focus tabs editor visibility support based on adminGuiConfiguration

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java

@@ -447,25 +447,6 @@ public static String createEnumResourceKey(Enum e) {
 		return e.getDeclaringClass().getSimpleName() + "." + e.name();
 	}
 
-	public Task createSimpleTask(String operation, PrismObject<UserType> owner) {
-		TaskManager manager = getTaskManager();
-		Task task = manager.createTaskInstance(operation);
-
-		if (owner == null) {
-			MidPointPrincipal user = SecurityUtils.getPrincipalUser();
-			if (user == null) {
-				throw new RestartResponseException(PageLogin.class);
-			} else {
-				owner = user.getUser().asPrismObject();
-			}
-		}
-
-		task.setOwner(owner);
-		task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
-
-		return task;
-	}
-
 	public Task createAnonymousTask(String operation) {
 		TaskManager manager = getTaskManager();
 		Task task = manager.createTaskInstance(operation);
@@ -480,7 +461,7 @@ public Task createSimpleTask(String operation) {
 		if (user == null) {
 			throw new RestartResponseException(PageLogin.class);
 		}
-		return createSimpleTask(operation, user.getUser().asPrismObject());
+		return WebModelServiceUtils.createSimpleTask(operation, user.getUser().asPrismObject(), getTaskManager());
 	}
 
 	public MidpointConfiguration getMidpointConfiguration() {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/FocusTabVisibleBehavior.java

@@ -16,22 +16,34 @@
 
 package com.evolveum.midpoint.gui.api.util;
 
+import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.prism.PrismObject;
-import com.evolveum.midpoint.security.api.AuthorizationConstants;
-import com.evolveum.midpoint.security.api.SecurityEnforcer;
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.security.MidPointApplication;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.web.security.SecurityUtils;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+import org.apache.commons.lang.BooleanUtils;
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.wicket.model.IModel;
 
+import javax.xml.namespace.QName;
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * Created by Viliam Repan (lazyman).
  */
 public class FocusTabVisibleBehavior<T extends ObjectType> extends VisibleEnableBehaviour {
 
+    private static final String OPERATION_LOAD_GUI_CONFIGURATION = FocusTabVisibleBehavior.class.getName() + ".loadGuiConfiguration";
+
     private IModel<PrismObject<T>> objectModel;
     private String uiAuthorizationUrl;
 
@@ -40,51 +52,80 @@ public FocusTabVisibleBehavior(IModel<PrismObject<T>> objectModel, String uiAuth
         this.uiAuthorizationUrl = uiAuthorizationUrl;
     }
 
-    private SecurityEnforcer getEnforcer() {
-        return ((MidPointApplication) MidPointApplication.get()).getSecurityEnforcer();
+    private ModelInteractionService getModelInteractionService() {
+        return ((MidPointApplication) MidPointApplication.get()).getModelInteractionService();
+    }
+
+    private TaskManager getTaskManager() {
+        return ((MidPointApplication) MidPointApplication.get()).getTaskManager();
     }
 
     @Override
     public boolean isVisible() {
-        if (1 == 1) {
+        PrismObject obj = objectModel.getObject();
+        if (obj == null) {
             return true;
         }
 
-        //todo implement proper authorization
+        QName type = obj.getDefinition().getTypeName();
 
-        PrismObject obj = objectModel.getObject();
+        Task task = WebModelServiceUtils.createSimpleTask(OPERATION_LOAD_GUI_CONFIGURATION,
+                SecurityUtils.getPrincipalUser().getUser().asPrismObject(), getTaskManager());
+        OperationResult result = task.getResult();
 
