Return-Path: X-Original-To: apmail-syncope-commits-archive@www.apache.org Delivered-To: apmail-syncope-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 907E5175AE for ; Fri, 8 May 2015 15:03:06 +0000 (UTC) Received: (qmail 79926 invoked by uid 500); 8 May 2015 15:03:06 -0000 Delivered-To: apmail-syncope-commits-archive@syncope.apache.org Received: (qmail 79895 invoked by uid 500); 8 May 2015 15:03:06 -0000 Mailing-List: contact commits-help@syncope.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@syncope.apache.org Delivered-To: mailing list commits@syncope.apache.org Received: (qmail 79886 invoked by uid 99); 8 May 2015 15:03:06 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 May 2015 15:03:06 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 4F524E05E3; Fri, 8 May 2015 15:03:06 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ilgrosso@apache.org To: commits@syncope.apache.org Date: Fri, 08 May 2015 15:03:06 -0000 Message-Id: <1817144aee7741fc8916fc3f821802b6@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/3] syncope git commit: [SYNCOPE-140] Implemented Repository: syncope Updated Branches: refs/heads/master 84028f115 -> 22839bf37 http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java index de07e3b..2f4fd2d 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java @@ -20,8 +20,13 @@ package org.apache.syncope.core.provisioning.java.data; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; +import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.RoleTO; +import org.apache.syncope.common.lib.types.ClientExceptionType; +import org.apache.syncope.core.misc.search.SearchCondConverter; import org.apache.syncope.core.persistence.api.dao.RealmDAO; +import org.apache.syncope.core.persistence.api.dao.search.SearchCond; +import org.apache.syncope.core.persistence.api.entity.DynRoleMembership; import org.apache.syncope.core.persistence.api.entity.EntityFactory; import org.apache.syncope.core.persistence.api.entity.Realm; import org.apache.syncope.core.persistence.api.entity.Role; @@ -42,6 +47,25 @@ public class RoleDataBinderImpl implements RoleDataBinder { @Autowired private EntityFactory entityFactory; + private void setDynMembership(final Role role, final String dynMembershipFIQL) { + SearchCond dynMembershipCond = SearchCondConverter.convert(dynMembershipFIQL); + if (!dynMembershipCond.isValid()) { + SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchExpression); + sce.getElements().add(dynMembershipFIQL); + throw sce; + } + + DynRoleMembership dynMembership; + if (role.getDynMembership() == null) { + dynMembership = entityFactory.newEntity(DynRoleMembership.class); + dynMembership.setRole(role); + role.setDynMembership(dynMembership); + } else { + dynMembership = role.getDynMembership(); + } + dynMembership.setFIQLCond(dynMembershipFIQL); + } + @Override public Role create(final RoleTO roleTO) { Role role = entityFactory.newEntity(Role.class); @@ -65,6 +89,22 @@ public class RoleDataBinderImpl implements RoleDataBinder { role.addRealm(realm); } } + + // dynamic membership + if (role.getKey() == null && roleTO.getDynMembershipCond() != null) { + setDynMembership(role, roleTO.getDynMembershipCond()); + } else { + if (role.getDynMembership() != null && roleTO.getDynMembershipCond() == null) { + role.setDynMembership(null); + } else if (role.getDynMembership() == null && roleTO.getDynMembershipCond() != null) { + setDynMembership(role, roleTO.getDynMembershipCond()); + } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() != null + && !role.getDynMembership().getFIQLCond().equals(roleTO.getDynMembershipCond())) { + + role.getDynMembership().getUsers().clear(); + setDynMembership(role, roleTO.getDynMembershipCond()); + } + } } @Override @@ -83,6 +123,10 @@ public class RoleDataBinderImpl implements RoleDataBinder { } }, roleTO.getRealms()); + if (role.getDynMembership() != null) { + roleTO.setDynMembershipCond(role.getDynMembership().getFIQLCond()); + } + return roleTO; } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java index 1b1508d..317fce2 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java @@ -18,8 +18,7 @@ */ package org.apache.syncope.core.provisioning.java.data; -import static org.apache.syncope.core.provisioning.java.data.AbstractAttributableDataBinder.LOG; - +import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashSet; @@ -226,7 +225,7 @@ public class UserDataBinderImpl extends AbstractAttributableDataBinder implement SyncopeClientCompositeException scce = SyncopeClientException.buildComposite(); - Set currentResources = user.getResourceNames(); + Collection currentResources = userDAO.findAllResourceNames(user); // fetch account ids before update Map oldAccountIds = getAccountIds(user, AttributableType.USER); @@ -421,11 +420,10 @@ public class UserDataBinderImpl extends AbstractAttributableDataBinder implement connObjectUtils.retrieveVirAttrValues(user, attrUtilsFactory.getInstance(AttributableType.USER)); fillTO(userTO, user.getRealm().getFullPath(), - user.getPlainAttrs(), user.getDerAttrs(), user.getVirAttrs(), user.getResources()); + user.getPlainAttrs(), user.getDerAttrs(), user.getVirAttrs(), userDAO.findAllResources(user)); - MembershipTO membershipTO; for (Membership membership : user.getMemberships()) { - membershipTO = new MembershipTO(); + MembershipTO membershipTO = new MembershipTO(); // set sys info membershipTO.setCreator(membership.getCreator()); @@ -447,6 +445,22 @@ public class UserDataBinderImpl extends AbstractAttributableDataBinder implement userTO.getMemberships().add(membershipTO); } + // dynamic memberships + CollectionUtils.collect(userDAO.findDynRoleMemberships(user), new Transformer() { + + @Override + public Long transform(final Role role) { + return role.getKey(); + } + }, userTO.getDynRoles()); + CollectionUtils.collect(userDAO.findDynGroupMemberships(user), new Transformer() { + + @Override + public Long transform(final Group group) { + return group.getKey(); + } + }, userTO.getDynGroups()); + return userTO; } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/AbstractPropagationTaskExecutor.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/AbstractPropagationTaskExecutor.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/AbstractPropagationTaskExecutor.java index 3856324..6408987 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/AbstractPropagationTaskExecutor.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/AbstractPropagationTaskExecutor.java @@ -20,6 +20,7 @@ package org.apache.syncope.core.provisioning.java.propagation; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Date; import java.util.HashSet; import java.util.List; @@ -50,6 +51,8 @@ import org.apache.syncope.core.misc.AuditManager; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; import org.apache.syncope.core.misc.ConnObjectUtils; import org.apache.syncope.core.misc.ExceptionUtils2; +import org.apache.syncope.core.persistence.api.entity.group.Group; +import org.apache.syncope.core.persistence.api.entity.user.User; import org.apache.syncope.core.provisioning.api.notification.NotificationManager; import org.identityconnectors.framework.common.exceptions.ConnectorException; import org.identityconnectors.framework.common.objects.Attribute; @@ -280,7 +283,12 @@ public abstract class AbstractPropagationTaskExecutor implements PropagationTask * two different memberships with the same resource). */ Subject subject = getSubject(task); - if (subject == null || !subject.getResourceNames().contains(task.getResource().getKey())) { + Collection resources = subject instanceof User + ? userDAO.findAllResourceNames((User) subject) + : subject instanceof Group + ? ((Group) subject).getResourceNames() + : Collections.emptySet(); + if (!resources.contains(task.getResource().getKey())) { LOG.debug("Delete {} on {}", beforeObj.getUid(), task.getResource().getKey()); connector.delete( http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java index 6600e44..c246d8f 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java @@ -71,7 +71,7 @@ public class LDAPMembershipPropagationActions extends DefaultPropagationActions User user = userDAO.find(task.getSubjectKey()); if (user != null) { List groupAccountLinks = new ArrayList<>(); - for (Group group : user.getGroups()) { + for (Group group : userDAO.findAllGroups(user)) { if (group.getResourceNames().contains(task.getResource().getKey()) && StringUtils.isNotBlank(task.getResource().getGmapping().getAccountLink())) { http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/PropagationManagerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/PropagationManagerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/PropagationManagerImpl.java index d7c59a4..2939095 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/PropagationManagerImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/PropagationManagerImpl.java @@ -264,7 +264,7 @@ public class PropagationManagerImpl implements PropagationManager { origPropByRes.merge(wfResult.getPropByRes()); Set pwdResourceNames = new HashSet<>(userMod.getPwdPropRequest().getResourceNames()); - Set currentResourceNames = userDAO.authFetch(userMod.getKey()).getResourceNames(); + Collection currentResourceNames = userDAO.findAllResourceNames(userDAO.authFetch(userMod.getKey())); pwdResourceNames.retainAll(currentResourceNames); PropagationByResource pwdPropByRes = new PropagationByResource(); pwdPropByRes.addAll(ResourceOperation.UPDATE, pwdResourceNames); @@ -312,8 +312,10 @@ public class PropagationManagerImpl implements PropagationManager { : vAttrsToBeUpdated, attrUtilsFactory.getInstance(subject)); // SYNCOPE-458 fill membership virtual attributes + Collection resourceNames; if (subject instanceof User) { - final User user = (User) subject; + User user = (User) subject; + resourceNames = userDAO.findAllResourceNames(user); for (final Membership membership : user.getMemberships()) { if (membership.getVirAttrs() != null && !membership.getVirAttrs().isEmpty()) { final MembershipMod membershipMod = CollectionUtils.find(membershipsToAdd, @@ -334,10 +336,12 @@ public class PropagationManagerImpl implements PropagationManager { } } } + } else { + resourceNames = subject.getResourceNames(); } if (propByRes == null || propByRes.isEmpty()) { - localPropByRes.addAll(ResourceOperation.UPDATE, subject.getResourceNames()); + localPropByRes.addAll(ResourceOperation.UPDATE, resourceNames); } else { localPropByRes.merge(propByRes); } @@ -377,7 +381,7 @@ public class PropagationManagerImpl implements PropagationManager { public List getUserDeleteTasks(final Long userKey, final Collection noPropResourceNames) { User user = userDAO.authFetch(userKey); - return getDeleteTaskIds(user, user.getResourceNames(), noPropResourceNames); + return getDeleteTaskIds(user, userDAO.findAllResourceNames(user), noPropResourceNames); } @Override @@ -424,7 +428,7 @@ public class PropagationManagerImpl implements PropagationManager { protected List getDeleteTaskIds( final Subject subject, - final Set resourceNames, + final Collection resourceNames, final Collection noPropResourceNames) { final PropagationByResource propByRes = new PropagationByResource(); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractPushResultHandler.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractPushResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractPushResultHandler.java index 5a63f8e..e15f526 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractPushResultHandler.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractPushResultHandler.java @@ -19,6 +19,7 @@ package org.apache.syncope.core.provisioning.java.sync; import java.util.ArrayList; +import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -43,6 +44,7 @@ import org.apache.syncope.core.persistence.api.entity.user.User; import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult; import org.apache.syncope.core.provisioning.api.sync.PushActions; import org.apache.syncope.core.misc.MappingUtils; +import org.apache.syncope.core.persistence.api.entity.group.Group; import org.apache.syncope.core.provisioning.api.sync.IgnoreProvisionException; import org.apache.syncope.core.provisioning.api.sync.SyncopePushResultHandler; import org.identityconnectors.framework.common.objects.ConnectorObject; @@ -347,20 +349,21 @@ public abstract class AbstractPushResultHandler extends AbstractSyncopeResultHan vattrToBeUpdated.add(mod); } - final boolean changepwd; - + boolean changepwd; + Collection resourceNames; if (sbj instanceof User) { changepwd = true; + resourceNames = userDAO.findAllResourceNames((User) sbj); // Search for memberships for (Membership membership : User.class.cast(sbj).getMemberships()) { - final MembershipMod membershipMod = new MembershipMod(); + MembershipMod membershipMod = new MembershipMod(); membershipMod.setKey(membership.getKey()); membershipMod.setGroup(membership.getGroup().getKey()); for (VirAttr vattr : membership.getVirAttrs()) { membVattrToBeRemoved.remove(vattr.getSchema().getKey()); - final AttrMod mod = new AttrMod(); + AttrMod mod = new AttrMod(); mod.setSchema(vattr.getSchema().getKey()); mod.getValuesToBeAdded().addAll(vattr.getValues()); membershipMod.getVirAttrsToUpdate().add(mod); @@ -374,9 +377,10 @@ public abstract class AbstractPushResultHandler extends AbstractSyncopeResultHan } } else { changepwd = false; + resourceNames = ((Group) sbj).getResourceNames(); } - final List noPropResources = new ArrayList<>(sbj.getResourceNames()); + List noPropResources = new ArrayList<>(resourceNames); noPropResources.remove(profile.getTask().getResource().getKey()); final PropagationByResource propByRes = new PropagationByResource(); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/ActivitiUserWorkflowAdapter.java ---------------------------------------------------------------------- diff --git a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/ActivitiUserWorkflowAdapter.java b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/ActivitiUserWorkflowAdapter.java index a356ad8..1849bd6 100644 --- a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/ActivitiUserWorkflowAdapter.java +++ b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/ActivitiUserWorkflowAdapter.java @@ -295,7 +295,7 @@ public class ActivitiUserWorkflowAdapter extends AbstractUserWorkflowAdapter { } PropagationByResource