Merge branch 'refs/heads/master' into feature/native-associations

# Conflicts: # gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/wrapper/ShadowAssociationWrapperImpl.java # infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptionsBuilderImpl.java # infra/schema/src/main/java/com/evolveum/midpoint/schema/ItemDeltaBeanToNativeConversion.java # infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/AbstractResourceObjectDefinitionImpl.java # model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/caching/AssociationSearchExpressionEvaluatorCache.java # model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/caching/AssociationSearchQueryKey.java # model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/caching/QueryKey.java # release-notes.adoc
Evolveum · Apr 16, 2024 · 4a3eb3f · 4a3eb3f
2 parents 6d50f70 + 6541d37
commit 4a3eb3f
Show file tree

Hide file tree

Showing 911 changed files with 26,406 additions and 8,389 deletions.
diff --git a/config/initial-objects/role/040-role-enduser.xml b/config/initial-objects/role/040-role-enduser.xml
@@ -243,6 +243,9 @@
         </object>
     </authorization>
     <adminGuiConfiguration>
+        <feedbackMessagesHook>
+            <stackTraceVisibility>hidden</stackTraceVisibility>
+        </feedbackMessagesHook>
         <homePage id="34">
             <type>UserType</type>
             <widget id="35">

diff --git a/config/initial-objects/role/042-role-reviewer.xml b/config/initial-objects/role/042-role-reviewer.xml
@@ -95,4 +95,16 @@
         <item>riskLevel</item>
         <item>serviceType</item>
     </authorization>
+    <authorization>
+        <name>certification-campaign-read</name>
+        <description>
+            Allow to read stageNumber property of certification campaign.
+        </description>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+        <object>
+            <type>AccessCertificationCampaignType</type>
+        </object>
+        <item>name</item>
+        <item>stageNumber</item>
+    </authorization>
 </role>
diff --git a/config/initial-objects/user/050-user-administrator.xml b/config/initial-objects/user/050-user-administrator.xml
@@ -25,11 +25,4 @@
     <activation>
         <administrativeStatus>enabled</administrativeStatus>
     </activation>
-    <credentials xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
-        <password>
-            <value>
-                 <t:clearValue>5ecr3t</t:clearValue>
-             </value>
-        </password>
-    </credentials>
 </user>
diff --git a/config/initial-objects/value-policy/010-value-policy.xml b/config/initial-objects/value-policy/010-value-policy.xml
@@ -9,37 +9,62 @@
         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
         version="0">
-    <name>
-        <t:orig>Default Password Policy</t:orig>
-        <t:norm>default password policy</t:norm>
-    </name>
+    <name>Default Password Policy</name>
     <description>Default password policy</description>
     <stringPolicy>
         <description>Testing string policy</description>
         <limitations>
-            <minLength>5</minLength>
-            <!--             <maxLength>8</maxLength> -->
+            <minLength>8</minLength>
+            <maxLength>14</maxLength>
             <minUniqueChars>3</minUniqueChars>
             <checkAgainstDictionary>true</checkAgainstDictionary>
-            <checkPattern />
-            <!--             <limit> -->
-            <!--                 <description>Alphas</description> -->
-            <!--                 <minOccurs>1</minOccurs> -->
-            <!--                 <maxOccurs>5</maxOccurs> -->
-            <!--                 <mustBeFirst>false</mustBeFirst> -->
-            <!--                 <characterClass> -->
-            <!--                     <value>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</value> -->
-            <!--                 </characterClass> -->
-            <!--             </limit> -->
-            <!--             <limit> -->
-            <!--                 <description>Numbers</description> -->
-            <!--                 <minOccurs>1</minOccurs> -->
-            <!--                 <maxOccurs>5</maxOccurs> -->
-            <!--                 <mustBeFirst>false</mustBeFirst> -->
-            <!--                 <characterClass> -->
-            <!--                     <value>1234567890</value> -->
-            <!--                 </characterClass> -->
-            <!--             </limit> -->
+            <checkPattern/>
+            <checkExpression>
+                <expression>
+                    <script>
+                        <code>
+                            if (object instanceof com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) {
+                            return !basic.containsIgnoreCase(input, object.getName()) &amp;&amp; !basic.containsIgnoreCase(input, object.getFamilyName()) &amp;&amp; !basic.containsIgnoreCase(input, object.getGivenName()) &amp;&amp; !basic.containsIgnoreCase(input, object.getAdditionalName())
+                            } else {
+                            return true
+                            }
+                        </code>
+                    </script>
+                </expression>
+                <failureMessage>must not contain username, family name and given name and additional names</failureMessage>
+            </checkExpression>
+            <limit>
+                <description>Lowercase characters</description>
+                <minOccurs>1</minOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>abcdefghijklmnopqrstuvwxyz</value>
+                </characterClass>
+            </limit>
+            <limit>
+                <description>Uppercase characters</description>
+                <minOccurs>1</minOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>ABCDEFGHIJKLMNOPQRSTUVWXYZ</value>
+                </characterClass>
+            </limit>
+            <limit>
+                <description>Numeric characters</description>
+                <minOccurs>1</minOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>1234567890</value>
+                </characterClass>
+            </limit>
+            <limit>
+                <description>Special characters</description>
+                <minOccurs>0</minOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value> !"#$%&amp;'()*+,-.:;&lt;&gt;?@[]^_`{|}~</value>
+                </characterClass>
+            </limit>
         </limitations>
     </stringPolicy>
 </valuePolicy>
diff --git a/config/sql/native/postgres-audit-upgrade.sql b/config/sql/native/postgres-audit-upgrade.sql
@@ -152,6 +152,12 @@ call apply_audit_change(8, $aa$
 ALTER TYPE AuditEventTypeType ADD VALUE IF NOT EXISTS 'INFORMATION_DISCLOSURE' AFTER 'DISCOVER_OBJECT';
 $aa$);
 