+        AdminGuiConfigurationType config;
         try {
-//            ObjectTypes type = ObjectTypes.getObjectType(obj.getCompileTimeClass());
-//            boolean allowAll = false;
-//            switch (type) {
-//                case USER:
-//                    allowAll = securityEnforcer.isAuthorized(authorization, AuthorizationPhaseType.REQUEST, obj, null,
-//                            null, null);
-//                    break;
-//                case ROLE:
-//
-//                    break;
-//                case ORG:
-//
-//                    break;
-//                case SERVICE:
-//
-//                    break;
-//                default:
-//            }
-
-            boolean objectCreateBare = getEnforcer().isAuthorized(AuthorizationConstants.AUTZ_UI_OBJECT_CREATE_BARE_URL,
-                    AuthorizationPhaseType.REQUEST, obj, null, null, null);
-            boolean objectDetailsBare = getEnforcer().isAuthorized(AuthorizationConstants.AUTZ_UI_OBJECT_DETAILS_BARE_URL,
-                    AuthorizationPhaseType.REQUEST, obj, null, null, null);
-
-            boolean tabEnabled = getEnforcer().isAuthorized(uiAuthorizationUrl,
-                    AuthorizationPhaseType.REQUEST, obj, null, null, null);
-
-            return tabEnabled;
-        } catch (SchemaException ex) {
-            throw new SystemException(ex);
+            config = getModelInteractionService().getAdminGuiConfiguration(task, result);
+        } catch (ObjectNotFoundException | SchemaException e) {
+            throw new SystemException("Cannot load GUI configuration: " + e.getMessage(), e);
+        }
+
+        // find all object form definitions for specified type, if there is none we'll show all default tabs
+        List<ObjectFormType> forms = findObjectForm(config, type);
+        if (forms.isEmpty()) {
+            return true;
+        }
+
+        // we'll try to find includeDefault, if there is includeDefault=true, we can return true (all tabs visible)
+        for (ObjectFormType form : forms) {
+            if (BooleanUtils.isTrue(form.isIncludeDefaultForms())) {
+                return true;
+            }
+        }
+
+        for (ObjectFormType form : forms) {
+            FormSpecificationType spec = form.getFormSpecification();
+            if (spec == null || StringUtils.isEmpty(spec.getPanelUri())) {
+                continue;
+            }
+
+            if (ObjectUtils.equals(uiAuthorizationUrl, spec.getPanelUri())) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private List<ObjectFormType> findObjectForm(AdminGuiConfigurationType config, QName type) {
+        List<ObjectFormType> result = new ArrayList<>();
+
+        if (config == null || config.getObjectForms() == null) {
+            return result;
+        }
+
+        ObjectFormsType forms = config.getObjectForms();
+        List<ObjectFormType> list = forms.getObjectForm();
+        if (list.isEmpty()) {
+            return result;
         }
+
+        for (ObjectFormType form : list) {
+            if (type.equals(form.getType())) {
+                result.add(form);
+            }
+        }
+
+        return result;
     }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java

@@ -18,6 +18,9 @@
 
 import java.util.*;
 
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.web.page.login.PageLogin;
 import com.evolveum.midpoint.web.security.MidPointApplication;
 import org.apache.commons.lang.LocaleUtils;
 import org.apache.commons.lang.StringUtils;
@@ -62,6 +65,7 @@
 
 import ch.qos.logback.classic.Logger;
 
+import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.Session;
 import org.apache.wicket.protocol.http.WebSession;
 import org.jetbrains.annotations.Nullable;
@@ -301,7 +305,7 @@ public static <T extends ObjectType> List<PrismObject<T>> searchObjects(Class<T>
         }
         List<PrismObject<T>> objects = new ArrayList<PrismObject<T>>();
         try {
-            Task task = page.createSimpleTask(subResult.getOperation(), principal);
+            Task task = createSimpleTask(subResult.getOperation(), principal, page.getTaskManager());
             List<PrismObject<T>> list = page.getModelService().searchObjects(type, query, options, task, subResult);
             if (list != null) {
                 objects.addAll(list);
@@ -361,7 +365,7 @@ public static <T extends ObjectType> void deleteObject(Class<T> type, String oid
             subResult = new OperationResult(OPERATION_DELETE_OBJECT);
         }
         try {
-            Task task = page.createSimpleTask(result.getOperation(), principal);
+            Task task = createSimpleTask(result.getOperation(), principal, page.getTaskManager());
 
             ObjectDelta delta = new ObjectDelta(type, ChangeType.DELETE, page.getPrismContext());
             delta.setOid(oid);
@@ -521,4 +525,21 @@ public static TimeZone getTimezone(UserType user) {
         return null;
     }
 
+    public static Task createSimpleTask(String operation, PrismObject<UserType> owner, TaskManager manager) {
+        Task task = manager.createTaskInstance(operation);
+
+        if (owner == null) {
+            MidPointPrincipal user = SecurityUtils.getPrincipalUser();
+            if (user == null) {
+                throw new RestartResponseException(PageLogin.class);
+            } else {
+                owner = user.getUser().asPrismObject();
+            }
+        }
+
+        task.setOwner(owner);
+        task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
+
+        return task;
+    }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/FocusMainPanel.java

@@ -38,7 +38,7 @@
 import com.evolveum.midpoint.web.page.self.PageSelfProfile;
 import com.evolveum.midpoint.web.util.OnePageParameterEncoder;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
-import org.apache.commons.lang.BooleanUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
 import org.apache.wicket.extensions.markup.html.tabs.ITab;
 import org.apache.wicket.markup.html.WebMarkupContainer;
@@ -115,25 +115,25 @@ private ObjectQuery createTaskQuery(String oid, PageBase page) {
 	protected List<ITab> createTabs(final PageAdminObjectDetails<F> parentPage) {
 		List<ITab> tabs = new ArrayList<>();
 
