diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointSpringApplication.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointSpringApplication.java
index fb9afa779c6..3275c57e7b8 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointSpringApplication.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointSpringApplication.java
@@ -185,7 +185,7 @@ private static SpringApplicationBuilder configureApplication(SpringApplicationBu
System.setProperty(MIDPOINT_HOME_PROPERTY, mpHome);
}
- System.setProperty("spring.config.location", MidPointSpringApplication.class.getResource("/") + ",${midpoint.home}/");
+ System.setProperty("spring.config.additional-location", "${midpoint.home}/");
application.bannerMode(Banner.Mode.LOG);
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.html b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.html
deleted file mode 100644
index 95d6fb44d30..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.html
+++ /dev/null
@@ -1,61 +0,0 @@
-
-
-
-
-
-
-
-
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.java
deleted file mode 100644
index 0072f1235c5..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssociationDetailsPanel.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Copyright (c) 2015-2018 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.evolveum.midpoint.web.component.assignment;
-
-import com.evolveum.midpoint.gui.api.GuiStyleConstants;
-import com.evolveum.midpoint.gui.api.component.BasePanel;
-import com.evolveum.midpoint.gui.api.component.togglebutton.ToggleIconButton;
-import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
-import com.evolveum.midpoint.web.component.input.ExpressionValuePanel;
-import com.evolveum.midpoint.web.component.input.QNameEditorPanel;
-import com.evolveum.midpoint.web.component.prism.ContainerValueWrapper;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
-import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.behavior.AttributeAppender;
-import org.apache.wicket.markup.html.form.Form;
-import org.apache.wicket.model.IModel;
-import org.apache.wicket.model.PropertyModel;
-
-/**
- * Created by honchar
- */
-public class AssociationDetailsPanel extends BasePanel>{
- private static final long serialVersionUID = 1L;
-
- private static final String ID_REF_FIELD = "refField";
- private static final String ID_EXPRESSION_PANEL = "expressionPanel";
- private static final String ID_REMOVE_ASSOCIATION = "removeAssociation";
-
- private ConstructionType construction;
-
- public AssociationDetailsPanel(String id, IModel> associationWrapperModel,
- ConstructionType construction){
- super(id, associationWrapperModel);
- this.construction = construction;
- }
-
- @Override
- protected void onInitialize(){
- super.onInitialize();
- initLayout();
- }
-
- private void initLayout(){
- QNameEditorPanel refField = new QNameEditorPanel(ID_REF_FIELD, WebComponentUtil.createPrismPropertySingleValueModel(getModel(), ResourceObjectAssociationType.F_REF),
- null, null, false, false){
- private static final long serialVersionUID = 1L;
- @Override
- protected AttributeAppender getSpecificLabelStyleAppender() {
- return AttributeAppender.append("style", "font-weight: normal !important;");
- }
- };
- refField.setOutputMarkupId(true);
- add(refField);
-
- ResourceObjectAssociationType resourceObjectAssociationType = getModelObject().getContainerValue().asContainerable();
- MappingType outbound = resourceObjectAssociationType.getOutbound();
- ExpressionValuePanel expressionValuePanel = new ExpressionValuePanel(ID_EXPRESSION_PANEL,
- new PropertyModel<>(outbound, MappingType.F_EXPRESSION.getLocalPart()),
- construction, getPageBase());
- expressionValuePanel.setOutputMarkupId(true);
- add(expressionValuePanel);
-
- ToggleIconButton removeAssociationButton = new ToggleIconButton(ID_REMOVE_ASSOCIATION,
- GuiStyleConstants.CLASS_MINUS_CIRCLE_DANGER, GuiStyleConstants.CLASS_MINUS_CIRCLE_DANGER) {
- private static final long serialVersionUID = 1L;
-
- @Override
- public void onClick(AjaxRequestTarget target) {
-// isChildContainersSelectorPanelVisible = true;
-// target.add(PrismContainerValueHeaderPanel.this);
- }
-
- @Override
- public boolean isOn() {
- return true;
- }
- };
- add(removeAssociationButton);
-
-