propByRes = new PropagationByResource(); - propByRes.set(ResourceOperation.CREATE, user.getResourceNames()); + propByRes.set(ResourceOperation.CREATE, userDAO.findAllResourceNames(user)); saveForFormSubmit(user, userTO.getPassword(), propByRes); @@ -415,7 +415,7 @@ public class ActivitiUserWorkflowAdapter extends AbstractUserWorkflowAdapter { doExecuteTask(user, "delete", null); PropagationByResource propByRes = new PropagationByResource(); - propByRes.set(ResourceOperation.DELETE, user.getResourceNames()); + propByRes.set(ResourceOperation.DELETE, userDAO.findAllResourceNames(user)); saveForFormSubmit(user, null, propByRes); @@ -695,7 +695,7 @@ public class ActivitiUserWorkflowAdapter extends AbstractUserWorkflowAdapter { taskCandidateOrAssigned(user.getKey().toString()))); List candidateGroups = new ArrayList<>(); - for (Long groupId : user.getGroupKeys()) { + for (Long groupId : userDAO.findAllGroupKeys(user)) { candidateGroups.add(groupId.toString()); } if (!candidateGroups.isEmpty()) { http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeGroupManager.java ---------------------------------------------------------------------- diff --git a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeGroupManager.java b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeGroupManager.java index 0033824..b1f1c8c 100644 --- a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeGroupManager.java +++ b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeGroupManager.java @@ -67,7 +67,7 @@ public class SyncopeGroupManager implements GroupIdentityManager, SyncopeSession User user = userDAO.find(userId); if (user != null) { result = new ArrayList<>(); - for (Long groupId : user.getGroupKeys()) { + for (Long groupId : userDAO.findAllGroupKeys(user)) { result.add(new GroupEntity(groupId.toString())); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserManager.java ---------------------------------------------------------------------- diff --git a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserManager.java b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserManager.java index 72be4e3..2b568b1 100644 --- a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserManager.java +++ b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserManager.java @@ -75,7 +75,7 @@ public class SyncopeUserManager implements UserIdentityManager, SyncopeSession { org.apache.syncope.core.persistence.api.entity.user.User user = userDAO.find(userKey); if (user != null) { result = new ArrayList<>(); - for (Long groupId : user.getGroupKeys()) { + for (Long groupId : userDAO.findAllGroupKeys(user)) { result.add(new GroupEntity(groupId.toString())); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserQueryImpl.java ---------------------------------------------------------------------- diff --git a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserQueryImpl.java b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserQueryImpl.java index 55d8d5d..506455f 100644 --- a/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserQueryImpl.java +++ b/core/workflow-activiti/src/main/java/org/apache/syncope/core/workflow/activiti/SyncopeUserQueryImpl.java @@ -141,7 +141,7 @@ public class SyncopeUserQueryImpl implements UserQuery { if (user == null) { result = Collections.emptyList(); } else { - if (memberOf == null || user.getGroupKeys().contains(memberOf)) { + if (memberOf == null || userDAO.findAllGroupKeys(user).contains(memberOf)) { result = Collections.singletonList(fromSyncopeUser(user)); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultGroupWorkflowAdapter.java ---------------------------------------------------------------------- diff --git a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultGroupWorkflowAdapter.java b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultGroupWorkflowAdapter.java index 041234f..fa765ed 100644 --- a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultGroupWorkflowAdapter.java +++ b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultGroupWorkflowAdapter.java @@ -44,7 +44,7 @@ public class DefaultGroupWorkflowAdapter extends AbstractGroupWorkflowAdapter { dataBinder.create(group, groupTO); group = groupDAO.save(group); - final PropagationByResource propByRes = new PropagationByResource(); + PropagationByResource propByRes = new PropagationByResource(); propByRes.set(ResourceOperation.CREATE, group.getResourceNames()); return new WorkflowResult<>(group.getKey(), propByRes, "create"); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultUserWorkflowAdapter.java ---------------------------------------------------------------------- diff --git a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultUserWorkflowAdapter.java b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultUserWorkflowAdapter.java