Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles:dev:duplicate-role [2019/03/15 15:21]
tomiskar
+++ devel:documentation:roles:dev:duplicate-role [2019/03/18 08:50] (current)
tomiskar
@@ Line 1: / Line 1: @@
 ====== Duplicate role ======
+{{tag> role duplicate processor state }}
 Role is duplicated by ''RoleDuplicateBulkAction'' bulk action. This action propagate ''DUPLICATE'' event type with content:
@@ Line 10: / Line 12: @@
 <note tip>Form attributes registered by processor can be localized in the custom module. Each attribute can have different module - module is preset automatically by the processor's module.</note>
+<note tip>If role is duplicated into different environment and role with the same base code already exists there, then new role on the target environment is not created, but updated by the source (selected) role. E.g. when some basic role attribute is changed or some automatic role is added => this changes can be "synchronized" into target role repetitively. **Roles are paired between environments by the base code** => if base code is changed, then new duplicate will be created.</note>
 ===== Processors  =====
@@ Line 25: / Line 29: @@
 Prepares role's basic properties.
-<note tip>Register custom processor after this processor's order, if some role property has to be overriden (or filled by different business logic).</note>
+<note tip>Register custom processor after this processor's order, if some role basic property has to be overriden (or filled by different business logic).</note>
 <code properties>
@@ Line 41: / Line 45: @@
 Here is the role persisted into database.
+<note tip>Register custom processor after this processor's order, if some related entities has to be duplicated (e.g. guarantees).</note>
 <code properties>
@@ Line 55: / Line 61: @@
   * Default order: **50**
-Duplicate role form attributes (parameters for the identity (~assigned) roles). Parameters are created or updated by the extended attribute code.
+Duplicate role form attributes - parameters for the identity (~assigned) roles. Parameters are created for the target role or updated - extended attribute code is used for pairing.
 Parameters provided to the bulk action form:
@@ Line 74: / Line 80: @@
   * Default order: **100**
-Duplicate congirured role composition (sub roles by business role definition) and duplicate sub roles recursively. If the same environment is selected, the only role composition is created - exists sub role is used. If the different environment (~target environment) is used, then sub roles with the same environment as original are duplicated recursively into target environment.
+Duplicate configured role composition (sub roles by business role definition) and duplicate sub roles recursively. If the same environment is selected, the only role composition is created - existing sub roles are used. If the different environment (~target environment) is used, then sub roles with the same environment as original are duplicated recursively into target environment.
 Parameters provided to the bulk action form:
@@ Line 90: / Line 96: @@
 === Custom processor example ===
+Core processor can be disabled and overriden by processor implemented in custom module, if behavior of the core processor has to be changed.
 <code java>
@@ Line 137: / Line 145: @@
 </code>
+==== DuplicateRoleAutomaticByTreeProcessor ====
+@since 9.5.0
+  * Event content: ''IdmRoleDto''
+  * Event type: ''DUPLICATE''
+  * Default order: **200**
+Duplicate configured automatic roles by tree structure. Automatic roles are duplicated recursively, if composition is duplicated recursively (see ''DuplicateRoleCompositionProcessor'' above).
+Parameters provided to the bulk action form:
+  * **Duplicate automatic roles** - if automatic roles will be duplicated (both by tree structure and attribute).
+Configuration properties:
+<code properties>
+## Enable / disable
+idm.sec.core.processor.core-duplicate-role-automatic-by-tree-processor.enabled=true
+</code>
+==== DuplicateRoleAutomaticByAttributeProcessor ====
+@since 9.5.0
+  * Event content: ''IdmRoleDto''
+  * Event type: ''DUPLICATE''
+  * Default order: **300**
+Duplicate configured automatic roles by attribute. Automatic roles are duplicated recursively, if composition is duplicated recursively (see ''DuplicateRoleCompositionProcessor'' above).
+Parameters provided to the bulk action form:
+  * **Duplicate automatic roles** - if automatic roles will be duplicated (both by tree structure and attribute).
+Configuration properties:
+<code properties>
+## Enable / disable
+idm.sec.core.processor.core-duplicate-role-automatic-by-attribute-processor.enabled=true
+</code>
+===== Example processor =====
+Processors can be registered to process event with type ''DUPLICATE'' and ''IdmRoleDto'' content.
+<code java>
+/**
+ * Duplicate role - example processor, just create log
+ */
+@Enabled(ExampleModuleDescriptor.MODULE_ID)
+@Component(DuplicateRoleLogProcessor.PROCESSOR_NAME)
+@Description("Duplicate role - composition and recursion.")
+public class DuplicateRoleLogProcessor
+		extends CoreEventProcessor<IdmRoleDto>
+		implements RoleProcessor {
+	private static final org.slf4j.Logger LOG = org.slf4j.LoggerFactory.getLogger(DuplicateRoleLogProcessor.class);
+	//
+	public static final String PROCESSOR_NAME = "example-duplicate-role-log-processor";
+	public static final String PARAMETER_INCLUDE_LOG = "include-log";
+	public DuplicateRoleLogProcessor() {
+		super(RoleEventType.DUPLICATE);
+	}
+	@Override
+	public String getName() {
+		return PROCESSOR_NAME;
+	}
+        /**
+	 * Adds form attribute - if log will be created - into bulk action form.
+	 */
+	@Override
+	public List<IdmFormAttributeDto> getFormAttributes() {
+		IdmFormAttributeDto include = new IdmFormAttributeDto(
+				PARAMETER_INCLUDE_LOG,
+				"Log duplicated roles",
+				PersistentType.BOOLEAN);
+		include.setDefaultValue(Boolean.TRUE.toString());
+		//
+		return Lists.newArrayList(include);
+	}
+	@Override
+	public boolean conditional(EntityEvent<IdmRoleDto> event) {
+		return super.conditional(event)
+				&& getBooleanProperty(PARAMETER_INCLUDE_LOG, event.getProperties());
+	}
+	@Override
+	public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
+		IdmRoleDto duplicate = event.getContent();
+		IdmRoleDto originalSource = event.getOriginalSource();
+		//
+		LOG.info("Duplicate role [{}] from environment [{}] to [{}]", originalSource.getBaseCode(), originalSource.getEnvironment(), duplicate.getEnvironment());
+		//
+		return new DefaultEventResult<>(event, this);
+	}
+	@Override
+	public int getOrder() {
+		return 10000; // on the end
+	}
+}
+</code>
-...
+===== Entity state usage =====
-TODO:
+When some role composition or automatic role (~related entity) is removed from the source role and role is duplicated into different environment repetitively (=> update), then all removed related entities are removed at the end of the bulk action to prevent some account on target system (''acc'') will be removed and created again. When bulk action is processed (by processors) and some related entity has to be removed, then entity state ''deleted'' is created for this entity only. All entities with the ''deleted'' state are removed at end. States are marked with ''transactionId'', which creates envelope for all states creates by one bulk action => only states for the current bulk action are processed.
-- all registered processors, orders
-- entity state deleted - usage, prevent to remove account
-- create duplicate vs update duplicate
-- how to register new processor (example)
-- how to override processor + custom from test