use of org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject in project syncope by apache.
the class MappingManagerImpl method getIntValues.
@Transactional(readOnly = true)
@Override
public List<PlainAttrValue> getIntValues(final Provision provision, final Item mapItem, final IntAttrName intAttrName, final Any<?> any) {
LOG.debug("Get internal values for {} as '{}' on {}", any, mapItem.getIntAttrName(), provision.getResource());
Any<?> reference = null;
Membership<?> membership = null;
if (intAttrName.getEnclosingGroup() == null && intAttrName.getRelatedAnyObject() == null) {
reference = any;
}
if (any instanceof GroupableRelatable) {
GroupableRelatable<?, ?, ?, ?, ?> groupableRelatable = (GroupableRelatable<?, ?, ?, ?, ?>) any;
if (intAttrName.getEnclosingGroup() != null) {
Group group = groupDAO.findByName(intAttrName.getEnclosingGroup());
if (group == null || !groupableRelatable.getMembership(group.getKey()).isPresent()) {
LOG.warn("No membership for {} in {}, ignoring", intAttrName.getEnclosingGroup(), groupableRelatable);
} else {
reference = group;
}
} else if (intAttrName.getRelatedAnyObject() != null) {
AnyObject anyObject = anyObjectDAO.findByName(intAttrName.getRelatedAnyObject());
if (anyObject == null || groupableRelatable.getRelationships(anyObject.getKey()).isEmpty()) {
LOG.warn("No relationship for {} in {}, ignoring", intAttrName.getRelatedAnyObject(), groupableRelatable);
} else {
reference = anyObject;
}
} else if (intAttrName.getMembershipOfGroup() != null) {
Group group = groupDAO.findByName(intAttrName.getMembershipOfGroup());
membership = groupableRelatable.getMembership(group.getKey()).orElse(null);
}
}
if (reference == null) {
LOG.warn("Could not determine the reference instance for {}", mapItem.getIntAttrName());
return Collections.emptyList();
}
List<PlainAttrValue> values = new ArrayList<>();
boolean transform = true;
AnyUtils anyUtils = anyUtilsFactory.getInstance(reference);
if (intAttrName.getField() != null) {
PlainAttrValue attrValue = anyUtils.newPlainAttrValue();
switch(intAttrName.getField()) {
case "key":
attrValue.setStringValue(reference.getKey());
values.add(attrValue);
break;
case "realm":
attrValue.setStringValue(reference.getRealm().getFullPath());
values.add(attrValue);
break;
case "password":
// ignore
break;
case "userOwner":
case "groupOwner":
Mapping uMapping = provision.getAnyType().equals(anyTypeDAO.findUser()) ? provision.getMapping() : null;
Mapping gMapping = provision.getAnyType().equals(anyTypeDAO.findGroup()) ? provision.getMapping() : null;
if (reference instanceof Group) {
Group group = (Group) reference;
String groupOwnerValue = null;
if (group.getUserOwner() != null && uMapping != null) {
groupOwnerValue = getGroupOwnerValue(provision, group.getUserOwner());
}
if (group.getGroupOwner() != null && gMapping != null) {
groupOwnerValue = getGroupOwnerValue(provision, group.getGroupOwner());
}
if (StringUtils.isNotBlank(groupOwnerValue)) {
attrValue.setStringValue(groupOwnerValue);
values.add(attrValue);
}
}
break;
case "suspended":
if (reference instanceof User) {
attrValue.setBooleanValue(((User) reference).isSuspended());
values.add(attrValue);
}
break;
case "mustChangePassword":
if (reference instanceof User) {
attrValue.setBooleanValue(((User) reference).isMustChangePassword());
values.add(attrValue);
}
break;
default:
try {
Object fieldValue = FieldUtils.readField(reference, intAttrName.getField(), true);
if (fieldValue instanceof Date) {
// needed because ConnId does not natively supports the Date type
attrValue.setStringValue(DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT.format((Date) fieldValue));