+
+--- Policy Type
+call apply_audit_change(9, $aa$
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'POLICY' AFTER 'ORG';
+$aa$);
+
 -- WRITE CHANGES ABOVE ^^
 
 -- IMPORTANT: update apply_audit_change number at the end of postgres-audit.sql

diff --git a/config/sql/native/postgres-audit.sql b/config/sql/native/postgres-audit.sql
@@ -53,6 +53,7 @@ DO $$ BEGIN
         'OBJECT_COLLECTION',
         'OBJECT_TEMPLATE',
         'ORG',
+        'POLICY',
         'REPORT',
         'REPORT_DATA',
         'RESOURCE',

diff --git a/config/sql/native/postgres-upgrade.sql b/config/sql/native/postgres-upgrade.sql
@@ -470,6 +470,38 @@ call apply_change(26, $aa$
     ALTER TABLE m_ref_role_membership ADD COLUMN fullObject BYTEA;
 $aa$);
 
+
+
+--- Policy Type
+
+call apply_change(27, $aa$
+ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'POLICY' AFTER 'ORG';
+$aa$);
+call apply_change(28, $aa$
+    CREATE TABLE m_policy (
+        oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+        objectType ObjectType GENERATED ALWAYS AS ('POLICY') STORED
+            CHECK (objectType = 'POLICY')
+    )
+        INHERITS (m_abstract_role);
+
+    CREATE TRIGGER m_policy_oid_insert_tr BEFORE INSERT ON m_policy
+        FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+    CREATE TRIGGER m_policy_update_tr BEFORE UPDATE ON m_policy
+        FOR EACH ROW EXECUTE FUNCTION before_update_object();
+    CREATE TRIGGER m_policy_oid_delete_tr AFTER DELETE ON m_policy
+        FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+
+    CREATE INDEX m_policy_nameOrig_idx ON m_policy (nameOrig);
+    CREATE UNIQUE INDEX m_policy_nameNorm_key ON m_policy (nameNorm);
+    CREATE INDEX m_policy_subtypes_idx ON m_policy USING gin(subtypes);
+    CREATE INDEX m_policy_identifier_idx ON m_policy (identifier);
+    CREATE INDEX m_policy_validFrom_idx ON m_policy (validFrom);
+    CREATE INDEX m_policy_validTo_idx ON m_policy (validTo);
+    CREATE INDEX m_policy_fullTextInfo_idx ON m_policy USING gin(fullTextInfo gin_trgm_ops);
+    CREATE INDEX m_policy_createTimestamp_idx ON m_policy (createTimestamp);
+    CREATE INDEX m_policy_modifyTimestamp_idx ON m_policy (modifyTimestamp);
+$aa$);
 ---
 -- WRITE CHANGES ABOVE ^^
 -- IMPORTANT: update apply_change number at the end of postgres-new.sql

diff --git a/config/sql/native/postgres.sql b/config/sql/native/postgres.sql
@@ -72,6 +72,7 @@ CREATE TYPE ObjectType AS ENUM (
     'OBJECT_COLLECTION',
     'OBJECT_TEMPLATE',
     'ORG',
+    'POLICY',
     'REPORT',
     'REPORT_DATA',
     'RESOURCE',
@@ -713,6 +714,34 @@ CREATE INDEX m_role_fullTextInfo_idx ON m_role USING gin(fullTextInfo gin_trgm_o
 CREATE INDEX m_role_createTimestamp_idx ON m_role (createTimestamp);
 CREATE INDEX m_role_modifyTimestamp_idx ON m_role (modifyTimestamp);
 
