Merge remote-tracking branch 'origin/feature/role-mining'

Evolveum · Aug 28, 2023 · 2a12bbc · 2a12bbc
2 parents fe35aad + 526fed6
commit 2a12bbc
Show file tree

Hide file tree

Showing 212 changed files with 15,860 additions and 253 deletions.
diff --git a/config/sql/native-new/postgres-new-audit.sql b/config/sql/native-new/postgres-new-audit.sql
@@ -57,6 +57,8 @@ DO $$ BEGIN
         'REPORT_DATA',
         'RESOURCE',
         'ROLE',
+        'ROLE_ANALYSIS_CLUSTER',
+        'ROLE_ANALYSIS_SESSION',
         'SECURITY_POLICY',
         'SEQUENCE',
         'SERVICE',
@@ -372,4 +374,4 @@ limit 50;
 -- This is important to avoid applying any change more than once.
 -- Also update SqaleUtils.CURRENT_SCHEMA_AUDIT_CHANGE_NUMBER
 -- repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
-call apply_audit_change(6, $$ SELECT 1 $$, true);
+call apply_audit_change(7, $$ SELECT 1 $$, true);
diff --git a/config/sql/native-new/postgres-new-upgrade-audit.sql b/config/sql/native-new/postgres-new-upgrade-audit.sql
@@ -140,6 +140,13 @@ call apply_audit_change(6, $aa$
      ADD COLUMN shadowIntent TEXT;
 $aa$);
 
+-- Role Mining
+
+call apply_audit_change(7, $aa$
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_CLUSTER' AFTER 'ROLE';
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_SESSION' AFTER 'ROLE_ANALYSIS_CLUSTER';
+$aa$);
+
 -- WRITE CHANGES ABOVE ^^
 -- IMPORTANT: update apply_audit_change number at the end of postgres-new-audit.sql
 -- to match the number used in the last change here!

diff --git a/config/sql/native-new/postgres-new-upgrade.sql b/config/sql/native-new/postgres-new-upgrade.sql
@@ -382,6 +382,52 @@ ALTER TABLE m_user
 $aa$);
 
 
+-- Role Mining --
+
+call apply_change(22, $aa$
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_CLUSTER' AFTER 'ROLE';
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_SESSION' AFTER 'ROLE_ANALYSIS_CLUSTER';
+$aa$);
+
+call apply_change(23, $aa$
+CREATE TABLE m_role_analysis_cluster (
+    oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+    objectType ObjectType GENERATED ALWAYS AS ('ROLE_ANALYSIS_CLUSTER') STORED
+        CHECK (objectType = 'ROLE_ANALYSIS_CLUSTER'),
+        parentRefTargetOid UUID,
+        parentRefTargetType ObjectType,
+        parentRefRelationId INTEGER REFERENCES m_uri(id)
+)
+    INHERITS (m_assignment_holder);
+
+CREATE TRIGGER m_role_analysis_cluster_oid_insert_tr BEFORE INSERT ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+CREATE TRIGGER m_role_analysis_cluster_update_tr BEFORE UPDATE ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION before_update_object();
+CREATE TRIGGER m_role_analysis_cluster_oid_delete_tr AFTER DELETE ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+
+CREATE INDEX m_role_analysis_cluster_parentRefTargetOid_idx ON m_role_analysis_cluster (parentRefTargetOid);
+CREATE INDEX m_role_analysis_cluster_parentRefTargetType_idx ON m_role_analysis_cluster (parentRefTargetType);
+CREATE INDEX m_role_analysis_cluster_parentRefRelationId_idx ON m_role_analysis_cluster (parentRefRelationId);
+
+
+CREATE TABLE m_role_analysis_session (
+    oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+    objectType ObjectType GENERATED ALWAYS AS ('ROLE_ANALYSIS_SESSION') STORED
+        CHECK (objectType = 'ROLE_ANALYSIS_SESSION')
+        )
+    INHERITS (m_assignment_holder);
+
+CREATE TRIGGER m_role_analysis_session_oid_insert_tr BEFORE INSERT ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+CREATE TRIGGER m_role_analysis_session_update_tr BEFORE UPDATE ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION before_update_object();
+CREATE TRIGGER m_role_analysis_session_oid_delete_tr AFTER DELETE ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+$aa$);
+
+
 ---
 -- WRITE CHANGES ABOVE ^^
 -- IMPORTANT: update apply_change number at the end of postgres-new.sql

