http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java index c65df96..cb1890b 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java @@ -18,12 +18,12 @@ */ package org.apache.syncope.core.provisioning.java.sync; -import org.apache.syncope.core.persistence.api.dao.RoleDAO; +import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; -import org.apache.syncope.core.provisioning.api.RoleProvisioningManager; -import org.apache.syncope.core.provisioning.api.data.RoleDataBinder; +import org.apache.syncope.core.provisioning.api.GroupProvisioningManager; +import org.apache.syncope.core.provisioning.api.data.GroupDataBinder; import org.apache.syncope.core.provisioning.api.UserProvisioningManager; import org.apache.syncope.core.provisioning.api.data.UserDataBinder; import org.apache.syncope.core.provisioning.api.propagation.PropagationManager; @@ -34,7 +34,7 @@ import org.apache.syncope.core.provisioning.api.sync.SyncopeResultHandler; import org.apache.syncope.core.misc.AuditManager; import org.apache.syncope.core.misc.ConnObjectUtil; import org.apache.syncope.core.provisioning.api.notification.NotificationManager; -import org.apache.syncope.core.workflow.api.RoleWorkflowAdapter; +import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.apache.syncope.core.workflow.api.UserWorkflowAdapter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -52,7 +52,7 @@ public abstract class AbstractSyncopeResultHandler<T extends ProvisioningTask, A protected UserDAO userDAO; @Autowired - protected RoleDAO roleDAO; + protected GroupDAO groupDAO; /** * ConnectorObject util. @@ -91,22 +91,22 @@ public abstract class AbstractSyncopeResultHandler<T extends ProvisioningTask, A protected UserWorkflowAdapter uwfAdapter; /** - * Role workflow adapter. + * Group workflow adapter. */ @Autowired - protected RoleWorkflowAdapter rwfAdapter; + protected GroupWorkflowAdapter gwfAdapter; @Autowired protected UserDataBinder userTransfer; @Autowired - protected RoleDataBinder roleTransfer; + protected GroupDataBinder groupTransfer; @Autowired protected UserProvisioningManager userProvisioningManager; @Autowired - protected RoleProvisioningManager roleProvisioningManager; + protected GroupProvisioningManager groupProvisioningManager; @Autowired protected AttributableUtilFactory attrUtilFactory;
http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java new file mode 100644 index 0000000..66d8efa --- /dev/null +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java @@ -0,0 +1,162 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.provisioning.java.sync; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import org.apache.syncope.common.lib.mod.GroupMod; +import org.apache.syncope.common.lib.to.AbstractSubjectTO; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.types.AttributableType; +import org.apache.syncope.common.lib.types.PropagationByResource; +import org.apache.syncope.common.lib.types.ResourceOperation; +import org.apache.syncope.core.persistence.api.entity.AttributableUtil; +import org.apache.syncope.core.persistence.api.entity.Mapping; +import org.apache.syncope.core.persistence.api.entity.MappingItem; +import org.apache.syncope.core.persistence.api.entity.Subject; +import org.apache.syncope.core.persistence.api.entity.group.Group; +import org.apache.syncope.core.provisioning.api.TimeoutException; +import org.apache.syncope.core.provisioning.api.sync.GroupPushResultHandler; +import org.identityconnectors.framework.common.objects.ConnectorObject; +import org.identityconnectors.framework.common.objects.ObjectClass; +import org.identityconnectors.framework.common.objects.Uid; + +public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implements GroupPushResultHandler { + + @Override + protected AttributableUtil getAttributableUtil() { + return attrUtilFactory.getInstance(AttributableType.GROUP); + } + + @Override + protected Subject<?, ?, ?> deprovision(final Subject<?, ?, ?> sbj) { + final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj)); + + final List<String> noPropResources = new ArrayList<>(before.getResources()); + noPropResources.remove(profile.getTask().getResource().getKey()); + + taskExecutor.execute(propagationManager.getGroupDeleteTaskIds(before.getKey(), noPropResources)); + + return groupDAO.authFetch(before.getKey()); + } + + @Override + protected Subject<?, ?, ?> provision(final Subject<?, ?, ?> sbj, final Boolean enabled) { + final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj)); + + final List<String> noPropResources = new ArrayList<>(before.getResources()); + noPropResources.remove(profile.getTask().getResource().getKey()); + + final PropagationByResource propByRes = new PropagationByResource(); + propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey()); + + taskExecutor.execute(propagationManager.getGroupCreateTaskIds( + before.getKey(), + Collections.unmodifiableCollection(before.getVirAttrs()), + propByRes, + noPropResources)); + + return groupDAO.authFetch(before.getKey()); + } + + @Override + protected Subject<?, ?, ?> link(final Subject<?, ?, ?> sbj, final Boolean unlink) { + final GroupMod groupMod = new GroupMod(); + groupMod.setKey(sbj.getKey()); + + if (unlink) { + groupMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); + } else { + groupMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); + } + + gwfAdapter.update(groupMod); + + return groupDAO.authFetch(sbj.getKey()); + } + + @Override + protected Subject<?, ?, ?> unassign(final Subject<?, ?, ?> sbj) { + final GroupMod groupMod = new GroupMod(); + groupMod.setKey(sbj.getKey()); + groupMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); + gwfAdapter.update(groupMod); + return deprovision(sbj); + } + + @Override + protected Subject<?, ?, ?> assign(final Subject<?, ?, ?> sbj, final Boolean enabled) { + final GroupMod groupMod = new GroupMod(); + groupMod.setKey(sbj.getKey()); + groupMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); + gwfAdapter.update(groupMod); + return provision(sbj, enabled); + } + + @Override + protected String getName(final Subject<?, ?, ?> subject) { + return Group.class.cast(subject).getName(); + } + + @Override + protected AbstractSubjectTO getSubjectTO(final long key) { + try { + return groupTransfer.getGroupTO(key); + } catch (Exception e) { + LOG.warn("Error retrieving user {}", key, e); + return null; + } + } + + @Override + protected Subject<?, ?, ?> getSubject(final long key) { + try { + return groupDAO.authFetch(key); + } catch (Exception e) { + LOG.warn("Error retrieving group {}", key, e); + return null; + } + } + + @Override + protected ConnectorObject getRemoteObject(final String accountId) { + ConnectorObject obj = null; + + try { + final Uid uid = new Uid(accountId); + + obj = profile.getConnector().getObject( + ObjectClass.GROUP, + uid, + profile.getConnector().getOperationOptions(Collections.<MappingItem>emptySet())); + } catch (TimeoutException toe) { + LOG.debug("Request timeout", toe); + throw toe; + } catch (RuntimeException ignore) { + LOG.debug("While resolving {}", accountId, ignore); + } + return obj; + } + + @Override + protected Mapping<?