Examples of org.apache.syncope.core.propagation.PropagationByResource

• org.apache.syncope.core.propagation.PropagationByResource
  Utility class for encapsulating operations to be performed on various resources.

            result.setStatus(SyncResult.Status.FAILURE);
            result.setMessage("Update failed, trying to sync status anyway (if configured)\n" + e.getMessage());

            updated = new WorkflowResult<Map.Entry<Long, Boolean>>(
                    new AbstractMap.SimpleEntry<Long, Boolean>(id, false), new PropagationByResource(),
                    new HashSet<String>());
        }

        Boolean enabled = readEnabled(delta.getObject());
        if (enabled != null) {

            tasks = propagationManager.getUserUpdateTaskIds(updated, changedPwd,
                    userMod.getVirtualAttributesToBeRemoved(), userMod.getVirtualAttributesToBeUpdated());
        } else {
            // 2b. generate the propagation task list in two phases: first the ones containing password,
            // the the rest (with no password)
            final PropagationByResource origPropByRes = new PropagationByResource();
            origPropByRes.merge(updated.getPropByRes());

            Set<String> pwdResourceNames = userMod.getPwdPropRequest().getResources();
            SyncopeUser user = binder.getUserFromId(updated.getResult().getKey());
            pwdResourceNames.retainAll(user.getResourceNames());
            final PropagationByResource pwdPropByRes = new PropagationByResource();
            pwdPropByRes.addAll(ResourceOperation.UPDATE, pwdResourceNames);
            updated.setPropByRes(pwdPropByRes);

            if (!pwdPropByRes.isEmpty()) {
                Set<String> toBeExcluded = new HashSet<String>(user.getResourceNames());
                toBeExcluded.addAll(userMod.getResourcesToBeAdded());
                toBeExcluded.removeAll(pwdResourceNames);
                tasks.addAll(propagationManager.getUserUpdateTaskIds(
                        updated,
                        changedPwd,
                        userMod.getVirtualAttributesToBeRemoved(),
                        userMod.getVirtualAttributesToBeUpdated(),
                        toBeExcluded));
            }

            final PropagationByResource nonPwdPropByRes = new PropagationByResource();
            nonPwdPropByRes.merge(origPropByRes);
            nonPwdPropByRes.removeAll(pwdResourceNames);
            nonPwdPropByRes.purge();
            updated.setPropByRes(nonPwdPropByRes);

            if (!nonPwdPropByRes.isEmpty()) {
                tasks.addAll(propagationManager.getUserUpdateTaskIds(
                        updated,
                        null,
                        userMod.getVirtualAttributesToBeRemoved(),
                        userMod.getVirtualAttributesToBeUpdated(),

            throws NotFoundException {

        AbstractAttributableDataBinder binder = attributable instanceof SyncopeUser
                ? userDataBinder : roleDataBinder;

        PropagationByResource localPropByRes = binder.fillVirtual(attributable, vAttrsToBeRemoved == null
                ? Collections.<String>emptySet()
                : vAttrsToBeRemoved, vAttrsToBeUpdated == null
                ? Collections.<AttributeMod>emptySet()
                : vAttrsToBeUpdated, AttributableUtil.getInstance(attributable));

        if (propByRes == null || propByRes.isEmpty()) {
            localPropByRes.addAll(ResourceOperation.UPDATE, attributable.getResourceNames());
        } else {
            localPropByRes.merge(propByRes);
        }

        if (noPropResourceNames != null) {
            localPropByRes.removeAll(noPropResourceNames);
        }

        Map<String, AttributeMod> vAttrsToBeUpdatedMap = null;
        if (vAttrsToBeUpdated != null) {
            vAttrsToBeUpdatedMap = new HashMap<String, AttributeMod>();

        List<WorkflowResult<Long>> result = new ArrayList<WorkflowResult<Long>>();

        for (Membership membership : roleDAO.findMemberships(role)) {
            SyncopeUser user = membership.getSyncopeUser();