} else if (Boolean.TYPE.isInstance(fieldValue)) {
attrValue.setBooleanValue((Boolean) fieldValue);
} else if (Double.TYPE.isInstance(fieldValue) || Float.TYPE.isInstance(fieldValue)) {
attrValue.setDoubleValue((Double) fieldValue);
} else if (Long.TYPE.isInstance(fieldValue) || Integer.TYPE.isInstance(fieldValue)) {
attrValue.setLongValue((Long) fieldValue);
} else {
attrValue.setStringValue(fieldValue.toString());
}
values.add(attrValue);
} catch (Exception e) {
LOG.error("Could not read value of '{}' from {}", intAttrName.getField(), reference, e);
}
}
} else if (intAttrName.getSchemaType() != null) {
switch(intAttrName.getSchemaType()) {
case PLAIN:
PlainAttr<?> attr;
if (membership == null) {
attr = reference.getPlainAttr(intAttrName.getSchemaName()).orElse(null);
} else {
attr = ((GroupableRelatable<?, ?, ?, ?, ?>) reference).getPlainAttr(intAttrName.getSchemaName(), membership).orElse(null);
}
if (attr == null) {
LOG.warn("Invalid PlainSchema {} or PlainAttr not found for {}", intAttrName.getSchemaName(), reference);
} else {
if (attr.getUniqueValue() != null) {
values.add(anyUtils.clonePlainAttrValue(attr.getUniqueValue()));
} else if (attr.getValues() != null) {
attr.getValues().forEach(value -> values.add(anyUtils.clonePlainAttrValue(value)));
}
}
break;
case DERIVED:
DerSchema derSchema = derSchemaDAO.find(intAttrName.getSchemaName());
if (derSchema == null) {
LOG.warn("Invalid DerSchema: {}", intAttrName.getSchemaName());
} else {
String derValue = membership == null ? derAttrHandler.getValue(reference, derSchema) : derAttrHandler.getValue(reference, membership, derSchema);
if (derValue != null) {
PlainAttrValue attrValue = anyUtils.newPlainAttrValue();
attrValue.setStringValue(derValue);
values.add(attrValue);
}
}
break;
case VIRTUAL:
// virtual attributes don't get transformed
transform = false;
VirSchema virSchema = virSchemaDAO.find(intAttrName.getSchemaName());
if (virSchema == null) {
LOG.warn("Invalid VirSchema: {}", intAttrName.getSchemaName());
} else {
LOG.debug("Expire entry cache {}-{}", reference, intAttrName.getSchemaName());
virAttrCache.expire(reference.getType().getKey(), reference.getKey(), intAttrName.getSchemaName());
List<String> virValues = membership == null ? virAttrHandler.getValues(reference, virSchema) : virAttrHandler.getValues(reference, membership, virSchema);
virValues.forEach(virValue -> {
PlainAttrValue attrValue = anyUtils.newPlainAttrValue();
attrValue.setStringValue(virValue);
values.add(attrValue);
});
}
break;
default:
}
} else if (intAttrName.getPrivilegesOfApplication() != null && reference instanceof User) {
Application application = applicationDAO.find(intAttrName.getPrivilegesOfApplication());
if (application == null) {
LOG.warn("Invalid application: {}", intAttrName.getPrivilegesOfApplication());
} else {
userDAO.findAllRoles((User) reference).stream().flatMap(role -> role.getPrivileges(application).stream()).forEach(privilege -> {
PlainAttrValue attrValue = anyUtils.newPlainAttrValue();
attrValue.setStringValue(privilege.getKey());
values.add(attrValue);
});
}
}
LOG.debug("Internal values: {}", values);
List<PlainAttrValue> transformed = values;
if (transform) {
for (ItemTransformer transformer : MappingUtils.getItemTransformers(mapItem)) {
transformed = transformer.beforePropagation(mapItem, any, transformed);
}
LOG.debug("Transformed values: {}", values);
} else {
LOG.debug("No transformation occurred");
}
return transformed;
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject in project syncope by apache.
the class UserDataBinderImpl method create.