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/ExpressionValuePanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/ExpressionValuePanel.java
index 5a33b8f6dbc..c752b46d85e 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/ExpressionValuePanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/ExpressionValuePanel.java
@@ -96,12 +96,6 @@ public ExpressionValuePanel(String id, IModel model, Constructio
initLayout();
}
-// @Override
-// protected void onInitialize(){
-// super.onInitialize();
-// initLayout();
-// }
-
private void initLayout(){
setOutputMarkupId(true);
@@ -396,7 +390,12 @@ public void onClick(AjaxRequestTarget target) {
}
};
}
- });
+
+ @Override
+ public IModel getVisible() {
+ return Model.of(isAssociationExpression());
+ }
+ });
menuList.add(new InlineMenuItem(createStringResource("ExpressionValuePanel.addValueButtonTargetSearchTitle")) {
private static final long serialVersionUID = 1L;
@@ -417,6 +416,11 @@ public void onClick(AjaxRequestTarget target) {
}
};
}
+
+ @Override
+ public IModel getVisible() {
+ return Model.of(isAssociationExpression());
+ }
});
menuList.add(new InlineMenuItem(createStringResource("ExpressionValuePanel.addLiteralValueButton")) {
private static final long serialVersionUID = 1L;
@@ -437,6 +441,11 @@ public void onClick(AjaxRequestTarget target) {
}
};
}
+
+ @Override
+ public IModel getVisible() {
+ return Model.of(!isAssociationExpression());
+ }
});
return menuList;
}
@@ -461,4 +470,8 @@ private List getLiteralValues(){
}
return literalValueList;
}
+
+ protected boolean isAssociationExpression(){
+ return false;
+ }
}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/AbstractAssociationWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/AbstractAssociationWrapper.java
deleted file mode 100644
index b065a77ff81..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/AbstractAssociationWrapper.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package com.evolveum.midpoint.web.component.prism;
-
-import com.evolveum.midpoint.prism.Containerable;
-import com.evolveum.midpoint.prism.PrismContainer;
-import com.evolveum.midpoint.prism.delta.ObjectDelta;
-import com.evolveum.midpoint.prism.path.ItemPath;
-import com.evolveum.midpoint.util.exception.SchemaException;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-
-/**
- * Created by honchar.
- */
-public abstract class AbstractAssociationWrapper extends ContainerWrapper {
-
-
- AbstractAssociationWrapper(ObjectWrapper objectWrapper, PrismContainer container, ContainerStatus objectStatus, ContainerStatus status, ItemPath path) {
- super(objectWrapper, container, objectStatus, status, path);
- }
-
- private static final long serialVersionUID = 1L;
-
- @Override
- public abstract PrismContainer createContainerAddDelta() throws SchemaException;
-
- @Override
- public abstract void collectModifications(ObjectDelta delta) throws SchemaException;
-
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapperFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapperFactory.java
index bea57209d6c..ac04ad9c855 100755
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapperFactory.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapperFactory.java
@@ -104,7 +104,7 @@ public ContainerWrapper createContainerWrapper( Object
return cWrapper;
}
- public AbstractAssociationWrapper createAssociationWrapper(ObjectWrapper objectWrapper, PrismObject resource, ShadowKindType kind, String shadowIntent, PrismContainer association, ContainerStatus objectStatus, ContainerStatus status, ItemPath path) throws SchemaException {
+ public ShadowAssociationWrapper createAssociationWrapper(ObjectWrapper objectWrapper, PrismObject resource, ShadowKindType kind, String shadowIntent, PrismContainer association, ContainerStatus objectStatus, ContainerStatus status, ItemPath path) throws SchemaException {
if (association == null || association.getDefinition() == null
|| (!(association.getDefinition().getCompileTimeClass().equals(ShadowAssociationType.class))
&& !(association.getDefinition().getCompileTimeClass().equals(ResourceObjectAssociationType.class)))){
@@ -133,16 +133,14 @@ public AbstractAssociationWrapper createAssociationWra
}
PrismContainer associationTransformed = associationDefinition.instantiate();
