Skip to content

Commit

Permalink
Fix expression profiles naming
Browse files Browse the repository at this point in the history 
"Bulk actions" is now official term, so we'll use it instead of
"midPoint scripting language". This commit deals with the renaming
in the area of expression profiles.
  • Loading branch information
@mederly
mederly committed Aug 18, 2023
1 parent adc0ed8 commit 0cfaf88
Show file tree
Hide file tree
Showing 11 changed files with 110 additions and 113 deletions.
2 changes: 1 addition & 1 deletion infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -706,7 +706,7 @@ public abstract class SchemaConstants {
public static final String NONE_EXPRESSION_PROFILE_ID = "##none";

/** ID of "legacy unprivileged mode" expression profile for scripting (bulk actions). */
public static final String LEGACY_UNPRIVILEGED_SCRIPTING_PROFILE_ID = "##legacyUnprivilegedScripting";
public static final String LEGACY_UNPRIVILEGED_BULK_ACTIONS_PROFILE_ID = "##legacyUnprivilegedBulkActions";

/**
* The ID for built-in Groovy permission and script expression profiles.
Expand Down
15 changes: 7 additions & 8 deletions ...ma/expression/ScriptingActionProfile.java → .../schema/expression/BulkActionProfile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,8 @@

import java.io.Serializable;

import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptingActionProfileType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BulkActionProfileType;

import org.jetbrains.annotations.NotNull;

Expand All @@ -19,19 +18,19 @@
import static com.evolveum.midpoint.util.MiscUtil.*;

/**
* Specifies limitations on the use of a particular scripting action (e.g. assign, unassign, etc).
* Specifies limitations on the use of a particular bulk action (e.g. assign, unassign, etc).
*/
public record ScriptingActionProfile(@NotNull String action, @NotNull AccessDecision decision)
public record BulkActionProfile(@NotNull String action, @NotNull AccessDecision decision)
implements Serializable {

public static ScriptingActionProfile of(@NotNull ScriptingActionProfileType bean) throws ConfigurationException {
public static BulkActionProfile of(@NotNull BulkActionProfileType bean) throws ConfigurationException {
// TODO error locations
return new ScriptingActionProfile(
return new BulkActionProfile(
configNonNull(
bean.getName(), () -> "No action name in scripting profile at " + bean.asPrismContainerValue().getPath()),
bean.getName(), () -> "No action name in bulk action profile at " + bean.asPrismContainerValue().getPath()),
AccessDecision.translate(
configNonNull(
bean.getDecision(),
() -> "No action decision in scripting profile at " + bean.asPrismContainerValue().getPath())));
() -> "No action decision in bulk action profile at " + bean.asPrismContainerValue().getPath())));
}
}
32 changes: 16 additions & 16 deletions ...t/schema/expression/ScriptingProfile.java → ...schema/expression/BulkActionsProfile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,56 +16,56 @@
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptingActionProfileType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptingProfileType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BulkActionProfileType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BulkActionsProfileType;
import org.jetbrains.annotations.Nullable;

/**
* Specifies limitations on the use of a scripting actions. It is a compiled form of a {@link ScriptingProfileType}.
* Specifies limitations on the use of a scripting actions. It is a compiled form of a {@link BulkActionsProfileType}.
*
* Could be named also `ScriptingActionsProfile` but maybe it will contain more than actions in the future.
*/
public class ScriptingProfile extends AbstractSecurityProfile {
public class BulkActionsProfile extends AbstractSecurityProfile {

/** Scripting actions profiles, keyed by action name (both legacy and modern ones can be used). Unmodifiable. */
@NotNull private final Map<String, ScriptingActionProfile> actionProfiles;
@NotNull private final Map<String, BulkActionProfile> actionProfiles;

/** "Allow all" profile. */
private static final ScriptingProfile FULL = new ScriptingProfile(
private static final BulkActionsProfile FULL = new BulkActionsProfile(
SchemaConstants.FULL_EXPRESSION_PROFILE_ID,
AccessDecision.ALLOW,
Map.of());

/** "Allow nothing" profile. */
private static final ScriptingProfile NONE = new ScriptingProfile(
private static final BulkActionsProfile NONE = new BulkActionsProfile(
SchemaConstants.NONE_EXPRESSION_PROFILE_ID,
AccessDecision.DENY,
Map.of());

private ScriptingProfile(
private BulkActionsProfile(
@NotNull String identifier,
@NotNull AccessDecision defaultDecision,
@NotNull Map<String, ScriptingActionProfile> actionProfiles) {
@NotNull Map<String, BulkActionProfile> actionProfiles) {
super(identifier, defaultDecision);
this.actionProfiles = actionProfiles;
}

public static @NotNull ScriptingProfile full() {
public static @NotNull BulkActionsProfile full() {
return FULL;
}

public static @NotNull ScriptingProfile none() {
public static @NotNull BulkActionsProfile none() {
return NONE;
}