@Override
public void create(final User user, final UserTO userTO, final boolean storePassword) {
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
// set username
user.setUsername(userTO.getUsername());
// set password
if (StringUtils.isBlank(userTO.getPassword()) || !storePassword) {
LOG.debug("Password was not provided or not required to be stored");
} else {
setPassword(user, userTO.getPassword(), scce);
}
user.setMustChangePassword(userTO.isMustChangePassword());
// security question / answer
if (userTO.getSecurityQuestion() != null) {
SecurityQuestion securityQuestion = securityQuestionDAO.find(userTO.getSecurityQuestion());
if (securityQuestion != null) {
user.setSecurityQuestion(securityQuestion);
}
}
user.setSecurityAnswer(userTO.getSecurityAnswer());
// roles
userTO.getRoles().forEach(roleKey -> {
Role role = roleDAO.find(roleKey);
if (role == null) {
LOG.warn("Ignoring unknown role with id {}", roleKey);
} else {
user.add(role);
}
});
// realm
Realm realm = realmDAO.findByFullPath(userTO.getRealm());
if (realm == null) {
SyncopeClientException noRealm = SyncopeClientException.build(ClientExceptionType.InvalidRealm);
noRealm.getElements().add("Invalid or null realm specified: " + userTO.getRealm());
scce.addException(noRealm);
}
user.setRealm(realm);
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.USER);
if (user.getRealm() != null) {
// relationships
userTO.getRelationships().forEach(relationshipTO -> {
AnyObject otherEnd = anyObjectDAO.find(relationshipTO.getOtherEndKey());
if (otherEnd == null) {
LOG.debug("Ignoring invalid anyObject " + relationshipTO.getOtherEndKey());
} else if (user.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
RelationshipType relationshipType = relationshipTypeDAO.find(relationshipTO.getType());
if (relationshipType == null) {
LOG.debug("Ignoring invalid relationship type {}", relationshipTO.getType());
} else {
URelationship relationship = entityFactory.newEntity(URelationship.class);
relationship.setType(relationshipType);
relationship.setRightEnd(otherEnd);
relationship.setLeftEnd(user);
user.add(relationship);
}
} else {
LOG.error("{} cannot be assigned to {}", otherEnd, user);
SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
unassignabled.getElements().add("Cannot be assigned: " + otherEnd);
scce.addException(unassignabled);
}
});
// memberships
userTO.getMemberships().forEach(membershipTO -> {
Group group = membershipTO.getGroupKey() == null ? groupDAO.findByName(membershipTO.getGroupName()) : groupDAO.find(membershipTO.getGroupKey());
if (group == null) {
LOG.debug("Ignoring invalid group " + membershipTO.getGroupKey() + " / " + membershipTO.getGroupName());
} else if (user.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
UMembership membership = entityFactory.newEntity(UMembership.class);
membership.setRightEnd(group);
membership.setLeftEnd(user);
user.add(membership);
// membership attributes
fill(user, membership, membershipTO, anyUtils, scce);
} else {
LOG.error("{} cannot be assigned to {}", group, user);
SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
unassignable.getElements().add("Cannot be assigned: " + group);
scce.addException(unassignable);
}
});
}
// attributes and resources
fill(user, userTO, anyUtils, scce);
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject in project syncope by apache.
the class UserDataBinderImpl method update.
