Merge remote-tracking branch 'origin/master'

docs/concepts/query/midpoint-query-language/introduction.adoc

@@ -384,8 +384,12 @@ These filters operate on object as a whole, so item path must be `.` (the dot).
 |===
 
 
-`. inOrg "00000000-1eam-0000-0000-111111111111"`::
-All object which are members of specified organization
+`. inOrg "f9444d2d-b625-4d5c-befd-36c9b5861ac4"`::
+All object which are members of specified organization and all its subunits (whole SUBTREE)
+
+`. inOrg[ONE_LEVEL] "f9444d2d-b625-4d5c-befd-36c9b5861ac4"`::
+If you need to match only users in specified organization, use ONE_LEVEL matching rule.
+
 `. isRoot`::
 All roles and organization units which are organization tree roots.
 
@@ -398,6 +402,24 @@ All roles and organization units which are organization tree roots.
 | type | object type | Matches if object is of specified type. Usually used in combination with `and` filter for dereferenced objects, or it is needed to match on property defined in more specific type.
 |===
 
+=== Filtering all objects of specified type
+
+Sometimes, in configuration files, you need to select all objects of specific object type.
+Object collection selecting all users in midPoint is an example of such case.
+
+To select all objects just omit `<filter>` element in the query or whole query.
+
+The object collection below lists all roles (all objects of RoleType) in midPoint.
+
+[source,XML]
+----
+<objectCollection oid="72b1f98e-f587-4b9f-b92b-72e251dbb255">
+    <name>All roles</name>
+    <type>RoleType</type>
+</objectCollection>
+----
+
+
 [#_query_examples]
 == Query Examples
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/MainObjectListPanel.java

@@ -8,10 +8,13 @@
 
 import java.io.Serial;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
+
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.wicket.Component;
@@ -154,7 +157,8 @@ public boolean isClickable(IModel<SelectableBean<O>> rowModel) {
     }
 
     protected boolean isObjectDetailsEnabled(IModel<SelectableBean<O>> rowModel) {
-        return true;
+        O object = rowModel.getObject().getValue();
+        return WebComponentUtil.isAuthorized(object.getClass());
     }
 
     protected List<ObjectReferenceType> getNewObjectReferencesList(CompiledObjectCollectionView collectionView, AssignmentObjectRelation relation) {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java

@@ -690,6 +690,10 @@ public static boolean isAuthorized(Collection<String> actions) {
 
     public static boolean isAuthorized(Class<? extends ObjectType> clazz) {
         Class<? extends PageBase> detailsPage = DetailsPageUtil.getObjectDetailsPage(clazz);
+        return isAuthorizedForPage(detailsPage);
+    }
+
+    public static boolean isAuthorizedForPage(Class<? extends PageBase> detailsPage) {
         if (detailsPage == null) {
             return false;
         }

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/DeadShadowSearchItemWrapper.java

@@ -20,7 +20,7 @@ public DeadShadowSearchItemWrapper(List<DisplayableValue<Boolean>> availableValu
     @Override
     public ObjectFilter createFilter(Class type, PageBase pageBase, VariablesMap variables) {
         DisplayableValue<Boolean> selectedValue = getValue();
-        if (selectedValue == null) {
+        if (selectedValue == null || selectedValue.getValue() == null) {
             return null;
         }
         Boolean value = selectedValue.getValue();

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/simulation/SimulationResultsPanel.java

@@ -89,6 +89,11 @@ protected void objectDetailsPerformed(SimulationResultType object) {
         getPageBase().navigateToNext(PageSimulationResult.class, params);
     }
 
+    @Override
+    protected boolean isObjectDetailsEnabled(IModel<SelectableBean<SimulationResultType>> rowModel) {
+        return WebComponentUtil.isAuthorizedForPage(PageSimulationResult.class);
+    }
+
     @Override
     protected List<Component> createToolbarButtonsList(String buttonId) {
         return new ArrayList<>();

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/requestAccess/RoleCatalogPanel.java

@@ -11,11 +11,6 @@
 import java.util.stream.Collectors;
 import javax.xml.namespace.QName;
 