> getMapping() { + return profile.getTask().getResource().getGmapping(); + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java new file mode 100644 index 0000000..b52cc0c --- /dev/null +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.provisioning.java.sync; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import org.apache.syncope.common.lib.mod.AbstractSubjectMod; +import org.apache.syncope.common.lib.mod.AttrMod; +import org.apache.syncope.common.lib.mod.GroupMod; +import org.apache.syncope.common.lib.mod.UserMod; +import org.apache.syncope.common.lib.to.AbstractSubjectTO; +import org.apache.syncope.common.lib.to.PropagationStatus; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.types.AttributableType; +import org.apache.syncope.core.persistence.api.entity.AttributableUtil; +import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult; +import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler; +import org.identityconnectors.framework.common.objects.SyncDelta; + +public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implements GroupSyncResultHandler { + + protected Map<Long, String> groupOwnerMap = new HashMap<>(); + + @Override + public Map<Long, String> getGroupOwnerMap() { + return this.groupOwnerMap; + } + + @Override + protected AttributableUtil getAttributableUtil() { + return attrUtilFactory.getInstance(AttributableType.GROUP); + } + + @Override + protected String getName(final AbstractSubjectTO subjectTO) { + return GroupTO.class.cast(subjectTO).getName(); + } + + @Override + protected AbstractSubjectTO getSubjectTO(final long key) { + try { + return groupTransfer.getGroupTO(key); + } catch (Exception e) { + LOG.warn("Error retrieving group {}", key, e); + return null; + } + } + + @Override + protected AbstractSubjectMod getSubjectMod( + final AbstractSubjectTO subjectTO, final SyncDelta delta) { + + return connObjectUtil.getAttributableMod( + subjectTO.getKey(), + delta.getObject(), + subjectTO, + profile.getTask(), + attrUtilFactory.getInstance(AttributableType.GROUP)); + } + + @Override + protected AbstractSubjectTO create( + final AbstractSubjectTO subjectTO, final SyncDelta _delta, final ProvisioningResult result) { + + GroupTO groupTO = GroupTO.class.cast(subjectTO); + + Map.Entry<Long, List<PropagationStatus>> created = groupProvisioningManager.create(groupTO, groupOwnerMap, + Collections.singleton(profile.getTask().getResource().getKey())); + + groupTO = groupTransfer.getGroupTO(created.getKey()); + + result.setId(created.getKey()); + result.setName(getName(subjectTO)); + + return groupTO; + } + + @Override + protected AbstractSubjectTO link( + final AbstractSubjectTO before, + final ProvisioningResult result, + final boolean unlink) { + + final GroupMod groupMod = new GroupMod(); + groupMod.setKey(before.getKey()); + + if (unlink) { + groupMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); + } else { + groupMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); + } + + return groupTransfer.getGroupTO(gwfAdapter.update(groupMod).getResult()); + } + + @Override + protected AbstractSubjectTO update( + final AbstractSubjectTO before, + final AbstractSubjectMod subjectMod, + final SyncDelta delta, + final ProvisioningResult result) { + + GroupMod groupMod = GroupMod.class.cast(subjectMod); + + Map.Entry<Long, List<PropagationStatus>> updated = groupProvisioningManager.update(groupMod); + + // moved after group provisioning manager + String groupOwner = null; + for (AttrMod attrMod : groupMod.getPlainAttrsToUpdate()) { + if (attrMod.getSchema().isEmpty()) { + groupOwner = attrMod.getValuesToBeAdded().iterator().next(); + } + } + if (groupOwner != null) { + groupOwnerMap.put(updated.getKey(), groupOwner); + } + + final GroupTO after = groupTransfer.getGroupTO(updated.getKey()); + + result.setName(getName(after)); + + return after; + } + + @Override + protected void deprovision(final Long id, final boolean unlink) { + taskExecutor.execute( + propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey())); + + if (unlink) { + final UserMod userMod = new UserMod(); + userMod.setKey(id); + userMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); + } + } + + @Override + protected void delete(final Long id) { + try { + taskExecutor.execute( + propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey())); + } catch (Exception e) { + // A propagation failure doesn't imply a synchronization failure. + // The propagation exception status will be reported into the propagation task execution. + LOG.error("Could not propagate user " + id, e); + } + + groupProvisioningManager.delete(id); + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java index adc04ad..736cb3f 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java @@ -27,15 +27,15 @@ import org.apache.syncope.common.lib.mod.AbstractSubjectMod; import org.apache.syncope.common.lib.mod.MembershipMod; import org.apache.syncope.common.lib.mod.UserMod; import org.apache.syncope.common.lib.to.AbstractSubjectTO; -import org.apache.syncope.common.lib.to.RoleTO; +import org.apache.syncope.common.lib.to.GroupTO; import org.apache.syncope.common.lib.types.AuditElements; import org.apache.syncope.common.lib.types.AuditElements.Result; import org.apache.syncope.common.lib.types.ConnConfProperty; -import org.apache.syncope.core.persistence.api.dao.RoleDAO; +import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.entity.ConnInstance; import org.apache.syncope.core.persistence.api.entity.ExternalResource; import org.apache.syncope.core.persistence.api.entity.membership.Membership; -import org.apache.syncope.core.persistence.api.entity.role.Role; +import org.apache.syncope.core.persistence.api.entity.group.Group; import org.apache.syncope.core.persistence.api.entity.task.PropagationTask; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; import org.apache.syncope.core.persistence.api.entity.task.SyncTask; @@ -59,8 +59,8 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; /** - * Simple action for synchronizing LDAP groups memberships to Syncope role memberships, when the same resource is - * configured for both users and roles. + * Simple action for synchronizing LDAP groups memberships to Syncope group memberships, when the same resource is + * configured for both users and groups. * * @see org.apache.syncope.core.propagation.impl.LDAPMembershipPropagationActions */ @@ -69,7 +69,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { protected static final Logger LOG = LoggerFactory.getLogger(LDAPMembershipSyncActions.class); @Autowired - protected RoleDAO roleDAO; + protected GroupDAO groupDAO; @Autowired protected UserWorkflowAdapter uwfAdapter; @@ -89,7 +89,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { @Autowired private SyncUtilities syncUtilities; - protected Map<Long, Long> membersBeforeRoleUpdate = Collections.<Long, Long>emptyMap(); + protected Map<Long, Long> membersBeforeGroupUpdate = Collections.<Long, Long>emptyMap(); /** * Allows easy subclassing for the ConnId AD connector bundle. @@ -115,10 +115,9 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { } /** - * Keep track of members of the role being updated <b>before</b> actual update takes place. This is not needed on - * <ul> <li>beforeProvision() - because the synchronizing role does not exist yet on Syncope</li> <li>beforeDelete() - * - - * because role delete cascades as membership removal for all users involved</li> </ul> + * Keep track of members of the group being updated <b>before</b> actual update takes place. This is not needed on + * <ul> <li>beforeProvision() - because the synchronizing group does not exist yet on Syncope</li> + * <li>beforeDelete() - because group delete cascades as membership removal for all users involved</li> </ul> * * {@inheritDoc} */ @@ -127,15 +126,15 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final T subject, final K subjectMod) throws JobExecutionException { - if (subject instanceof RoleTO) { - // search for all users assigned to given role - Role role = roleDAO.find(subject.getKey()); - if (role != null) { - List<Membership> membs = roleDAO.findMemberships(role); - // save memberships before role update takes place - membersBeforeRoleUpdate = new HashMap<>(membs.size()); + if (subject instanceof GroupTO) { + // search for all users assigned to given group + Group group = groupDAO.find(subject.getKey()); + if (group != null) { + List<Membership> membs = groupDAO.findMemberships(group); + // save memberships before group update takes place + membersBeforeGroupUpdate = new HashMap<>(membs.size()); for (Membership memb : membs) { - membersBeforeRoleUpdate.put(memb.getUser().getKey(), memb.getKey()); + membersBeforeGroupUpdate.put(memb.getUser().getKey(), memb.getKey()); } } } @@ -144,22 +143,22 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { } /** - * Build UserMod for adding membership to given user, for given role. + * Build UserMod for adding membership to given user, for given group. * - * @param userKey user to be assigned membership to given role - * @param roleTO role for adding membership + * @param userKey user to be assigned membership to given group + * @param groupTO group for