@Override
public PropagationByResource update(final User toBeUpdated, final UserPatch userPatch) {
// Re-merge any pending change from workflow tasks
User user = userDAO.save(toBeUpdated);
PropagationByResource propByRes = new PropagationByResource();
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.USER);
Collection<String> currentResources = userDAO.findAllResourceKeys(user.getKey());
// fetch connObjectKeys before update
Map<String, String> oldConnObjectKeys = getConnObjectKeys(user, anyUtils);
// realm
setRealm(user, userPatch);
// password
if (userPatch.getPassword() != null && StringUtils.isNotBlank(userPatch.getPassword().getValue())) {
if (userPatch.getPassword().isOnSyncope()) {
setPassword(user, userPatch.getPassword().getValue(), scce);
user.setChangePwdDate(new Date());
}
propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
}
// username
if (userPatch.getUsername() != null && StringUtils.isNotBlank(userPatch.getUsername().getValue())) {
String oldUsername = user.getUsername();
user.setUsername(userPatch.getUsername().getValue());
if (oldUsername.equals(AuthContextUtils.getUsername())) {
AuthContextUtils.updateUsername(userPatch.getUsername().getValue());
}
AccessToken accessToken = accessTokenDAO.findByOwner(oldUsername);
if (accessToken != null) {
accessToken.setOwner(userPatch.getUsername().getValue());
accessTokenDAO.save(accessToken);
}
propByRes.addAll(ResourceOperation.UPDATE, currentResources);
}
// security question / answer:
if (userPatch.getSecurityQuestion() != null) {
if (userPatch.getSecurityQuestion().getValue() == null) {
user.setSecurityQuestion(null);
user.setSecurityAnswer(null);
} else {
SecurityQuestion securityQuestion = securityQuestionDAO.find(userPatch.getSecurityQuestion().getValue());
if (securityQuestion != null) {
user.setSecurityQuestion(securityQuestion);
user.setSecurityAnswer(userPatch.getSecurityAnswer().getValue());
}
}
}
if (userPatch.getMustChangePassword() != null) {
user.setMustChangePassword(userPatch.getMustChangePassword().getValue());
}
// roles
for (StringPatchItem patch : userPatch.getRoles()) {
Role role = roleDAO.find(patch.getValue());
if (role == null) {
LOG.warn("Ignoring unknown role with key {}", patch.getValue());
} else {
switch(patch.getOperation()) {
case ADD_REPLACE:
user.add(role);
break;
case DELETE:
default:
user.getRoles().remove(role);
}
}
}
// attributes and resources
propByRes.merge(fill(user, userPatch, anyUtils, scce));
// relationships
userPatch.getRelationships().stream().filter(patch -> patch.getRelationshipTO() != null).forEachOrdered((patch) -> {
RelationshipType relationshipType = relationshipTypeDAO.find(patch.getRelationshipTO().getType());
if (relationshipType == null) {
LOG.debug("Ignoring invalid relationship type {}", patch.getRelationshipTO().getType());
} else {
Optional<? extends URelationship> relationship = user.getRelationship(relationshipType, patch.getRelationshipTO().getOtherEndKey());
if (relationship.isPresent()) {
user.getRelationships().remove(relationship.get());
relationship.get().setLeftEnd(null);
}
if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
AnyObject otherEnd = anyObjectDAO.find(patch.getRelationshipTO().getOtherEndKey());
if (otherEnd == null) {
LOG.debug("Ignoring invalid any object {}", patch.getRelationshipTO().getOtherEndKey());
} else if (user.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
URelationship newRelationship = entityFactory.newEntity(URelationship.class);
newRelationship.setType(relationshipType);
newRelationship.setRightEnd(otherEnd);
newRelationship.setLeftEnd(user);
user.add(newRelationship);
} else {
LOG.error("{} cannot be assigned to {}", otherEnd, user);
SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
unassignable.getElements().add("Cannot be assigned: " + otherEnd);
scce.addException(unassignable);
}
}
}
});
// prepare for membership-related resource management
Collection<ExternalResource> resources = userDAO.findAllResources(user);
Map<String, Set<String>> reasons = new HashMap<>();
user.getResources().forEach(resource -> {
reasons.put(resource.getKey(), new HashSet<>(Collections.singleton(user.getKey())));
});
userDAO.findAllGroupKeys(user).forEach(group -> {
groupDAO.findAllResourceKeys(group).forEach(resource -> {
if (!reasons.containsKey(resource)) {
reasons.put(resource, new HashSet<>());
}
reasons.get(resource).add(group);
});
});
Set<String> toBeDeprovisioned = new HashSet<>();
Set<String> toBeProvisioned = new HashSet<>();
SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