+
+-- Represents PolicyType, see https://docs.evolveum.com/midpoint/architecture/archive/data-model/midpoint-common-schema/policytype/
+CREATE TABLE m_policy (
+    oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
+    objectType ObjectType GENERATED ALWAYS AS ('POLICY') STORED
+        CHECK (objectType = 'POLICY')
+)
+    INHERITS (m_abstract_role);
+
+CREATE TRIGGER m_policy_oid_insert_tr BEFORE INSERT ON m_policy
+    FOR EACH ROW EXECUTE FUNCTION insert_object_oid();
+CREATE TRIGGER m_policy_update_tr BEFORE UPDATE ON m_policy
+    FOR EACH ROW EXECUTE FUNCTION before_update_object();
+CREATE TRIGGER m_policy_oid_delete_tr AFTER DELETE ON m_policy
+    FOR EACH ROW EXECUTE FUNCTION delete_object_oid();
+
+CREATE INDEX m_policy_nameOrig_idx ON m_policy (nameOrig);
+CREATE UNIQUE INDEX m_policy_nameNorm_key ON m_policy (nameNorm);
+CREATE INDEX m_policy_subtypes_idx ON m_policy USING gin(subtypes);
+CREATE INDEX m_policy_identifier_idx ON m_policy (identifier);
+CREATE INDEX m_policy_validFrom_idx ON m_policy (validFrom);
+CREATE INDEX m_policy_validTo_idx ON m_policy (validTo);
+CREATE INDEX m_policy_fullTextInfo_idx ON m_policy USING gin(fullTextInfo gin_trgm_ops);
+CREATE INDEX m_policy_createTimestamp_idx ON m_policy (createTimestamp);
+CREATE INDEX m_policy_modifyTimestamp_idx ON m_policy (modifyTimestamp);
+
+
+
 -- Represents ServiceType, see https://docs.evolveum.com/midpoint/reference/deployment/service-account-management/
 CREATE TABLE m_service (
     oid UUID NOT NULL PRIMARY KEY REFERENCES m_object_oid(oid),
@@ -2223,4 +2252,4 @@ END $$;
 -- This is important to avoid applying any change more than once.
 -- Also update SqaleUtils.CURRENT_SCHEMA_CHANGE_NUMBER
 -- repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
-call apply_change(26, $$ SELECT 1 $$, true);
+call apply_change(28, $$ SELECT 1 $$, true);
diff --git a/docs/admin-gui/collections-views/configuration/index.adoc b/docs/admin-gui/collections-views/configuration/index.adoc
@@ -1,3 +1,7 @@
+---
+midpoint-feature: object-collection-and-view
+doc-type: config
+---
 = Object Collections and Views Configuration
 :page-nav-title: Configuration
 :page-display-order: 50
@@ -516,4 +520,4 @@ Therefore, *link:https://evolveum.com/services/professional-support/[midPoint Pl
 
 * xref:/midpoint/features/planned/compliance/[Compliance]
 
-* xref:/midpoint/reference/admin-gui/dashboards/[Customizable Dashboards]
+* xref:/midpoint/reference/admin-gui/dashboards/[Customizable Dashboards]
diff --git a/docs/admin-gui/collections-views/index.adoc b/docs/admin-gui/collections-views/index.adoc
@@ -1,3 +1,7 @@
+---
+midpoint-feature: object-collection-and-view
+doc-type: intro
+---
 = Object Collections and Views
 :page-wiki-name: Object Collections and Views
 :page-wiki-id: 24676784
@@ -8,8 +12,6 @@
 :page-since: "4.0"
 :page-since-improved: [ "4.2", "4.3" ]
 :page-toc: top
-:page-midpoint-feature: true
-:page-alias: { "parent" : "/midpoint/features/current/" }
 :page-upkeep-status: orange
 :page-upkeep-note: Document recent improvements (4.2, 4.3)
 
@@ -64,4 +66,4 @@ See xref:/midpoint/features/planned/object-collections-and-views/[Object Collect
 
 * xref:/midpoint/features/planned/compliance/[Compliance]
 
-* xref:/midpoint/reference/admin-gui/dashboards/[Customizable Dashboards]
+* xref:/midpoint/reference/admin-gui/dashboards/[Customizable Dashboards]
diff --git a/docs/admin-gui/custom-forms/index.adoc b/docs/admin-gui/custom-forms/index.adoc
@@ -6,8 +6,6 @@
 :page-wiki-metadata-modify-user: katkav
 :page-wiki-metadata-modify-date: 2017-01-30T11:42:47.269+01:00
 :page-since: "3.6"
-:page-midpoint-feature: true
-:page-alias: { "parent" : "/midpoint/features/current/" }
 :page-toc: top
 :page-upkeep-status: yellow