adding membership * @return UserMod for user update */ - protected UserMod getUserMod(final Long userKey, final RoleTO roleTO) { + protected UserMod getUserMod(final Long userKey, final GroupTO groupTO) { UserMod userMod = new UserMod(); - // no actual modification takes place when user has already the role assigned - if (membersBeforeRoleUpdate.containsKey(userKey)) { - membersBeforeRoleUpdate.remove(userKey); + // no actual modification takes place when user has already the group assigned + if (membersBeforeGroupUpdate.containsKey(userKey)) { + membersBeforeGroupUpdate.remove(userKey); } else { userMod.setKey(userKey); MembershipMod membershipMod = new MembershipMod(); - membershipMod.setRole(roleTO.getKey()); + membershipMod.setGroup(groupTO.getKey()); userMod.getMembershipsToAdd().add(membershipMod); } @@ -170,7 +169,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { * Read values of attribute returned by getGroupMembershipAttrName(); if not present in the given delta, perform an * additional read on the underlying connector. * - * @param delta representing the synchronizing role + * @param delta representing the synchronizing group * @param connector associated to the current resource * @return value of attribute returned by * {@link #getGroupMembershipAttrName(org.apache.syncope.core.propagation.Connector) } @@ -195,7 +194,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { } /** - * Perform actual modifications (i.e. membership add / remove) for the given role on the given resource. + * Perform actual modifications (i.e. membership add / remove) for the given group on the given resource. * * @param userMod modifications to perform on the user * @param resourceName resource to be propagated for changes @@ -252,12 +251,12 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { * Synchronize Syncope memberships with the situation read on the external resource's group. * * @param profile sync profile - * @param delta representing the synchronizing role - * @param roleTO role after modification performed by the handler + * @param delta representing the synchronizing group + * @param groupTO group after modification performed by the handler * @throws JobExecutionException if anything goes wrong */ protected void synchronizeMemberships( - final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final RoleTO roleTO) throws + final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final GroupTO groupTO) throws JobExecutionException { final ProvisioningTask task = profile.getTask(); @@ -271,13 +270,13 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { profile.getTask().getResource(), profile.getConnector()); if (userKey != null) { - UserMod userMod = getUserMod(userKey, roleTO); + UserMod userMod = getUserMod(userKey, groupTO); userUpdate(userMod, resource.getKey()); } } - // finally remove any residual membership that was present before role update but not any more - for (Map.Entry<Long, Long> member : membersBeforeRoleUpdate.entrySet()) { + // finally remove any residual membership that was present before group update but not any more + for (Map.Entry<Long, Long> member : membersBeforeGroupUpdate.entrySet()) { UserMod userMod = new UserMod(); userMod.setKey(member.getKey()); userMod.getMembershipsToRemove().add(member.getValue()); @@ -286,7 +285,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { } /** - * Synchronize membership at role synchronization time (because SyncJob first synchronize users then roles). + * Synchronize membership at group synchronization time (because SyncJob first synchronize users then groups). * {@inheritDoc} */ @Override @@ -300,10 +299,10 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { return; } - if (!(subject instanceof RoleTO) || profile.getTask().getResource().getUmapping() == null) { + if (!(subject instanceof GroupTO) || profile.getTask().getResource().getUmapping() == null) { super.after(profile, delta, subject, result); } else { - synchronizeMemberships(profile, delta, (RoleTO) subject); + synchronizeMemberships(profile, delta, (GroupTO) subject); } } } http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java index 90c2ffd..5716eb7 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java @@ -23,13 +23,13 @@ import java.util.List; import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.types.SubjectType; -import org.apache.syncope.core.persistence.api.RoleEntitlementUtil; -import org.apache.syncope.core.persistence.api.dao.RoleDAO; +import org.apache.syncope.core.persistence.api.GroupEntitlementUtil; +import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; -import org.apache.syncope.core.persistence.api.entity.role.RMapping; -import org.apache.syncope.core.persistence.api.entity.role.Role; +import org.apache.syncope.core.persistence.api.entity.group.GMapping; +import org.apache.syncope.core.persistence.api.entity.group.Group; import org.apache.syncope.core.persistence.api.entity.task.PushTask; import org.apache.syncope.core.persistence.api.entity.user.UMapping; import org.apache.syncope.core.persistence.api.entity.user.User; @@ -39,7 +39,7 @@ import org.apache.syncope.core.provisioning.api.sync.PushActions; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; import org.apache.syncope.core.misc.search.SearchCondConverter; import org.apache.syncope.core.provisioning.api.job.PushJob; -import org.apache.syncope.core.provisioning.api.sync.RolePushResultHandler; +import org.apache.syncope.core.provisioning.api.sync.GroupPushResultHandler; import org.apache.syncope.core.provisioning.api.sync.UserPushResultHandler; import org.quartz.JobExecutionException; import org.springframework.beans.factory.annotation.Autowired; @@ -67,10 +67,10 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions> private SubjectSearchDAO searchDAO; /** - * Role DAO. + * Group DAO. */ @Autowired - private RoleDAO roleDAO; + private GroupDAO groupDAO; private final int PAGE_SIZE = 1000; @@ -79,11 +79,11 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions> final PushTask pushTask, final Connector connector, final UMapping uMapping, - final RMapping rMapping, + final GMapping rMapping, final boolean dryRun) throws JobExecutionException { LOG.debug("Execute synchronization (push) with resource {}", pushTask.getResource()); - final Set<Long> authorizations = RoleEntitlementUtil.getRoleKeys(entitlementDAO.findAll()); + final Set<Long> authorizations = GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()); final ProvisioningProfile<PushTask, PushActions> profile = new ProvisioningProfile<>(connector, pushTask); if (actions != null) { @@ -97,9 +97,9 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions> createBean(UserPushResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); uhandler.setProfile(profile); - final RolePushResultHandler rhandler = - (RolePushResultHandler) ApplicationContextProvider.getApplicationContext().getBeanFactory(). - createBean(RolePushResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); + final GroupPushResultHandler rhandler = + (GroupPushResultHandler) ApplicationContextProvider.getApplicationContext().getBeanFactory(). + createBean(GroupPushResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); rhandler.setProfile(profile); if (actions != null && !profile.isDryRun()) { @@ -126,15 +126,15 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions> } if (rMapping != null) { - final List<Role> localRoles = getRoles(authorizations, pushTask); + final List<Group> localGroups = geGroups(authorizations, pushTask); - for (Role localRole : localRoles) { + for (Group localGroup : localGroups) { try { - // role propagation - rhandler.handle(localRole.getKey()); + // group propagation + rhandler.handle(localGroup.getKey()); } catch (Exception e) { - LOG.warn("Failure pushing role '{}' on '{}'", localRole, pushTask.getResource(), e); - throw new JobExecutionException("While pushing roles on connector", e); + LOG.warn("Failure pushing group '{}' on '{}'", localGroup, pushTask.getResource(), e); + throw new JobExecutionException("While pushing groups on connector", e); } } } @@ -163,14 +163,13 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions> } } - private List<Role> getRoles(final Set<Long> authorizations, final PushTask pushTask) { - final String filter = pushTask.getRoleFilter(); + private List<Group> geGroups(final Set<Long> authorizations, final PushTask pushTask) { + final String filter = pushTask.getGroupFilter(); if (StringUtils.isBlank(filter)) { - return roleDAO.findAll(); + return groupDAO.findAll(); } else { - return searchDAO.