// memberships
userPatch.getMemberships().stream().filter(membPatch -> membPatch.getGroup() != null).forEachOrdered((membPatch) -> {
Optional<? extends UMembership> membership = user.getMembership(membPatch.getGroup());
if (membership.isPresent()) {
user.getMemberships().remove(membership.get());
membership.get().setLeftEnd(null);
user.getPlainAttrs(membership.get()).forEach(attr -> {
user.remove(attr);
attr.setOwner(null);
attr.setMembership(null);
});
if (membPatch.getOperation() == PatchOperation.DELETE) {
groupDAO.findAllResourceKeys(membership.get().getRightEnd().getKey()).stream().filter(resource -> reasons.containsKey(resource)).forEach(resource -> {
reasons.get(resource).remove(membership.get().getRightEnd().getKey());
toBeProvisioned.add(resource);
});
}
}
if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
Group group = groupDAO.find(membPatch.getGroup());
if (group == null) {
LOG.debug("Ignoring invalid group {}", membPatch.getGroup());
} else if (user.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
UMembership newMembership = entityFactory.newEntity(UMembership.class);
newMembership.setRightEnd(group);
newMembership.setLeftEnd(user);
user.add(newMembership);
membPatch.getPlainAttrs().forEach(attrTO -> {
PlainSchema schema = getPlainSchema(attrTO.getSchema());
if (schema == null) {
LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + "{}, ignoring...", attrTO.getSchema());
} else {
UPlainAttr attr = user.getPlainAttr(schema.getKey(), newMembership).orElse(null);
if (attr == null) {
LOG.debug("No plain attribute found for {} and membership of {}", schema, newMembership.getRightEnd());
attr = anyUtils.newPlainAttr();
attr.setOwner(user);
attr.setMembership(newMembership);
attr.setSchema(schema);
user.add(attr);
AttrPatch patch = new AttrPatch.Builder().attrTO(attrTO).build();
processAttrPatch(user, patch, schema, attr, anyUtils, resources, propByRes, invalidValues);
}
}
});
if (!invalidValues.isEmpty()) {
scce.addException(invalidValues);
}
toBeProvisioned.addAll(groupDAO.findAllResourceKeys(group.getKey()));
// ensure that they are counted for password propagation
if (toBeUpdated.canDecodePassword()) {
if (userPatch.getPassword() == null) {
userPatch.setPassword(new PasswordPatch());
}
group.getResources().stream().filter(resource -> isPasswordMapped(resource)).forEachOrdered(resource -> {
userPatch.getPassword().getResources().add(resource.getKey());
});
}
} else {
LOG.error("{} cannot be assigned to {}", group, user);
SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
unassignabled.getElements().add("Cannot be assigned: " + group);
scce.addException(unassignabled);
}
}
});
// finalize resource management
reasons.entrySet().stream().filter(entry -> entry.getValue().isEmpty()).forEach(entry -> toBeDeprovisioned.add(entry.getKey()));
propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);
// attribute values.
if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
currentResources.removeAll(toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, currentResources);
}
// check if some connObjectKey was changed by the update above
Map<String, String> newcCnnObjectKeys = getConnObjectKeys(user, anyUtils);
oldConnObjectKeys.entrySet().stream().filter(entry -> newcCnnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newcCnnObjectKeys.get(entry.getKey()))).forEach(entry -> {
propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
propByRes.add(ResourceOperation.UPDATE, entry.getKey());
});
Pair<Set<String>, Set<String>> dynGroupMembs = userDAO.saveAndGetDynGroupMembs(user);
// finally check if any resource assignment is to be processed due to dynamic group membership change
dynGroupMembs.getLeft().stream().filter(group -> !dynGroupMembs.getRight().contains(group)).forEach(delete -> {
groupDAO.find(delete).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.DELETE, resource.getKey());
});
});
dynGroupMembs.getLeft().stream().filter(group -> dynGroupMembs.getRight().contains(group)).forEach(update -> {
groupDAO.find(update).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.UPDATE, resource.getKey());
});
});
dynGroupMembs.getRight().stream().filter(group -> !dynGroupMembs.getLeft().contains(group)).forEach(create -> {
groupDAO.find(create).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.CREATE, resource.getKey());
});
});
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
return propByRes;
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject in project syncope by apache.
the class AnyObjectDataBinderImpl method create.
