Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · Jun 20, 2016 · 320ab2c · 320ab2c
2 parents e52fe95 + 6d1efe3
commit 320ab2c
Show file tree

Hide file tree

Showing 8 changed files with 286 additions and 171 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java
@@ -64,22 +64,22 @@ public class ContainerWrapper<C extends Containerable> implements ItemWrapper, S
 
     private PrismContainerDefinition<C> containerDefinition;
 
-	public ContainerWrapper(ObjectWrapper objectWrapper, PrismContainer<C> container, ContainerStatus status, ItemPath path) {
+	ContainerWrapper(ObjectWrapper objectWrapper, PrismContainer<C> container, ContainerStatus status, ItemPath path) {
 		Validate.notNull(container, "container must not be null.");
 		Validate.notNull(status, "Container status must not be null.");
 
 		this.objectWrapper = objectWrapper;
 		this.container = container;
 		this.status = status;
 		this.path = path;
-		main = path == null;
-		readonly = objectWrapper.isReadonly(); // [pm] this is quite questionable
-		showInheritedObjectAttributes = objectWrapper.isShowInheritedObjectAttributes();
+		this.main = path == null;
+		this.readonly = objectWrapper.isReadonly(); // [pm] this is quite questionable
+		this.showInheritedObjectAttributes = objectWrapper.isShowInheritedObjectAttributes();
 		// have to be after setting "main" property
-		containerDefinition = getItemDefinition();
+		this.containerDefinition = getItemDefinition();
 	}
 
-	public ContainerWrapper(PrismContainer<C> container, ContainerStatus status, ItemPath path, boolean readOnly) {
+	ContainerWrapper(PrismContainer<C> container, ContainerStatus status, ItemPath path, boolean readOnly) {
         Validate.notNull(container, "container must not be null.");
         Validate.notNull(container.getDefinition(), "container definition must not be null.");
         Validate.notNull(status, "Container status must not be null.");
@@ -88,9 +88,9 @@ public ContainerWrapper(PrismContainer<C> container, ContainerStatus status, Ite
 		this.containerDefinition = container.getDefinition();
         this.status = status;
         this.path = path;
-        main = path == null;
+        this.main = path == null;
         this.readonly = readOnly;
-        showInheritedObjectAttributes = false;
+        this.showInheritedObjectAttributes = false;
     }
 
     public void revive(PrismContext prismContext) throws SchemaException {
@@ -325,15 +325,9 @@ private boolean skipProperty(PrismPropertyDefinition def) {
     }
 
     public boolean isReadonly() {
-        PrismContainerDefinition def = getItemDefinition();
-		if (readonly) {
-			return true;
-		}
-        if (def != null) {
-            // todo take into account the containing object status (adding vs. modifying)
-            return (def.canRead() && !def.canAdd() && !def.canModify());
-        }
-        return false;
+		// readonly flag in container is an override. Do not get the value from definition
+		// otherwise it will be propagated to items and overrides the item definition.
+    	return readonly;
     }
 
     public void setReadonly(boolean readonly) {

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ItemWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ItemWrapper.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2015 Evolveum
+ * Copyright (c) 2010-2016 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,18 +38,34 @@ public interface ItemWrapper<I extends Item, ID extends ItemDefinition> extends
 
     I getItem();
 
+    /**
+     * Item definition.
+     * The definition defines how the item will be displayed (type, read-only, read-write or
+     * not displayed at all). This behavior can be overriden by readonly and visible flags.
+     */
     ID getItemDefinition();
 
+    /**
+     * Read only flag. This is an override of the default behavior given by the definition.
+     * If set to TRUE then it overrides the value from the definition.
+     */
     boolean isReadonly();
 
 	boolean isEmpty();
 
     boolean hasChanged();
 
     public List<ValueWrapper> getValues();
-
+
+    /**
+     * Visibility flag. This is an override of the default behavior given by the definition.
+     * TODO: when it overrides? If set to FALSE?
+     */
     public boolean isVisible();
 
+    /**
+     * Used to display the form elements with stripe in every other line.
+     */
     public boolean isStripe();
 
     void setStripe(boolean isStripe);

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapper.java
@@ -73,6 +73,8 @@ public class ObjectWrapper<O extends ObjectType> implements Serializable, Reviva
     private boolean showAssignments = false;
     // whether to show name and description properties and metadata container
     private boolean showInheritedObjectAttributes = true;
+
+    // readolny flag is an override. false means "do not override"
     private boolean readonly = false;
 
     private Collection<SelectorOptions<GetOperationOptions>> loadOptions;

diff --git a/...min-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapperFactory.java b/...min-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapperFactory.java
@@ -91,6 +91,9 @@ public <O extends ObjectType> ObjectWrapper<O> createObjectWrapper(String displa
 