<Role>search( - authorizations, SearchCondConverter.convert(filter), - Collections.<OrderByClause>emptyList(), SubjectType.ROLE); + return searchDAO.<Group>search(authorizations, SearchCondConverter.convert(filter), + Collections.<OrderByClause>emptyList(), SubjectType.GROUP); } } } http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RolePushResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RolePushResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RolePushResultHandlerImpl.java deleted file mode 100644 index c160556..0000000 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RolePushResultHandlerImpl.java +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.core.provisioning.java.sync; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import org.apache.syncope.common.lib.mod.RoleMod; -import org.apache.syncope.common.lib.to.AbstractSubjectTO; -import org.apache.syncope.common.lib.to.RoleTO; -import org.apache.syncope.common.lib.types.AttributableType; -import org.apache.syncope.common.lib.types.PropagationByResource; -import org.apache.syncope.common.lib.types.ResourceOperation; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; -import org.apache.syncope.core.persistence.api.entity.Mapping; -import org.apache.syncope.core.persistence.api.entity.MappingItem; -import org.apache.syncope.core.persistence.api.entity.Subject; -import org.apache.syncope.core.persistence.api.entity.role.Role; -import org.apache.syncope.core.provisioning.api.TimeoutException; -import org.apache.syncope.core.provisioning.api.sync.RolePushResultHandler; -import org.identityconnectors.framework.common.objects.ConnectorObject; -import org.identityconnectors.framework.common.objects.ObjectClass; -import org.identityconnectors.framework.common.objects.Uid; - -public class RolePushResultHandlerImpl extends AbstractPushResultHandler implements RolePushResultHandler { - - @Override - protected AttributableUtil getAttributableUtil() { - return attrUtilFactory.getInstance(AttributableType.ROLE); - } - - @Override - protected Subject<?, ?, ?> deprovision(final Subject<?, ?, ?> sbj) { - final RoleTO before = roleTransfer.getRoleTO(Role.class.cast(sbj)); - - final List<String> noPropResources = new ArrayList<>(before.getResources()); - noPropResources.remove(profile.getTask().getResource().getKey()); - - taskExecutor.execute(propagationManager.getRoleDeleteTaskIds(before.getKey(), noPropResources)); - - return roleDAO.authFetch(before.getKey()); - } - - @Override - protected Subject<?, ?, ?> provision(final Subject<?, ?, ?> sbj, final Boolean enabled) { - final RoleTO before = roleTransfer.getRoleTO(Role.class.cast(sbj)); - - final List<String> noPropResources = new ArrayList<>(before.getResources()); - noPropResources.remove(profile.getTask().getResource().getKey()); - - final PropagationByResource propByRes = new PropagationByResource(); - propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey()); - - taskExecutor.execute(propagationManager.getRoleCreateTaskIds( - before.getKey(), - Collections.unmodifiableCollection(before.getVirAttrs()), - propByRes, - noPropResources)); - - return roleDAO.authFetch(before.getKey()); - } - - @Override - protected Subject<?, ?, ?> link(final Subject<?, ?, ?> sbj, final Boolean unlink) { - final RoleMod roleMod = new RoleMod(); - roleMod.setKey(sbj.getKey()); - - if (unlink) { - roleMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); - } else { - roleMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); - } - - rwfAdapter.update(roleMod); - - return roleDAO.authFetch(sbj.getKey()); - } - - @Override - protected Subject<?, ?, ?> unassign(final Subject<?, ?, ?> sbj) { - final RoleMod roleMod = new RoleMod(); - roleMod.setKey(sbj.getKey()); - roleMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); - rwfAdapter.update(roleMod); - return deprovision(sbj); - } - - @Override - protected Subject<?, ?, ?> assign(final Subject<?, ?, ?> sbj, final Boolean enabled) { - final RoleMod roleMod = new RoleMod(); - roleMod.setKey(sbj.getKey()); - roleMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); - rwfAdapter.update(roleMod); - return provision(sbj, enabled); - } - - @Override - protected String getName(final Subject<?, ?, ?> subject) { - return Role.class.cast(subject).getName(); - } - - @Override - protected AbstractSubjectTO getSubjectTO(final long key) { - try { - return roleTransfer.getRoleTO(key); - } catch (Exception e) { - LOG.warn("Error retrieving user {}", key, e); - return null; - } - } - - @Override - protected Subject<?, ?, ?> getSubject(final long key) { - try { - return roleDAO.authFetch(key); - } catch (Exception e) { - LOG.warn("Error retrieving role {}", key, e); - return null; - } - } - - @Override - protected ConnectorObject getRemoteObject(final String accountId) { - ConnectorObject obj = null; - - try { - final Uid uid = new Uid(accountId); - - obj = profile.getConnector().getObject( - ObjectClass.GROUP, - uid, - profile.getConnector().getOperationOptions(Collections.<MappingItem>emptySet())); - } catch (TimeoutException toe) { - LOG.debug("Request timeout", toe); - throw toe; - } catch (RuntimeException ignore) { - LOG.debug("While resolving {}", accountId, ignore); - } - return obj; - } - - @Override - protected Mapping<?> getMapping() { - return profile.getTask().getResource().getRmapping(); - } -} http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RoleSyncResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RoleSyncResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RoleSyncResultHandlerImpl.java deleted file mode 100644 index 4bfbe70..0000000 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/RoleSyncResultHandlerImpl.java +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.core.provisioning.java.sync; - -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import org.apache.syncope.common.lib.mod.AbstractSubjectMod; -import org.apache.syncope.common.lib.mod.AttrMod; -import org.apache.syncope.common.lib.mod.RoleMod; -import org.apache.syncope.common.lib.mod.UserMod; -import org.apache.syncope.common.lib.to.AbstractSubjectTO; -import org.apache.syncope.common.lib.to.PropagationStatus; -import org.apache.syncope.common.lib.to.RoleTO; -import org.apache.syncope.common.lib.types.AttributableType; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; -import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult; -import org.apache.syncope.core.provisioning.api.sync.RoleSyncResultHandler; -import org.identityconnectors.framework.common.objects.SyncDelta; - -public class RoleSyncResultHandlerImpl extends AbstractSyncResultHandler implements RoleSyncResultHandler { - - protected Map<Long, String> roleOwnerMap = new HashMap<>(); - - @Override - public Map<Long, String> getRoleOwnerMap() { - return this.roleOwnerMap; - } - - @Override - protected AttributableUtil getAttributableUtil() { - return attrUtilFactory.getInstance(AttributableType.ROLE); - } - - @Override - protected String getName(final AbstractSubjectTO subjectTO) { - return RoleTO.class.cast(subjectTO).getName(); - } - - @Override - protected AbstractSubjectTO getSubjectTO(final long key) { - try { - return roleTransfer.getRoleTO(key); - } catch (Exception e) { - LOG.warn("Error retrieving role {}", key, e); - return null; - } - } - - @Override - protected AbstractSubjectMod getSubjectMod( - final AbstractSubjectTO subjectTO, final SyncDelta delta) { - - return connObjectUtil.getAttributableMod( - subjectTO.getKey(), - delta.getObject(), - subjectTO, - profile.getTask(), - attrUtilFactory.getInstance(AttributableType.ROLE)); - } - - @Override - protected AbstractSubjectTO create( - final AbstractSubjectTO subjectTO, final SyncDelta _delta, final