diff --git a/config/sql/native-new/postgres-new.sql b/config/sql/native-new/postgres-new.sql
@@ -76,6 +76,8 @@ CREATE TYPE ObjectType AS ENUM (
     'REPORT_DATA',
     'RESOURCE',
     'ROLE',
+    'ROLE_ANALYSIS_CLUSTER',
+    'ROLE_ANALYSIS_SESSION',
     'SECURITY_POLICY',
     'SEQUENCE',
     'SERVICE',
@@ -1162,6 +1164,45 @@ CREATE INDEX m_report_data_policySituation_idx
 CREATE INDEX m_report_data_createTimestamp_idx ON m_report_data (createTimestamp);
 CREATE INDEX m_report_data_modifyTimestamp_idx ON m_report_data (modifyTimestamp);
 
+
+CREATE TABLE m_role_analysis_cluster (
+    oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+    objectType ObjectType GENERATED ALWAYS AS ('ROLE_ANALYSIS_CLUSTER') STORED
+        CHECK (objectType = 'ROLE_ANALYSIS_CLUSTER'),
+        parentRefTargetOid UUID,
+        parentRefTargetType ObjectType,
+        parentRefRelationId INTEGER REFERENCES m_uri(id)
+)
+    INHERITS (m_assignment_holder);
+
+CREATE TRIGGER m_role_analysis_cluster_oid_insert_tr BEFORE INSERT ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+CREATE TRIGGER m_role_analysis_cluster_update_tr BEFORE UPDATE ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION before_update_object();
+CREATE TRIGGER m_role_analysis_cluster_oid_delete_tr AFTER DELETE ON m_role_analysis_cluster
+    FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+
+CREATE INDEX m_role_analysis_cluster_parentRefTargetOid_idx ON m_role_analysis_cluster (parentRefTargetOid);
+CREATE INDEX m_role_analysis_cluster_parentRefTargetType_idx ON m_role_analysis_cluster (parentRefTargetType);
+CREATE INDEX m_role_analysis_cluster_parentRefRelationId_idx ON m_role_analysis_cluster (parentRefRelationId);
+
+
+CREATE TABLE m_role_analysis_session (
+    oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+    objectType ObjectType GENERATED ALWAYS AS ('ROLE_ANALYSIS_SESSION') STORED
+        CHECK (objectType = 'ROLE_ANALYSIS_SESSION')
+        )
+    INHERITS (m_assignment_holder);
+
+CREATE TRIGGER m_role_analysis_session_oid_insert_tr BEFORE INSERT ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+CREATE TRIGGER m_role_analysis_session_update_tr BEFORE UPDATE ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION before_update_object();
+CREATE TRIGGER m_role_analysis_session_oid_delete_tr AFTER DELETE ON m_role_analysis_session
+    FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+
+
+
 -- Represents LookupTableType, see https://docs.evolveum.com/midpoint/reference/misc/lookup-tables/
 CREATE TABLE m_lookup_table (
     oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
@@ -2117,4 +2158,4 @@ END $$;
 -- This is important to avoid applying any change more than once.
 -- Also update SqaleUtils.CURRENT_SCHEMA_CHANGE_NUMBER
 -- repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
-call apply_change(21, $$ SELECT 1 $$, true);
+call apply_change(23, $$ SELECT 1 $$, true);
diff --git a/gui/admin-gui/src/frontend/scss/midpoint.scss b/gui/admin-gui/src/frontend/scss/midpoint.scss
@@ -30,6 +30,50 @@
 @import "tiles";
 @import "tables";
 
