Added test for MID-3799:1 to strings story (also updated configuratio…

…n files accordingly).

model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java

@@ -1518,6 +1518,19 @@ protected AssignmentType getUserAssignment(String userOid, String roleOid) throw
 		return null;
 	}
 
+	protected AssignmentType getUserAssignment(String userOid, String roleOid, QName relation)
+			throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException {
+		PrismObject<UserType> user = getUser(userOid);
+		List<AssignmentType> assignments = user.asObjectable().getAssignment();
+		for (AssignmentType assignment: assignments) {
+			ObjectReferenceType targetRef = assignment.getTargetRef();
+			if (targetRef != null && roleOid.equals(targetRef.getOid()) && QNameUtil.match(relation, targetRef.getRelation())) {
+				return assignment;
+			}
+		}
+		return null;
+	}
+
 	protected <F extends FocusType> void assertNoAssignments(PrismObject<F> user) {
 		MidPointAsserts.assertNoAssignments(user);
 	}

testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestStrings.java

@@ -36,6 +36,7 @@
 import com.evolveum.midpoint.schema.ObjectDeltaOperation;
 import com.evolveum.midpoint.schema.SearchResultList;
 import com.evolveum.midpoint.schema.constants.ObjectTypes;
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
 import com.evolveum.midpoint.schema.util.WfContextUtil;
@@ -1090,6 +1091,45 @@ public void test222FormApproveByCheese() throws Exception {
 		// record #3: finishing process execution
 	}
 
+	@Test
+	public void test250ApproverAssignment() throws Exception {
+		final String TEST_NAME = "test250ApproverAssignment";
+		TestUtil.displayTestTile(this, TEST_NAME);
+		Task task = createTask(TestStrings.class.getName() + "." + TEST_NAME);
+		OperationResult result = task.getResult();
+
+		dummyAuditService.clear();
+		dummyTransport.clearMessages();
+
+		// WHEN
+		assignRole(userBobOid, roleATest1Oid, SchemaConstants.ORG_APPROVER, task, task.getResult());
+
+		// THEN
+		assertNull("bob has assigned a-test-1 as an approver", getUserAssignment(userBobOid, roleATest1Oid, SchemaConstants.ORG_APPROVER));
+
+		List<WorkItemType> workItems = getWorkItems(task, result);
+		displayWorkItems("Work item after start", workItems);
+		PrismObject<TaskType> wfTask = getTask(workItems.get(0).getTaskRef().getOid());
+		display("wfTask", wfTask);
+
+		ItemApprovalProcessStateType info = WfContextUtil.getItemApprovalProcessInfo(wfTask.asObjectable().getWorkflowContext());
+		ApprovalSchemaType schema = info.getApprovalSchema();
+		assertEquals("Wrong # of approval levels", 3, schema.getLevel().size());
+		assertApprovalLevel(schema, 1, "Line managers", "P5D", 2);
+		assertApprovalLevel(schema, 2, "Security", "P7D", 1);
+		assertApprovalLevel(schema, 3, "Role approvers (all)", "P5D", 2);
+		assertStage(wfTask, 1, 3, "Line managers", null);
+
+		List<Message> lifecycleMessages = dummyTransport.getMessages(DUMMY_WORK_ITEM_LIFECYCLE);
+		List<Message> allocationMessages = dummyTransport.getMessages(DUMMY_WORK_ITEM_ALLOCATION);
+		List<Message> processMessages = dummyTransport.getMessages(DUMMY_PROCESS);
+		display("work items lifecycle notifications", lifecycleMessages);
+		display("work items allocation notifications", allocationMessages);
+		display("processes notifications", processMessages);
+
+		display("audit", dummyAuditService);
+	}
+
 