ProvisioningResult result) { - - RoleTO roleTO = RoleTO.class.cast(subjectTO); - - Map.Entry<Long, List<PropagationStatus>> created = roleProvisioningManager.create(roleTO, roleOwnerMap, - Collections.singleton(profile.getTask().getResource().getKey())); - - roleTO = roleTransfer.getRoleTO(created.getKey()); - - result.setId(created.getKey()); - result.setName(getName(subjectTO)); - - return roleTO; - } - - @Override - protected AbstractSubjectTO link( - final AbstractSubjectTO before, - final ProvisioningResult result, - final boolean unlink) { - - final RoleMod roleMod = new RoleMod(); - roleMod.setKey(before.getKey()); - - if (unlink) { - roleMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); - } else { - roleMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); - } - - return roleTransfer.getRoleTO(rwfAdapter.update(roleMod).getResult()); - } - - @Override - protected AbstractSubjectTO update( - final AbstractSubjectTO before, - final AbstractSubjectMod subjectMod, - final SyncDelta delta, - final ProvisioningResult result) { - - RoleMod roleMod = RoleMod.class.cast(subjectMod); - - Map.Entry<Long, List<PropagationStatus>> updated = roleProvisioningManager.update(roleMod); - - //moved after role provisioning manager - String roleOwner = null; - for (AttrMod attrMod : roleMod.getPlainAttrsToUpdate()) { - if (attrMod.getSchema().isEmpty()) { - roleOwner = attrMod.getValuesToBeAdded().iterator().next(); - } - } - if (roleOwner != null) { - roleOwnerMap.put(updated.getKey(), roleOwner); - } - - final RoleTO after = roleTransfer.getRoleTO(updated.getKey()); - - result.setName(getName(after)); - - return after; - } - - @Override - protected void deprovision(final Long id, final boolean unlink) { - - taskExecutor.execute( - propagationManager.getRoleDeleteTaskIds(id, profile.getTask().getResource().getKey())); - - if (unlink) { - final UserMod userMod = new UserMod(); - userMod.setKey(id); - userMod.getResourcesToRemove().add(profile.getTask().getResource().getKey()); - } - } - - @Override - protected void delete(final Long id) { - try { - taskExecutor.execute( - propagationManager.getRoleDeleteTaskIds(id, profile.getTask().getResource().getKey())); - } catch (Exception e) { - // A propagation failure doesn't imply a synchronization failure. - // The propagation exception status will be reported into the propagation task execution. - LOG.error("Could not propagate user " + id, e); - } - - roleProvisioningManager.delete(id); - } -} http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java index a786b94..9b49d6a 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java @@ -21,24 +21,24 @@ package org.apache.syncope.core.provisioning.java.sync; import java.util.Map; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.mod.ReferenceMod; -import org.apache.syncope.common.lib.mod.RoleMod; +import org.apache.syncope.common.lib.mod.GroupMod; import org.apache.syncope.common.lib.types.SyncPolicySpec; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.entity.ExternalResource; import org.apache.syncope.core.persistence.api.entity.SyncPolicy; -import org.apache.syncope.core.persistence.api.entity.role.RMapping; +import org.apache.syncope.core.persistence.api.entity.group.GMapping; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; import org.apache.syncope.core.persistence.api.entity.task.SyncTask; import org.apache.syncope.core.persistence.api.entity.user.UMapping; import org.apache.syncope.core.provisioning.api.Connector; import org.apache.syncope.core.provisioning.api.sync.ProvisioningProfile; import org.apache.syncope.core.provisioning.api.sync.SyncActions; -import org.apache.syncope.core.misc.security.UnauthorizedRoleException; +import org.apache.syncope.core.misc.security.UnauthorizedGroupException; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; import org.apache.syncope.core.provisioning.api.job.SyncJob; -import org.apache.syncope.core.provisioning.api.sync.RoleSyncResultHandler; +import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler; import org.apache.syncope.core.provisioning.api.sync.UserSyncResultHandler; -import org.apache.syncope.core.workflow.api.RoleWorkflowAdapter; +import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.identityconnectors.framework.common.objects.ObjectClass; import org.identityconnectors.framework.common.objects.SyncToken; import org.quartz.JobExecutionException; @@ -54,24 +54,24 @@ import org.springframework.beans.factory.support.AbstractBeanDefinition; public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions> implements SyncJob { /** - * Role workflow adapter. + * Group workflow adapter. */ @Autowired - private RoleWorkflowAdapter rwfAdapter; + private GroupWorkflowAdapter gwfAdapter; @Autowired protected SyncUtilities syncUtilities; - protected void setRoleOwners(final RoleSyncResultHandler rhandler) - throws UnauthorizedRoleException, NotFoundException { + protected void setGroupOwners(final GroupSyncResultHandler rhandler) + throws UnauthorizedGroupException, NotFoundException { - for (Map.Entry<Long, String> entry : rhandler.getRoleOwnerMap().entrySet()) { - RoleMod roleMod = new RoleMod(); - roleMod.setKey(entry.getKey()); + for (Map.Entry<Long, String> entry : rhandler.getGroupOwnerMap().entrySet()) { + GroupMod groupMod = new GroupMod(); + groupMod.setKey(entry.getKey()); if (StringUtils.isBlank(entry.getValue())) { - roleMod.setRoleOwner(null); - roleMod.setUserOwner(null); + groupMod.setGroupOwner(null); + groupMod.setUserOwner(null); } else { Long userId = syncUtilities.findMatchingAttributableKey( ObjectClass.ACCOUNT, @@ -80,21 +80,21 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions> rhandler.getProfile().getConnector()); if (userId == null) { - Long roleId = syncUtilities.findMatchingAttributableKey( + Long groupId = syncUtilities.findMatchingAttributableKey( ObjectClass.GROUP, entry.getValue(), rhandler.getProfile().getTask().getResource(), rhandler.getProfile().getConnector()); - if (roleId != null) { - roleMod.setRoleOwner(new ReferenceMod(roleId)); + if (groupId != null) { + groupMod.setGroupOwner(new ReferenceMod(groupId)); } } else { - roleMod.setUserOwner(new ReferenceMod(userId)); + groupMod.setUserOwner(new ReferenceMod(userId)); } } - rwfAdapter.update(roleMod); + gwfAdapter.update(groupMod); } } @@ -103,7 +103,7 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions> final SyncTask syncTask, final Connector connector, final UMapping uMapping, - final RMapping rMapping, + final GMapping rMapping, final boolean dryRun) throws JobExecutionException { LOG.debug("Execute synchronization with token {}", syncTask.getResource().getUsyncToken()); @@ -121,10 +121,10 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions> createBean(UserSyncResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); uhandler.setProfile(profile); - // Prepare handler for SyncDelta objects (roles/groups) - final RoleSyncResultHandler rhandler = - (RoleSyncResultHandler) ApplicationContextProvider.getApplicationContext().getBeanFactory(). - createBean(RoleSyncResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); + // Prepare handler for SyncDelta objects (groups) + final GroupSyncResultHandler rhandler = + (GroupSyncResultHandler) ApplicationContextProvider.getApplicationContext().getBeanFactory(). + createBean(GroupSyncResultHandlerImpl.class, AbstractBeanDefinition.AUTOWIRE_BY_NAME, false); rhandler.setProfile(profile); if (actions != null && !profile.isDryRun()) { @@ -182,9 +182,9 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions> } try { - setRoleOwners(rhandler); + setGroupOwners(rhandler); } catch (Exception e) { - LOG.error("While setting role owners", e); + LOG.error("While setting group owners", e); } if (actions != null && !profile.isDryRun()) { http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java index 1a3bf13..7f89474 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java @@ -28,12 +28,12 @@ import org.apache.syncope.common.lib.types.AttributableType; import org.apache.syncope.common.lib.types.MappingPurpose; import org.apache.syncope.common.lib.types.SubjectType; import org.apache.syncope.common.lib.types.SyncPolicySpec; -import