GUI authorization..displaying only fields that user can view...

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java

@@ -16,6 +16,7 @@
 
 package com.evolveum.midpoint.web.component.prism;
 
+import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
 import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
 import com.evolveum.midpoint.prism.*;
 import com.evolveum.midpoint.prism.path.ItemPath;
@@ -67,6 +68,8 @@ public class ContainerWrapper<T extends PrismContainer> implements ItemWrapper,
     private boolean showInheritedObjectAttributes;
 
     private OperationResult result;
+
+    private PrismContainerDefinition containerDefinition;
 
     public ContainerWrapper(ObjectWrapper object, T container, ContainerStatus status, ItemPath path) {
         Validate.notNull(container, "Prism object must not be null.");
@@ -79,9 +82,21 @@ public ContainerWrapper(ObjectWrapper object, T container, ContainerStatus statu
         main = path == null;
         readonly = object.isReadonly();
         showInheritedObjectAttributes = object.isShowInheritedObjectAttributes();
-
+        //have to be after setting "main" property
+        containerDefinition = getContainerDefinition();
         createProperties();
     }
+
+    protected PrismContainerDefinition getContainerDefinition(){
+    	if (object.getEditedDefinition() != null){
+    		if (main){
+    			return object.getEditedDefinition();
+    		}
+        	return object.getEditedDefinition().findContainerDefinition(path);
+        } else {
+        	return container.getDefinition();
+        }
+    }
 
     OperationResult getResult() {
         return result;
@@ -133,7 +148,9 @@ private List<PropertyWrapper> createProperties() {
         PrismObject parent = getObject().getObject();
         Class clazz = parent.getCompileTimeClass();
         if (ShadowType.class.isAssignableFrom(clazz)) {
-            QName name = container.getDefinition().getName();
+        	QName name = containerDefinition.getName();
+//        	QName name = container.getDefinition().getName();
+
             if (ShadowType.F_ATTRIBUTES.equals(name)) {
                 try {
                     PrismReference resourceRef = parent.findReference(ShadowType.F_RESOURCE_REF);
@@ -143,7 +160,6 @@ private List<PropertyWrapper> createProperties() {
 
                     PrismProperty<QName> objectClassProp = parent.findProperty(ShadowType.F_OBJECT_CLASS);
                     QName objectClass = objectClassProp != null ? objectClassProp.getRealValue() : null;
-
                     definition = refinedSchema.findRefinedDefinitionByObjectClassQName(ShadowKindType.ACCOUNT, objectClass)
                             .toResourceAttributeContainerDefinition();
 
@@ -158,10 +174,12 @@ private List<PropertyWrapper> createProperties() {
                     return properties;
                 }
             } else {
-                definition = container.getDefinition();
+            	definition = containerDefinition;
+//                definition = container.getDefinition();
             }
         } else {
-            definition = container.getDefinition();
+        	definition = containerDefinition;
+//            definition = container.getDefinition();
         }
 
         if (definition == null) {
@@ -224,7 +242,7 @@ private List<PropertyWrapper> createProperties() {
        } else {            // if not an assignment
 
             if (container.getValues().size() == 1 ||
-                    (container.getValues().isEmpty() && (container.getDefinition() == null || container.getDefinition().isSingleValue()))) {
+                    (container.getValues().isEmpty() && (containerDefinition== null || containerDefinition.isSingleValue()))) {
 
                 // there's no point in showing properties for non-single-valued parent containers,
                 // so we continue only if the parent is single-valued
@@ -359,10 +377,30 @@ private static String formatTime(XMLGregorianCalendar time) {
     }
 
     boolean isPropertyVisible(PropertyWrapper property) {
-        PrismPropertyDefinition def = property.getItem().getDefinition();
-        if (skipProperty(def) || !def.canRead() || def.isIgnored() || def.isOperational()) {
+        PrismPropertyDefinition def = property.getItemDefinition();
+        if (skipProperty(def) || def.isIgnored() || def.isOperational()) {
             return false;
         }
+
+        if (ContainerStatus.ADDING == getStatus() && def.canAdd()){
+        	return true;
+        }
+
+        if (ContainerStatus.MODIFYING == getStatus() && def.canModify()){
+        	return true;
+        }
+
+        if (ContainerStatus.MODIFYING == getStatus() && !def.canModify()){
+        	if (def.canRead()){
+        		property.setReadonly(true);
+        		return true;
+        	} 
+        	return false;
+        }
+
+        if (!def.canRead()){
+        	return false;
+        }
 
         ObjectWrapper object = getObject();
 
