Merge branch 'master' of github.com:Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java

@@ -584,7 +584,11 @@ public <O extends ObjectType, T extends ObjectType> boolean isAuthorized(String
     		.delta(delta)
     		.target(target)
     		.build();
-    	return getSecurityEnforcer().isAuthorized(operationUrl, phase, params, ownerResolver, task, task.getResult());
+    	boolean isAuthorized = getSecurityEnforcer().isAuthorized(operationUrl, phase, params, ownerResolver, task, task.getResult());
+    	if (!isAuthorized && (ModelAuthorizationAction.GET.getUrl().equals(operationUrl) || ModelAuthorizationAction.SEARCH.getUrl().equals(operationUrl))){
+            isAuthorized = getSecurityEnforcer().isAuthorized(ModelAuthorizationAction.READ.getUrl(), phase, params, ownerResolver, task, task.getResult());
+        }
+        return isAuthorized;
     }
 
     public <O extends ObjectType, T extends ObjectType> void authorize(String operationUrl, AuthorizationPhaseType phase,

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/PageCertDefinitions.java

@@ -19,11 +19,11 @@
 import com.evolveum.midpoint.gui.api.GuiStyleConstants;
 import com.evolveum.midpoint.gui.api.component.MainObjectListPanel;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
-import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
 import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.util.LocalizableMessageBuilder;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
@@ -40,9 +40,9 @@
 import com.evolveum.midpoint.web.page.admin.workflow.PageAdminWorkItems;
 import com.evolveum.midpoint.web.session.UserProfileStorage.TableId;
 import com.evolveum.midpoint.web.util.OnePageParameterEncoder;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationDefinitionType;
 import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
@@ -57,6 +57,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import static com.evolveum.midpoint.prism.polystring.PolyString.getOrig;
+
 /**
  * @author katkav
  * @author lazyman
@@ -214,7 +216,13 @@ private void createCampaignPerformed(AjaxRequestTarget target, AccessCertificati
 		try {
 			Task task = createSimpleTask(OPERATION_CREATE_CAMPAIGN);
 			if (!Boolean.TRUE.equals(definition.isAdHoc())) {
-				getCertificationService().createCampaign(definition.getOid(), task, result);
+				AccessCertificationCampaignType campaign = getCertificationService()
+						.createCampaign(definition.getOid(), task, result);
+				result.setUserFriendlyMessage(
+						new LocalizableMessageBuilder()
+								.key("PageCertDefinitions.campaignWasCreated")
+								.arg(getOrig(campaign.getName()))
+								.build());
 			} else {
 				result.recordWarning("Definition '" + definition.getName() + "' is for ad-hoc campaigns that cannot be started manually.");
 			}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java

@@ -217,15 +217,11 @@ private List<InlineMenuItem> createTreeChildrenMenu(OrgType org) {
 		List<InlineMenuItem> items = new ArrayList<>();
 		try {
 			boolean allowModify = org == null ||
-					// TODO: the modify authorization here is probably wrong.
-					// It is a model autz. UI autz should be here instead?
 					parentPage.isAuthorized(ModelAuthorizationAction.MODIFY.getUrl(),
 							AuthorizationPhaseType.REQUEST, org.asPrismObject(),
 							null, null, null);
 			boolean allowRead = org == null ||
-					// TODO: the authorization URI here is probably wrong.
-					// It is a model autz. UI autz should be here instead?
-					parentPage.isAuthorized(ModelAuthorizationAction.READ.getUrl(),
+					parentPage.isAuthorized(ModelAuthorizationAction.GET.getUrl(),
 							AuthorizationPhaseType.REQUEST, org.asPrismObject(),
 							null, null, null);
 			InlineMenuItem item;

gui/admin-gui/src/main/resources/localization/Midpoint.properties

@@ -4199,4 +4199,5 @@ PendingOperationPanel.executionStatus=Execution status:
 PendingOperationPanel.attempt=Attempt:
 PendingOperationPanel.lastAttemptTimestamp=Last attempt:
 PendingOperationPanel.completionTimestamp=Completed:
-pageForgetPassword.message.user.not.found=Reset password failed. Please contact system administrator.
+pageForgetPassword.message.user.not.found=Reset password failed. Please contact system administrator.
+PageCertDefinitions.campaignWasCreated=Certification campaign "{0}" was created.