public static ScriptingProfile of(@NotNull ScriptingProfileType bean) throws ConfigurationException {
public static BulkActionsProfile of(@NotNull BulkActionsProfileType bean) throws ConfigurationException {
String identifier = MiscUtil.configNonNull(bean.getIdentifier(), "No identifier in scripting profile %s", bean);
Map<String, ScriptingActionProfile> actionProfileMap = new HashMap<>();
for (ScriptingActionProfileType actionBean : bean.getAction()) {
var actionProfile = ScriptingActionProfile.of(actionBean);
Map<String, BulkActionProfile> actionProfileMap = new HashMap<>();
for (BulkActionProfileType actionBean : bean.getAction()) {
var actionProfile = BulkActionProfile.of(actionBean);
actionProfileMap.put(actionProfile.action(), actionProfile);
}
return new ScriptingProfile(
return new BulkActionsProfile(
identifier,
AccessDecision.translate(
MiscUtil.configNonNull(
Expand Down
30 changes: 14 additions & 16 deletions infra/schema/src/main/java/com/evolveum/midpoint/schema/expression/ExpressionProfile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@
import org.jetbrains.annotations.NotNull;

/**
* Profile for evaluation of "regular" expressions, scripting expressions, and function libraries.
*
* NOTE: This is pretty much throw-away implementation. Just the interface is important now.
* Profile for evaluation of "regular" expressions, bulk actions, and function libraries.
*
* @author Radovan Semancik
*/
Expand All @@ -27,18 +25,18 @@ public class ExpressionProfile implements Serializable { // TODO: DebugDumpable
private static final ExpressionProfile FULL = new ExpressionProfile(
SchemaConstants.FULL_EXPRESSION_PROFILE_ID,
ExpressionEvaluatorsProfile.full(),
ScriptingProfile.full(), // TODO what about scripts etc that currently require #all authorization?
BulkActionsProfile.full(),
FunctionLibrariesProfile.full());

/**
* Profile that mimics the legacy non-root behavior for bulk actions:
* no expressions - this limits all of "execute-script", "notification" (with unsafe custom event handler), and
* the new "evaluate-expression" actions.
*/
private static final ExpressionProfile SCRIPTING_LEGACY_UNPRIVILEGED = new ExpressionProfile(
SchemaConstants.LEGACY_UNPRIVILEGED_SCRIPTING_PROFILE_ID,
private static final ExpressionProfile LEGACY_UNPRIVILEGED_BULK_ACTIONS = new ExpressionProfile(
SchemaConstants.LEGACY_UNPRIVILEGED_BULK_ACTIONS_PROFILE_ID,
ExpressionEvaluatorsProfile.none(),
ScriptingProfile.full(), // actions without scripts/expressions are safe
BulkActionsProfile.full(), // actions without scripts/expressions are safe
FunctionLibrariesProfile.none());

/**
Expand All @@ -47,7 +45,7 @@ public class ExpressionProfile implements Serializable { // TODO: DebugDumpable
private static final ExpressionProfile NONE = new ExpressionProfile(
SchemaConstants.NONE_EXPRESSION_PROFILE_ID,
ExpressionEvaluatorsProfile.none(),
ScriptingProfile.none(),
BulkActionsProfile.none(),
FunctionLibrariesProfile.none());

/**
Expand All @@ -60,19 +58,19 @@ public class ExpressionProfile implements Serializable { // TODO: DebugDumpable
@NotNull private final ExpressionEvaluatorsProfile evaluatorsProfile;

/** Profile for midPoint scripting language (bulk actions). */
@NotNull private final ScriptingProfile scriptingProfile;
@NotNull private final BulkActionsProfile bulkActionsProfile;

/** Profile for using function libraries. */
@NotNull private final FunctionLibrariesProfile librariesProfile;

public ExpressionProfile(
@NotNull String identifier,
@NotNull ExpressionEvaluatorsProfile evaluatorsProfile,
@NotNull ScriptingProfile scriptingProfile,
@NotNull BulkActionsProfile bulkActionsProfile,
@NotNull FunctionLibrariesProfile librariesProfile) {
this.identifier = identifier;
this.evaluatorsProfile = evaluatorsProfile;
this.scriptingProfile = scriptingProfile;
this.bulkActionsProfile = bulkActionsProfile;
this.librariesProfile = librariesProfile;
}