            PropagationByResource propByRes = new PropagationByResource();
            for (ExternalResource resource : role.getResources()) {
                if (!user.getOwnResources().contains(resource)) {
                    propByRes.add(ResourceOperation.DELETE, resource.getName());
                }

                if (!propByRes.isEmpty()) {
                    result.add(new WorkflowResult<Long>(user.getId(), propByRes, Collections.<String>emptySet()));
                }
            }
        }

        return role;
    }

    public PropagationByResource update(final SyncopeRole role, final RoleMod roleMod) {
        PropagationByResource propByRes = new PropagationByResource();

        SyncopeClientCompositeErrorException scce = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);

        Set<String> currentResources = role.getResourceNames();

        // name
        SyncopeClientException invalidRoles = new SyncopeClientException(SyncopeClientExceptionType.InvalidRoles);
        if (roleMod.getName() != null) {
            SyncopeRole otherRole = roleDAO.find(roleMod.getName(),
                    role.getParent() == null ? null : role.getParent().getId());
            if (otherRole == null || role.equals(otherRole)) {
                if (!roleMod.getName().equals(role.getName())) {
                    propByRes.addAll(ResourceOperation.UPDATE, currentResources);
                    for (String resource : currentResources) {
                        propByRes.addOldAccountId(resource, role.getName());
                    }

                    role.setName(roleMod.getName());
                }
            } else {
                LOG.error("Another role exists with the same name and the same parent role: " + otherRole);

                invalidRoles.addElement(roleMod.getName());
                scce.addException(invalidRoles);
            }
        }

        if (roleMod.getInheritOwner() != null) {
            role.setInheritOwner(roleMod.getInheritOwner());
        }

        if (roleMod.getInheritAttributes() != null) {
            role.setInheritAttributes(roleMod.getInheritAttributes());
        }
        if (roleMod.getInheritDerivedAttributes() != null) {
            role.setInheritDerivedAttributes(roleMod.getInheritDerivedAttributes());
        }
        if (roleMod.getInheritVirtualAttributes() != null) {
            role.setInheritVirtualAttributes(roleMod.getInheritVirtualAttributes());
        }

        if (roleMod.getInheritPasswordPolicy() != null) {
            role.setInheritPasswordPolicy(roleMod.getInheritPasswordPolicy());
        }
        if (roleMod.getInheritAccountPolicy() != null) {
            role.setInheritAccountPolicy(roleMod.getInheritAccountPolicy());
        }

        // entitlements
        if (roleMod.getEntitlements() != null) {
            role.getEntitlements().clear();
            for (String entitlementName : roleMod.getEntitlements()) {
                Entitlement entitlement = entitlementDAO.find(entitlementName);
                if (entitlement == null) {
                    LOG.warn("Ignoring invalid entitlement {}", entitlementName);
                } else {
                    role.addEntitlement(entitlement);
                }
            }
        }

        // policies
        if (roleMod.getPasswordPolicy() != null) {
            role.setPasswordPolicy(roleMod.getPasswordPolicy().getId() == null
                    ? null
                    : (PasswordPolicy) policyDAO.find(roleMod.getPasswordPolicy().getId()));
        }
        if (roleMod.getAccountPolicy() != null) {
            role.setAccountPolicy(roleMod.getAccountPolicy().getId() == null
                    ? null
                    : (AccountPolicy) policyDAO.find(roleMod.getAccountPolicy().getId()));
        }

        // owner
        if (roleMod.getUserOwner() != null) {
            role.setUserOwner(roleMod.getUserOwner().getId() == null
                    ? null
                    : userDAO.find(roleMod.getUserOwner().getId()));
        }
        if (roleMod.getRoleOwner() != null) {
            role.setRoleOwner(roleMod.getRoleOwner().getId() == null
                    ? null
                    : roleDAO.find(roleMod.getRoleOwner().getId()));
        }

        // attributes, derived attributes, virtual attributes and resources
        propByRes.merge(fill(role, roleMod, AttributableUtil.getInstance(AttributableType.ROLE), scce));

        return propByRes;
    }

            tasks = propagationManager.getUserUpdateTaskIds(updated, changedPwd,
                    actual.getVirtualAttributesToBeRemoved(), actual.getVirtualAttributesToBeUpdated());
        } else {
            // 2b. generate the propagation task list in two phases: first the ones containing password,
            // the rest (with no password)
            final PropagationByResource origPropByRes = new PropagationByResource();
            origPropByRes.merge(updated.getPropByRes());

