use of org.apache.syncope.core.persistence.api.entity.anyobject.ADynGroupMembership in project syncope by apache.
the class GroupDataBinderImpl method setDynMembership.
private void setDynMembership(final Group group, final AnyType anyType, final String dynMembershipFIQL) {
SearchCond dynMembershipCond = SearchCondConverter.convert(dynMembershipFIQL);
if (!dynMembershipCond.isValid()) {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchExpression);
sce.getElements().add(dynMembershipFIQL);
throw sce;
}
if (anyType.getKind() == AnyTypeKind.GROUP) {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
sce.getElements().add(anyType.getKind().name());
throw sce;
}
DynGroupMembership<?> dynMembership;
if (anyType.getKind() == AnyTypeKind.ANY_OBJECT && !group.getADynMembership(anyType).isPresent()) {
dynMembership = entityFactory.newEntity(ADynGroupMembership.class);
dynMembership.setGroup(group);
((ADynGroupMembership) dynMembership).setAnyType(anyType);
group.add((ADynGroupMembership) dynMembership);
} else if (anyType.getKind() == AnyTypeKind.USER && group.getUDynMembership() == null) {
dynMembership = entityFactory.newEntity(UDynGroupMembership.class);
dynMembership.setGroup(group);
group.setUDynMembership((UDynGroupMembership) dynMembership);
} else {
dynMembership = anyType.getKind() == AnyTypeKind.ANY_OBJECT ? group.getADynMembership(anyType).get() : group.getUDynMembership();
}
dynMembership.setFIQLCond(dynMembershipFIQL);
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.ADynGroupMembership in project syncope by apache.
the class GroupTest method adynMembership.
@Test
public void adynMembership() {
// 0. create any object matching the condition below
AnyObject anyObject = entityFactory.newEntity(AnyObject.class);
anyObject.setName("name");
anyObject.setType(anyTypeDAO.find("PRINTER"));
anyObject.setRealm(realmDAO.findByFullPath("/even/two"));
APlainAttr attr = entityFactory.newEntity(APlainAttr.class);
attr.setOwner(anyObject);
attr.setSchema(plainSchemaDAO.find("model"));
attr.add("Canon MFC8030", anyUtilsFactory.getInstance(AnyTypeKind.ANY_OBJECT));
anyObject.add(attr);
anyObject = anyObjectDAO.save(anyObject);
String newAnyObjectKey = anyObject.getKey();
assertNotNull(newAnyObjectKey);
// 1. create group with dynamic membership
Group group = entityFactory.newEntity(Group.class);
group.setRealm(realmDAO.getRoot());
group.setName("new");
ADynGroupMembership dynMembership = entityFactory.newEntity(ADynGroupMembership.class);
dynMembership.setAnyType(anyTypeDAO.find("PRINTER"));
dynMembership.setFIQLCond("model==Canon MFC8030");
dynMembership.setGroup(group);
group.add(dynMembership);
Group actual = groupDAO.save(group);
assertNotNull(actual);
groupDAO.flush();
// 2. verify that dynamic membership is there
actual = groupDAO.find(actual.getKey());
assertNotNull(actual);
assertNotNull(actual.getADynMembership(anyTypeDAO.find("PRINTER")).get());
assertNotNull(actual.getADynMembership(anyTypeDAO.find("PRINTER")).get().getKey());
assertEquals(actual, actual.getADynMembership(anyTypeDAO.find("PRINTER")).get().getGroup());
// 3. verify that expected any objects have the created group dynamically assigned
List<String> members = groupDAO.findADynMembers(actual).stream().filter(object -> "PRINTER".equals(anyObjectDAO.find(object).getType().getKey())).collect(Collectors.toList());
assertEquals(2, members.size());
assertEquals(new HashSet<>(Arrays.asList("fc6dbc3a-6c07-4965-8781-921e7401a4a5", newAnyObjectKey)), new HashSet<>(members));
anyObject = anyObjectDAO.find("fc6dbc3a-6c07-4965-8781-921e7401a4a5");
assertNotNull(anyObject);
Collection<Group> dynGroupMemberships = findDynGroups(anyObject);
assertEquals(1, dynGroupMemberships.size());
assertTrue(dynGroupMemberships.contains(actual.getADynMembership(anyTypeDAO.find("PRINTER")).get().getGroup()));
// 4. delete the new any object and verify that dynamic membership was updated
anyObjectDAO.delete(newAnyObjectKey);
anyObjectDAO.flush();
actual = groupDAO.find(actual.getKey());
members = groupDAO.findADynMembers(actual).stream().filter(object -> "PRINTER".equals(anyObjectDAO.find(object).getType().getKey())).collect(Collectors.toList());
assertEquals(1, members.size());
assertEquals("fc6dbc3a-6c07-4965-8781-921e7401a4a5", members.get(0));
// 5. delete group and verify that dynamic membership was also removed
String dynMembershipKey = actual.getADynMembership(anyTypeDAO.find("PRINTER")).get().getKey();
groupDAO.delete(actual);
groupDAO.flush();
assertNull(entityManager().find(JPAADynGroupMembership.class, dynMembershipKey));
dynGroupMemberships = findDynGroups(anyObject);
assertTrue(dynGroupMemberships.isEmpty());
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.ADynGroupMembership in project syncope by apache.
the class GroupDataBinderImpl method update.