index 6691541..78360a9 100644 --- a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultUserWorkflowAdapter.java +++ b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/DefaultUserWorkflowAdapter.java @@ -87,7 +87,7 @@ public class DefaultUserWorkflowAdapter extends AbstractUserWorkflowAdapter { user = userDAO.save(user); final PropagationByResource propByRes = new PropagationByResource(); - propByRes.set(ResourceOperation.CREATE, user.getResourceNames()); + propByRes.set(ResourceOperation.CREATE, userDAO.findAllResourceNames(user)); return new WorkflowResult>( new ImmutablePair<>(user.getKey(), propagateEnable), propByRes, "create"); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java ---------------------------------------------------------------------- diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java index e59bec6..031e451 100644 --- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java +++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java @@ -18,7 +18,6 @@ */ package org.apache.syncope.core.provisioning.camel.processor; -import java.util.Collection; import java.util.HashSet; import java.util.List; import org.apache.camel.Exchange; @@ -59,10 +58,10 @@ public class UserDeprovisionProcessor implements Processor { User user = userDAO.authFetch(userKey); - Collection noPropResourceNames = CollectionUtils.removeAll(user.getResourceNames(), resources); - - List tasks = - propagationManager.getUserDeleteTasks(userKey, new HashSet<>(resources), noPropResourceNames); + List tasks = propagationManager.getUserDeleteTasks( + userKey, + new HashSet<>(resources), + CollectionUtils.removeAll(userDAO.findAllResourceNames(user), resources)); PropagationReporter propagationReporter = ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class); try { http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java ---------------------------------------------------------------------- diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java index 0df97b8..cb0bb82 100644 --- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java +++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java @@ -26,6 +26,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.tuple.ImmutablePair; import org.apache.syncope.common.lib.mod.StatusMod; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; +import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.entity.task.PropagationTask; import org.apache.syncope.core.persistence.api.entity.user.User; import org.apache.syncope.core.provisioning.api.WorkflowResult; @@ -49,6 +50,9 @@ public class UserStatusPropagationProcessor implements Processor { @Autowired protected PropagationTaskExecutor taskExecutor; + @Autowired + protected UserDAO userDAO; + @SuppressWarnings("unchecked") @Override public void process(final Exchange exchange) { @@ -58,7 +62,7 @@ public class UserStatusPropagationProcessor implements Processor { StatusMod statusMod = exchange.getProperty("statusMod", StatusMod.class); Collection resourcesToBeExcluded = - CollectionUtils.removeAll(user.getResourceNames(), statusMod.getResourceNames()); + CollectionUtils.removeAll(userDAO.findAllResourceNames(user), statusMod.getResourceNames()); List tasks = propagationManager.getUserUpdateTasks( user, statusMod.getType() != StatusMod.ModType.SUSPEND, resourcesToBeExcluded); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml b/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml index d0b5604..9a6ee5b 100644 --- a/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml +++ b/fit/core-reference/src/main/resources/userWorkflow.bpmn20.xml @@ -34,10 +34,10 @@ under the License. - + - + @@ -56,7 +56,7 @@ under the License. - + http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractTaskITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractTaskITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractTaskITCase.java index 6545be5..5dc3f5c 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractTaskITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractTaskITCase.java @@ -18,7 +18,6 @@ */ package org.apache.syncope.fit.core.reference; -import static org.apache.syncope.fit.core.reference.AbstractITCase.taskService; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java index 5dd5ce8..6ae349c 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java @@ -18,7 +18,6 @@ */ package org.apache.syncope.fit.core.reference; -import static org.apache.commons.lang3.StringUtils.isEmpty; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -157,7 +156,7 @@ public class ConfigurationITCase extends AbstractITCase { } private static String[] substringsBetween(final String str, final String open, final String close) { - if (str == null || isEmpty(open) || isEmpty(close)) { + if (str == null || StringUtils.isEmpty(open) || StringUtils.isEmpty(close)) { return null; } final int strLen = str.length(); http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java index 7071c22..9be9a28 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java @@ -35,6 +35,8 @@ import javax.naming.directory.DirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.ws.rs.core.Response; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.Predicate; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.client.lib.SyncopeClient; @@ -71,15 +73,15 @@ import org.junit.runners.MethodSorters; @FixMethodOrder(MethodSorters.JVM) public class GroupITCase extends AbstractITCase { - private GroupTO buildBasicGroupTO(final String name) { + public static GroupTO getBasicSampleTO(final String name) { GroupTO groupTO = new GroupTO(); groupTO.setRealm("/"); groupTO.setName(name + getUUIDString()); return groupTO; } - private GroupTO buildGroupTO(final String name) { - GroupTO groupTO = buildBasicGroupTO(name); + public static GroupTO getSampleTO(final String name) { + GroupTO groupTO = getBasicSampleTO(name); groupTO.getGPlainAttrTemplates().add("icon"); groupTO.getPlainAttrs().add(attrTO("icon", "anIcon")); @@ -91,7 +93,7 @@ public class GroupITCase extends AbstractITCase { @Test @Ignore public void create() { - GroupTO groupTO = buildGroupTO("lastGroup"); + GroupTO groupTO = getSampleTO("lastGroup"); groupTO.getGVirAttrTemplates().add("rvirtualdata"); groupTO.getVirAttrs().add(attrTO("rvirtualdata", "rvirtualvalue")); groupTO.setGroupOwner(8L); @@ -185,14 +187,18 @@ public class GroupITCase extends AbstractITCase { List groups = groupService2.own(); assertNotNull(groups); - assertFalse(groups.isEmpty()); - assertNotNull(groups.get(0).getPlainAttrs()); - assertFalse(groups.get(0).getPlainAttrs().isEmpty()); + assertTrue(CollectionUtils.exists(groups, new Predicate() { + + @Override + public boolean evaluate(final GroupTO group) { + return 1L == group.getKey(); + } + })); } @Test public void update() { - GroupTO groupTO = buildGroupTO("latestGroup" + getUUIDString()); + GroupTO groupTO = getSampleTO("latestGroup" + getUUIDString()); groupTO.getGPlainAttrTemplates().add("show"); groupTO = createGroup(groupTO); @@ -204,9 +210,6 @@ public class GroupITCase extends AbstractITCase { groupMod.setName(modName); groupMod.getPlainAttrsToUpdate().add(attrMod("show", "FALSE")); - // change password policy inheritance - groupMod.setInheritPasswordPolicy(Boolean.FALSE); - groupTO = updateGroup(groupMod); assertEquals(modName, groupTO.getName()); @@ -215,7 +218,7 @@ public class GroupITCase extends AbstractITCase { @Test public void updateRemovingVirAttribute() { - GroupTO groupTO = buildBasicGroupTO("withvirtual" + getUUIDString()); + GroupTO groupTO = getBasicSampleTO("withvirtual" + getUUIDString()); groupTO.getGVirAttrTemplates().add("rvirtualdata"); groupTO.getVirAttrs().add(attrTO("rvirtualdata", null)); @@ -235,7 +238,7 @@ public class GroupITCase extends AbstractITCase { @Test public void updateRemovingDerAttribute() { - GroupTO groupTO = buildBasicGroupTO("withderived" + getUUIDString()); + GroupTO groupTO = getBasicSampleTO("withderived" + getUUIDString()); groupTO.getGDerAttrTemplates().add("rderivedschema"); groupTO.getDerAttrs().add(attrTO("rderivedschema", null)); @@ -319,7 +322,7 @@ public class GroupITCase extends AbstractITCase { @Test public void unlink() { - GroupTO actual = createGroup(buildGroupTO("unlink")); + GroupTO actual = createGroup(getSampleTO("unlink")); assertNotNull(actual); assertNotNull(resourceService.getConnectorObject(RESOURCE_NAME_LDAP, SubjectType.GROUP, actual.getKey())); @@ -338,7 +341,7 @@ public class GroupITCase extends AbstractITCase { @Test public void link() { - GroupTO groupTO = buildGroupTO("link"); + GroupTO groupTO = getSampleTO("link"); groupTO.getResources().clear(); GroupTO actual = createGroup(groupTO); @@ -369,7 +372,7 @@ public class GroupITCase extends AbstractITCase { @Test public void unassign() { - GroupTO actual = createGroup(buildGroupTO("unassign")); + GroupTO actual = createGroup(getSampleTO("unassign")); assertNotNull(actual); assertNotNull(resourceService.getConnectorObject(RESOURCE_NAME_LDAP, SubjectType.GROUP, actual.getKey())); @@ -393,7 +396,7 @@ public class GroupITCase extends AbstractITCase { @Test public void assign() { - GroupTO groupTO = buildGroupTO("assign"); + GroupTO groupTO = getSampleTO("assign"); groupTO.getResources().clear(); GroupTO actual = createGroup(groupTO); @@ -418,7 +421,7 @@ public class GroupITCase extends AbstractITCase { @Test public void deprovision() { - GroupTO actual = createGroup(buildGroupTO("deprovision")); + GroupTO actual = createGroup(getSampleTO("deprovision")); assertNotNull(actual); assertNotNull(resourceService.getConnectorObject(RESOURCE_NAME_LDAP, SubjectType.GROUP, actual.getKey())); @@ -442,7 +445,7 @@ public class GroupITCase extends AbstractITCase { @Test public void provision() { - GroupTO groupTO = buildGroupTO("assign" + getUUIDString()); + GroupTO groupTO = getSampleTO("assign" + getUUIDString()); groupTO.getResources().clear(); GroupTO actual = createGroup(groupTO); @@ -468,7 +471,7 @@ public class GroupITCase extends AbstractITCase { @Test public void deprovisionUnlinked() { - GroupTO groupTO = buildGroupTO("assign" + getUUIDString()); + GroupTO groupTO = getSampleTO("assign" + getUUIDString()); groupTO.getResources().clear(); GroupTO actual = createGroup(groupTO); @@ -517,7 +520,7 @@ public class GroupITCase extends AbstractITCase { schemaService.create(AttributableType.GROUP, SchemaType.PLAIN, badge); // 2. create a group *without* an attribute for that schema: it works - GroupTO groupTO = buildGroupTO("lastGroup"); + GroupTO groupTO = getSampleTO("lastGroup"); assertFalse(groupTO.getPlainAttrMap().containsKey(badge.getKey())); groupTO = createGroup(groupTO); assertNotNull(groupTO); @@ -549,14 +552,16 @@ public class GroupITCase extends AbstractITCase { public void anonymous() { GroupService unauthenticated = clientFactory.createAnonymous().getService(GroupService.class); try { - unauthenticated.list(SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).build()); + unauthenticated. + list(SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).build()); fail(); } catch (AccessControlException e) { assertNotNull(e); } GroupService anonymous = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).getService(GroupService.class); - assertFalse(anonymous.list(SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).build()). + assertFalse(anonymous.list(SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM). + build()). getResult().isEmpty()); } @@ -565,7 +570,7 @@ public class GroupITCase extends AbstractITCase { SyncopeClient noContentclient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); GroupService noContentService = noContentclient.prefer(GroupService.class, Preference.RETURN_NO_CONTENT); - GroupTO group = buildGroupTO("noContent"); + GroupTO group = getSampleTO("noContent"); Response response = noContentService.create(group); assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus()); @@ -613,7 +618,7 @@ public class GroupITCase extends AbstractITCase { assertNotNull(newLDAP); // 2. create a group and give the resource created above - groupTO = buildGroupTO("lastGroup" + getUUIDString()); + groupTO = getSampleTO("lastGroup" + getUUIDString()); groupTO.getGPlainAttrTemplates().add("icon"); groupTO.getPlainAttrs().add(attrTO("icon", "anIcon")); groupTO.getGPlainAttrTemplates().add("show"); @@ -671,4 +676,23 @@ public class GroupITCase extends AbstractITCase { resourceService.delete("new-ldap"); } } + + @Test + public void dynMembership() { + assertTrue(userService.read(4L).getDynGroups().isEmpty()); + + GroupTO group = getBasicSampleTO("dynMembership"); + group.setDynMembershipCond("cool==true"); + group = createGroup(group); + assertNotNull(group); + + assertTrue(userService.read(4L).getDynGroups().contains(group.getKey())); + + GroupMod mod = new GroupMod(); + mod.setKey(group.getKey()); + mod.setDynMembershipCond("cool==false"); + groupService.update(mod.getKey(), mod); + + assertTrue(userService.read(4L).getDynGroups().isEmpty()); + } } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java index 0c1aa85..4d61644 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java @@ -39,6 +39,15 @@ import org.junit.runners.MethodSorters; @FixMethodOrder(MethodSorters.JVM) public class RoleITCase extends AbstractITCase { + public static RoleTO getSampleRoleTO(final String name) { + RoleTO role = new RoleTO(); + role.setName(name + getUUIDString()); + role.getRealms().add("/even"); + role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + + return role; + } + @Test public void list() { List roleTOs = roleService.list(); @@ -56,15 +65,6 @@ public class RoleITCase extends AbstractITCase { assertTrue(roleTO.getEntitlements().contains(Entitlement.GROUP_READ)); } - private RoleTO buildRoleTO(final String name) { - RoleTO role = new RoleTO(); - role.setName(name + getUUIDString()); - role.getRealms().add("/even"); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); - - return role; - } - @Test public void create() { RoleTO role = new RoleTO(); @@ -82,7 +82,7 @@ public class RoleITCase extends AbstractITCase { @Test public void update() { - RoleTO role = buildRoleTO("update"); + RoleTO role = getSampleRoleTO("update"); Response response = roleService.create(role); RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class); @@ -104,7 +104,7 @@ public class RoleITCase extends AbstractITCase { @Test public void delete() { - RoleTO role = buildRoleTO("delete"); + RoleTO role = getSampleRoleTO("delete"); Response response = roleService.create(role); RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class); @@ -119,4 +119,22 @@ public class RoleITCase extends AbstractITCase { assertEquals(ClientExceptionType.NotFound, e.getType()); } } + + @Test + public void dynMembership() { + assertTrue(userService.read(4L).getDynRoles().isEmpty()); + + RoleTO role = getSampleRoleTO("dynMembership"); + role.setDynMembershipCond("cool==true"); + Response response = roleService.create(role); + role = getObject(response.getLocation(), RoleService.class, RoleTO.class); + assertNotNull(role); + + assertTrue(userService.read(4L).getDynRoles().contains(role.getKey())); + + role.setDynMembershipCond("cool==false"); + roleService.update(role.getKey(), role); + + assertTrue(userService.read(4L).getDynGroups().isEmpty()); + } } http://git-wip-us.apache.org/repos/asf/syncope/blob/22839bf3/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SearchITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SearchITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SearchITCase.java index b17d7f3..0f56510 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SearchITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SearchITCase.java @@ -18,12 +18,14 @@ */ package org.apache.syncope.fit.core.reference; +import static org.apache.syncope.fit.core.reference.AbstractITCase.userService; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.util.Collection; +import javax.ws.rs.core.Response; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.syncope.client.lib.SyncopeClient; @@ -31,7 +33,9 @@ import org.apache.syncope.common.lib.CollectionUtils2; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.to.PagedResult; import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.to.RoleTO; import org.apache.syncope.common.lib.to.UserTO; +import org.apache.syncope.common.rest.api.service.RoleService; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; @@ -95,6 +99,89 @@ public class SearchITCase extends AbstractITCase { } @Test + public void searchByGroup() { + PagedResult matchedUsers = userService.search( + SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM). + fiql(SyncopeClient.getUserSearchConditionBuilder().inGroups(1L).query()). + build()); + assertNotNull(matchedUsers); + assertFalse(matchedUsers.getResult().isEmpty()); + + assertTrue(CollectionUtils.exists(matchedUsers.getResult(), new Predicate() { + + @Override + public boolean evaluate(final UserTO user) { + return user.getKey() == 1; + } + })); + } + + @Test + public void searchByDynGroup() { + GroupTO group = GroupITCase.getBasicSampleTO("dynMembership"); + group.setDynMembershipCond("cool==true"); + group = createGroup(group); + assertNotNull(group); + + PagedResult matchedUsers = userService.search( + SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM). + fiql(SyncopeClient.getUserSearchConditionBuilder().inGroups(group.getKey()).query()). + build()); + assertNotNull(matchedUsers); + assertFalse(matchedUsers.getResult().isEmpty()); + + assertTrue(CollectionUtils.exists(matchedUsers.getResult(), new Predicate() { + + @Override + public boolean evaluate(final UserTO user) { + return user.getKey() == 4; + } + })); + } + + @Test + public void searchByRole() { + PagedResult matchedUsers = userService.search( + SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM). + fiql(SyncopeClient.getUserSearchConditionBuilder().inRoles(3L).query()). + build()); + assertNotNull(matchedUsers); + assertFalse(matchedUsers.getResult().isEmpty()); + + assertTrue(CollectionUtils.exists(matchedUsers.getResult(), new Predicate() { + + @Override + public boolean evaluate(final UserTO user) { + return user.getKey() == 1; + } + })); + } + + @Test + public void searchByDynRole() { + RoleTO role = RoleITCase.getSampleRoleTO("dynMembership"); + role.setDynMembershipCond("cool==true"); + Response response = roleService.create(role); + role = getObject(response.getLocation(), RoleService.class, RoleTO.class); + assertNotNull(role); + + PagedResult matchedUsers = userService.search( + SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM). + fiql(SyncopeClient.getUserSearchConditionBuilder().inRoles(role.getKey()).query()). + build()); + assertNotNull(matchedUsers); + assertFalse(matchedUsers.getResult().isEmpty()); + + assertTrue(CollectionUtils.exists(matchedUsers.getResult(), new Predicate() { + + @Override + public boolean evaluate(final UserTO user) { + return user.getKey() == 4; + } + })); + } + + @Test public void searchUserByResourceName() { PagedResult matchedUsers = userService.search( SyncopeClient.getSubjectSearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).