            Set<String> pwdResourceNames = actual.getPwdPropRequest().getResources();
            SyncopeUser user = binder.getUserFromId(updated.getResult().getKey());
            pwdResourceNames.retainAll(user.getResourceNames());
            final PropagationByResource pwdPropByRes = new PropagationByResource();
            pwdPropByRes.addAll(ResourceOperation.UPDATE, pwdResourceNames);
            updated.setPropByRes(pwdPropByRes);

            if (!pwdPropByRes.isEmpty()) {
                Set<String> toBeExcluded = new HashSet<String>(user.getResourceNames());
                toBeExcluded.addAll(actual.getResourcesToBeAdded());
                toBeExcluded.removeAll(pwdResourceNames);
                tasks.addAll(propagationManager.getUserUpdateTaskIds(
                        updated,
                        changedPwd,
                        true,
                        actual.getVirtualAttributesToBeRemoved(),
                        actual.getVirtualAttributesToBeUpdated(),
                        toBeExcluded));
            }

            final PropagationByResource nonPwdPropByRes = new PropagationByResource();
            nonPwdPropByRes.merge(origPropByRes);
            nonPwdPropByRes.removeAll(pwdResourceNames);
            nonPwdPropByRes.purge();
            updated.setPropByRes(nonPwdPropByRes);

            if (!nonPwdPropByRes.isEmpty()) {
                tasks.addAll(propagationManager.getUserUpdateTaskIds(
                        updated,
                        null,
                        false,
                        actual.getVirtualAttributesToBeRemoved(),

     * @param userMod bean containing update request
     * @return updated user + propagation by resource
     * @see PropagationByResource
     */
    public PropagationByResource update(final SyncopeUser user, final UserMod userMod) {
        PropagationByResource propByRes = new PropagationByResource();

        SyncopeClientCompositeErrorException scce = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);

        Set<String> currentResources = user.getResourceNames();

        // password
        if (StringUtils.isNotBlank(userMod.getPassword())) {
            setPassword(user, userMod.getPassword(), scce);
            user.setChangePwdDate(new Date());
            propByRes.addAll(ResourceOperation.UPDATE, currentResources);
        }

        // username
        if (userMod.getUsername() != null && !userMod.getUsername().equals(user.getUsername())) {
            String oldUsername = user.getUsername();

            user.setUsername(userMod.getUsername());
            propByRes.addAll(ResourceOperation.UPDATE, currentResources);

            for (ExternalResource resource : user.getResources()) {
                for (AbstractMappingItem mapItem : resource.getUmapping().getItems()) {
                    if (mapItem.isAccountid() && mapItem.getIntMappingType() == IntMappingType.Username) {
                        propByRes.addOldAccountId(resource.getName(), oldUsername);
                    }
                }
            }
        }

        // attributes, derived attributes, virtual attributes and resources
        propByRes.merge(fill(user, userMod, AttributableUtil.getInstance(AttributableType.USER), scce));

        // store the role ids of membership required to be added
        Set<Long> membershipToBeAddedRoleIds = new HashSet<Long>();
        for (MembershipMod membToBeAdded : userMod.getMembershipsToBeAdded()) {
            membershipToBeAddedRoleIds.add(membToBeAdded.getRole());
        }

        final Set<String> toBeDeprovisioned = new HashSet<String>();
        final Set<String> toBeProvisioned = new HashSet<String>();

        // memberships to be removed
        for (Long membershipId : userMod.getMembershipsToBeRemoved()) {
            LOG.debug("Membership to be removed: {}", membershipId);

            Membership membership = membershipDAO.find(membershipId);
            if (membership == null) {
                LOG.debug("Invalid membership id specified to be removed: {}", membershipId);
            } else {
                if (!membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {
                    toBeDeprovisioned.addAll(membership.getSyncopeRole().getResourceNames());
                }