@Override
public void create(final AnyObject anyObject, final AnyObjectTO anyObjectTO) {
AnyType type = anyTypeDAO.find(anyObjectTO.getType());
if (type == null) {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
sce.getElements().add(anyObjectTO.getType());
throw sce;
}
anyObject.setType(type);
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
// name
SyncopeClientException invalidGroups = SyncopeClientException.build(ClientExceptionType.InvalidGroup);
if (anyObjectTO.getName() == null) {
LOG.error("No name specified for this anyObject");
invalidGroups.getElements().add("No name specified for this anyObject");
} else {
anyObject.setName(anyObjectTO.getName());
}
// realm
Realm realm = realmDAO.findByFullPath(anyObjectTO.getRealm());
if (realm == null) {
SyncopeClientException noRealm = SyncopeClientException.build(ClientExceptionType.InvalidRealm);
noRealm.getElements().add("Invalid or null realm specified: " + anyObjectTO.getRealm());
scce.addException(noRealm);
}
anyObject.setRealm(realm);
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.ANY_OBJECT);
if (anyObject.getRealm() != null) {
// relationships
anyObjectTO.getRelationships().forEach(relationshipTO -> {
if (StringUtils.isBlank(relationshipTO.getOtherEndType()) || AnyTypeKind.USER.name().equals(relationshipTO.getOtherEndType()) || AnyTypeKind.GROUP.name().equals(relationshipTO.getOtherEndType())) {
SyncopeClientException invalidAnyType = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
invalidAnyType.getElements().add(AnyType.class.getSimpleName() + " not allowed for relationship: " + relationshipTO.getOtherEndType());
scce.addException(invalidAnyType);
} else {
AnyObject otherEnd = anyObjectDAO.find(relationshipTO.getOtherEndKey());
if (otherEnd == null) {
LOG.debug("Ignoring invalid anyObject " + relationshipTO.getOtherEndKey());
} else if (anyObject.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
RelationshipType relationshipType = relationshipTypeDAO.find(relationshipTO.getType());
if (relationshipType == null) {
LOG.debug("Ignoring invalid relationship type {}", relationshipTO.getType());
} else {
ARelationship relationship = entityFactory.newEntity(ARelationship.class);
relationship.setType(relationshipType);
relationship.setRightEnd(otherEnd);
relationship.setLeftEnd(anyObject);
anyObject.add(relationship);
}
} else {
LOG.error("{} cannot be assigned to {}", otherEnd, anyObject);
SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
unassignabled.getElements().add("Cannot be assigned: " + otherEnd);
scce.addException(unassignabled);
}
}
});
// memberships
anyObjectTO.getMemberships().forEach(membershipTO -> {
Group group = membershipTO.getGroupKey() == null ? groupDAO.findByName(membershipTO.getGroupName()) : groupDAO.find(membershipTO.getGroupKey());
if (group == null) {
LOG.debug("Ignoring invalid group " + membershipTO.getGroupKey() + " / " + membershipTO.getGroupName());
} else if (anyObject.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
AMembership membership = entityFactory.newEntity(AMembership.class);
membership.setRightEnd(group);
membership.setLeftEnd(anyObject);
anyObject.add(membership);
// membership attributes
fill(anyObject, membership, membershipTO, anyUtils, scce);
} else {
LOG.error("{} cannot be assigned to {}", group, anyObject);
SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
unassignable.getElements().add("Cannot be assigned: " + group);
scce.addException(unassignable);
}
});
}
// attributes and resources
fill(anyObject, anyObjectTO, anyUtils, scce);
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
}
use of org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject in project syncope by apache.
the class AnyObjectDataBinderImpl method update.
