.syncope.core.persistence.api.entity.PlainAttrValue) JPAPlainSchema(org.apache.syncope.core.persistence.jpa.entity.JPAPlainSchema) PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema) AnyCond(org.apache.syncope.core.persistence.api.dao.search.AnyCond) AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils)

Aggregations

AnyUtils (org.apache.syncope.core.persistence.api.entity.AnyUtils)25 PlainSchema (org.apache.syncope.core.persistence.api.entity.PlainSchema)15 Realm (org.apache.syncope.core.persistence.api.entity.Realm)11 List (java.util.List)10 StringUtils (org.apache.commons.lang3.StringUtils)10 User (org.apache.syncope.core.persistence.api.entity.user.User)10 Autowired (org.springframework.beans.factory.annotation.Autowired)10 Collections (java.util.Collections)9 Set (java.util.Set)9 SyncopeClientCompositeException (org.apache.syncope.common.lib.SyncopeClientCompositeException)9 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)9 VirSchema (org.apache.syncope.core.persistence.api.entity.VirSchema)9 Transactional (org.springframework.transaction.annotation.Transactional)9 HashMap (java.util.HashMap)8 Group (org.apache.syncope.core.persistence.api.entity.group.Group)8 Provision (org.apache.syncope.core.persistence.api.entity.resource.Provision)8 ArrayList (java.util.ArrayList)7 Map (java.util.Map)7 Optional (java.util.Optional)7 UserDAO (org.apache.syncope.core.persistence.api.dao.UserDAO)7