Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · Mar 17, 2017 · 5adcbef · 5adcbef
2 parents e289cf3 + 32df2e6
commit 5adcbef
Show file tree

Hide file tree

Showing 57 changed files with 2,085 additions and 712 deletions.
diff --git a/config/rest/index.html b/config/rest/index.html
@@ -18778,9 +18778,9 @@ <h3>Usage and SDK Samples</h3>
         m_basic.setPassword("YOUR PASSWORD");
 
         DefaultApi apiInstance = new DefaultApi();
-        String type = type_example; // String | type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
-        String id = id_example; // String | oid of the object for which the value will be generated
-        Object body = ; // Object | path to the property which will be generated
+        String type = type_example; // String | type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+        String id = id_example; // String | oid of the object for which the value will be validated
+        Object body = ; // Object | It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
         try {
             Object result = apiInstance.validateValue(type, id, body);
             System.out.println(result);
@@ -18803,9 +18803,9 @@ <h3>Usage and SDK Samples</h3>
 
     public static void main(String[] args) {
         DefaultApi apiInstance = new DefaultApi();
-        String type = type_example; // String | type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
-        String id = id_example; // String | oid of the object for which the value will be generated
-        Object body = ; // Object | path to the property which will be generated
+        String type = type_example; // String | type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+        String id = id_example; // String | oid of the object for which the value will be validated
+        Object body = ; // Object | It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
         try {
             Object result = apiInstance.validateValue(type, id, body);
             System.out.println(result);
@@ -18833,9 +18833,9 @@ <h3>Usage and SDK Samples</h3>
 [apiConfig setPassword:@"YOUR_PASSWORD"];
 
 
-String *type = type_example; // type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
-String *id = id_example; // oid of the object for which the value will be generated
-Object *body = ; // path to the property which will be generated
+String *type = type_example; // type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+String *id = id_example; // oid of the object for which the value will be validated
+Object *body = ; // It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
 
 DefaultApi *apiInstance = [[DefaultApi alloc] init];
 
@@ -18866,11 +18866,11 @@ <h3>Usage and SDK Samples</h3>
 
 var api = new .DefaultApi()
 
-var type = type_example; // {String} type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+var type = type_example; // {String} type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
 
-var id = id_example; // {String} oid of the object for which the value will be generated
+var id = id_example; // {String} oid of the object for which the value will be validated
 
-var body = ; // {Object} path to the property which will be generated
+var body = ; // {Object} It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
 
 
 var callback = function(error, data, response) {
@@ -18909,9 +18909,9 @@ <h3>Usage and SDK Samples</h3>
             Configuration.Default.Password = "YOUR_PASSWORD";
 
             var apiInstance = new DefaultApi();
-            var type = type_example;  // String | type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
-            var id = id_example;  // String | oid of the object for which the value will be generated
-            var body = new Object(); // Object | path to the property which will be generated
+            var type = type_example;  // String | type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+            var id = id_example;  // String | oid of the object for which the value will be validated
+            var body = new Object(); // Object | It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
 
             try
             {
@@ -18941,9 +18941,9 @@ <h3>Usage and SDK Samples</h3>
 io.swagger.client\Configuration::getDefaultConfiguration()->setPassword('YOUR_PASSWORD');
 
 $api_instance = new io.swagger.client\Api\DefaultApi();
-$type = type_example; // String | type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
-$id = id_example; // String | oid of the object for which the value will be generated
-$body = ; // Object | path to the property which will be generated
+$type = type_example; // String | type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services
+$id = id_example; // String | oid of the object for which the value will be validated
+$body = ; // Object | It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.
 
 try {
     $result = $api_instance->validateValue($type, $id, $body);
@@ -18981,7 +18981,7 @@ <h2>Parameters</h2>
 													var schemaWrapper = {
   "name" : "type",
   "in" : "path",
-  "description" : "type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services",
+  "description" : "type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services",
   "required" : true,
   "type" : "string"
 };
@@ -19014,7 +19014,7 @@ <h2>Parameters</h2>
 													var schemaWrapper = {
   "name" : "id",
   "in" : "path",
-  "description" : "oid of the object for which the value will be generated",
+  "description" : "oid of the object for which the value will be validated",
   "required" : true,
   "type" : "string"
 };
@@ -19058,7 +19058,7 @@ <h2>Parameters</h2>
 													var schemaWrapper = {
   "in" : "body",
   "name" : "body",
-  "description" : "path to the property which will be generated",
+  "description" : "It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate.",
   "required" : true,
   "schema" : {
     "type" : "object",
@@ -19784,7 +19784,7 @@ <h3> Status: 503 - Communication problem while provisioning </h3>
             </div>
             <div id="generator">
                 <div class="content">
-                    Generated 2017-03-02T14:25:03.802+01:00
+                    Generated 2017-03-16T13:50:39.152+01:00
                 </div>
             </div>
         </div>