org.apache.syncope.core.persistence.api.RoleEntitlementUtil; +import org.apache.syncope.core.persistence.api.GroupEntitlementUtil; import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException; import org.apache.syncope.core.persistence.api.dao.EntitlementDAO; import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; import org.apache.syncope.core.persistence.api.dao.PolicyDAO; -import org.apache.syncope.core.persistence.api.dao.RoleDAO; +import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.SubjectDAO; import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -49,7 +49,7 @@ import org.apache.syncope.core.persistence.api.entity.PlainAttrValue; import org.apache.syncope.core.persistence.api.entity.PlainSchema; import org.apache.syncope.core.persistence.api.entity.Subject; import org.apache.syncope.core.persistence.api.entity.SyncPolicy; -import org.apache.syncope.core.persistence.api.entity.role.Role; +import org.apache.syncope.core.persistence.api.entity.group.Group; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; import org.apache.syncope.core.persistence.api.entity.user.UDerAttr; import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr; @@ -102,10 +102,10 @@ public class SyncUtilities { protected UserDAO userDAO; /** - * Role DAO. + * Group DAO. */ @Autowired - protected RoleDAO roleDAO; + protected GroupDAO groupDAO; /** * Search DAO. @@ -158,7 +158,7 @@ public class SyncUtilities { } private SubjectDAO<?, ?, ?> getSubjectDAO(final MappingItem accountIdItem) { - return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : roleDAO; + return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : groupDAO; } private List<Long> findByAccountIdItem( @@ -168,7 +168,7 @@ public class SyncUtilities { final MappingItem accountIdItem = attrUtil.getAccountIdItem(resource); switch (accountIdItem.getIntMappingType()) { case UserPlainSchema: - case RolePlainSchema: + case GroupPlainSchema: final PlainAttrValue value = attrUtil.newPlainAttrValue(); PlainSchema schema = plainSchemaDAO.find(accountIdItem.getIntAttrName(), attrUtil.plainSchemaClass()); @@ -191,7 +191,7 @@ public class SyncUtilities { break; case UserDerivedSchema: - case RoleDerivedSchema: + case GroupDerivedSchema: subjects = getSubjectDAO(accountIdItem). findByDerAttrValue(accountIdItem.getIntAttrName(), uid, attrUtil); for (Subject<?, ?, ?> subject : subjects) { @@ -213,17 +213,17 @@ public class SyncUtilities { } break; - case RoleName: - List<Role> roles = roleDAO.find(uid); - for (Role role : roles) { - result.add(role.getKey()); + case GroupName: + List<Group> groups = groupDAO.find(uid); + for (Group group : groups) { + result.add(group.getKey()); } break; - case RoleId: - Role role = roleDAO.find(Long.parseLong(uid)); - if (role != null) { - result.add(role.getKey()); + case GroupId: + Group group = groupDAO.find(Long.parseLong(uid)); + if (group != null) { + result.add(group.getKey()); } break; @@ -237,8 +237,7 @@ public class SyncUtilities { private List<Long> search(final SearchCond searchCond, final SubjectType type) { final List<Long> result = new ArrayList<>(); - List<Subject<?, ?, ?>> subjects = searchDAO.search( - RoleEntitlementUtil.getRoleKeys(entitlementDAO.findAll()), + List<Subject<?, ?, ?>> subjects = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCond, Collections.<OrderByClause>emptyList(), type); for (Subject<?, ?, ?> subject : subjects) { result.add(subject.getKey()); @@ -266,7 +265,7 @@ public class SyncUtilities { extValues.put(item.getIntAttrName(), connObj.getAttributeByName(item.getExtAttrName())); } - // search for user/role by attribute(s) specified in the policy + // search for user/group by attribute(s) specified in the policy SearchCond searchCond = null; for (String schema : altSearchSchemas) { @@ -293,7 +292,7 @@ public class SyncUtilities { SearchCond nodeCond; // users: just id or username can be selected to be used - // roles: just id or name can be selected to be used + // groups: just id or name can be selected to be used if ("key".equalsIgnoreCase(schema) || "username".equalsIgnoreCase(schema) || "name".equalsIgnoreCase(schema)) { @@ -327,8 +326,8 @@ public class SyncUtilities { case USER: clazz = policySpec.getUserJavaRule(); break; - case ROLE: - clazz = policySpec.getRoleJavaRule(); + case GROUP: + clazz = policySpec.getGroupJavaRule(); break; case MEMBERSHIP: case CONFIGURATION: @@ -356,7 +355,7 @@ public class SyncUtilities { case USER: result = policySpec.getuAltSearchSchemas(); break; - case ROLE: + case GROUP: result = policySpec.getrAltSearchSchemas(); break; case MEMBERSHIP: @@ -368,13 +367,13 @@ public class SyncUtilities { } /** - * Find users / roles based on mapped uid value (or previous uid value, if updated). + * Find users / groups based on mapped uid value (or previous uid value, if updated). * * @param uid for finding by account id * @param connObj for finding by attribute value * @param resource external resource * @param attrUtil attributable util - * @return list of matching users / roles + * @return list of matching users / groups */ public List<Long> findExisting( final String uid, http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/resources/mailTemplates/optin.html.vm ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/resources/mailTemplates/optin.html.vm b/core/provisioning-java/src/main/resources/mailTemplates/optin.html.vm index 8240c7b..3f36035 100644 --- a/core/provisioning-java/src/main/resources/mailTemplates/optin.html.vm +++ b/core/provisioning-java/src/main/resources/mailTemplates/optin.html.vm @@ -43,10 +43,10 @@ because one of the following events occurred: </p> #if(!$user.getMemberships().isEmpty()) -You have been provided with the following roles: +You have been provided with the following groups: <ul> #foreach($membership in $user.getMemberships()) - <li>$membership.roleName</i> + <li>$membership.groupName</i> #end </ul> #end http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/resources/mailTemplates/optin.txt.vm ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/resources/mailTemplates/optin.txt.vm b/core/provisioning-java/src/main/resources/mailTemplates/optin.txt.vm index fc8e398..c2b211e 100644 --- a/core/provisioning-java/src/main/resources/mailTemplates/optin.txt.vm +++ b/core/provisioning-java/src/main/resources/mailTemplates/optin.txt.vm @@ -31,9 +31,9 @@ because one of the following events occurred: #end #if(!$user.getMemberships().isEmpty()) -You have been provided with the following roles: +You have been provided with the following groups: #foreach($membership in $user.getMemberships()) - * $membership.roleName + * $membership.groupName #end #end http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/resources/provisioning.properties ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/resources/provisioning.properties b/core/provisioning-java/src/main/resources/provisioning.properties index af5deee..4b87d44 100644 --- a/core/provisioning-java/src/main/resources/provisioning.properties +++ b/core/provisioning-java/src/main/resources/provisioning.properties @@ -15,4 +15,4 @@ # specific language governing permissions and limitations # under the License. userProvisioningManager=org.apache.syncope.core.provisioning.java.DefaultUserProvisioningManager -roleProvisioningManager=org.apache.syncope.core.provisioning.java.DefaultRoleProvisioningManager +groupProvisioningManager=org.apache.syncope.core.provisioning.java.DefaultGroupProvisioningManager http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/provisioning-java/src/main/resources/provisioningContext.xml ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/resources/provisioningContext.xml b/core/provisioning-java/src/main/resources/provisioningContext.xml index fa31a73..f7d9d4e 100644 --- a/core/provisioning-java/src/main/resources/provisioningContext.xml +++ b/core/provisioning-java/src/main/resources/provisioningContext.xml @@ -32,7 +32,7 @@ under the License. <task:executor id="connectorExecutor" pool-size="10"/> <bean class="${userProvisioningManager}"/> - <bean class="${roleProvisioningManager}"/> + <bean