Testing approvals defined via metarole.

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.java

@@ -294,7 +294,7 @@ private <O extends ObjectType> void evaluateAssignmentWithResolvedTarget(Evaluat
 			}
 
 			LOGGER.trace("Checking for role cycle, comparing segment order {} with path order {}", assignmentPathSegment.getEvaluationOrder(), assignmentPath.getEvaluationOrder());
-			if (assignmentPath.containsTarget((ObjectType) target.asObjectable()) && assignmentPathSegment.getEvaluationOrder().equals(assignmentPath.getEvaluationOrder())) {
+			if (assignmentPath.containsTarget(target.asObjectable()) && assignmentPathSegment.getEvaluationOrder().equals(assignmentPath.getEvaluationOrder())) {
 				throw new PolicyViolationException("Attempt to assign "+target+" creates a role cycle");
 			}
 		}

model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/PcpChildWfTaskCreationInstruction.java

@@ -77,7 +77,6 @@ public void prepareCommonAttributes(PrimaryChangeAspect aspect, ModelContext<?>
         }
     }
 
-    @Deprecated
     public <F extends FocusType> void setDeltasToProcess(ObjectDelta<F> delta) {
         setDeltasToProcesses(new ObjectTreeDeltas<>(delta, getChangeProcessor().getPrismContext()));
     }

model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/aspect/PolicyRuleBasedAspect.java

@@ -75,10 +75,10 @@ public class PolicyRuleBasedAspect extends BasePrimaryChangeAspect {
     protected PrismContext prismContext;
 
     @Autowired
-    protected ItemApprovalProcessInterface itemApprovalProcessInterface;
+	private ItemApprovalProcessInterface itemApprovalProcessInterface;
 
 	@Autowired
-	protected ApprovalSchemaHelper approvalSchemaHelper;
+	private ApprovalSchemaHelper approvalSchemaHelper;
 
     //region ------------------------------------------------------------ Things that execute on request arrival
 
@@ -102,16 +102,16 @@ public List<PcpChildWfTaskCreationInstruction> prepareTasks(@NotNull ModelContex
 		PrismObject<UserType> requester = baseModelInvocationProcessingHelper.getRequester(taskFromModel, result);
 
 		if (objectTreeDeltas.getFocusChange() != null) {
-			extractAssignmentBasedInstructions(modelContext, objectTreeDeltas, requester, instructions, wfConfigurationType, taskFromModel, result);
-			extractObjectBasedInstructions((LensContext<?>) modelContext, objectTreeDeltas, requester, instructions, taskFromModel, result);
+			extractAssignmentBasedInstructions(modelContext, objectTreeDeltas, requester, instructions, wfConfigurationType, result);
+			extractObjectBasedInstructions((LensContext<?>) modelContext, objectTreeDeltas, requester, instructions, result);
 		}
         return instructions;
     }
 
 	private void extractAssignmentBasedInstructions(@NotNull ModelContext<?> modelContext,
-			@NotNull ObjectTreeDeltas objectTreeDeltas, PrismObject<UserType> requester,
+			@NotNull ObjectTreeDeltas<?> objectTreeDeltas, PrismObject<UserType> requester,
 			List<PcpChildWfTaskCreationInstruction> instructions, WfConfigurationType wfConfigurationType,
-			@NotNull Task taskFromModel, @NotNull OperationResult result)
+			@NotNull OperationResult result)
 			throws SchemaException {
 
 		ObjectDelta<? extends ObjectType> focusDelta = objectTreeDeltas.getFocusChange();
@@ -158,6 +158,7 @@ private void extractAssignmentBasedInstructions(@NotNull ModelContext<?> modelCo
 							&& noExplicitApprovalAction;
 			ApprovalRequest<?> request = createAssignmentApprovalRequest(newAssignment, approvalActions, useLegacy, result);
 			if (request != null && !request.getApprovalSchema().isEmpty()) {
+				@SuppressWarnings("unchecked")
 				PrismContainerValue<AssignmentType> assignmentValue = newAssignment.getAssignmentType().asPrismContainerValue();
 				boolean removed = objectTreeDeltas.subtractFromFocusDelta(new ItemPath(FocusType.F_ASSIGNMENT), assignmentValue);
 				if (!removed) {
@@ -171,15 +172,15 @@ private void extractAssignmentBasedInstructions(@NotNull ModelContext<?> modelCo
 					miscDataUtil.generateFocusOidIfNeeded(modelContext, focusDelta);
 				}
 				instructions.add(
-						prepareAssignmentRelatedTaskInstruction(request, newAssignment, modelContext, taskFromModel, requester,
+						prepareAssignmentRelatedTaskInstruction(request, newAssignment, modelContext, requester,
 								result));
 			}
 		}
 	}
 