- AbstractAssociationWrapper associationWrapper;
+ ShadowAssociationWrapper associationWrapper;
if (association.getDefinition().getCompileTimeClass().equals(ShadowAssociationType.class)) {
associationWrapper = new ShadowAssociationWrapper(objectWrapper, associationTransformed, objectStatus, status, path);
- } else if (association.getDefinition().getCompileTimeClass().equals(ResourceObjectAssociationType.class)) {
- associationWrapper = new ResourceAssociationWrapper(objectWrapper, associationTransformed, objectStatus, status, path);
} else {
return null;
}
- ContainerValueWrapper shadowValueWrapper = new ContainerValueWrapper<>(associationWrapper,
+ ContainerValueWrapper shadowValueWrapper = new ContainerValueWrapper(associationWrapper,
associationTransformed.createNewValue(), objectStatus,
ContainerStatus.ADDING == status ? ValueStatus.ADDED : ValueStatus.NOT_CHANGED, path);
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismPropertyPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismPropertyPanel.java
index e6d7cdc3539..cb664263640 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismPropertyPanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismPropertyPanel.java
@@ -282,7 +282,14 @@ protected void populateItem(final ListItem item) {
itemWrapper.getPath().containsName(MappingType.F_EXPRESSION)){
ExpressionWrapper expressionWrapper = (ExpressionWrapper)item.getModelObject().getItem();
panel = new ExpressionValuePanel("value", new PropertyModel(item.getModel(), "value.value"),
- expressionWrapper.getConstruction(), pageBase);
+ expressionWrapper.getConstruction(), pageBase){
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected boolean isAssociationExpression(){
+ return itemWrapper.getPath().containsName(ConstructionType.F_ASSOCIATION);
+ }
+ };
} else {
panel = new PrismValuePanel("value", item.getModel(), label, form, getValueCssClass(), getInputCssClass());
}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismValuePanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismValuePanel.java
index f5e71018550..b13a363cb74 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismValuePanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismValuePanel.java
@@ -619,13 +619,7 @@ public void setObject(String object) {
if (def.getValueEnumerationRef() != null) {
PrismReferenceValue valueEnumerationRef = def.getValueEnumerationRef();
String lookupTableUid = valueEnumerationRef.getOid();
- Task task = getPageBase().createSimpleTask("loadLookupTable");
- OperationResult result = task.getResult();
-
- Collection> options = WebModelServiceUtils
- .createLookupTableRetrieveOptions();
- final PrismObject lookupTable = WebModelServiceUtils.loadObject(LookupTableType.class,
- lookupTableUid, options, getPageBase(), task, result);
+ PrismObject lookupTable = getLookupTable(lookupTableUid);
if (lookupTable != null) {
@@ -899,28 +893,7 @@ public void checkInputValue(AutoCompleteTextField input, AjaxRequestTarget targe
} else if (def.getValueEnumerationRef() != null) {
PrismReferenceValue valueEnumerationRef = def.getValueEnumerationRef();
String lookupTableUid = valueEnumerationRef.getOid();
-
- PrismObject lookupTable;
- String operation = "loadLookupTable";
- if(getPageBase() instanceof PageSelfRegistration) {
- lookupTable = getPageBase().runPrivileged(
- () -> {
- Task task = getPageBase().createAnonymousTask(operation);
- OperationResult result = task.getResult();
- Collection> options = WebModelServiceUtils
- .createLookupTableRetrieveOptions();
- return WebModelServiceUtils.loadObject(LookupTableType.class,
- lookupTableUid, options, getPageBase(), task, result);
- });
- } else {
- Task task = getPageBase().createSimpleTask(operation);
- OperationResult result = task.getResult();
-
- Collection> options = WebModelServiceUtils
- .createLookupTableRetrieveOptions();
- lookupTable = WebModelServiceUtils.loadObject(LookupTableType.class,
- lookupTableUid, options, getPageBase(), task, result);
- }
+ PrismObject lookupTable = getLookupTable(lookupTableUid);
if (lookupTable != null) {
@@ -995,6 +968,32 @@ protected Class getDefaultType(List supportedTypes){
return panel;
}
+
+ private PrismObject getLookupTable(String lookupTableUid) {
+ PrismObject lookupTable;
+ String operation = "loadLookupTable";