+@import "role-mining-rotated-header";
+@import "role-mining-static-header";
+@import "role-mining-static-header-name";
+@import "role-mining-static-row-header";
+@import "role-mining-no-border";
+
+
+.role-mining-rotated-header{
+  display:flex;	  display:flex;
+  justify-content:center;	  justify-content:center;
+  align-items:center;	  align-items:center;
+  transform: rotate(180deg);	  transform: rotate(180deg);
+  writing-mode: vertical-lr;	  writing-mode: vertical-lr;
+  width: 40px;	  width: 40px;
+  height: 150px;	  height: 150px;
+  border: 1px solid #f4f4f4;	  border: 1px solid #f4f4f4;
+}
+
+.role-mining-no-border {
+    border-left: none !important;
+    border-right: none !important;
+}
+
+.role-mining-static-header {
+  width: 40px;
+  height: 150px;
+}
+
+.role-mining-static-header-name {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  transform: rotate(180deg);
+  writing-mode: revert;
+  width: 40px;
+  height: 150px;
+  border: 1px solid #f4f4f4;
+}
+
+.role-mining-static-row-header {
+  width: 150px;
+  height: 150px;
+}
+
 body.custom-hold-transition {
 	.content-wrapper,
 	.right-side,

diff --git a/gui/admin-gui/src/frontend/scss/role-mining-no-border.scss b/gui/admin-gui/src/frontend/scss/role-mining-no-border.scss
@@ -0,0 +1,14 @@
+/*!
+ * Copyright (C) 2010-2023 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+
+.role-mining-no-border {
+    border-left: none !important;
+    border-right: none !important;
+}
+
+
diff --git a/gui/admin-gui/src/frontend/scss/role-mining-rotated-header.scss b/gui/admin-gui/src/frontend/scss/role-mining-rotated-header.scss
@@ -0,0 +1,20 @@
+/*!
+ * Copyright (C) 2010-2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+
+.role-mining-rotated-header {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  transform: rotate(180deg);
+  writing-mode: vertical-lr;
+  width: 40px;
+  height: 150px;
+  border: 1px solid #f4f4f4;
+}
+
+
diff --git a/gui/admin-gui/src/frontend/scss/role-mining-static-header-name.scss b/gui/admin-gui/src/frontend/scss/role-mining-static-header-name.scss
@@ -0,0 +1,20 @@
+/*!
+ * Copyright (C) 2010-2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+
+.role-mining-static-header-name {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  transform: rotate(180deg);
+  writing-mode: revert;
+  width: 40px;
+  height: 120px;
+  border: 1px solid #f4f4f4;
+}
+
+
diff --git a/gui/admin-gui/src/frontend/scss/role-mining-static-header.scss b/gui/admin-gui/src/frontend/scss/role-mining-static-header.scss
@@ -0,0 +1,14 @@
+/*!
+ * Copyright (C) 2010-2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+
+.role-mining-static-header {
+  width: 40px;
+  height: 150px;
+}
+
+
diff --git a/gui/admin-gui/src/frontend/scss/role-mining-static-row-header.scss b/gui/admin-gui/src/frontend/scss/role-mining-static-row-header.scss
@@ -0,0 +1,16 @@
+/*!
+ * Copyright (C) 2010-2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+
+.role-mining-static-row-header {
+  width: 150px;
+  height: 120px;
+    border-left: none !important;
+    border-right: none !important;
+}
+
+
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
@@ -13,6 +13,11 @@
 import java.util.stream.Collectors;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.gui.impl.page.admin.role.mining.page.page.PageRoleAnalysis;
+import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
+
+import com.evolveum.midpoint.web.page.admin.resources.PageResourceTemplates;
+
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -48,7 +53,6 @@
 import com.evolveum.midpoint.model.api.authentication.CompiledDashboardType;
 import com.evolveum.midpoint.model.api.authentication.CompiledGuiProfile;
 import com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView;
-import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 import com.evolveum.midpoint.prism.query.ObjectQuery;
 import com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty;
 import com.evolveum.midpoint.schema.result.OperationResult;
@@ -73,7 +77,6 @@
 import com.evolveum.midpoint.web.page.admin.reports.PageCreatedReports;
 import com.evolveum.midpoint.web.page.admin.resources.PageConnectorHosts;
 import com.evolveum.midpoint.web.page.admin.resources.PageImportResource;
-import com.evolveum.midpoint.web.page.admin.resources.PageResourceTemplates;
 import com.evolveum.midpoint.web.page.admin.server.PageNodes;
 import com.evolveum.midpoint.web.page.admin.server.PageTasksCertScheduling;
 import com.evolveum.midpoint.web.page.admin.workflow.PageAttorneySelection;
@@ -393,6 +396,10 @@ private MainMenuItem createRolesMenu() {
         MainMenuItem roleMenu = createMainMenuItem("PageAdmin.menu.top.roles", GuiStyleConstants.CLASS_OBJECT_ROLE_ICON_COLORED
         );
         createBasicAssignmentHolderMenuItems(roleMenu, PageTypes.ROLE);
+//        roleMenu.addMenuItem(new MenuItem("PageAdmin.menu.top.roles.mining", PageRoleMiningSimple.class));
+//        roleMenu.addMenuItem(new MenuItem("RBAM", PageRoleMiningRBAM.class));
+        roleMenu.addMenuItem(new MenuItem("Mining", PageRoleAnalysis.class));
+
         return roleMenu;
     }
 

