Derive expression profile from any archetype

We are no longer limited to structural archetypes here.
Also, there are cosmetic changes in
ModelInteractionServiceImpl#submitTaskFromTemplate method.

Fixed failing TestExpressionProfiles.

infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ExpressionConfigItem.java

@@ -40,23 +40,6 @@ public static ExpressionConfigItem of(
         return new ExpressionConfigItem(bean, originProvider.origin(bean));
     }
 
-    // TODO remove
-//    public @Nullable ObjectReferenceType getRunAsRef() throws ConfigurationException {
-//        var value = value();
-//        var privileges = value.getPrivileges();
-//        var legacyRunAsRef = value.getRunAsRef();
-//        if (privileges != null) {
-//            if (legacyRunAsRef != null) {
-//                throw new ConfigurationException(
-//                        "Both privileges and legacy runAsRef are present in " + fullDescription());
-//            } else {
-//                return privileges.getRunAsRef();
-//            }
-//        } else {
-//            return legacyRunAsRef;
-//        }
-//    }
-
     public @Nullable ExecutionPrivilegesSpecificationType getPrivileges() throws ConfigurationException {
         return getPrivileges(
                 value().getRunAsRef(),

model/model-common/src/main/java/com/evolveum/midpoint/model/common/archetypes/ArchetypeManager.java

@@ -189,9 +189,10 @@ public ArchetypeType determineStructuralArchetype(@Nullable AssignmentHolderType
      */
     public ArchetypePolicyType determineArchetypePolicy(@Nullable ObjectType object, OperationResult result)
             throws SchemaException, ConfigurationException {
-        Set<String> archetypeOids = archetypeDeterminer.determineArchetypeOids(object);
-        List<ArchetypeType> archetypes = resolveArchetypeOids(archetypeOids, object, result);
-        return determineArchetypePolicy(archetypes, object, result);
+        return determineArchetypePolicy(
+                determineArchetypes(object, result),
+                object,
+                result);
     }
 
     /**

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionProfileManager.java

@@ -18,17 +18,17 @@
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.exception.*;
 
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.DefaultExpressionProfilesConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 import com.google.common.base.Preconditions;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import java.util.HashSet;
 import java.util.Objects;
+import java.util.Set;
 
 import static com.evolveum.midpoint.util.MiscUtil.stateCheck;
 
@@ -87,21 +87,28 @@ public class ExpressionProfileManager {
 
         O objectable = object.asObjectable();
 
-        var structuralArchetype = // hopefully obtained from the cache
-                objectable instanceof AssignmentHolderType assignmentHolder ?
-                        archetypeManager.determineStructuralArchetype(assignmentHolder, result) : null;
+        // hopefully obtained from the cache
+        var archetypes = archetypeManager.determineArchetypes(objectable, result);
 
-        // The policy is (generally) cached, so this should be fast
-        var structuralArchetypePolicy = archetypeManager.getPolicyForArchetype(structuralArchetype, result);
-        if (structuralArchetypePolicy != null) {
-            var profileId = structuralArchetypePolicy.getExpressionProfile();
+        Set<String> idsFromArchetypes = new HashSet<>();
+        for (ArchetypeType archetype : archetypes) {
+            var policy = archetypeManager.getPolicyForArchetype(archetype, result);
+            var profileId = policy != null ? policy.getExpressionProfile() : null;
             if (profileId != null) {
-                return profileId;
+                idsFromArchetypes.add(profileId);
             }
         }
 
-        var objectPolicy = archetypeManager.determineObjectPolicyConfiguration(objectable, result);
-        return objectPolicy != null ? objectPolicy.getExpressionProfile() : null;
+        if (idsFromArchetypes.size() > 1) {
+            throw new ConfigurationException(
+                    "Multiple expression profile IDs for %s: %s".formatted(
+                            object, idsFromArchetypes));
+        } else if (idsFromArchetypes.size() == 1) {
+            return idsFromArchetypes.iterator().next();
+        } else {
+            var objectPolicy = archetypeManager.determineObjectPolicyConfiguration(objectable, result);
+            return objectPolicy != null ? objectPolicy.getExpressionProfile() : null;
+        }
     }
 
     /**

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java

@@ -1890,15 +1890,10 @@ public TaskType submitTaskFromTemplate(String templateTaskOid, Map<QName, Object
                             .getObject(TaskType.class, templateOid, createCollection(createExecutionPhase()), task, result)
                             .asObjectable();
 
-            if (newTask.getOwnerRef() != null) {
-                LOGGER.warn("Ignoring owner {} of the task template {}; the current user will be used as the task owner",
-                        newTask.getOwnerRef(), newTask);
-            }
-            newTask.setOwnerRef(null);
-
             newTask.setName(PolyStringType.fromOrig(newTask.getName().getOrig() + " " + (int) (Math.random() * 10000)));
             newTask.setOid(null);
             newTask.setTaskIdentifier(null);
+            newTask.setOwnerRef(null);
 
             return submit(
                     customization.applyTo(newTask),
@@ -1908,6 +1903,8 @@ public TaskType submitTaskFromTemplate(String templateTaskOid, Map<QName, Object
         } catch (Throwable t) {
             result.recordFatalError("Couldn't submit task from template: " + t.getMessage(), t);
             throw t;
+        } finally {
+            result.close();
         }
     }
 

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestExpressionProfiles.java

@@ -325,17 +325,18 @@ public void test200RestrictedRoleGood() throws Exception {
         OperationResult result = task.getResult();
 
         when("user with correct restricted role is added");
+        String name = getTestNameShort();
         UserType user = new UserType()
-                .name("test100")
+                .name(name)
                 .assignment(ROLE_RESTRICTED_GOOD.assignmentTo());
         var userOid = addObject(user.asPrismObject(), task, result);
 
         then("user is created");
         assertSuccess(result);
         assertUserAfter(userOid)
-                .assertDescription("My name is 'test100'")
+                .assertDescription("My name is '" + name + "'")
                 .assertLiveLinks(1);
-        assertDummyAccountByUsername(RESOURCE_SIMPLE_TARGET.name, "test100")
+        assertDummyAccountByUsername(RESOURCE_SIMPLE_TARGET.name, name)
                 .display();
     }
 

model/model-intest/src/test/resources/profiles/system-configuration.xml

@@ -270,8 +270,5 @@
                 <decision>allow</decision>
             </library>
         </functionLibrariesProfile>
-        <defaults>
-            <scripting>restricted</scripting>
-        </defaults>
     </expressions>
 </systemConfiguration>