 	private void extractObjectBasedInstructions(@NotNull LensContext<?> modelContext,
 			@NotNull ObjectTreeDeltas objectTreeDeltas, PrismObject<UserType> requester,
-			List<PcpChildWfTaskCreationInstruction> instructions, @NotNull Task taskFromModel, @NotNull OperationResult result)
+			List<PcpChildWfTaskCreationInstruction> instructions, @NotNull OperationResult result)
 			throws SchemaException {
 
 		ObjectDelta<?> focusDelta = objectTreeDeltas.getFocusChange();
@@ -248,7 +249,7 @@ private void extractObjectBasedInstructions(@NotNull LensContext<?> modelContext
 			ApprovalRequest<?> request = new ApprovalRequestImpl<>("dummy", entry.getValue(), prismContext);
 			if (!request.getApprovalSchema().isEmpty()) {
 				instructions.add(
-						prepareObjectRelatedTaskInstruction(request, focusDelta, items, modelContext, taskFromModel, requester, result));
+						prepareObjectRelatedTaskInstruction(request, focusDelta, items, modelContext, requester, result));
 			}
 		}
 	}
@@ -334,7 +335,7 @@ private ApprovalSchemaType addApprovalActionIntoApprovalSchema(ApprovalSchemaTyp
 	}
 
 	private PcpChildWfTaskCreationInstruction prepareAssignmentRelatedTaskInstruction(ApprovalRequest<?> approvalRequest,
-			EvaluatedAssignment<?> evaluatedAssignment, ModelContext<?> modelContext, Task taskFromModel,
+			EvaluatedAssignment<?> evaluatedAssignment, ModelContext<?> modelContext,
 			PrismObject<UserType> requester, OperationResult result) throws SchemaException {
 
 		String objectOid = getFocusObjectOid(modelContext);
@@ -344,6 +345,7 @@ private PcpChildWfTaskCreationInstruction prepareAssignmentRelatedTaskInstructio
 
 		LOGGER.trace("Approval request = {}", approvalRequest);
 
+		@SuppressWarnings("unchecked")
 		PrismObject<? extends ObjectType> target = (PrismObject<? extends ObjectType>) evaluatedAssignment.getTarget();
 		Validate.notNull(target, "assignment target is null");
 
@@ -371,7 +373,7 @@ private PcpChildWfTaskCreationInstruction prepareAssignmentRelatedTaskInstructio
     }
 
 	private PcpChildWfTaskCreationInstruction prepareObjectRelatedTaskInstruction(ApprovalRequest<?> approvalRequest,
-			ObjectDelta<?> focusDelta, Set<ItemPath> paths, ModelContext<?> modelContext, Task taskFromModel,
+			ObjectDelta<?> focusDelta, Set<ItemPath> paths, ModelContext<?> modelContext,
 			PrismObject<UserType> requester, OperationResult result) throws SchemaException {
 
 		//String objectOid = getFocusObjectOid(modelContext);
@@ -405,6 +407,7 @@ private PcpChildWfTaskCreationInstruction prepareObjectRelatedTaskInstruction(Ap
 
 		instruction.prepareCommonAttributes(this, modelContext, requester);
 
+		@SuppressWarnings("unchecked")
 		ObjectDelta<? extends FocusType> delta = (ObjectDelta<? extends FocusType>) subtractModifications(focusDelta, paths);
 		instruction.setDeltasToProcess(delta);
 

model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/policy/AbstractWfTestPolicy.java

