// memberships to be removed
for (Long membershipId : userMod.getMembershipsToRemove()) {
LOG.debug("Membership to be removed: {}", membershipId);
Membership membership = membershipDAO.find(membershipId);
if (membership == null) {
LOG.debug("Invalid membership id specified to be removed: {}", membershipId);
} else {
if (!membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {
toBeDeprovisioned.addAll(membership.getSyncopeRole().getResourceNames());
}
// In order to make the removeMembership() below to work,
// we need to be sure to take exactly the same membership
// of the user object currently in memory (which has potentially
// some modifications compared to the one stored in the DB
membership = user.getMembership(membership.getSyncopeRole().getId());
if (membershipToBeAddedRoleIds.contains(membership.getSyncopeRole().getId())) {
Set<Long> attributeIds = new HashSet<Long>(membership.getAttrs().size());
for (AbstractAttr attribute : membership.getAttrs()) {
attributeIds.add(attribute.getId());
}
for (Long attributeId : attributeIds) {
attrDAO.delete(attributeId, MAttr.class);
}
attributeIds.clear();
// remove derived attributes
for (AbstractDerAttr derAttr : membership.getDerAttrs()) {
attributeIds.add(derAttr.getId());
}
for (Long derAttrId : attributeIds) {
derAttrDAO.delete(derAttrId, MDerAttr.class);
}
attributeIds.clear();
// remove virtual attributes
for (AbstractVirAttr virAttr : membership.getVirAttrs()) {
attributeIds.add(virAttr.getId());
}
for (Long virAttrId : attributeIds) {
virAttrDAO.delete(virAttrId, MVirAttr.class);
}
attributeIds.clear();
} else {
user.removeMembership(membership);
membershipDAO.delete(membershipId);
}
}
}
// memberships to be added
for (MembershipMod membershipMod : userMod.getMembershipsToAdd()) {
LOG.debug("Membership to be added: role({})", membershipMod.getRole());
SyncopeRole role = roleDAO.find(membershipMod.getRole());
if (role == null) {
LOG.debug("Ignoring invalid role {}", membershipMod.getRole());
} else {
Membership membership = user.getMembership(role.getId());
if (membership == null) {
membership = new Membership();
membership.setSyncopeRole(role);
membership.setSyncopeUser(user);
user.addMembership(membership);
toBeProvisioned.addAll(role.getResourceNames());
}