             PrismObjectDefinition<O> objectDefinitionForEditing = modelServiceLocator.getModelInteractionService()
                     .getEditObjectDefinition(object, AuthorizationPhaseType.REQUEST, result);
+            if (LOGGER.isTraceEnabled()) {
+            	LOGGER.trace("Edit definition for {}:\n{}", object, objectDefinitionForEditing.debugDump(1));
+            }
             RefinedObjectClassDefinition objectClassDefinitionForEditing = null;
             if (isShadow(object)) {
                 PrismReference resourceRef = object.findReference(ShadowType.F_RESOURCE_REF);

diff --git a/...dmin-gui/src/test/java/com/evolveum/midpoint/web/TestIntegrationObjectWrapperFactory.java b/...dmin-gui/src/test/java/com/evolveum/midpoint/web/TestIntegrationObjectWrapperFactory.java
@@ -15,43 +15,48 @@
  */
 package com.evolveum.midpoint.web;
 
-import static org.testng.AssertJUnit.assertNotNull;
-import static org.testng.AssertJUnit.assertNull;
+import static com.evolveum.midpoint.test.IntegrationTestTools.display;
+import static com.evolveum.midpoint.web.AdminGuiTestConstants.RESOURCE_DUMMY_ASSOCIATION_GROUP_QNAME;
+import static com.evolveum.midpoint.web.AdminGuiTestConstants.ROLE_MAPMAKER_OID;
+import static com.evolveum.midpoint.web.AdminGuiTestConstants.USER_JACK_FULL_NAME;
+import static com.evolveum.midpoint.web.AdminGuiTestConstants.USER_JACK_OID;
+import static com.evolveum.midpoint.web.AdminGuiTestConstants.USER_JACK_USERNAME;
 import static org.testng.AssertJUnit.assertEquals;
-import static org.testng.AssertJUnit.assertFalse;
+import static org.testng.AssertJUnit.assertNotNull;
 import static org.testng.AssertJUnit.assertTrue;
-import static com.evolveum.midpoint.test.IntegrationTestTools.display;
-import static com.evolveum.midpoint.web.AdminGuiTestConstants.*;
-import static com.evolveum.midpoint.test.IntegrationTestTools.display;
 
-import java.util.Arrays;
+import java.io.File;
+import java.io.IOException;
 import java.util.List;
 
 import javax.xml.namespace.QName;
 
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
-import org.testng.AssertJUnit;
 import org.testng.annotations.Test;
 
 import com.evolveum.icf.dummy.resource.DummyGroup;
-import com.evolveum.midpoint.gui.api.util.ModelServiceLocator;
-import com.evolveum.midpoint.prism.Containerable;
+import com.evolveum.midpoint.model.api.PolicyViolationException;
 import com.evolveum.midpoint.prism.PrismContainer;
 import com.evolveum.midpoint.prism.PrismContainerValue;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismProperty;
-import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.prism.util.PrismAsserts;
 import com.evolveum.midpoint.prism.util.PrismTestUtil;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.test.DummyResourceContoller;
 import com.evolveum.midpoint.test.IntegrationTestTools;
 import com.evolveum.midpoint.test.util.TestUtil;
+import com.evolveum.midpoint.util.exception.CommunicationException;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
+import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
+import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
 import com.evolveum.midpoint.web.component.prism.AssociationWrapper;
 import com.evolveum.midpoint.web.component.prism.ContainerStatus;
 import com.evolveum.midpoint.web.component.prism.ContainerWrapper;
@@ -62,8 +67,7 @@
 import com.evolveum.midpoint.web.component.prism.ValueWrapper;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowIdentifiersType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
@@ -77,13 +81,30 @@
 @DirtiesContext(classMode = ClassMode.AFTER_CLASS)
 public class TestIntegrationObjectWrapperFactory extends AbstractInitializedGuiIntegrationTest {
 
+	public static final File TEST_DIR = new File("src/test/resources/wrapper");
+
+	protected static final File ROLE_PROP_READ_ALL_MODIFY_SOME_USER_FILE = new File(TEST_DIR, "role-prop-read-all-modify-some-user.xml");
+	protected static final String ROLE_PROP_READ_ALL_MODIFY_SOME_USER_OID = "00000000-0000-0000-0000-00000000ae05";
+
+	protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_USER_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some-user.xml");
+	protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_USER_OID = "00000000-0000-0000-0000-00000000ae08";
+
 	private static final String USER_WALLY_NAME = "wally";
 	private static final String USER_WALLY_FULLNAME = "Wally B. Feed";
 
 	public static final String GROUP_DUMMY_MAPMAKERS_NAME = "mapmakers";
 	private String userWallyOid;
 	private String accountWallyOid;
 
