for (MembershipMod membToBeAdded : userMod.getMembershipsToBeAdded()) {
membershipToBeAddedRoleIds.add(membToBeAdded.getRole());
}
// memberships to be removed
Membership membership = null;
for (Long membershipId : userMod.getMembershipsToBeRemoved()) {
LOG.debug("Membership to be removed: {}", membershipId);
membership = membershipDAO.find(membershipId);
if (membership == null) {
LOG.debug("Invalid membership id specified to be removed: {}", membershipId);
} else {
for (ExternalResource resource : membership.getSyncopeRole().getResources()) {
if (!membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {
propByRes.add(PropagationOperation.DELETE, resource.getName());
}
}
// In order to make the removeMembership() below to work,
// we need to be sure to take exactly the same membership
// of the user object currently in memory (which has potentially
// some modifications compared to the one stored in the DB
membership = user.getMembership(membership.getSyncopeRole().getId());
if (membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {
Set<Long> attributeIds = new HashSet<Long>(membership.getAttributes().size());
for (AbstractAttr attribute : membership.getAttributes()) {
attributeIds.add(attribute.getId());
}
for (Long attributeId : attributeIds) {
attributeDAO.delete(attributeId, MAttr.class);
}
attributeIds.clear();
// remove derived attributes
for (AbstractDerAttr derAttr : membership.getDerivedAttributes()) {
attributeIds.add(derAttr.getId());
}
for (Long derAttrId : attributeIds) {
derAttrDAO.delete(derAttrId, MDerAttr.class);
}
attributeIds.clear();
// remove virtual attributes
for (AbstractVirAttr virAttr : membership.getVirtualAttributes()) {
attributeIds.add(virAttr.getId());
}
for (Long virAttrId : attributeIds) {
virAttrDAO.delete(virAttrId, MVirAttr.class);
}
attributeIds.clear();
} else {
user.removeMembership(membership);
membershipDAO.delete(membershipId);
}
}
}
// memberships to be added
for (MembershipMod membershipMod : userMod.getMembershipsToBeAdded()) {
LOG.debug("Membership to be added: role({})", membershipMod.getRole());
SyncopeRole role = roleDAO.find(membershipMod.getRole());
if (role == null) {
LOG.debug("Ignoring invalid role {}", membershipMod.getRole());
} else {
membership = user.getMembership(role.getId());
if (membership == null) {
membership = new Membership();
membership.setSyncopeRole(role);
membership.setSyncopeUser(user);
user.addMembership(membership);
propByRes.addAll(PropagationOperation.UPDATE, role.getResourceNames());
}