diff --git a/config/rest/swagger.yml b/config/rest/swagger.yml
@@ -233,20 +233,20 @@ paths:
       - name: "type"
         in: "path"
         required: true
-        description: "type of the object for which the value will be generated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services"
+        description: "type of the object for which the value will be validated. Possible values are connectors, connectorHosts, genericObjects, resources, users, objectTemplates, systemConfigurations, tasks, shadows, roles, valuePolicies, orgs, services"
         type: "string"
       - name: "id"
         in: "path"
         required: true
         type: "string"
-        description: "oid of the object for which the value will be generated"
+        description: "oid of the object for which the value will be validated"
       - in: "body"
         name: "body"
         required: true
         schema:
           type: "object"
           description: "see PolicyItemsDefinitionType"
-        description: "path to the property which will be generated"
+        description: "It can contain either path to the existing property which should be validated (e.g. policy for generating/validating employeeNumber changed and we need to check if the existing employeeNumber still satisfy constraints or it should be generated again) or value which will be set to the target object if it satisfy policy constraints. Definition of path to the existing property is used only if no value is provided to validate."
       responses:
         200:
           description: "Successful operation"

diff --git a/...n-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.java b/...n-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.java
@@ -30,7 +30,7 @@
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
-import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyGenerator;
+import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
 import com.evolveum.midpoint.prism.Item;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismProperty;

diff --git a/...ui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageSecurityQuestions.java b/...ui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageSecurityQuestions.java
@@ -45,7 +45,7 @@
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.model.api.ModelService;
-import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyGenerator;
+import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismObjectDefinition;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageSelfRegistration.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageSelfRegistration.java
@@ -37,7 +37,7 @@
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
 import com.evolveum.midpoint.model.api.ModelExecuteOptions;
-import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyGenerator;
+import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismObjectDefinition;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/crypto/ProtectedData.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/crypto/ProtectedData.java
@@ -24,15 +24,17 @@
  */
 public interface ProtectedData<T> {
 
-	abstract byte[] getClearBytes();
+	byte[] getClearBytes();
 
-	abstract void setClearBytes(byte[] bytes);
+	void setClearBytes(byte[] bytes);
 
-	abstract T getClearValue();
+	T getClearValue();
 
-	abstract void setClearValue(T data);
+	void setClearValue(T data);
 
-	abstract void destroyCleartext();
+	void destroyCleartext();
+
+	boolean canGetCleartext();
 
 	EncryptedDataType getEncryptedDataType();
 

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/delta/ObjectDelta.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/delta/ObjectDelta.java
@@ -1688,4 +1688,24 @@ public List<PrismValue> getNewValuesFor(ItemPath itemPath) {
 			}
 		}
 	}
+
+        public List<PrismValue> getDeletedValuesFor(ItemPath itemPath) {
+		if (isAdd()) {
+			Item<PrismValue, ItemDefinition> item = objectToAdd.findItem(itemPath);
+			return item != null ? item.getValues() : Collections.emptyList();
+		} else if (isDelete()) {
+			return Collections.emptyList();
+		} else {
+			ItemDelta itemDelta = ItemDelta.findItemDelta(modifications, itemPath, ItemDelta.class);
+			if (itemDelta != null) {
+				if (itemDelta.getValuesToDelete() != null) {
+					return (List<PrismValue>) itemDelta.getValuesToDelete();
+				} else {
+					return Collections.emptyList();
+				}
+			} else {
+				return Collections.emptyList();
+			}
+		}
+	}
 }
diff --git a/infra/prism/src/main/java/com/evolveum/prism/xml/ns/_public/types_3/ProtectedDataType.java b/infra/prism/src/main/java/com/evolveum/prism/xml/ns/_public/types_3/ProtectedDataType.java
@@ -166,6 +166,11 @@ public T getClearValue() {
     public void setClearValue(T clearValue) {
     	this.clearValue = clearValue;
     }
+
+    @Override
+	public boolean canGetCleartext() {
+		return clearValue != null || encryptedDataType != null;
+	}
 