@@ -93,17 +93,24 @@ public class AbstractWfTestPolicy extends AbstractModelImplementationIntegration
 	protected static final File USER_LEAD3_FILE = new File(TEST_RESOURCE_DIR, "user-lead3.xml");
 	protected static final File USER_LEAD10_FILE = new File(TEST_RESOURCE_DIR, "user-lead10.xml");
 	protected static final File USER_PIRATE_OWNER_FILE = new File(TEST_RESOURCE_DIR, "user-pirate-owner.xml");
+
 	protected static final File ROLE_APPROVER_FILE = new File(TEST_RESOURCE_DIR, "041-role-approver.xml");
+	protected static final File ROLE_METAROLE1_FILE = new File(TEST_RESOURCE_DIR, "metarole1.xml");
 	protected static final File ROLE_ROLE1_FILE = new File(TEST_RESOURCE_DIR, "role-role1.xml");
 	protected static final File ROLE_ROLE1A_FILE = new File(TEST_RESOURCE_DIR, "role-role1a.xml");
+	protected static final File ROLE_ROLE1B_FILE = new File(TEST_RESOURCE_DIR, "role-role1b.xml");
 	protected static final File ROLE_ROLE2_FILE = new File(TEST_RESOURCE_DIR, "role-role2.xml");
 	protected static final File ROLE_ROLE2A_FILE = new File(TEST_RESOURCE_DIR, "role-role2a.xml");
+	protected static final File ROLE_ROLE2B_FILE = new File(TEST_RESOURCE_DIR, "role-role2b.xml");
 	protected static final File ROLE_ROLE3_FILE = new File(TEST_RESOURCE_DIR, "role-role3.xml");
 	protected static final File ROLE_ROLE3A_FILE = new File(TEST_RESOURCE_DIR, "role-role3a.xml");
+	protected static final File ROLE_ROLE3B_FILE = new File(TEST_RESOURCE_DIR, "role-role3b.xml");
 	protected static final File ROLE_ROLE4_FILE = new File(TEST_RESOURCE_DIR, "role-role4.xml");
 	protected static final File ROLE_ROLE4A_FILE = new File(TEST_RESOURCE_DIR, "role-role4a.xml");
+	protected static final File ROLE_ROLE4B_FILE = new File(TEST_RESOURCE_DIR, "role-role4b.xml");
 	protected static final File ROLE_ROLE10_FILE = new File(TEST_RESOURCE_DIR, "role-role10.xml");
 	protected static final File ROLE_ROLE10A_FILE = new File(TEST_RESOURCE_DIR, "role-role10a.xml");
+	protected static final File ROLE_ROLE10B_FILE = new File(TEST_RESOURCE_DIR, "role-role10b.xml");
 	protected static final String USER_ADMINISTRATOR_OID = SystemObjectsType.USER_ADMINISTRATOR.value();
 
 	protected String userJackOid;
@@ -114,17 +121,24 @@ public class AbstractWfTestPolicy extends AbstractModelImplementationIntegration
 	protected String userLead3Oid;
 	protected String userLead10Oid;
 	protected String userPirateOwnerOid;
+
 	protected String roleApproverOid;
+	protected String roleMetarole1Oid;
 	protected String roleRole1Oid;
 	protected String roleRole1aOid;
+	protected String roleRole1bOid;
 	protected String roleRole2Oid;
 	protected String roleRole2aOid;
+	protected String roleRole2bOid;
 	protected String roleRole3Oid;
 	protected String roleRole3aOid;
+	protected String roleRole3bOid;
 	protected String roleRole4Oid;
 	protected String roleRole4aOid;
+	protected String roleRole4bOid;
 	protected String roleRole10Oid;
 	protected String roleRole10aOid;
+	protected String roleRole10bOid;
 
 	@Autowired
 	protected Clockwork clockwork;
@@ -163,18 +177,24 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		login(userAdministrator);
 
 		roleApproverOid = repoAddObjectFromFile(ROLE_APPROVER_FILE, initResult).getOid();
+		roleMetarole1Oid = repoAddObjectFromFile(ROLE_METAROLE1_FILE, initResult).getOid();
 