class="${groupProvisioningManager}"/> <bean id="scheduler" class="org.springframework.scheduling.quartz.SchedulerFactoryBean" lazy-init="false" depends-on="nonJPAdbInitializer"> http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java index dbfb327..3b4369c 100644 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java @@ -42,7 +42,7 @@ import org.apache.syncope.common.lib.to.ErrorTO; import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.EntityViolationType; import org.apache.syncope.common.rest.api.RESTHeaders; -import org.apache.syncope.core.misc.security.UnauthorizedRoleException; +import org.apache.syncope.core.misc.security.UnauthorizedGroupException; import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException; import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException; import org.apache.syncope.core.persistence.api.dao.DuplicateException; @@ -88,8 +88,8 @@ public class RestServiceExceptionMapper implements ExceptionMapper<Exception>, R } else if (ex instanceof AccessDeniedException) { builder = Response.status(Response.Status.UNAUTHORIZED). header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED); - } else if (ex instanceof UnauthorizedRoleException) { - builder = builder(Response.Status.UNAUTHORIZED, ClientExceptionType.UnauthorizedRole, getExMessage(ex)); + } else if (ex instanceof UnauthorizedGroupException) { + builder = builder(Response.Status.UNAUTHORIZED, ClientExceptionType.UnauthorizedGroup, getExMessage(ex)); } else if (ex instanceof EntityExistsException || ex instanceof DuplicateException) { builder = builder(Response.Status.CONFLICT, ClientExceptionType.EntityExists, getExMessage(ex)); } else if (ex instanceof DataIntegrityViolationException) { http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java new file mode 100644 index 0000000..5c334a9 --- /dev/null +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java @@ -0,0 +1,227 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.rest.cxf.service; + +import java.util.List; +import javax.ws.rs.core.Response; +import org.apache.syncope.common.lib.mod.GroupMod; +import org.apache.syncope.common.lib.to.BulkAction; +import org.apache.syncope.common.lib.to.BulkActionResult; +import org.apache.syncope.common.lib.to.PagedResult; +import org.apache.syncope.common.lib.to.PropagationStatus; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.types.ResourceAssociationActionType; +import org.apache.syncope.common.lib.types.ResourceDeassociationActionType; +import org.apache.syncope.common.lib.wrap.ResourceName; +import org.apache.syncope.common.rest.api.CollectionWrapper; +import org.apache.syncope.common.rest.api.service.GroupService; +import org.apache.syncope.core.logic.GroupLogic; +import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; +import org.apache.syncope.core.persistence.api.dao.search.SearchCond; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +@Service +public class GroupServiceImpl extends AbstractServiceImpl implements GroupService { + + @Autowired + private GroupLogic logic; + + @Override + public List<GroupTO> children(final Long groupKey) { + return logic.children(groupKey); + } + + @Override + public Response create(final GroupTO groupTO) { + GroupTO created = logic.create(groupTO); + return createResponse(created.getKey(), created); + } + + @Override + public Response delete(final Long groupKey) { + GroupTO group = logic.read(groupKey); + + checkETag(group.getETagValue()); + + GroupTO deleted = logic.delete(groupKey); + return modificationResponse(deleted); + } + + @Override + public PagedResult<GroupTO> list() { + return list(DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, null); + } + + @Override + public PagedResult<GroupTO> list(final String orderBy) { + return list(DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, orderBy); + } + + @Override + public PagedResult<GroupTO> list(final Integer page, final Integer size) { + return list(page, size, null); + } + + @Override + public PagedResult<GroupTO> list(final Integer page, final Integer size, final String orderBy) { + List<OrderByClause> orderByClauses = getOrderByClauses(orderBy); + return buildPagedResult(logic.list(page, size, orderByClauses), page, size, logic.count()); + } + + @Override + public GroupTO parent(final Long groupKey) { + return logic.parent(groupKey); + } + + @Override + public GroupTO read(final Long groupKey) { + return logic.read(groupKey); + } + + @Override + public PagedResult<GroupTO> search(final String fiql) { + return search(fiql, DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, null); + } + + @Override + public PagedResult<GroupTO> search(final String fiql, final String orderBy) { + return search(fiql, DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, orderBy); + } + + @Override + public PagedResult<GroupTO> search(final String fiql, final Integer page, final Integer size) { + return search(fiql, page, size, null); + } + + @Override + public PagedResult<GroupTO> search(final String fiql, final Integer page, final Integer size, final String orderBy) { + SearchCond cond = getSearchCond(fiql); + List<OrderByClause> orderByClauses = getOrderByClauses(orderBy); + return buildPagedResult( + logic.search(cond, page, size, orderByClauses), page, size, logic.searchCount(cond)); + } + + @Override + public GroupTO readSelf(final Long groupKey) { + return logic.readSelf(groupKey); + } + + @Override + public Response update(final Long groupKey, final GroupMod groupMod) { + GroupTO group = logic.read(groupKey); + + checkETag(group.getETagValue()); + + groupMod.setKey(groupKey); + GroupTO updated = logic.update(groupMod); + return modificationResponse(updated); + } + + @Override + public Response bulkDeassociation( + final Long groupKey, final ResourceDeassociationActionType type, final List<ResourceName> resourceNames) { + + GroupTO group = logic.read(groupKey); + + checkETag(group.getETagValue()); + + GroupTO updated; + switch (type) { + case UNLINK: + updated = logic.unlink(groupKey, CollectionWrapper.unwrap(resourceNames)); + break; + + case UNASSIGN: + updated = logic.unassign(groupKey, CollectionWrapper.unwrap(resourceNames)); + break; + + case DEPROVISION: + updated = logic.deprovision(groupKey, CollectionWrapper.unwrap(resourceNames)); + break; + + default: + updated = logic.read(groupKey); + } + + final BulkActionResult res = new BulkActionResult(); + + if (type == ResourceDeassociationActionType.UNLINK) { + for (ResourceName resourceName : resourceNames) { + res.add(resourceName.getElement(), updated.getResources().contains(resourceName.getElement()) + ? BulkActionResult.Status.FAILURE + : BulkActionResult.Status.SUCCESS); + } + } else { + for (PropagationStatus propagationStatusTO : updated.getPropagationStatusTOs()) { + res.add(propagationStatusTO.getResource(), propagationStatusTO.getStatus().toString()); + } + } + + return modificationResponse(res); + } + + @Override + public Response bulkAssociation( + final Long groupKey, final ResourceAssociationActionType type, final List<ResourceName> resourceNames) { + + GroupTO group = logic.read(groupKey); + + checkETag(group.getETagValue()); + + GroupTO updated; + switch (type) { + case LINK: + updated = logic.link(groupKey, CollectionWrapper.unwrap(resourceNames)); + break; + + case ASSIGN: + updated = logic.assign(groupKey, CollectionWrapper.unwrap(resourceNames), false, null); + break; + + case PROVISION: + updated = logic.provision(groupKey, CollectionWrapper.unwrap(resourceNames), false, null); + break; + + default: + updated = logic.read(groupKey); + } + + final BulkActionResult res = new BulkActionResult(); + + if (type == ResourceAssociationActionType.LINK) { + for (ResourceName resourceName : resourceNames) { + res.add(resourceName.getElement(), updated.getResources().contains(resourceName.getElement()) + ? BulkActionResult.Status.FAILURE + : BulkActionResult.Status.SUCCESS); + } + } else { + for (PropagationStatus propagationStatusTO : updated.getPropagationStatusTOs()) { + res.add(propagationStatusTO.getResource(), propagationStatusTO.getStatus().toString()); + } + } + + return modificationResponse(res); + } + + @Override + public BulkActionResult bulk(final BulkAction bulkAction) { + return logic.bulk(bulkAction); + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/ResourceServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/ResourceServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/ResourceServiceImpl.java index 1feee38..63bb632 100644 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/ResourceServiceImpl.java +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/ResourceServiceImpl.java @@ -35,7 +35,7 @@ import org.apache.syncope.common.rest.api.RESTHeaders; import org.apache.syncope.common.rest.api.service.ResourceService; import org.apache.syncope.core.logic.AbstractResourceAssociator; import org.apache.syncope.core.logic.ResourceLogic; -import org.apache.syncope.core.logic.RoleLogic; +import org.apache.syncope.core.logic.GroupLogic; import org.apache.syncope.core.logic.UserLogic; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -50,7 +50,7 @@ public class ResourceServiceImpl extends AbstractServiceImpl implements Resource private UserLogic userLogic; @Autowired - private RoleLogic roleLogic; + private GroupLogic groupLogic; @Override public Response create(final ResourceTO resourceTO) { @@ -103,7 +103,7 @@ public class ResourceServiceImpl extends AbstractServiceImpl implements Resource AbstractResourceAssociator<? extends AbstractAttributableTO> associator = subjectType == SubjectType.USER ? userLogic - : roleLogic; + : groupLogic; final BulkActionResult res = new BulkActionResult(); http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/RoleServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/RoleServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/RoleServiceImpl.java deleted file mode 100644 index b42fc2f..0000000 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/RoleServiceImpl.java +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.core.rest.cxf.service; - -import java.util.List; -import javax.ws.rs.core.Response; -import org.apache.syncope.common.lib.mod.RoleMod; -import org.apache.syncope.common.lib.to.BulkAction; -import org.apache.syncope.common.lib.to.BulkActionResult; -import org.apache.syncope.common.lib.to.PagedResult; -import org.apache.syncope.common.lib.to.PropagationStatus; -import org.apache.syncope.common.lib.to.RoleTO; -import org.apache.syncope.common.lib.types.ResourceAssociationActionType; -import org.apache.syncope.common.lib.types.ResourceDeassociationActionType; -import org.apache.syncope.common.lib.wrap.ResourceName; -import org.apache.syncope.common.rest.api.CollectionWrapper; -import org.apache.syncope.common.rest.api.service.RoleService; -import org.apache.syncope.core.logic.RoleLogic; -import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; -import org.apache.syncope.core.persistence.api.dao.search.SearchCond; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -@Service -public class RoleServiceImpl extends AbstractServiceImpl implements RoleService { - - @Autowired - private RoleLogic logic; - - @Override - public List<RoleTO> children(final Long roleKey) { - return logic.children(roleKey); - } - - @Override - public Response create(final RoleTO roleTO) { - RoleTO created = logic.create(roleTO); - return createResponse(created.getKey(), created); - } - - @Override - public Response delete(final Long roleKey) { - RoleTO role = logic.read(roleKey); - - checkETag(role.getETagValue()); - - RoleTO deleted = logic.delete(roleKey); - return modificationResponse(deleted); - } - - @Override - public PagedResult<RoleTO> list() { - return list(DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, null); - } - - @Override - public PagedResult<RoleTO> list(final String orderBy) { - return list(DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, orderBy); - } - - @Override - public PagedResult<RoleTO> list(final Integer page, final Integer size) { - return list(page, size, null); - } - - @Override - public PagedResult<RoleTO> list(final Integer page, final Integer size, final String orderBy) { - List<OrderByClause> orderByClauses = getOrderByClauses(orderBy); - return buildPagedResult(logic.list(page, size, orderByClauses), page, size, logic.count()); - } - - @Override - public RoleTO parent(final Long roleKey) { - return logic.parent(roleKey); - } - - @Override - public RoleTO read(final Long roleKey) { - return logic.read(roleKey); - } - - @Override - public PagedResult<RoleTO> search(final String fiql) { - return search(fiql, DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, null); - } - - @Override - public PagedResult<RoleTO> search(final String fiql, final String orderBy) { - return search(fiql, DEFAULT_PARAM_PAGE_VALUE, DEFAULT_PARAM_SIZE_VALUE, orderBy); - } - - @Override - public PagedResult<RoleTO> search(final String fiql, final Integer page, final Integer size) { - return search(fiql, page, size, null); - } - - @Override - public PagedResult<RoleTO> search(final String fiql, final Integer page, final Integer size, final String orderBy) { - SearchCond cond = getSearchCond(fiql); - List<OrderByClause> orderByClauses = getOrderByClauses(orderBy); - return buildPagedResult( - logic.search(cond, page, size, orderByClauses), page, size, logic.searchCount(cond)); - } - - @Override - public RoleTO readSelf(final Long roleKey) { - return logic.readSelf(roleKey); - } - - @Override - public Response update(final Long roleKey, final RoleMod roleMod) { - RoleTO role = logic.read(roleKey); - - checkETag(role.getETagValue()); - - roleMod.setKey(roleKey); - RoleTO updated = logic.update(roleMod); - return modificationResponse(updated); - } - - @Override - public Response bulkDeassociation( - final Long roleKey, final ResourceDeassociationActionType type, final List<ResourceName> resourceNames) { - - RoleTO role = logic.read(roleKey); - - checkETag(role.getETagValue()); - - RoleTO updated; - switch (type) { - case UNLINK: - updated = logic.unlink(roleKey, CollectionWrapper.unwrap(resourceNames)); - break; - - case UNASSIGN: - updated = logic.unassign(roleKey, CollectionWrapper.unwrap(resourceNames)); - break; - - case DEPROVISION: - updated = logic.deprovision(roleKey, CollectionWrapper.unwrap(resourceNames)); - break; - - default: - updated = logic.read(roleKey); - } - - final BulkActionResult res = new BulkActionResult(); - - if (type == ResourceDeassociationActionType.UNLINK) { - for (ResourceName resourceName : resourceNames) { - res.add(resourceName.getElement(), updated.getResources().contains(resourceName.getElement()) - ? BulkActionResult.Status.FAILURE - : BulkActionResult.Status.SUCCESS); - } - } else { - for (PropagationStatus propagationStatusTO : updated.getPropagationStatusTOs()) { - res.add(propagationStatusTO.getResource(), propagationStatusTO.getStatus().toString()); - } - } - - return modificationResponse(res); - } - - @Override - public Response bulkAssociation( - final Long roleKey, final ResourceAssociationActionType type, final List<ResourceName> resourceNames) { - - RoleTO role = logic.read(roleKey); - - checkETag(role.getETagValue()); - - RoleTO updated; - switch (type) { - case LINK: - updated = logic.link(roleKey, CollectionWrapper.unwrap(resourceNames)); - break; - - case ASSIGN: - updated = logic.assign(roleKey, CollectionWrapper.unwrap(resourceNames), false, null); - break; - - case PROVISION: - updated = logic.provision(roleKey, CollectionWrapper.unwrap(resourceNames), false, null); - break; - - default: - updated = logic.read(roleKey); - } - - final BulkActionResult res = new BulkActionResult(); - - if (type == ResourceAssociationActionType.LINK) { - for (ResourceName resourceName : resourceNames) { - res.add(resourceName.getElement(), updated.getResources().contains(resourceName.getElement()) - ? BulkActionResult.Status.FAILURE - : BulkActionResult.Status.SUCCESS); - } - } else { - for (PropagationStatus propagationStatusTO : updated.getPropagationStatusTOs()) { - res.add(propagationStatusTO.getResource(), propagationStatusTO.getStatus().toString()); - } - } - - return modificationResponse(res); - } - - @Override - public BulkActionResult bulk(final BulkAction bulkAction) { - return logic.bulk(bulkAction); - } -}
