Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:roles:dev:duplicate-role [2019/03/15 12:22] tomiskar |
devel:documentation:roles:dev:duplicate-role [2019/03/18 08:50] (current) tomiskar |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Duplicate role ====== | ====== Duplicate role ====== | ||
- | - DUPLICATE event + event content (original, duplicate = content), | + | {{tag> role duplicate processor state }} |
- | - create | + | |
- | - how to register new processor (example) | + | Role is duplicated by '' |
- | - how to override | + | * '' |
+ | * '' | ||
+ | |||
+ | Creating duplicate role is then propagated into registered (and enabled) entity | ||
+ | |||
+ | Processors can register form attributes into the bulk action form - distinct form attributes (by code, the first attribute wins by processor' | ||
+ | |||
+ | <note tip>Form attributes registered by processor can be localized in the custom module. Each attribute can have different module - module is preset automatically by the processor' | ||
+ | |||
+ | <note tip>If role is duplicated into different environment and role with the same base code already exists there, then new role on the target environment is not created, but updated by the source (selected) role. E.g. when some basic role attribute is changed or some automatic role is added => this changes can be " | ||
+ | |||
+ | ===== Processors | ||
+ | |||
+ | Implemented processors in the product sorted by order of the processing: | ||
+ | |||
+ | ==== DuplicateRolePrepareProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **-1000** | ||
+ | |||
+ | Prepares role's basic properties. | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-prepare-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | ==== DuplicateRoleSaveProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **0** | ||
+ | |||
+ | Here is the role persisted into database. | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-save-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | ==== DuplicateRoleFormAttributeProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **50** | ||
+ | |||
+ | Duplicate role form attributes - parameters for the identity (~assigned) roles. Parameters are created for the target role or updated - extended attribute code is used for pairing. | ||
+ | |||
+ | Parameters provided to the bulk action form: | ||
+ | * **Duplicate role form attributes** - if role form attributes will be duplicated. | ||
+ | |||
+ | Configuration properties: | ||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-form-attribute-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | ==== DuplicateRoleCompositionProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **100** | ||
+ | |||
+ | Duplicate configured role composition (sub roles by business role definition) and duplicate sub roles recursively. If the same environment is selected, the only role composition is created - existing sub roles are used. If the different environment (~target environment) is used, then sub roles with the same environment as original are duplicated recursively into target environment. | ||
+ | |||
+ | Parameters provided to the bulk action form: | ||
+ | * **Duplicate sub roles (by business role definition)** - if business role configuration will be duplicated (recursively). | ||
+ | |||
+ | Overidable methods (can be used for on the projects, e.g. example below): | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | Configuration properties: | ||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-composition-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | === Custom processor example === | ||
+ | |||
+ | Core processor can be disabled and overriden by processor implemented in custom module, if behavior of the core processor has to be changed. | ||
+ | |||
+ | <code java> | ||
+ | /** | ||
+ | * Project specific processor for duplicate | ||
+ | */ | ||
+ | @Component(CustomDuplicateRoleCompositionProcessor.PROCESSOR_NAME) | ||
+ | @Description(" | ||
+ | public class CustomDuplicateRoleCompositionProcessor extends DuplicateRoleCompositionProcessor { | ||
+ | |||
+ | public static final String PROCESSOR_NAME = " | ||
+ | |||
+ | @Override | ||
+ | public String getName() { | ||
+ | return PROCESSOR_NAME; | ||
+ | } | ||
+ | |||
+ | /** | ||
+ | * Returns true, when role should be cloned recursively | ||
+ | * - it's not cloned, if application sub role doesn' | ||