 		userJackOid = repoAddObjectFromFile(USER_JACK_FILE, initResult).getOid();
 		roleRole1Oid = repoAddObjectFromFile(ROLE_ROLE1_FILE, initResult).getOid();
 		roleRole1aOid = repoAddObjectFromFile(ROLE_ROLE1A_FILE, initResult).getOid();
+		roleRole1bOid = repoAddObjectFromFile(ROLE_ROLE1B_FILE, initResult).getOid();
 		roleRole2Oid = repoAddObjectFromFile(ROLE_ROLE2_FILE, initResult).getOid();
 		roleRole2aOid = repoAddObjectFromFile(ROLE_ROLE2A_FILE, initResult).getOid();
+		roleRole2bOid = repoAddObjectFromFile(ROLE_ROLE2B_FILE, initResult).getOid();
 		roleRole3Oid = repoAddObjectFromFile(ROLE_ROLE3_FILE, initResult).getOid();
 		roleRole3aOid = repoAddObjectFromFile(ROLE_ROLE3A_FILE, initResult).getOid();
+		roleRole3bOid = repoAddObjectFromFile(ROLE_ROLE3B_FILE, initResult).getOid();
 		roleRole4Oid = repoAddObjectFromFile(ROLE_ROLE4_FILE, initResult).getOid();
 		roleRole4aOid = repoAddObjectFromFile(ROLE_ROLE4A_FILE, initResult).getOid();
+		roleRole4bOid = repoAddObjectFromFile(ROLE_ROLE4B_FILE, initResult).getOid();
 		roleRole10Oid = repoAddObjectFromFile(ROLE_ROLE10_FILE, initResult).getOid();
 		roleRole10aOid = repoAddObjectFromFile(ROLE_ROLE10A_FILE, initResult).getOid();
+		roleRole10bOid = repoAddObjectFromFile(ROLE_ROLE10B_FILE, initResult).getOid();
 		userLead1Oid = addAndRecomputeUser(USER_LEAD1_FILE, initTask, initResult);
 		userLead2Oid = addAndRecomputeUser(USER_LEAD2_FILE, initTask, initResult);
 		userLead3Oid = addAndRecomputeUser(USER_LEAD3_FILE, initTask, initResult);

model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/policy/metarole/TestAssignmentApprovalMetaroleExplicit.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2010-2016 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.wf.impl.policy.metarole;
+
+import com.evolveum.midpoint.wf.impl.policy.AbstractTestAssignmentApproval;
+
+/**
+ * Tests assigning of roles 1..3 with explicitly assigned metaroles (with policy rules).
+ *
+ * @author mederly
+ */
+@SuppressWarnings("Duplicates")
+public class TestAssignmentApprovalMetaroleExplicit extends AbstractTestAssignmentApproval {
+
+	@Override
+	protected String getRoleOid(int number) {
+		switch (number) {
+			case 1: return roleRole1bOid;
+			case 2: return roleRole2bOid;
+			case 3: return roleRole3bOid;
+			case 4: return roleRole4bOid;
+			case 10: return roleRole10bOid;
+			default: throw new IllegalArgumentException("Wrong role number: " + number);
+		}
+	}
+
+	@Override
+	protected String getRoleName(int number) {
+		switch (number) {
+			case 1: return "Role1b";
+			case 2: return "Role2b";
+			case 3: return "Role3b";
+			case 4: return "Role4b";
+			case 10: return "Role10b";
+			default: throw new IllegalArgumentException("Wrong role number: " + number);
+		}
+	}
+}

model/workflow-impl/src/test/resources/policy/metarole/metarole-default.xml → model/workflow-impl/src/test/resources/policy/metarole1.xml

@@ -17,25 +17,28 @@
 <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	  oid="00000001-d34d-b33f-f00d-M00000000001">
 	<name>Metarole 1 'default'</name>
-	<description>Treats assignments and modifications in the default way</description>
+	<description>Treats assignments and modifications in the default way (but with specific approver/owner relations)</description>
 	<inducement>
 		<policyRule>
 			<policyConstraints>
 				<assignment/>				<!-- applies to all assignment operations of this metarole-bearer as the target -->
 			</policyConstraints>
 			<policyActions>
 				<approval>
-					<approverRelation>approver</approverRelation>
+					<approverRelation>special-approver</approverRelation>
 				</approval>
 			</policyActions>
 		</policyRule>
+		<order>2</order>
+	</inducement>
+	<inducement>
 		<policyRule>
 			<policyConstraints>
 				<modification/>				<!-- applies to all modifications of this metarole-bearer -->
 			</policyConstraints>
 			<policyActions>
 				<approval>
-					<approverRelation>owner</approverRelation>
+					<approverRelation>special-owner</approverRelation>
 				</approval>
 			</policyActions>
 		</policyRule>