@Override
public PropagationByResource update(final AnyObject toBeUpdated, final AnyObjectPatch anyObjectPatch) {
// Re-merge any pending change from workflow tasks
AnyObject anyObject = anyObjectDAO.save(toBeUpdated);
PropagationByResource propByRes = new PropagationByResource();
SyncopeClientCompositeException scce = SyncopeClientException.buildComposite();
AnyUtils anyUtils = anyUtilsFactory.getInstance(AnyTypeKind.ANY_OBJECT);
Collection<String> currentResources = anyObjectDAO.findAllResourceKeys(anyObject.getKey());
// fetch connObjectKeys before update
Map<String, String> oldConnObjectKeys = getConnObjectKeys(anyObject, anyUtils);
// realm
setRealm(anyObject, anyObjectPatch);
// name
if (anyObjectPatch.getName() != null && StringUtils.isNotBlank(anyObjectPatch.getName().getValue())) {
propByRes.addAll(ResourceOperation.UPDATE, anyObjectDAO.findAllResourceKeys(anyObject.getKey()));
anyObject.setName(anyObjectPatch.getName().getValue());
}
// attributes and resources
propByRes.merge(fill(anyObject, anyObjectPatch, anyUtils, scce));
// relationships
anyObjectPatch.getRelationships().stream().filter(patch -> patch.getRelationshipTO() != null).forEachOrdered((patch) -> {
RelationshipType relationshipType = relationshipTypeDAO.find(patch.getRelationshipTO().getType());
if (relationshipType == null) {
LOG.debug("Ignoring invalid relationship type {}", patch.getRelationshipTO().getType());
} else {
Optional<? extends ARelationship> relationship = anyObject.getRelationship(relationshipType, patch.getRelationshipTO().getOtherEndKey());
if (relationship.isPresent()) {
anyObject.getRelationships().remove(relationship.get());
relationship.get().setLeftEnd(null);
}
if (patch.getOperation() == PatchOperation.ADD_REPLACE) {
if (StringUtils.isBlank(patch.getRelationshipTO().getOtherEndType()) || AnyTypeKind.USER.name().equals(patch.getRelationshipTO().getOtherEndType()) || AnyTypeKind.GROUP.name().equals(patch.getRelationshipTO().getOtherEndType())) {
SyncopeClientException invalidAnyType = SyncopeClientException.build(ClientExceptionType.InvalidAnyType);
invalidAnyType.getElements().add(AnyType.class.getSimpleName() + " not allowed for relationship: " + patch.getRelationshipTO().getOtherEndType());
scce.addException(invalidAnyType);
} else {
AnyObject otherEnd = anyObjectDAO.find(patch.getRelationshipTO().getOtherEndKey());
if (otherEnd == null) {
LOG.debug("Ignoring invalid any object {}", patch.getRelationshipTO().getOtherEndKey());
} else if (anyObject.getRealm().getFullPath().startsWith(otherEnd.getRealm().getFullPath())) {
ARelationship newRelationship = entityFactory.newEntity(ARelationship.class);
newRelationship.setType(relationshipType);
newRelationship.setRightEnd(otherEnd);
newRelationship.setLeftEnd(anyObject);
anyObject.add(newRelationship);
} else {
LOG.error("{} cannot be assigned to {}", otherEnd, anyObject);
SyncopeClientException unassignable = SyncopeClientException.build(ClientExceptionType.InvalidRelationship);
unassignable.getElements().add("Cannot be assigned: " + otherEnd);
scce.addException(unassignable);
}
}
}
}
});
// prepare for membership-related resource management
Collection<ExternalResource> resources = anyObjectDAO.findAllResources(anyObject);
Map<String, Set<String>> reasons = new HashMap<>();
anyObject.getResources().forEach(resource -> {
reasons.put(resource.getKey(), new HashSet<>(Collections.singleton(anyObject.getKey())));
});
anyObjectDAO.findAllGroupKeys(anyObject).forEach(group -> {
groupDAO.findAllResourceKeys(group).forEach(resource -> {
if (!reasons.containsKey(resource)) {
reasons.put(resource, new HashSet<>());
}
reasons.get(resource).add(group);
});
});
Set<String> toBeDeprovisioned = new HashSet<>();
Set<String> toBeProvisioned = new HashSet<>();
SyncopeClientException invalidValues = SyncopeClientException.build(ClientExceptionType.InvalidValues);
// memberships
anyObjectPatch.getMemberships().stream().filter((membPatch) -> (membPatch.getGroup() != null)).forEachOrdered(membPatch -> {
Optional<? extends AMembership> membership = anyObject.getMembership(membPatch.getGroup());
if (membership.isPresent()) {
anyObject.getMemberships().remove(membership.get());