+	@Override
+	public void initSystem(Task initTask, OperationResult initResult) throws Exception {
+		super.initSystem(initTask, initResult);
+
+		repoAddObjectFromFile(ROLE_PROP_READ_ALL_MODIFY_SOME_USER_FILE, RoleType.class, initResult);
+		repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_USER_FILE, RoleType.class, initResult);
+
+	}
+
 	@Test
     public void test100CreateWrapperUser() throws Exception {
 		final String TEST_NAME = "test100CreateWrapperUser";
@@ -231,5 +252,117 @@ public void test220AssignRoleLandluberToWally() throws Exception {
 		PrismAsserts.assertPropertyValue(groupAssociationUidProp, GROUP_DUMMY_MAPMAKERS_NAME);
 
 	}
+
+	/**
+	 * MID-3126
+	 */
+	@Test
+    public void test800EditSchemaJackPropReadAllModifySomeUser() throws Exception {
+		final String TEST_NAME = "test800EditSchemaJackPropReadAllModifySomeUser";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        // GIVEN
+        cleanupAutzTest(USER_JACK_OID);
+        assignRole(USER_JACK_OID, ROLE_PROP_READ_ALL_MODIFY_SOME_USER_OID);
+        login(USER_JACK_USERNAME);
 
+        ObjectWrapperFactory factory = new ObjectWrapperFactory(getServiceLocator());
+        PrismObject<UserType> user = getUser(USER_JACK_OID);
+        display("user before", user);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+
+		ObjectWrapper<UserType> objectWrapper = factory.createObjectWrapper("user display name", "user description", user, 
+				ContainerStatus.MODIFYING);
+
+		// THEN
+		TestUtil.displayThen(TEST_NAME);
+
+		IntegrationTestTools.display("Wrapper after", objectWrapper);
+		assertEquals("Wrong object wrapper readOnly", Boolean.FALSE, (Boolean)objectWrapper.isReadonly());
+
+		ContainerWrapper<UserType> mainContainerWrapper = objectWrapper.findMainContainerWrapper();
+		assertEquals("Wrong main container wrapper readOnly", Boolean.FALSE, (Boolean)mainContainerWrapper.isReadonly());
+
+		ItemWrapper nameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_NAME);
+		assertEquals("Wrong name readOnly", Boolean.TRUE, (Boolean)nameWrapper.isReadonly());
+		assertEquals("Wrong name visible", Boolean.TRUE, (Boolean)nameWrapper.isVisible());
+		assertEquals("Wrong name definition.canRead", Boolean.TRUE, (Boolean)nameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong name definition.canAdd", Boolean.FALSE, (Boolean)nameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong name definition.canModify", Boolean.FALSE, (Boolean)nameWrapper.getItemDefinition().canModify());
+
+		ItemWrapper givenNameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_GIVEN_NAME);
+		assertEquals("Wrong givenName readOnly", Boolean.TRUE, (Boolean)givenNameWrapper.isReadonly());
+		assertEquals("Wrong givenName visible", Boolean.TRUE, (Boolean)givenNameWrapper.isVisible());
+		assertEquals("Wrong givenName definition.canRead", Boolean.TRUE, (Boolean)givenNameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong givenName definition.canAdd", Boolean.FALSE, (Boolean)givenNameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong givenName definition.canModify", Boolean.FALSE, (Boolean)givenNameWrapper.getItemDefinition().canModify());
+
+		ItemWrapper fullNameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_FULL_NAME);
+		assertEquals("Wrong fullName readOnly", Boolean.FALSE, (Boolean)fullNameWrapper.isReadonly());
+		assertEquals("Wrong fullName visible", Boolean.TRUE, (Boolean)givenNameWrapper.isVisible());
+		assertEquals("Wrong fullName definition.canRead", Boolean.TRUE, (Boolean)fullNameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong fullName definition.canAdd", Boolean.FALSE, (Boolean)fullNameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong fullName definition.canModify", Boolean.TRUE, (Boolean)fullNameWrapper.getItemDefinition().canModify());
+
+	}
+
+	/**
+	 * MID-3126
+	 */
+	@Test
+    public void test802EditSchemaJackPropReadSomeModifySomeUser() throws Exception {
+		final String TEST_NAME = "test800EditSchemaJackPropReadAllModifySomeUser";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        // GIVEN
+        cleanupAutzTest(USER_JACK_OID);
+        assignRole(USER_JACK_OID, ROLE_PROP_READ_SOME_MODIFY_SOME_USER_OID);
