Skip to content

Commit

Permalink
Fixing object policy rule evaluation
Browse files Browse the repository at this point in the history
  • Loading branch information
@semancik
semancik committed Nov 17, 2016
1 parent 281b518 commit 29be700
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 2 deletions.
34 changes: 33 additions & 1 deletion model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensElementContext.java
View file
Expand Up @@ -33,6 +33,7 @@
import org.apache.commons.lang.Validate;

import com.evolveum.midpoint.common.crypto.CryptoUtil;
import com.evolveum.midpoint.model.api.PolicyViolationException;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.api.context.ModelElementContext;
Expand All @@ -45,6 +46,8 @@
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;

/**
* @author semancik
Expand All @@ -53,6 +56,8 @@
public abstract class LensElementContext<O extends ObjectType> implements ModelElementContext<O> {

private static final long serialVersionUID = 1649567559396392861L;

private static final Trace LOGGER = TraceManager.getTrace(LensElementContext.class);

private PrismObject<O> objectOld;
private transient PrismObject<O> objectCurrent;
Expand All @@ -63,7 +68,6 @@ public abstract class LensElementContext<O extends ObjectType> implements ModelE
private String oid = null;
private int iteration;
private String iterationToken;
private Collection<EvaluatedPolicyRule> policyRules = new ArrayList<>();

/**
* Initial intent regarding the account. It indicated what the initiator of the operation WANTS TO DO with the
Expand All @@ -79,6 +83,9 @@ public abstract class LensElementContext<O extends ObjectType> implements ModelE

private transient PrismObjectDefinition<O> objectDefinition = null;

transient private Collection<EvaluatedPolicyRule> policyRules = new ArrayList<>();
transient private Collection<String> policySituations = new ArrayList<>();

public LensElementContext(Class<O> objectTypeClass, LensContext<? extends ObjectType> lensContext) {
super();
Validate.notNull(objectTypeClass, "Object class is null");
Expand Down Expand Up @@ -391,6 +398,31 @@ public Collection<EvaluatedPolicyRule> getPolicyRules() {
public void addPolicyRule(EvaluatedPolicyRule policyRule) {
this.policyRules.add(policyRule);
}

public void triggerConstraint(EvaluatedPolicyRule rule, EvaluatedPolicyRuleTrigger trigger) throws PolicyViolationException {

LOGGER.debug("Policy rule {} triggered: ", rule==null?null:rule.getName(), trigger);

if (rule == null) {
// legacy functionality
if (trigger.getConstraint().getEnforcement() == null || trigger.getConstraint().getEnforcement() == PolicyConstraintEnforcementType.ENFORCE) {
throw new PolicyViolationException(trigger.getMessage());
}

} else {

((EvaluatedPolicyRuleImpl)rule).addTrigger(trigger);
String policySituation = rule.getPolicySituation();
if (policySituation != null) {
policySituations.add(policySituation);
}
}

}

public Collection<String> getPolicySituations() {
return policySituations;
}

public void recompute() throws SchemaException {
PrismObject<O> base = objectCurrent;
Expand Down
3 changes: 2 additions & 1 deletion ...el-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java
View file
Expand Up @@ -369,10 +369,11 @@ private <F extends FocusType> void evaluateFocusPolicyRules(LensContext<F> conte
continue;
}
for (ModificationPolicyConstraintType modificationConstraintType: policyConstraints.getModification()) {
focusContext.addPolicyRule(policyRule);
if (modificationConstraintMatches(focusContext, modificationConstraintType)) {
EvaluatedPolicyRuleTrigger trigger = new EvaluatedPolicyRuleTrigger(PolicyConstraintKindType.MODIFICATION,
modificationConstraintType, "Focus "+focusContext.getHumanReadableName()+" was modified");
evaluatedAssignment.triggerConstraint(policyRule, trigger);
focusContext.triggerConstraint(policyRule, trigger);
}
}
}
Expand Down

0 comments on commit 29be700

Please sign in to comment.