+ if(getPageBase() instanceof PageSelfRegistration) {
+ lookupTable = getPageBase().runPrivileged(
+ () -> {
+ Task task = getPageBase().createAnonymousTask(operation);
+ OperationResult result = task.getResult();
+ Collection> options = WebModelServiceUtils
+ .createLookupTableRetrieveOptions();
+ return WebModelServiceUtils.loadObject(LookupTableType.class,
+ lookupTableUid, options, getPageBase(), task, result);
+ });
+ } else {
+ Task task = getPageBase().createSimpleTask(operation);
+ OperationResult result = task.getResult();
+
+ Collection> options = WebModelServiceUtils
+ .createLookupTableRetrieveOptions();
+ lookupTable = WebModelServiceUtils.loadObject(LookupTableType.class,
+ lookupTableUid, options, getPageBase(), task, result);
+ }
+
+ return lookupTable;
+ }
private List prepareAutoCompleteList(String input, PrismObject lookupTable) {
List values = new ArrayList<>();
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ResourceAssociationWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ResourceAssociationWrapper.java
deleted file mode 100644
index 97422b84219..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ResourceAssociationWrapper.java
+++ /dev/null
@@ -1,118 +0,0 @@
-package com.evolveum.midpoint.web.component.prism;
-
-import com.evolveum.midpoint.prism.PrismContainer;
-import com.evolveum.midpoint.prism.PrismReference;
-import com.evolveum.midpoint.prism.PrismReferenceValue;
-import com.evolveum.midpoint.prism.delta.ObjectDelta;
-import com.evolveum.midpoint.prism.path.ItemPath;
-import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
-import com.evolveum.midpoint.util.exception.SchemaException;
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
-import org.apache.commons.collections4.CollectionUtils;
-
-/**
- * Created by honchar.
- */
-public class ResourceAssociationWrapper extends AbstractAssociationWrapper {
-
- private static transient Trace LOGGER = TraceManager.getTrace(ResourceAssociationWrapper.class);
-
- ResourceAssociationWrapper(ObjectWrapper objectWrapper, PrismContainer container, ContainerStatus objectStatus, ContainerStatus status, ItemPath path) {
- super(objectWrapper, container, objectStatus, status, path);
- }
-
- private static final long serialVersionUID = 1L;
-
- @Override
- public PrismContainer createContainerAddDelta() throws SchemaException {
- if (CollectionUtils.isEmpty(getValues())) {
- return null;
- }
-
- PrismContainer resourceAssociation = getItemDefinition().instantiate();
-
- //we know that there is always only one value
- ContainerValueWrapper containerValueWrappers = getValues().iterator().next();
- for (ItemWrapper itemWrapper : containerValueWrappers.getItems()) {
-
- if (!(itemWrapper instanceof ReferenceWrapper)) {
- LOGGER.warn("Item in shadow association value wrapper is not an reference. Should not happen.");
- continue;
- }
-
- ReferenceWrapper refWrapper = (ReferenceWrapper) itemWrapper;
- if (!refWrapper.hasChanged()) {
- return null;
- }
-
- PrismReference updatedRef = refWrapper.getUpdatedItem(getItem().getPrismContext());
-
- for (PrismReferenceValue updatedRefValue : updatedRef.getValues()) {
- ResourceObjectAssociationType resourceAssociationType = new ResourceObjectAssociationType();
-// resourceAssociationType.setName(refWrapper.getName());
-// resourceAssociationType.setref(ObjectTypeUtil.createObjectRef(updatedRefValue));
- resourceAssociation.add(resourceAssociationType.asPrismContainerValue());
- }
-
- }
-
- if (resourceAssociation.isEmpty() || resourceAssociation.getValues().isEmpty()) {
- return null;
- }
- return resourceAssociation;
- }
-
- @Override
- public void collectModifications(ObjectDelta delta) throws SchemaException {
-
- if (CollectionUtils.isEmpty(getValues())) {
- return;
- }
-
- ContainerValueWrapper containerValueWrappers = getValues().iterator().next();
-
- for (ItemWrapper itemWrapper : containerValueWrappers.getItems()) {
-
- if (!(itemWrapper instanceof ReferenceWrapper)) {
- LOGGER.warn("Item in shadow association value wrapper is not an reference. Should not happen.");
- continue;
- }
-
- ReferenceWrapper refWrapper = (ReferenceWrapper) itemWrapper;
- if (!refWrapper.hasChanged()) {
- continue;
- }
-
- for (ValueWrapper refValue : refWrapper.getValues()) {
-