                // In order to make the removeMembership() below to work,
                // we need to be sure to take exactly the same membership
                // of the user object currently in memory (which has potentially
                // some modifications compared to the one stored in the DB
                membership = user.getMembership(membership.getSyncopeRole().getId());
                if (membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {

                    Set<Long> attributeIds = new HashSet<Long>(membership.getAttributes().size());
                    for (AbstractAttr attribute : membership.getAttributes()) {
                        attributeIds.add(attribute.getId());
                    }
                    for (Long attributeId : attributeIds) {
                        attrDAO.delete(attributeId, MAttr.class);
                    }
                    attributeIds.clear();

                    // remove derived attributes
                    for (AbstractDerAttr derAttr : membership.getDerivedAttributes()) {
                        attributeIds.add(derAttr.getId());
                    }
                    for (Long derAttrId : attributeIds) {
                        derAttrDAO.delete(derAttrId, MDerAttr.class);
                    }
                    attributeIds.clear();

                    // remove virtual attributes
                    for (AbstractVirAttr virAttr : membership.getVirtualAttributes()) {
                        attributeIds.add(virAttr.getId());
                    }
                    for (Long virAttrId : attributeIds) {
                        virAttrDAO.delete(virAttrId, MVirAttr.class);
                    }
                    attributeIds.clear();
                } else {
                    user.removeMembership(membership);

                    membershipDAO.delete(membershipId);
                }
            }
        }

        // memberships to be added
        for (MembershipMod membershipMod : userMod.getMembershipsToBeAdded()) {
            LOG.debug("Membership to be added: role({})", membershipMod.getRole());

            SyncopeRole role = roleDAO.find(membershipMod.getRole());
            if (role == null) {
                LOG.debug("Ignoring invalid role {}", membershipMod.getRole());
            } else {
                Membership membership = user.getMembership(role.getId());
                if (membership == null) {
                    membership = new Membership();
                    membership.setSyncopeRole(role);
                    membership.setSyncopeUser(user);

                    user.addMembership(membership);

                    toBeProvisioned.addAll(role.getResourceNames());
                }

                propByRes.merge(fill(membership, membershipMod,
                        AttributableUtil.getInstance(AttributableType.MEMBERSHIP), scce));
            }
        }

        propByRes.addAll(ResourceOperation.DELETE, toBeDeprovisioned);
        propByRes.addAll(ResourceOperation.UPDATE, toBeProvisioned);

        /**
         * In case of new memberships all the current resources have to be updated in order to propagate new role and
         * membership attribute values.
         */
        if (!toBeDeprovisioned.isEmpty() || !toBeProvisioned.isEmpty()) {
            currentResources.removeAll(toBeDeprovisioned);
            propByRes.addAll(ResourceOperation.UPDATE, currentResources);
        }

        return propByRes;
    }

            propagateEnable = enabled;
        }

        // save resources to be propagated and password for later -
        // after form submission - propagation
        PropagationByResource propByRes = new PropagationByResource();
        propByRes.set(PropagationOperation.CREATE, user.getResourceNames());

        if (waitingForForm(user)) {
            runtimeService.setVariable(processInstance.getProcessInstanceId(), PROP_BY_RESOURCE, propByRes);
            propByRes = null;

        Set<String> task = doExecuteTask(user, "update", Collections.singletonMap(USER_MOD, (Object) userMod));

        updateStatus(user);
        SyncopeUser updated = userDAO.save(user);

        PropagationByResource propByRes = (PropagationByResource) runtimeService.getVariable(user.getWorkflowId(),
                PROP_BY_RESOURCE);

        // save resources to be propagated and password for later -
        // after form submission - propagation
        if (waitingForForm(user) && StringUtils.isNotBlank(userMod.getPassword())) {

        updateStatus(user);
        SyncopeUser updated = userDAO.save(user);

        // see if there is any propagation to be done
        PropagationByResource propByRes = (PropagationByResource) runtimeService.getVariable(user.getWorkflowId(),
                PROP_BY_RESOURCE);

        // fetch - if available - the encrpted password
        String clearPassword = null;
        String encryptedPwd = (String) runtimeService.getVariable(user.getWorkflowId(), ENCRYPTED_PWD);