@@ -471,6 +509,9 @@ private boolean skipProperty(PrismPropertyDefinition def) {
     }
 
     public boolean isReadonly() {
+    	if (getContainerDefinition() != null){
+    		return getContainerDefinition().canRead();
+    	}
         return readonly;
     }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapper.java

@@ -89,15 +89,17 @@ public class ObjectWrapper implements Serializable {
     private List<PrismProperty> associations;
 
     private OperationResult fetchResult;
+    private PrismObjectDefinition editedDefinition;
 
-    public ObjectWrapper(String displayName, String description, PrismObject object, ContainerStatus status) {
+    public ObjectWrapper(String displayName, String description, PrismObject object, PrismObjectDefinition editedDefinition, ContainerStatus status) {
 		Validate.notNull(object, "Object must not be null.");
 		Validate.notNull(status, "Container status must not be null.");
 
 		this.displayName = displayName;
 		this.description = description;
 		this.object = object;
 		this.status = status;
+		this.editedDefinition = editedDefinition;
 
         createContainers();
 	}
@@ -224,7 +226,8 @@ private List<ContainerWrapper> createCustomContainerWrapper(PrismObject object,
 		ContainerStatus status = container == null ? ContainerStatus.ADDING : ContainerStatus.MODIFYING;
 		List<ContainerWrapper> list = new ArrayList<ContainerWrapper>();
 		if (container == null) {
-			PrismContainerDefinition definition = object.getDefinition().findContainerDefinition(name);
+			PrismContainerDefinition definition = determineObjectDefinition().findContainerDefinition(name);
+//			PrismContainerDefinition definition = object.getDefinition().findContainerDefinition(name);
 			container = definition.instantiate();
 		}
 
@@ -244,6 +247,14 @@ private void addSubresult(OperationResult subResult) {
         result.addSubresult(subResult);
     }
 
+    private PrismObjectDefinition determineObjectDefinition(){
+    	if (editedDefinition != null){
+    		return editedDefinition;
+    	}
+
+    	return object.getDefinition();
+    }
+
 	private List<ContainerWrapper> createContainers() {
         result = new OperationResult(CREATE_CONTAINERS);
 
@@ -255,8 +266,16 @@ private List<ContainerWrapper> createContainers() {
 				PrismContainer attributes = object.findContainer(ShadowType.F_ATTRIBUTES);
 				ContainerStatus status = attributes != null ? getStatus() : ContainerStatus.ADDING;
 				if (attributes == null) {
-					PrismContainerDefinition definition = object.getDefinition().findContainerDefinition(
+					PrismContainerDefinition definition = determineObjectDefinition().findContainerDefinition(
 							ShadowType.F_ATTRIBUTES);
+//					if (editedDefinition != null){
+//						definition = editedDefinition.findContainerDefinition(
+//								ShadowType.F_ATTRIBUTES);
+//					} else {
+//						definition = object.getDefinition().findContainerDefinition(
+//								ShadowType.F_ATTRIBUTES);
+//					}	
+//					
 					attributes = definition.instantiate();
 				}
 
@@ -386,6 +405,9 @@ private List<ContainerWrapper> createContainerWrapper(PrismContainer parent, Ite
             if (ObjectSpecificationType.COMPLEX_TYPE.equals(def.getTypeName())) {
                 continue;       // TEMPORARY FIX
             }
+            if (TriggerType.COMPLEX_TYPE.equals(def.getTypeName())) {
+                continue;       // TEMPORARY FIX TODO: remove after getEditSchema (authorization) will be fixed.
+            }
             LOGGER.trace("ObjectWrapper.createContainerWrapper processing definition: {}", def);
 
 			PrismContainerDefinition containerDef = (PrismContainerDefinition) def;
@@ -737,4 +759,8 @@ public boolean isShowInheritedObjectAttributes() {
     public void setShowInheritedObjectAttributes(boolean showInheritedObjectAttributes) {
         this.showInheritedObjectAttributes = showInheritedObjectAttributes;
     }
+
+    public PrismObjectDefinition getEditedDefinition() {
+		return editedDefinition;
+	}
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PropertyWrapper.java

@@ -16,6 +16,7 @@
 
 package com.evolveum.midpoint.web.component.prism;
 
+import com.evolveum.midpoint.prism.ItemDefinition;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismProperty;
 import com.evolveum.midpoint.prism.PrismPropertyDefinition;
@@ -45,6 +46,7 @@ public class PropertyWrapper implements ItemWrapper, Serializable {
     private List<ValueWrapper> values;
     private String displayName;
     private boolean readonly;
+    private PrismPropertyDefinition itemDefinition;
 
     public PropertyWrapper(ContainerWrapper container, PrismProperty property, ValueStatus status) {
         Validate.notNull(property, "Property must not be null.");
@@ -54,6 +56,7 @@ public PropertyWrapper(ContainerWrapper container, PrismProperty property, Value
         this.property = property;
         this.status = status;
         this.readonly = container.isReadonly();
+        this.itemDefinition = getItemDefinition();
 