diff --git a/...min-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/RangePanelFactory.java b/...min-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/RangePanelFactory.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2010-2023 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.gui.impl.factory.panel;
+
+import jakarta.annotation.PostConstruct;
+import org.apache.wicket.model.PropertyModel;
+import org.springframework.stereotype.Component;
+
+import com.evolveum.midpoint.gui.api.prism.wrapper.ItemWrapper;
+import com.evolveum.midpoint.gui.api.prism.wrapper.PrismValueWrapper;
+import com.evolveum.midpoint.gui.impl.page.admin.role.mining.components.RangeSimplePanel;
+import com.evolveum.midpoint.prism.path.ItemName;
+import com.evolveum.midpoint.web.component.prism.InputPanel;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAnalysisSessionOptionType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AnalysisClusterStatisticType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.RangeType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleAnalysisDetectionOptionType;
+
+@Component
+public class RangePanelFactory extends AbstractInputGuiComponentFactory<RangeType> {
+
+    @PostConstruct
+    public void register() {
+        getRegistry().addToRegistry(this);
+    }
+
+    @Override
+    public <IW extends ItemWrapper<?, ?>, VW extends PrismValueWrapper<?>> boolean match(IW wrapper, VW valueWrapper) {
+        return RoleAnalysisDetectionOptionType.F_FREQUENCY_RANGE.equals(wrapper.getItemName())
+                || AbstractAnalysisSessionOptionType.F_PROPERTIES_RANGE.equals(wrapper.getItemName())
+                || AnalysisClusterStatisticType.F_MEMBERSHIP_RANGE.equals(wrapper.getItemName());
+    }
+
+    @Override
+    protected InputPanel getPanel(PrismPropertyPanelContext<RangeType> panelCtx) {
+        ItemName itemName = panelCtx.unwrapWrapperModel().getItemName();
+
+        double max;
+        if (RoleAnalysisDetectionOptionType.F_FREQUENCY_RANGE.equals(itemName)) {
+            max = 100.0;
+        } else {
+            max = 1000.0;
+        }
+
+        RangeSimplePanel rangeSliderPanel = new RangeSimplePanel(panelCtx.getComponentId(),
+                new PropertyModel<>(panelCtx.getItemWrapperModel(), "value"), max);
+        rangeSliderPanel.setOutputMarkupId(true);
+        return rangeSliderPanel;
+    }
+
+    @Override
+    public Integer getOrder() {
+        return 10000;
+    }
+
+    @Override
+    public void configure(PrismPropertyPanelContext<RangeType> panelCtx, org.apache.wicket.Component component) {
+        component.setEnabled(isEnable());
+    }
+
+    public boolean isEnable() {
+        return true;
+    }
+}