-import com.evolveum.midpoint.gui.api.util.GuiDisplayTypeUtil;
-import com.evolveum.midpoint.gui.impl.util.TableUtil;
-
-import com.evolveum.midpoint.web.component.util.*;
-
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -49,6 +44,7 @@
 import com.evolveum.midpoint.gui.api.component.wizard.WizardStepPanel;
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.gui.api.page.PageBase;
+import com.evolveum.midpoint.gui.api.util.GuiDisplayTypeUtil;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
 import com.evolveum.midpoint.gui.impl.component.data.provider.ObjectDataProvider;
@@ -62,6 +58,7 @@
 import com.evolveum.midpoint.gui.impl.component.tile.*;
 import com.evolveum.midpoint.gui.impl.page.self.PageRequestAccess;
 import com.evolveum.midpoint.gui.impl.util.IconAndStylesUtil;
+import com.evolveum.midpoint.gui.impl.util.TableUtil;
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.path.ItemPath;
@@ -79,6 +76,10 @@
 import com.evolveum.midpoint.web.component.data.column.AjaxLinkPanel;
 import com.evolveum.midpoint.web.component.data.column.CheckBoxHeaderColumn;
 import com.evolveum.midpoint.web.component.data.column.RoundedIconColumn;
+import com.evolveum.midpoint.web.component.util.EnableBehaviour;
+import com.evolveum.midpoint.web.component.util.SelectableBean;
+import com.evolveum.midpoint.web.component.util.SerializableBiConsumer;
+import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.session.UserProfileStorage;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
@@ -215,18 +216,9 @@ private void updateQueryForRolesOfTeammate(RoleCatalogQuery query, String userOi
 
         query.setType(AbstractRoleType.class);
 
-        if (getPageBase().isNativeRepo()) {
-            ObjectQuery oq = getPrismContext().queryFor(AbstractRoleType.class)
-                    .referencedBy(UserType.class, ItemPath.create(UserType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF))
-                    .id(userOid)
-                    .and().not().type(ArchetypeType.class)
-                    .build();
-
-            query.setQuery(oq);
-            return;
-        }
-
         // searching for user assignments targets in two steps for non-native repository (doesn't support referencedBy)
+        // searching like this also in native repository since there's problem with creating autorization query for such
+        // referencedBy MID-9638
         Task task = page.createSimpleTask(OPERATION_LOAD_USER);
         OperationResult result = task.getResult();
         try {
@@ -328,7 +320,6 @@ protected Search<?> load() {
                     return search;
                 }
 
-
                 SearchBuilder<?> searchBuilder = new SearchBuilder<>(type)
                         .modelServiceLocator(page);
 
@@ -918,7 +909,7 @@ protected IModel<IResource> createPreferredImage(IModel<SelectableBean<ObjectTyp
 
             @Override
             protected DisplayType createDisplayType(IModel<SelectableBean<ObjectType>> model) {
-                OperationResult result =  new OperationResult("getIcon");
+                OperationResult result = new OperationResult("getIcon");
                 return GuiDisplayTypeUtil.getDisplayTypeForObject(model.getObject().getValue(), result, getPageBase());
             }
         });

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/PageCertDefinitions.java

@@ -9,6 +9,7 @@
 
 import com.evolveum.midpoint.gui.api.GuiStyleConstants;
 import com.evolveum.midpoint.gui.api.component.MainObjectListPanel;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.gui.impl.component.icon.CompositedIconBuilder;
 import com.evolveum.midpoint.model.api.AssignmentObjectRelation;
 import com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView;
@@ -110,6 +111,11 @@ public void objectDetailsPerformed(AccessCertificationDefinitionType service) {
                         PageCertDefinitions.this.detailsPerformed(service);
                     }
 
+                    @Override
+                    protected boolean isObjectDetailsEnabled(IModel<SelectableBean<AccessCertificationDefinitionType>> rowModel) {
+                        return WebComponentUtil.isAuthorizedForPage(PageCertDefinition.class);
+                    }
+
                     @Override
                     protected List<InlineMenuItem> createInlineMenu() {
                         return PageCertDefinitions.this.createInlineMenu();
@@ -223,7 +229,7 @@ public boolean isHeaderMenuItem() {
         return menu;
     }
 
-    protected void detailsPerformed(AccessCertificationDefinitionType service) {
+    private void detailsPerformed(AccessCertificationDefinitionType service) {
         PageParameters parameters = new PageParameters();
         parameters.add(OnePageParameterEncoder.PARAMETER, service.getOid());
         navigateToNext(PageCertDefinition.class, parameters);

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/Resolver.java

@@ -262,7 +262,7 @@ private PrismObject<?> getObject(ObjectReferenceType ref, Task task, OperationRe
         try {
             ObjectTypes type = getTypeFromReference(ref);
 
-            return modelService.getObject(type.getClassDefinition(), ref.getOid(), GetOperationOptions.createRawCollection(), task, result);
+            return modelService.getObject(type.getClassDefinition(), ref.getOid(), GetOperationOptions.createNoFetchCollection(), task, result);
         } catch (Exception ex) {
             return null;
         }