Expand All @@ -84,16 +82,16 @@ public ExpressionProfile(
return NONE;
}

public static @NotNull ExpressionProfile scriptingLegacyUnprivileged() {
return SCRIPTING_LEGACY_UNPRIVILEGED;
public static @NotNull ExpressionProfile legacyUnprivilegedBulkActions() {
return LEGACY_UNPRIVILEGED_BULK_ACTIONS;
}

public @NotNull String getIdentifier() {
return identifier;
}

public @NotNull ScriptingProfile getScriptingProfile() {
return scriptingProfile;
public @NotNull BulkActionsProfile getScriptingProfile() {
return bulkActionsProfile;
}

public @NotNull FunctionLibrariesProfile getLibrariesProfile() {
Expand All @@ -103,7 +101,7 @@ public ExpressionProfile(
@Override
public String toString() {
return "ExpressionProfile(ID: %s; scripting: %s; libraries: %s)".formatted(
identifier, scriptingProfile.getIdentifier(), librariesProfile.getIdentifier());
identifier, bulkActionsProfile.getIdentifier(), librariesProfile.getIdentifier());
}

public @NotNull ExpressionEvaluatorsProfile getEvaluatorsProfile() {
Expand Down
48 changes: 24 additions & 24 deletions infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11720,13 +11720,13 @@
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="scriptingProfile" type="tns:ScriptingProfileType" minOccurs="0" maxOccurs="unbounded">
<xsd:element name="bulkActionsProfile" type="tns:BulkActionsProfileType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Profiles concerning the use of scripting expressions (bulk actions).
Profiles concerning the use of bulk actions.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>SystemConfigurationExpressionsType.scriptingProfile</a:displayName>
<a:displayName>SystemConfigurationExpressionsType.bulkActionsProfile</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand All @@ -11737,7 +11737,7 @@
Profiles concerning the use of function libraries.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>SystemConfigurationExpressionsType.scriptingProfile</a:displayName>
<a:displayName>SystemConfigurationExpressionsType.functionLibrariesProfile</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand Down Expand Up @@ -11811,20 +11811,20 @@
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="scriptingProfile" type="xsd:string" minOccurs="0">
<xsd:element name="bulkActionsProfile" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
ID of the scripting (bulk actions) profile to be used with this expression profile.
ID of the bulk actions profile to be used with this expression profile.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ExpressionProfileType.scriptingProfile</a:displayName>
<a:displayName>ExpressionProfileType.bulkActionsProfile</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="functionLibraryProfile" type="xsd:string" minOccurs="0">
<xsd:element name="functionLibrariesProfile" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
ID of the function library profile to be used with this expression profile.
ID of the function libraries profile to be used with this expression profile.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ExpressionProfileType.functionLibraryProfile</a:displayName>
Expand Down Expand Up @@ -12007,7 +12007,7 @@
that are not explicitly enumerated.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ScriptingProfileType.decision</a:displayName>
<a:displayName>AbstractSecurityProfileType.decision</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand Down Expand Up @@ -12229,20 +12229,20 @@
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="scripting" type="xsd:string">
<xsd:element name="bulkActions" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Expression profile for midPoint scripting language (bulk actions) running under an unprivileged principal.
Expression profile for midPoint bulk actions running under an unprivileged principal.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>DefaultExpressionProfilesConfigurationType.scripting</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="privilegedScripting" type="xsd:string">
<xsd:element name="privilegedBulkActions" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Expression profile for midPoint scripting language (bulk actions) running under a privileged principal.
Expression profile for midPoint bulk actions running under a privileged principal.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>DefaultExpressionProfilesConfigurationType.scripting</a:displayName>
Expand All @@ -12263,10 +12263,10 @@
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="ScriptingProfileType">
<xsd:complexType name="BulkActionsProfileType">
<xsd:annotation>
<xsd:documentation>
TODO
A profile concerning the use of bulk actions.
</xsd:documentation>
<xsd:appinfo>
<a:container/>
Expand All @@ -12276,13 +12276,13 @@
<xsd:complexContent>
<xsd:extension base="tns:AbstractSecurityProfileType">
<xsd:sequence>
<xsd:element name="action" type="tns:ScriptingActionProfileType" minOccurs="0" maxOccurs="unbounded">
<xsd:element name="action" type="tns:BulkActionProfileType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Profiles regarding specific scripting action (assign, unassign, execute-script, ...).
Profiles regarding specific action (assign, unassign, execute-script, ...).
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ScriptingProfileType.action</a:displayName>
<a:displayName>BulkActionsProfileType.action</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand All @@ -12293,10 +12293,10 @@
</xsd:complexContent>
</xsd:complexType>

<xsd:complexType name="ScriptingActionProfileType">
<xsd:complexType name="BulkActionProfileType">
<xsd:annotation>
<xsd:documentation>
Specifies restrictions and permissions for a specific scripting action.
Specifies restrictions and permissions for a specific bulk action.
</xsd:documentation>
<xsd:appinfo>
<a:container/>
Expand All @@ -12311,7 +12311,7 @@
Name of the action (assign, unassign, ...)
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ScriptingActionProfileType.name</a:displayName>
<a:displayName>BulkActionProfileType.name</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand All @@ -12321,7 +12321,7 @@
Free-form description (comment).
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ScriptingActionProfileType.description</a:displayName>
<a:displayName>BulkActionProfileType.description</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand All @@ -12332,7 +12332,7 @@
Decision for the action.
</xsd:documentation>
<xsd:appinfo>
<a:displayName>ScriptingActionProfileType.decision</a:displayName>
<a:displayName>BulkActionProfileType.decision</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Expand Down
Loading

0 comments on commit 0cfaf88

Please sign in to comment.