membership.get().setLeftEnd(null);
anyObject.getPlainAttrs(membership.get()).forEach(attr -> {
anyObject.remove(attr);
attr.setOwner(null);
});
if (membPatch.getOperation() == PatchOperation.DELETE) {
groupDAO.findAllResourceKeys(membership.get().getRightEnd().getKey()).stream().filter(resource -> reasons.containsKey(resource)).forEach(resource -> {
reasons.get(resource).remove(membership.get().getRightEnd().getKey());
toBeProvisioned.add(resource);
});
}
}
if (membPatch.getOperation() == PatchOperation.ADD_REPLACE) {
Group group = groupDAO.find(membPatch.getGroup());
if (group == null) {
LOG.debug("Ignoring invalid group {}", membPatch.getGroup());
} else if (anyObject.getRealm().getFullPath().startsWith(group.getRealm().getFullPath())) {
AMembership newMembership = entityFactory.newEntity(AMembership.class);
newMembership.setRightEnd(group);
newMembership.setLeftEnd(anyObject);
anyObject.add(newMembership);
membPatch.getPlainAttrs().forEach(attrTO -> {
PlainSchema schema = getPlainSchema(attrTO.getSchema());
if (schema == null) {
LOG.debug("Invalid " + PlainSchema.class.getSimpleName() + "{}, ignoring...", attrTO.getSchema());
} else {
Optional<? extends APlainAttr> attr = anyObject.getPlainAttr(schema.getKey(), newMembership);
if (!attr.isPresent()) {
LOG.debug("No plain attribute found for {} and membership of {}", schema, newMembership.getRightEnd());
APlainAttr newAttr = anyUtils.newPlainAttr();
newAttr.setOwner(anyObject);
newAttr.setMembership(newMembership);
newAttr.setSchema(schema);
anyObject.add(newAttr);
AttrPatch patch = new AttrPatch.Builder().attrTO(attrTO).build();
processAttrPatch(anyObject, patch, schema, newAttr, anyUtils, resources, propByRes, invalidValues);
}
}
});
if (!invalidValues.isEmpty()) {
scce.addException(invalidValues);
}
toBeProvisioned.addAll(groupDAO.findAllResourceKeys(group.getKey()));
} else {
LOG.error("{} cannot be assigned to {}", group, anyObject);
SyncopeClientException unassignabled = SyncopeClientException.build(ClientExceptionType.InvalidMembership);
unassignabled.getElements().add("Cannot be assigned: " + group);
scce.addException(unassignabled);
}
}
});
// finalize resource management
reasons.entrySet().stream().filter(entry -> entry.getValue().isEmpty()).forEach(entry -> toBeDeprovisioned.add(entry.getKey()));
propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);
// attribute values.
if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
currentResources.removeAll(toBeDeprovisioned);
propByRes.addAll(ResourceOperation.UPDATE, currentResources);
}
// check if some connObjectKey was changed by the update above
Map<String, String> newcCnnObjectKeys = getConnObjectKeys(anyObject, anyUtils);
oldConnObjectKeys.entrySet().stream().filter(entry -> newcCnnObjectKeys.containsKey(entry.getKey()) && !entry.getValue().equals(newcCnnObjectKeys.get(entry.getKey()))).forEach(entry -> {
propByRes.addOldConnObjectKey(entry.getKey(), entry.getValue());
propByRes.add(ResourceOperation.UPDATE, entry.getKey());
});
Pair<Set<String>, Set<String>> dynGroupMembs = anyObjectDAO.saveAndGetDynGroupMembs(anyObject);
// finally check if any resource assignment is to be processed due to dynamic group membership change
dynGroupMembs.getLeft().stream().filter(group -> !dynGroupMembs.getRight().contains(group)).forEach(delete -> {
groupDAO.find(delete).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.DELETE, resource.getKey());
});
});
dynGroupMembs.getLeft().stream().filter(group -> dynGroupMembs.getRight().contains(group)).forEach(update -> {
groupDAO.find(update).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.UPDATE, resource.getKey());
});
});
dynGroupMembs.getRight().stream().filter(group -> !dynGroupMembs.getLeft().contains(group)).forEach(create -> {
groupDAO.find(create).getResources().stream().filter(resource -> !propByRes.contains(resource.getKey())).forEach(resource -> {
propByRes.add(ResourceOperation.CREATE, resource.getKey());
});
});
// Throw composite exception if there is at least one element set in the composing exceptions
if (scce.hasExceptions()) {
throw scce;
}
return propByRes;
}
Aggregations