@Override
public PropagationByResource update(final Group toBeUpdated, final GroupPatch groupPatch) {
// Re-merge any pending change from workflow tasks
Group group = groupDAO.save(toBeUpdated);
PropagationByResource propByRes = new PropagationByResource();
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.GROUP);
// fetch connObjectKeys before update
Map<String, String> oldConnObjectKeys = getConnObjectKeys(group, anyUtils);
// realm
setRealm(group, groupPatch);
// name
if (groupPatch.getName() != null && StringUtils.isNotBlank(groupPatch.getName().getValue())) {
propByRes.addAll(ResourceOperation.UPDATE, groupDAO.findAllResourceKeys(group.getKey()));
group.setName(groupPatch.getName().getValue());
}
// owner
if (groupPatch.getUserOwner() != null) {
group.setUserOwner(groupPatch.getUserOwner().getValue() == null ? null : userDAO.find(groupPatch.getUserOwner().getValue()));
}
if (groupPatch.getGroupOwner() != null) {
group.setGroupOwner(groupPatch.getGroupOwner().getValue() == null ? null : groupDAO.find(groupPatch.getGroupOwner().getValue()));
}
// attributes and resources
propByRes.merge(fill(group, groupPatch, anyUtils, scce));
// check if some connObjectKey was changed by the update above
Map<String, String> newConnObjectKeys = getConnObjectKeys(group, anyUtils);
oldConnObjectKeys.entrySet().stream().filter(entry -> newConnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newConnObjectKeys.get(entry.getKey()))).forEach(entry -> {
propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
propByRes.add(ResourceOperation.UPDATE, entry.getKey());
});
group = groupDAO.save(group);
// dynamic membership
if (groupPatch.getUDynMembershipCond() == null) {
if (group.getUDynMembership() != null) {
group.getUDynMembership().setGroup(null);
group.setUDynMembership(null);
groupDAO.clearUDynMembers(group);
}
} else {
setDynMembership(group, anyTypeDAO.findUser(), groupPatch.getUDynMembershipCond());
}
for (Iterator<? extends ADynGroupMembership> itor = group.getADynMemberships().iterator(); itor.hasNext(); ) {
ADynGroupMembership memb = itor.next();
memb.setGroup(null);
itor.remove();
}
groupDAO.clearADynMembers(group);
for (Map.Entry<String, String> entry : groupPatch.getADynMembershipConds().entrySet()) {
AnyType anyType = anyTypeDAO.find(entry.getKey());
if (anyType == null) {
LOG.warn("Ignoring invalid {}: {}", AnyType.class.getSimpleName(), entry.getKey());
} else {
setDynMembership(group, anyType, entry.getValue());
}
}
// type extensions
for (TypeExtensionTO typeExtTO : groupPatch.getTypeExtensions()) {
AnyType anyType = anyTypeDAO.find(typeExtTO.getAnyType());
if (anyType == null) {
LOG.warn("Ignoring invalid {}: {}", AnyType.class.getSimpleName(), typeExtTO.getAnyType());
} else {
TypeExtension typeExt = group.getTypeExtension(anyType).orElse(null);
if (typeExt == null) {
typeExt = entityFactory.newEntity(TypeExtension.class);
typeExt.setAnyType(anyType);
typeExt.setGroup(group);
group.add(typeExt);
}
// add all classes contained in the TO
for (String name : typeExtTO.getAuxClasses()) {
AnyTypeClass anyTypeClass = anyTypeClassDAO.find(name);
if (anyTypeClass == null) {
LOG.warn("Ignoring invalid {}: {}", AnyTypeClass.class.getSimpleName(), name);
} else {
typeExt.add(anyTypeClass);
}
}
// remove all classes not contained in the TO
typeExt.getAuxClasses().removeIf(anyTypeClass -> !typeExtTO.getAuxClasses().contains(anyTypeClass.getKey()));
// only consider non-empty type extensions
if (typeExt.getAuxClasses().isEmpty()) {
group.getTypeExtensions().remove(typeExt);
typeExt.setGroup(null);
}
}
}
// remove all type extensions not contained in the TO
group.getTypeExtensions().removeIf(typeExt -> !groupPatch.getTypeExtension(typeExt.getAnyType().getKey()).isPresent());
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
return propByRes;
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.ADynGroupMembership in project syncope by apache.
the class GroupValidator method isValid.
@Override
public boolean isValid(final Group group, final ConstraintValidatorContext context) {
context.disableDefaultConstraintViolation();
boolean isValid = true;
if (group.getUserOwner() != null && group.getGroupOwner() != null) {
isValid = false;
context.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidGroupOwner, "A group must either be owned by an user or a group, not both")).addPropertyNode("owner").addConstraintViolation();
}
if (isValid && (group.getName() == null || !KEY_PATTERN.matcher(group.getName()).matches())) {
isValid = false;
context.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidName, "Invalid group name")).addPropertyNode("name").addConstraintViolation();
}
if (isValid) {
Set<AnyType> anyTypes = new HashSet<>();
for (ADynGroupMembership memb : group.getADynMemberships()) {
anyTypes.add(memb.getAnyType());
if (memb.getAnyType().getKind() != AnyTypeKind.ANY_OBJECT) {
isValid = false;
context.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidADynMemberships, "No user or group dynamic membership condition are allowed here")).addPropertyNode("aDynMemberships").addConstraintViolation();
}
}
if (isValid && anyTypes.size() < group.getADynMemberships().size()) {
context.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidADynMemberships, "Each dynamic membership condition requires a different " + AnyType.class.getSimpleName())).addPropertyNode("aDynMemberships").addConstraintViolation();
return false;
}
}
return isValid;
}
Aggregations