+        login(USER_JACK_USERNAME);
+
+        ObjectWrapperFactory factory = new ObjectWrapperFactory(getServiceLocator());
+        PrismObject<UserType> user = getUser(USER_JACK_OID);
+        display("user before", user);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+
+		ObjectWrapper<UserType> objectWrapper = factory.createObjectWrapper("user display name", "user description", user, 
+				ContainerStatus.MODIFYING);
+
+		// THEN
+		TestUtil.displayThen(TEST_NAME);
+
+		IntegrationTestTools.display("Wrapper after", objectWrapper);
+		assertEquals("Wrong object wrapper readOnly", Boolean.FALSE, (Boolean)objectWrapper.isReadonly());
+
+		ContainerWrapper<UserType> mainContainerWrapper = objectWrapper.findMainContainerWrapper();
+		assertEquals("Wrong main container wrapper readOnly", Boolean.FALSE, (Boolean)mainContainerWrapper.isReadonly());
+
+		ItemWrapper nameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_NAME);
+		assertEquals("Wrong name readOnly", Boolean.TRUE, (Boolean)nameWrapper.isReadonly());
+		assertEquals("Wrong name visible", Boolean.TRUE, (Boolean)nameWrapper.isVisible());
+		assertEquals("Wrong name definition.canRead", Boolean.TRUE, (Boolean)nameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong name definition.canAdd", Boolean.FALSE, (Boolean)nameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong name definition.canModify", Boolean.FALSE, (Boolean)nameWrapper.getItemDefinition().canModify());
+
+		ItemWrapper givenNameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_GIVEN_NAME);
+		assertEquals("Wrong givenName readOnly", Boolean.TRUE, (Boolean)givenNameWrapper.isReadonly());
+		assertEquals("Wrong givenName visible", Boolean.TRUE, (Boolean)givenNameWrapper.isVisible());
+		assertEquals("Wrong givenName definition.canRead", Boolean.FALSE, (Boolean)givenNameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong givenName definition.canAdd", Boolean.FALSE, (Boolean)givenNameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong givenName definition.canModify", Boolean.FALSE, (Boolean)givenNameWrapper.getItemDefinition().canModify());
+
+		ItemWrapper fullNameWrapper = mainContainerWrapper.findPropertyWrapper(UserType.F_FULL_NAME);
+		assertEquals("Wrong fullName readOnly", Boolean.FALSE, (Boolean)fullNameWrapper.isReadonly());
+		assertEquals("Wrong fullName visible", Boolean.TRUE, (Boolean)fullNameWrapper.isVisible());
+		assertEquals("Wrong fullName definition.canRead", Boolean.TRUE, (Boolean)fullNameWrapper.getItemDefinition().canRead());
+		assertEquals("Wrong fullName definition.canAdd", Boolean.FALSE, (Boolean)fullNameWrapper.getItemDefinition().canAdd());
+		assertEquals("Wrong fullName definition.canModify", Boolean.TRUE, (Boolean)fullNameWrapper.getItemDefinition().canModify());
+
+	}
+
+	private void cleanupAutzTest(String userOid) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException, IOException {
+		login(userAdministrator);
+        unassignAllRoles(userOid);
+	}
 }
diff --git a/gui/admin-gui/src/test/resources/wrapper/role-prop-read-all-modify-some-user.xml b/gui/admin-gui/src/test/resources/wrapper/role-prop-read-all-modify-some-user.xml
@@ -0,0 +1,50 @@
+<!--
+  ~ Copyright (c) 2014-2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="00000000-0000-0000-0000-00000000ae05"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
+    <name>Prop Read All Modify Some User</name>    
+    <authorization>
+    	<name>read all</name>
+    	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+    	<object>
+    		<type>UserType</type>
+    		<filter>
+	            <q:equal>
+	               <q:path>employeeType</q:path>
+	               <q:value>CAPTAIN</q:value>
+	            </q:equal>
+	        </filter>
+    	</object>
+    </authorization>
+    <authorization>
+    	<name>modify some</name>
+    	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
+    	<object>
+    		<type>UserType</type>
+    		<filter>
+	            <q:equal>
+	               <q:path>employeeType</q:path>
+	               <q:value>CAPTAIN</q:value>
+	            </q:equal>
+	        </filter>
+    	</object>
+    	<item>fullName</item>
+    	<item>description</item>
+    </authorization>
+</role>