From 29be700a8f2bc0e6e3e0e569373f69f9d102fdf6 Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Thu, 17 Nov 2016 17:45:42 +0100
Subject: [PATCH] Fixing object policy rule evaluation

---
 .../model/impl/lens/LensElementContext.java   | 34 ++++++++++++++++++-
 .../impl/lens/projector/FocusProcessor.java   |  3 +-
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensElementContext.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensElementContext.java
index fc711ef5f4f..c511033a16d 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensElementContext.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensElementContext.java
@@ -33,6 +33,7 @@
 import org.apache.commons.lang.Validate;
 
 import com.evolveum.midpoint.common.crypto.CryptoUtil;
+import com.evolveum.midpoint.model.api.PolicyViolationException;
 import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
 import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
 import com.evolveum.midpoint.model.api.context.ModelElementContext;
@@ -45,6 +46,8 @@
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.schema.util.ShadowUtil;
 import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
 
 /**
  * @author semancik
@@ -53,6 +56,8 @@
 public abstract class LensElementContext<O extends ObjectType> implements ModelElementContext<O> {
 
     private static final long serialVersionUID = 1649567559396392861L;
+    
+    private static final Trace LOGGER = TraceManager.getTrace(LensElementContext.class);
 
     private PrismObject<O> objectOld;
     private transient PrismObject<O> objectCurrent;
@@ -63,7 +68,6 @@ public abstract class LensElementContext<O extends ObjectType> implements ModelE
 	private String oid = null;
 	private int iteration;
     private String iterationToken;
-    private Collection<EvaluatedPolicyRule> policyRules = new ArrayList<>();
     
     /**
      * Initial intent regarding the account. It indicated what the initiator of the operation WANTS TO DO with the
@@ -79,6 +83,9 @@ public abstract class LensElementContext<O extends ObjectType> implements ModelE
 	
 	private transient PrismObjectDefinition<O> objectDefinition = null;
 	
+	transient private Collection<EvaluatedPolicyRule> policyRules = new ArrayList<>();
+    transient private Collection<String> policySituations = new ArrayList<>();
+	
 	public LensElementContext(Class<O> objectTypeClass, LensContext<? extends ObjectType> lensContext) {
 		super();
 		Validate.notNull(objectTypeClass, "Object class is null");
@@ -391,6 +398,31 @@ public Collection<EvaluatedPolicyRule> getPolicyRules() {
 	public void addPolicyRule(EvaluatedPolicyRule policyRule) {
 		this.policyRules.add(policyRule);
 	}
+	
+	public void triggerConstraint(EvaluatedPolicyRule rule, EvaluatedPolicyRuleTrigger trigger) throws PolicyViolationException {
+
+		LOGGER.debug("Policy rule {} triggered: ", rule==null?null:rule.getName(), trigger);
+		
+		if (rule == null) {
+			// legacy functionality
+			if (trigger.getConstraint().getEnforcement() == null || trigger.getConstraint().getEnforcement() == PolicyConstraintEnforcementType.ENFORCE) {
+				throw new PolicyViolationException(trigger.getMessage());
+			}
+			
+		} else {
+
+			((EvaluatedPolicyRuleImpl)rule).addTrigger(trigger);
+			String policySituation = rule.getPolicySituation();
+			if (policySituation != null) {
+				policySituations.add(policySituation);
+			}
+		}
+		
+	}
+
+	public Collection<String> getPolicySituations() {
+		return policySituations;
+	}
 
 	public void recompute() throws SchemaException {
 		PrismObject<O> base = objectCurrent;
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java
index 74d46677a69..82f9237c7af 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java
@@ -369,10 +369,11 @@ private <F extends FocusType> void evaluateFocusPolicyRules(LensContext<F> conte
 					continue;
 				}
 				for (ModificationPolicyConstraintType modificationConstraintType: policyConstraints.getModification()) {
+					focusContext.addPolicyRule(policyRule);
 					if (modificationConstraintMatches(focusContext, modificationConstraintType)) {
 						EvaluatedPolicyRuleTrigger trigger = new EvaluatedPolicyRuleTrigger(PolicyConstraintKindType.MODIFICATION,
 								modificationConstraintType, "Focus "+focusContext.getHumanReadableName()+" was modified");
-						evaluatedAssignment.triggerConstraint(policyRule, trigger);
+						focusContext.triggerConstraint(policyRule, trigger);
 					}
 				}
 			}