You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2013/04/24 17:20:14 UTC
svn commit: r1471477 - in /syncope/trunk/core/src:
main/java/org/apache/syncope/core/persistence/beans/user/
main/java/org/apache/syncope/core/propagation/impl/
main/java/org/apache/syncope/core/rest/controller/
main/java/org/apache/syncope/core/rest/d...
Author: ilgrosso
Date: Wed Apr 24 15:20:13 2013
New Revision: 1471477
URL: http://svn.apache.org/r1471477
Log:
[SYNCOPE-357] Merge from 1_1_X
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/PropagationManager.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/RoleController.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/RoleDataBinder.java
syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java?rev=1471477&r1=1471476&r2=1471477&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java Wed Apr 24 15:20:13 2013
@@ -153,9 +153,9 @@ public class SyncopeUser extends Abstrac
*/
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(joinColumns =
- @JoinColumn(name = "user_id"),
- inverseJoinColumns =
- @JoinColumn(name = "resource_name"))
+ @JoinColumn(name = "user_id"),
+ inverseJoinColumns =
+ @JoinColumn(name = "resource_name"))
@Valid
private Set<ExternalResource> resources;
@@ -250,6 +250,10 @@ public class SyncopeUser extends Abstrac
return result;
}
+ public Set<ExternalResource> getOwnResources() {
+ return super.getResources();
+ }
+
public String getPassword() {
return password;
}
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/PropagationManager.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/PropagationManager.java?rev=1471477&r1=1471476&r2=1471477&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/PropagationManager.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/PropagationManager.java Wed Apr 24 15:20:13 2013
@@ -384,6 +384,19 @@ public class PropagationManager {
}
/**
+ * Perform delete on each resource associated to the user. It is possible to ask for a mandatory provisioning for
+ * some resources specifying a set of resource names. Exceptions won't be ignored and the process will be stopped if
+ * the creation fails onto a mandatory resource.
+ *
+ * @param wfResult user to be propagated (and info associated), as per result from workflow
+ * @return list of propagation tasks
+ */
+ public List<PropagationTask> getUserDeleteTaskIds(final WorkflowResult<Long> wfResult) {
+ SyncopeUser user = userDataBinder.getUserFromId(wfResult.getResult());
+ return createTasks(user, null, null, null, false, true, wfResult.getPropByRes());
+ }
+
+ /**
* Perform delete on each resource associated to the role. It is possible to ask for a mandatory provisioning for
* some resources specifying a set of resource names. Exceptions won't be ignored and the process will be stopped if
* the creation fails onto a mandatory resource.
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/RoleController.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/RoleController.java?rev=1471477&r1=1471476&r2=1471477&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/RoleController.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/RoleController.java Wed Apr 24 15:20:13 2013
@@ -324,7 +324,17 @@ public class RoleController {
@PreAuthorize("hasRole('ROLE_DELETE')")
@RequestMapping(method = RequestMethod.GET, value = "/delete/{roleId}")
public RoleTO delete(@PathVariable("roleId") final Long roleId) {
- List<PropagationTask> tasks = propagationManager.getRoleDeleteTaskIds(roleId);
+ LOG.debug("Role delete called for {}", roleId);
+
+ // Generate propagation tasks for deleting users from role resources, if they are on those resources only
+ // because of the reason being deleted (see SYNCOPE-357)
+ List<PropagationTask> tasks = new ArrayList<PropagationTask>();
+ for (WorkflowResult<Long> wfResult : binder.getUsersOnResourcesOnlyBecauseOfRole(roleId)) {
+ tasks.addAll(propagationManager.getUserDeleteTaskIds(wfResult));
+ }
+
+ // Generate propagation tasks for deleting this role from resources
+ tasks.addAll(propagationManager.getRoleDeleteTaskIds(roleId));
RoleTO roleTO = new RoleTO();
roleTO.setId(roleId);
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/RoleDataBinder.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/RoleDataBinder.java?rev=1471477&r1=1471476&r2=1471477&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/RoleDataBinder.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/RoleDataBinder.java Wed Apr 24 15:20:13 2013
@@ -18,6 +18,8 @@
*/
package org.apache.syncope.core.rest.data;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.syncope.common.mod.RoleMod;
@@ -30,7 +32,9 @@ import org.apache.syncope.common.validat
import org.apache.syncope.core.connid.ConnObjectUtil;
import org.apache.syncope.core.persistence.beans.AccountPolicy;
import org.apache.syncope.core.persistence.beans.Entitlement;
+import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
+import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.RAttr;
import org.apache.syncope.core.persistence.beans.role.RDerAttr;
import org.apache.syncope.core.persistence.beans.role.RVirAttr;
@@ -42,6 +46,7 @@ import org.apache.syncope.core.propagati
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.EntitlementUtil;
+import org.apache.syncope.core.workflow.WorkflowResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
@@ -75,6 +80,30 @@ public class RoleDataBinder extends Abst
return role;
}
+ @Transactional(readOnly = true)
+ public List<WorkflowResult<Long>> getUsersOnResourcesOnlyBecauseOfRole(final Long roleId) {
+ SyncopeRole role = getRoleFromId(roleId);
+
+ List<WorkflowResult<Long>> result = new ArrayList<WorkflowResult<Long>>();
+
+ for (Membership membership : roleDAO.findMemberships(role)) {
+ SyncopeUser user = membership.getSyncopeUser();
+
+ PropagationByResource propByRes = new PropagationByResource();
+ for (ExternalResource resource : role.getResources()) {
+ if (!user.getOwnResources().contains(resource)) {
+ propByRes.add(ResourceOperation.DELETE, resource.getName());
+ }
+
+ if (!propByRes.isEmpty()) {
+ result.add(new WorkflowResult<Long>(user.getId(), propByRes, Collections.<String>emptySet()));
+ }
+ }
+ }
+
+ return result;
+ }
+
public SyncopeRole create(final SyncopeRole role, final RoleTO roleTO) {
role.setInheritOwner(roleTO.isInheritOwner());
Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java?rev=1471477&r1=1471476&r2=1471477&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java (original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java Wed Apr 24 15:20:13 2013
@@ -2182,6 +2182,43 @@ public class UserTestITCase extends Abst
resourceService.update(ldap.getName(), ldap);
}
+ @Test
+ public void issueSYNCOPE357() {
+ // 1. create role with LDAP resource
+ RoleTO roleTO = new RoleTO();
+ roleTO.setName("SYNCOPE357-" + getUUIDString());
+ roleTO.setParent(8L);
+ roleTO.addResource(RESOURCE_NAME_LDAP);
+
+ roleTO = createRole(roleService, roleTO);
+ assertNotNull(roleTO);
+
+ // 2. create user with membership of the above role
+ UserTO userTO = getUniqueSampleTO("syncope357@syncope.apache.org");
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(roleTO.getId());
+ userTO.addMembership(membershipTO);
+
+ userTO = createUser(userTO);
+ assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
+
+ // 3. read user on resource
+ ConnObjectTO connObj =
+ resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId());
+ assertNotNull(connObj);
+
+ // 4. remove role
+ roleService.delete(roleTO.getId());
+
+ // 5. try to read user on resource: fail
+ try {
+ resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId());
+ fail();
+ } catch (SyncopeClientCompositeErrorException scce) {
+ assertNotNull(scce.getException(SyncopeClientExceptionType.NotFound));
+ }
+ }
+
private boolean getBooleanAttribute(ConnObjectTO connObjectTO, String attrName) {
return Boolean.parseBoolean(getStringAttribute(connObjectTO, attrName));
}