model/workflow-impl/src/test/resources/policy/role-role10b.xml

@@ -0,0 +1,23 @@
+<!--
+  ~ Copyright (c) 2010-2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<role oid="00000001-d34d-b33f-f00d-00000000010b">
+	<name>Role10b</name>
+	<description>Induced by Role1b</description>
+	<assignment> <!-- metarole 1 'default' -->
+		<targetRef oid="00000001-d34d-b33f-f00d-M00000000001" type="RoleType"/>
+	</assignment>
+</role>

model/workflow-impl/src/test/resources/policy/role-role1a.xml

@@ -18,4 +18,7 @@
 	  oid="00000001-d34d-b33f-f00d-00000000001a">
 	<name>Role1a</name>
 	<approverRef oid="00000001-d34d-b33f-f00d-L00000000001" type="UserType"/>		<!-- lead1 -->
+	<inducement>
+		<targetRef oid="00000001-d34d-b33f-f00d-00000000010a" type="RoleType" />
+	</inducement>
 </role>

model/workflow-impl/src/test/resources/policy/role-role1b.xml

@@ -15,6 +15,13 @@
   -->
 
 <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	  oid="00000001-d34d-b33f-f00d-0000000000b1">
+	  oid="00000001-d34d-b33f-f00d-00000000001b">
 	<name>Role1b</name>
+	<assignment> <!-- metarole 1 'default' -->
+		<targetRef oid="00000001-d34d-b33f-f00d-M00000000001" type="RoleType"/>
+	</assignment>
+	<!-- TODO when uncommented the following one, this test fails probably due to a bug in assignment evaluator -->
+	<!--<inducement>-->
+		<!--<targetRef oid="00000001-d34d-b33f-f00d-00000000010b" type="RoleType" />-->
+	<!--</inducement>-->
 </role>

model/workflow-impl/src/test/resources/policy/role-role2b.xml

@@ -15,6 +15,9 @@
   -->
 
 <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	  oid="00000001-d34d-b33f-f00d-0000000000b2">
+	  oid="00000001-d34d-b33f-f00d-00000000002b">
 	<name>Role2b</name>
+	<assignment> <!-- metarole 1 'default' -->
+		<targetRef oid="00000001-d34d-b33f-f00d-M00000000001" type="RoleType"/>
+	</assignment>
 </role>

model/workflow-impl/src/test/resources/policy/role-role3b.xml

@@ -15,6 +15,9 @@
   -->
 
 <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	  oid="00000001-d34d-b33f-f00d-0000000000b3">
+	  oid="00000001-d34d-b33f-f00d-00000000003b">
 	<name>Role3b</name>
+	<assignment> <!-- metarole 1 'default' -->
+		<targetRef oid="00000001-d34d-b33f-f00d-M00000000001" type="RoleType"/>
+	</assignment>
 </role>

model/workflow-impl/src/test/resources/policy/role-role4b.xml

@@ -0,0 +1,23 @@
+<!--
+  ~ Copyright (c) 2010-2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	  oid="00000001-d34d-b33f-f00d-00000000004b">
+	<name>Role4b</name>
+	<assignment> <!-- metarole 1 'default' -->
+		<targetRef oid="00000001-d34d-b33f-f00d-M00000000001" type="RoleType"/>
+	</assignment>
+</role>

model/workflow-impl/src/test/resources/policy/user-lead1.xml

@@ -22,6 +22,9 @@
 	<assignment> <!-- role1 -->
 		<targetRef oid="00000001-d34d-b33f-f00d-000000000001" type="RoleType" relation="approver"/>
 	</assignment>
+	<assignment> <!-- role1b -->
+		<targetRef oid="00000001-d34d-b33f-f00d-00000000001b" type="RoleType" relation="special-approver"/>
+	</assignment>
 	<fullName>Lead1</fullName>
 	<familyName>Lead1</familyName>
 </user>