+
 		List<ObjectFormType> objectFormTypes = parentPage.getObjectFormTypes();
-		if (objectFormTypes == null || objectFormTypes.isEmpty()) {
-			addDefaultTabs(parentPage, tabs);
-			return tabs;
-		}
-		for (ObjectFormType objectFormType: objectFormTypes) {
-			if (BooleanUtils.isTrue(objectFormType.isIncludeDefaultForms())) {
-				addDefaultTabs(parentPage, tabs);
-				break;
-			}
-		}
-		for (ObjectFormType objectFormType: objectFormTypes) {
+		// default tabs are always added to component structure, visibility is decided later in
+		// visible behavior based on adminGuiConfiguration
+		addDefaultTabs(parentPage, tabs);
+
+		for (ObjectFormType objectFormType : objectFormTypes) {
 			final FormSpecificationType formSpecificationType = objectFormType.getFormSpecification();
 			String title = formSpecificationType.getTitle();
 			if (title == null) {
 				title = "pageAdminFocus.extended";
 			}
+
+			if (StringUtils.isEmpty(formSpecificationType.getPanelClass())) {
+				continue;
+			}
+
 			tabs.add(
-					new PanelTab(parentPage.createStringResource(title)){
+					new PanelTab(parentPage.createStringResource(title)) {
 						private static final long serialVersionUID = 1L;
 
 						@Override
@@ -149,9 +149,7 @@ public WebMarkupContainer createPanel(String panelId) {
 	protected WebMarkupContainer createTabPanel(String panelId, FormSpecificationType formSpecificationType,
 			PageAdminObjectDetails<F> parentPage) {
 		String panelClassName = formSpecificationType.getPanelClass();
-		if (panelClassName == null) {
-			throw new SystemException("No panel class specified in admin GUI configuration");
-		}
+
 		Class<?> panelClass;
 		try {
 			panelClass = Class.forName(panelClassName);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java

@@ -25,9 +25,7 @@
 import com.evolveum.midpoint.security.api.ObjectSecurityConstraints;
 import com.evolveum.midpoint.security.api.OwnerResolver;
 import com.evolveum.midpoint.security.api.SecurityEnforcer;
-import com.evolveum.midpoint.security.api.SecurityUtil;
 import com.evolveum.midpoint.security.api.UserProfileService;
-import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.util.DisplayableValue;
 import com.evolveum.midpoint.util.Producer;
 import com.evolveum.midpoint.util.exception.SchemaException;
@@ -49,10 +47,8 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.Map;
-import java.util.Set;
 
 public class MidPointGuiAuthorizationEvaluator implements SecurityEnforcer {
 
@@ -180,7 +176,10 @@ private void addSecurityConfig(FilterInvocation filterInvocation, Collection<Con
                 return;
             }
 
-            guiConfigAttr.add(new SecurityConfig(actionUri));
+            SecurityConfig config = new SecurityConfig(actionUri);
+			if (!guiConfigAttr.contains(config)) {
+				guiConfigAttr.add(config);
+			}
         }
     }
 
@@ -205,8 +204,4 @@ public <T> T runAs(Producer<T> producer, PrismObject<UserType> user) {
 	public <T> T runPrivileged(Producer<T> producer) {
 		return securityEnforcer.runPrivileged(producer);
 	}
-
-
-
-
 }

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -11930,6 +11930,13 @@
        					</xsd:documentation>
        				</xsd:annotation>
        			</xsd:element>
+                <xsd:element name="panelUri" type="xsd:anyURI" minOccurs="0" maxOccurs="1">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            URI identificator of java component that will be used as the form implementation.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:element>
            	</xsd:sequence>	
     </xsd:complexType>
 

repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java

@@ -54,8 +54,10 @@ public class AuthorizationConstants {
     public static final String AUTZ_GUI_ALL_URL = QNameUtil.qNameToUri(AUTZ_GUI_ALL_QNAME);
     public static final String AUTZ_GUI_ALL_LABEL = "Authorization.constants.guiAll.label";
     public static final String AUTZ_GUI_ALL_DESCRIPTION = "Authorization.constants.guiAll.description";
-
+
+	@Deprecated
     public static final QName AUTZ_GUI_ALL_DEPRECATED_QNAME = new QName(NS_AUTHORIZATION, "guiAll");
+	@Deprecated
     public static final String AUTZ_GUI_ALL_DEPRECATED_URL = QNameUtil.qNameToUri(AUTZ_GUI_ALL_DEPRECATED_QNAME);
 
 
@@ -329,9 +331,4 @@ public class AuthorizationConstants {
 	public static final QName AUTZ_UI_ROLE_MEMBERS = new QName(NS_AUTHORIZATION_UI, "focusTabMembers");
 	public static final String AUTZ_UI_ROLE_MEMBERS_URL = QNameUtil.qNameToUri(AUTZ_UI_ROLE_MEMBERS);
 
-	public static final QName AUTZ_UI_OBJECT_DETAILS_BARE = new QName(NS_AUTHORIZATION_UI, "objectDetailsBare");
-	public static final String AUTZ_UI_OBJECT_DETAILS_BARE_URL = NS_AUTHORIZATION_UI + "#objectDetailsBare";
-	public static final QName AUTZ_UI_OBJECT_CREATE_BARE = new QName(NS_AUTHORIZATION_UI, "objectCreateBare");
-	public static final String AUTZ_UI_OBJECT_CREATE_BARE_URL = NS_AUTHORIZATION_UI + "#objectCreateBare";
-
 }