     @Override
 	public void destroyCleartext() {

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
@@ -65,6 +65,11 @@ public abstract class SchemaConstants {
 	public static final String NS_MATCHING_RULE = NS_MIDPOINT_PUBLIC + "/common/matching-rule-3";
 	public static final String NS_FAULT = "http://midpoint.evolveum.com/xml/ns/public/common/fault-3";
 	public static final String NS_SAMPLES_EXTENSION = "http://midpoint.evolveum.com/xml/ns/samples/extension-3";
+
+	/**
+	 * Namespace for default (bult-in) object collections, such as "all objects", "all roles", ...
+	 */
+	public static final String NS_OBJECT_COLLECTIONS = NS_MIDPOINT_PUBLIC + "/common/object-collections-3";
 
 	// COMMON NAMESPACE
 
@@ -216,6 +221,7 @@ public abstract class SchemaConstants {
 	public static final ItemPath PATH_CREDENTIALS_PASSWORD_FAILED_LOGINS = new ItemPath(
 			UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_FAILED_LOGINS);
 	public static final ItemPath PATH_LINK_REF = new ItemPath(FocusType.F_LINK_REF);
+	public static final ItemPath PATH_LIFECYCLE_STATE = new ItemPath(ObjectType.F_LIFECYCLE_STATE);
 
 	public static final String NS_PROVISIONING = NS_MIDPOINT_PUBLIC + "/provisioning";
 	public static final String NS_PROVISIONING_LIVE_SYNC = NS_PROVISIONING + "/liveSync-3";
@@ -398,6 +404,34 @@ public abstract class SchemaConstants {
 	public static final String LIFECYCLE_FAILED = "failed";
 
 
+	// Object collections
+
+	/**
+	 * All objects in role catalog. It means all the objects in all the categories that are placed under the
+	 * primary role catalog defined in the system. If used in a context where the role catalog can be displayed
+	 * as a tree then this collection will be displayed as a tree.
+	 */
+	public static final QName OBJECT_COLLECTION_ROLE_CATALOG_QNAME = new QName(NS_OBJECT_COLLECTIONS, "roleCatalog");
+	public static final String OBJECT_COLLECTION_ROLE_CATALOG_URI = QNameUtil.qNameToUri(OBJECT_COLLECTION_ROLE_CATALOG_QNAME);
+
+	/**
+	 * Collection that contains all roles.
+	 */
+	public static final QName OBJECT_COLLECTION_ALL_ROLES_QNAME = new QName(NS_OBJECT_COLLECTIONS, "allRoles");
+	public static final String OBJECT_COLLECTION_ALL_ROLES_URI = QNameUtil.qNameToUri(OBJECT_COLLECTION_ALL_ROLES_QNAME);
+
+	/**
+	 * Collection that contains all orgs.
+	 */
+	public static final QName OBJECT_COLLECTION_ALL_ORGS_QNAME = new QName(NS_OBJECT_COLLECTIONS, "allOrgs");
+	public static final String OBJECT_COLLECTION_ALL_ORGS_URI = QNameUtil.qNameToUri(OBJECT_COLLECTION_ALL_ORGS_QNAME);
+
+	/**
+	 * Collection that contains all services.
+	 */
+	public static final QName OBJECT_COLLECTION_ALL_SERVICES_QNAME = new QName(NS_OBJECT_COLLECTIONS, "allServices");
+	public static final String OBJECT_COLLECTION_ALL_SERVICES_URI = QNameUtil.qNameToUri(OBJECT_COLLECTION_ALL_SERVICES_QNAME);
+
 	// Samples
 
 	public static final QName SAMPLES_SSN = new QName(SchemaConstants.NS_SAMPLES_EXTENSION, "ssn");

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/FocusTypeUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/FocusTypeUtil.java
@@ -23,11 +23,15 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentSelectorType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 /**
  * @author semancik
@@ -147,4 +151,19 @@ public static ShadowKindType determineConstructionKind(AssignmentType assignment
 
 		throw new IllegalArgumentException("Construction not defined in the assigment.");
 	}
+
+	public static ProtectedStringType getPasswordValue(UserType user) {
+		if (user == null) {
+			return null;
+		}
+		CredentialsType creds = user.getCredentials();
+		if (creds == null) {
+			return null;
+		}
+		PasswordType passwd = creds.getPassword();
+		if (passwd == null) {
+			return null;
+		}
+		return passwd.getValue();
+	}
 }