         ItemPath passwordPath = new ItemPath(SchemaConstantsGenerated.C_CREDENTIALS,
                 CredentialsType.F_PASSWORD);
@@ -63,13 +66,24 @@ public PropertyWrapper(ContainerWrapper container, PrismProperty property, Value
         }
     }
 
+    protected PrismPropertyDefinition getItemDefinition(){
+    	PrismPropertyDefinition propDef = container.getContainerDefinition().findPropertyDefinition(property.getDefinition().getName());
+    	if (propDef == null){
+    		propDef = property.getDefinition();
+    	}
+    	return propDef;
+
+    }
+
     public boolean isVisible() {
         if (property.getDefinition().isOperational()) {
             return false;
         }
 
         return container.isPropertyVisible(this);
     }
+
+
 
     ContainerWrapper getContainer() {
         return container;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/ObjectWrapperUtil.java

@@ -0,0 +1,24 @@
+package com.evolveum.midpoint.web.component.util;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.PrismObjectDefinition;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SystemException;
+import com.evolveum.midpoint.web.component.prism.ContainerStatus;
+import com.evolveum.midpoint.web.component.prism.ObjectWrapper;
+import com.evolveum.midpoint.web.page.PageBase;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+
+public class ObjectWrapperUtil {
+
+
+	public static <O extends ObjectType> ObjectWrapper createObjectWrapper(String displayName, String description, PrismObject<O> object, ContainerStatus status, PageBase pageBase) {
+		try {
+		PrismObjectDefinition editedDefinition = pageBase.getModelInteractionService().getEditObjectDefinition(object);
+		ObjectWrapper wrapper = new ObjectWrapper(displayName, description, object, editedDefinition, status);
+		return wrapper;
+		} catch (SchemaException ex){
+			throw new SystemException(ex);
+		}
+	}
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/ConfigurationStep.java

@@ -30,6 +30,7 @@
 import com.evolveum.midpoint.web.component.prism.ObjectWrapper;
 import com.evolveum.midpoint.web.component.prism.PrismObjectPanel;
 import com.evolveum.midpoint.web.component.util.LoadableModel;
+import com.evolveum.midpoint.web.component.util.ObjectWrapperUtil;
 import com.evolveum.midpoint.web.component.wizard.WizardStep;
 import com.evolveum.midpoint.web.page.PageBase;
 import com.evolveum.midpoint.web.util.WebMiscUtil;
@@ -68,8 +69,10 @@ public ConfigurationStep(IModel<PrismObject<ResourceType>> resourceModel) {
 
             @Override
             protected ObjectWrapper load() {
-                ObjectWrapper wrapper = new ObjectWrapper(null, null, ConfigurationStep.this.resourceModel.getObject(),
-                        ContainerStatus.MODIFYING);
+            	ObjectWrapper wrapper = ObjectWrapperUtil.createObjectWrapper(null, null, ConfigurationStep.this.resourceModel.getObject(),
+                        ContainerStatus.MODIFYING, getPageBase());
+//                ObjectWrapper wrapper = new ObjectWrapper(null, null, ConfigurationStep.this.resourceModel.getObject(),
+//                        ContainerStatus.MODIFYING);
                 wrapper.setMinimalized(false);
                 wrapper.setShowEmpty(true);
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/PageBase.java

@@ -341,7 +341,7 @@ public SecurityEnforcer getSecurityEnforcer() {
         return securityEnforcer;
     }
 
-    protected ModelInteractionService getModelInteractionService() {
+    public ModelInteractionService getModelInteractionService() {
         return modelInteractionService;
     }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/ReportConfigurationPanel.java

@@ -82,7 +82,7 @@ protected void initLayout() {
             protected ObjectWrapper load() {
                 PrismObject<ReportType> report = getModel().getObject().getObject();
 
-                return new ObjectWrapper(null, null, report, ContainerStatus.MODIFYING);
+                return new ObjectWrapper(null, null, report, null, ContainerStatus.MODIFYING);
             }
         };
         PrismObjectPanel properties = new PrismObjectPanel(ID_PROPERTIES, wrapper, null, null);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/content/PageAccount.java