+ | * | ||
+ | * @param event processed event | ||
+ | * @param originalSubRole original sub role | ||
+ | * @param targetSubRole duplicate sub role. {@code null} if target role has to be created. | ||
+ | * @return | ||
+ | */ | ||
+ | @Override | ||
+ | public boolean duplicateRecursively(EntityEvent< | ||
+ | return (targetSubRole != null && targetSubRole.getId() != null) || originalSubRole.getChildrenCount() > 0; | ||
+ | } | ||
+ | |||
+ | /** | ||
+ | * Returns true, when role composition should be included in the target role | ||
+ | * - it's not included, when sub role doesn' | ||
+ | * | ||
+ | * @param event processed event | ||
+ | * @param composition source composition | ||
+ | * @return | ||
+ | */ | ||
+ | @Override | ||
+ | public boolean includeComposition(EntityEvent< | ||
+ | IdmRoleDto subRole = DtoUtils.getEmbedded(composition, | ||
+ | // | ||
+ | return Objects.equals(event.getOriginalSource().getEnvironment(), | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ==== DuplicateRoleAutomaticByTreeProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **200** | ||
+ | |||
+ | Duplicate configured automatic roles by tree structure. Automatic roles are duplicated recursively, | ||
+ | |||
+ | Parameters provided to the bulk action form: | ||
+ | * **Duplicate automatic roles** - if automatic roles will be duplicated (both by tree structure and attribute). | ||
+ | |||
+ | Configuration properties: | ||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-automatic-by-tree-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | ==== DuplicateRoleAutomaticByAttributeProcessor ==== | ||
+ | |||
+ | @since 9.5.0 | ||
+ | |||
+ | * Event content: '' | ||
+ | * Event type: '' | ||
+ | * Default order: **300** | ||
+ | |||
+ | Duplicate configured automatic roles by attribute. Automatic roles are duplicated recursively, | ||
+ | |||
+ | Parameters provided to the bulk action form: | ||
+ | * **Duplicate automatic roles** | ||
+ | |||
+ | Configuration properties: | ||
+ | <code properties> | ||
+ | ## Enable / disable | ||
+ | idm.sec.core.processor.core-duplicate-role-automatic-by-attribute-processor.enabled=true | ||
+ | </ | ||
+ | |||
+ | ===== Example processor ===== | ||
+ | |||
+ | Processors can be registered | ||
+ | |||
+ | <code java> | ||
+ | /** | ||
+ | * Duplicate role - example | ||
+ | */ | ||
+ | @Enabled(ExampleModuleDescriptor.MODULE_ID) | ||
+ | @Component(DuplicateRoleLogProcessor.PROCESSOR_NAME) | ||
+ | @Description(" | ||
+ | public class DuplicateRoleLogProcessor | ||
+ | extends CoreEventProcessor< | ||
+ | implements RoleProcessor { | ||
+ | |||
+ | private static final org.slf4j.Logger LOG = org.slf4j.LoggerFactory.getLogger(DuplicateRoleLogProcessor.class); | ||
+ | // | ||
+ | public static final String PROCESSOR_NAME = " | ||
+ | public static final String PARAMETER_INCLUDE_LOG = " | ||
+ | |||
+ | public DuplicateRoleLogProcessor() { | ||
+ | super(RoleEventType.DUPLICATE); | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public String getName() { | ||
+ | return PROCESSOR_NAME; | ||
+ | } | ||
+ | |||
+ | /** | ||
+ | * Adds form attribute - if log will be created - into bulk action form. | ||
+ | */ | ||
+ | @Override | ||
+ | public List< | ||
+ | IdmFormAttributeDto include = new IdmFormAttributeDto( | ||
+ | PARAMETER_INCLUDE_LOG, | ||
+ | " | ||
+ | PersistentType.BOOLEAN); | ||
+ | include.setDefaultValue(Boolean.TRUE.toString()); | ||
+ | // | ||
+ | return Lists.newArrayList(include); | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public boolean conditional(EntityEvent< | ||
+ | return super.conditional(event) | ||
+ | && | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public EventResult< | ||
+ | IdmRoleDto duplicate = event.getContent(); | ||
+ | IdmRoleDto originalSource = event.getOriginalSource(); | ||
+ | // | ||
+ | LOG.info(" | ||
+ | // | ||
+ | return new DefaultEventResult<> | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public int getOrder() { | ||
+ | return 10000; // on the end | ||
+ | } | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== Entity state usage ===== | ||
+ | |||
+ | When some role composition or automatic role (~related entity) is removed from the source role and role is duplicated into different environment repetitively (=> update), then all removed related entities are removed at the end of the bulk action to prevent some account on target system ('' | ||