 	//endregion
 

testing/story/src/test/resources/common/system-configuration.xml

@@ -59,4 +59,8 @@
             <redirectToFile>target/mail-notifications.log</redirectToFile>
         </mail>
     </notificationConfiguration>
+	<workflowConfiguration>
+		<useLegacyApproversSpecification>never</useLegacyApproversSpecification>
+		<useDefaultApprovalPolicyRules>never</useDefaultApprovalPolicyRules>
+	</workflowConfiguration>
 </systemConfiguration>

testing/story/src/test/resources/strings/roles/global-policy-rules.xml

@@ -63,7 +63,9 @@
 		<name>role-approvers-all-approval</name>
 		<description>Approval of role assignment by all the role approvers</description>
 		<policyConstraints>
-			<assignment/>
+			<assignment>
+				<relation>q:any</relation>
+			</assignment>
 		</policyConstraints>
 		<policyActions>
 			<approval>
@@ -100,7 +102,9 @@
 		<name>line-manager-approval</name>
 		<description>Approval of role assignment by the line manager(s)</description>
 		<policyConstraints>
-			<assignment/>
+			<assignment>
+				<relation>q:any</relation>
+			</assignment>
 		</policyConstraints>
 		<policyActions>
 			<approval>
@@ -142,7 +146,9 @@
 		<name>escalate-then-reject-for-levels-20-30</name>
 		<description>Automatic escalation followed by rejection for levels 10 and 40 (LM, role approvers)</description>
 		<policyConstraints>
-			<assignment/>		<!-- TODO is this really necessary? -->
+			<situation>
+				<situation>http://midpoint.evolveum.com/xml/ns/public/model/policy/situation#assigned</situation>
+			</situation>
 		</policyConstraints>
 		<policyActions>
 			<approval>
@@ -198,7 +204,9 @@
 		<name>auto-reject-for-levels-20-30</name>
 		<description>Automatic rejection for levels 20 and 30 (security, SoD)</description>
 		<policyConstraints>
-			<assignment/>		<!-- TODO is this really necessary? -->
+			<situation>
+				<situation>http://midpoint.evolveum.com/xml/ns/public/model/policy/situation#assigned</situation>
+			</situation>
 		</policyConstraints>
 		<policyActions>
 			<approval>

testing/story/src/test/resources/strings/roles/metarole-approval-role-approvers-first.xml

@@ -14,14 +14,18 @@
   ~ limitations under the License.
   -->
 
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="e3c28c94-798a-4f93-85f8-de7cbe37315b">
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	  oid="e3c28c94-798a-4f93-85f8-de7cbe37315b">
 	<name>metarole-approval-role-approvers-first</name>
 	<description>Requests to assign role holding this metarole will be approved by the role approver(s) using "first decides" method</description>
 	<displayName>Metarole: approval by the role approver(s) - first decides</displayName>
 	<inducement>
 		<policyRule>
 			<policyConstraints>
-				<assignment />
+				<assignment>
+					<relation>q:any</relation>
+				</assignment>
 			</policyConstraints>
 			<policyActions>
 				<approval>
@@ -45,7 +49,4 @@
 			</policyActions>
 		</policyRule>
 	</inducement>
-	<inducement>
-		<targetRef oid="99828c23-40c1-4340-9fe4-8df2599a1691" type="RoleType"/>		<!-- escalation then rejection -->
-	</inducement>
 </role>

testing/story/src/test/resources/strings/roles/metarole-approval-role-approvers-form.xml

@@ -14,7 +14,9 @@
   ~ limitations under the License.
   -->
 
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="df092a19-68f0-4056-adf8-482f8fd26410">
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	  oid="df092a19-68f0-4056-adf8-482f8fd26410">
 	<name>metarole-approval-role-approvers-form</name>
 	<description>Always use along with approvers-all or approvers-first metarole!</description>
 	<displayName>Metarole: approval by the role approver(s) with custom form</displayName>
@@ -23,6 +25,7 @@
 			<policyConstraints>
 				<assignment>
 					<operation>add</operation>
+					<relation>q:any</relation>
 				</assignment>
 			</policyConstraints>
 			<policyActions>

testing/story/src/test/resources/strings/roles/metarole-approval-security.xml

@@ -23,7 +23,9 @@
 	<inducement>
 		<policyRule>
 			<policyConstraints>
-				<assignment/>
+				<assignment>
+					<relation>q:any</relation>
+				</assignment>
 			</policyConstraints>
 			<policyActions>
 				<approval>