@@ -34,6 +34,7 @@
 import com.evolveum.midpoint.web.component.prism.ObjectWrapper;
 import com.evolveum.midpoint.web.component.prism.PrismObjectPanel;
 import com.evolveum.midpoint.web.component.util.LoadableModel;
+import com.evolveum.midpoint.web.component.util.ObjectWrapperUtil;
 import com.evolveum.midpoint.web.page.admin.resources.PageAdminResources;
 import com.evolveum.midpoint.web.page.admin.resources.PageResources;
 import com.evolveum.midpoint.web.resource.img.ImgResources;
@@ -111,7 +112,7 @@ private ObjectWrapper loadAccount() {
             throw new RestartResponseException(PageResources.class);
         }
 
-        ObjectWrapper wrapper = new ObjectWrapper(null, null, account, ContainerStatus.MODIFYING);
+        ObjectWrapper wrapper = ObjectWrapperUtil.createObjectWrapper(null, null, account, ContainerStatus.MODIFYING, this);
         if (wrapper.getResult() != null && !WebMiscUtil.isSuccessOrHandledError(wrapper.getResult())) {
             showResultInSession(wrapper.getResult());
         }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUser.java

@@ -59,6 +59,7 @@
 import com.evolveum.midpoint.web.component.dialog.ConfirmationDialog;
 import com.evolveum.midpoint.web.component.prism.*;
 import com.evolveum.midpoint.web.component.util.LoadableModel;
+import com.evolveum.midpoint.web.component.util.ObjectWrapperUtil;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.page.PageBase;
 import com.evolveum.midpoint.web.page.admin.server.PageTasks;
@@ -276,7 +277,15 @@ private ObjectWrapper loadUserWrapper(PrismObject<UserType> userToEdit) {
         }
 
         ContainerStatus status = isEditingUser() ? ContainerStatus.MODIFYING : ContainerStatus.ADDING;
-        ObjectWrapper wrapper = new ObjectWrapper("pageUser.userDetails", null, user, status);
+        ObjectWrapper wrapper = null;
+        try{
+        	wrapper = ObjectWrapperUtil.createObjectWrapper("pageUser.userDetails", null, user, status, this);
+        } catch (Exception ex){
+        	result.recordFatalError("Couldn't get user.", ex);
+            LoggingUtils.logException(LOGGER, "Couldn't load user", ex);
+            wrapper = new ObjectWrapper("pageUser.userDetails", null, user, null, status);
+        }
+//        ObjectWrapper wrapper = new ObjectWrapper("pageUser.userDetails", null, user, status);
         if (wrapper.getResult() != null && !WebMiscUtil.isSuccessOrHandledError(wrapper.getResult())) {
             showResultInSession(wrapper.getResult());
         }
@@ -632,8 +641,10 @@ private List<UserAccountDto> loadAccountWrappers() {
                 ResourceType resource = accountType.getResource();
                 String resourceName = WebMiscUtil.getName(resource);
 
-                ObjectWrapper wrapper = new ObjectWrapper(resourceName, WebMiscUtil.getOrigStringFromPoly(accountType
-                        .getName()), account, ContainerStatus.MODIFYING);
+                ObjectWrapper wrapper = ObjectWrapperUtil.createObjectWrapper(resourceName, WebMiscUtil.getOrigStringFromPoly(accountType
+                        .getName()), account, ContainerStatus.MODIFYING, this);
+//                ObjectWrapper wrapper = new ObjectWrapper(resourceName, WebMiscUtil.getOrigStringFromPoly(accountType
+//                        .getName()), account, ContainerStatus.MODIFYING);
                 wrapper.setFetchResult(OperationResult.createOperationResult(fetchResult));
                 wrapper.setSelectable(true);
                 wrapper.setMinimalized(true);
@@ -1543,8 +1554,10 @@ private void addSelectedAccountPerformed(AjaxRequestTarget target, List<Resource
 
                 getPrismContext().adopt(shadow);
 
-                ObjectWrapper wrapper = new ObjectWrapper(WebMiscUtil.getOrigStringFromPoly(resource.getName()), null,
-                        shadow.asPrismObject(), ContainerStatus.ADDING);
+                ObjectWrapper wrapper = ObjectWrapperUtil.createObjectWrapper(WebMiscUtil.getOrigStringFromPoly(resource.getName()), null,
+                        shadow.asPrismObject(), ContainerStatus.ADDING, this);
+//                ObjectWrapper wrapper = new ObjectWrapper(WebMiscUtil.getOrigStringFromPoly(resource.getName()), null,
+//                        shadow.asPrismObject(), ContainerStatus.ADDING);
                 if (wrapper.getResult() != null && !WebMiscUtil.isSuccessOrHandledError(wrapper.getResult())) {
                     showResultInSession(wrapper.getResult());
                 }