- PrismReferenceValue prismRefValue = (PrismReferenceValue) refValue.getValue();
- ShadowAssociationType shadowAssociationType = new ShadowAssociationType();
- shadowAssociationType.setName(refWrapper.getName());
- shadowAssociationType.setShadowRef(ObjectTypeUtil.createObjectRef(prismRefValue));
- switch (refValue.getStatus()) {
- case ADDED:
- if (!refValue.hasValueChanged()) {
- continue;
- }
- delta.addModificationAddContainer(refWrapper.getPath(), shadowAssociationType);
- break;
- case DELETED:
- delta.addModificationDeleteContainer(refWrapper.getPath(), shadowAssociationType);
- default:
- break;
- }
-
-
-
- }
- }
-
- }
-
-
-}
-
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ShadowAssociationWrapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ShadowAssociationWrapper.java
index 7e613178330..1bac6e69a6f 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ShadowAssociationWrapper.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ShadowAssociationWrapper.java
@@ -33,7 +33,7 @@
* @author katkav
*
*/
-public class ShadowAssociationWrapper extends AbstractAssociationWrapper {
+public class ShadowAssociationWrapper extends ContainerWrapper {
private static transient Trace LOGGER = TraceManager.getTrace(ShadowAssociationWrapper.class);
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/AuditLogViewerPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/AuditLogViewerPanel.java
index d4bb14ce59a..cce7d115f7d 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/AuditLogViewerPanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/AuditLogViewerPanel.java
@@ -53,6 +53,7 @@
import com.evolveum.midpoint.gui.api.component.button.CsvDownloadButtonPanel;
import com.evolveum.midpoint.gui.api.component.path.ItemPathPanel;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil.Channel;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.prism.path.CanonicalItemPath;
import com.evolveum.midpoint.prism.path.ItemPath;
@@ -247,11 +248,12 @@ public boolean isVisible() {
channelQnameList.add(channelQName);
}
}
- ListModel channelListModel = new ListModel<>(channelQnameList);
- PropertyModel channelModel = new PropertyModel<>(getModel(),
+// ListModel channelListModel = new ListModel<>(channelQnameList);
+ PropertyModel channelModel = new PropertyModel<>(getModel(),
AuditSearchDto.F_CHANNEL);
- DropDownChoicePanel channel = new DropDownChoicePanel<>(ID_CHANNEL, channelModel,
- channelListModel, new QNameChoiceRenderer(), true);
+ DropDownChoicePanel channel = new DropDownChoicePanel<>(ID_CHANNEL, channelModel,
+ Model.ofList(Arrays.asList(Channel.values())),
+ new EnumChoiceRenderer<>(), true);
channel.getBaseFormComponent().add(new EmptyOnChangeAjaxFormUpdatingBehavior());
channel.getBaseFormComponent().add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
channel.setOutputMarkupId(true);
@@ -377,7 +379,7 @@ private Map getAuditEventProviderParameters() {
parameters.put(AuditEventRecordProvider.PARAMETER_TO, search.getTo());
if (search.getChannel() != null) {
- parameters.put(AuditEventRecordProvider.PARAMETER_CHANNEL, QNameUtil.qNameToUri(search.getChannel()));
+ parameters.put(AuditEventRecordProvider.PARAMETER_CHANNEL, search.getChannel().getChannel());
}
parameters.put(AuditEventRecordProvider.PARAMETER_HOST_IDENTIFIER, search.getHostIdentifier());
@@ -534,12 +536,26 @@ public void populateItem(Item> item, String
columns.add(initiatorRefColumn);
if (!isHistory) {
- IColumn eventStageColumn = new PropertyColumn<>(
- createStringResource("PageAuditLogViewer.eventStageLabel"), "eventStage");
+ IColumn eventStageColumn = new PropertyColumn(
+ createStringResource("PageAuditLogViewer.eventStageLabel"), "eventStage"){
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public IModel getDataModel(IModel rowModel) {
+ return WebComponentUtil.createLocalizedModelForEnum(rowModel.getObject().getEventStage(), AuditLogViewerPanel.this);
+ }
+ };
columns.add(eventStageColumn);
}
- IColumn eventTypeColumn = new PropertyColumn<>(
- createStringResource("PageAuditLogViewer.eventTypeLabel"), "eventType");
+ IColumn eventTypeColumn = new PropertyColumn(
+ createStringResource("PageAuditLogViewer.eventTypeLabel"), "eventType"){
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public IModel getDataModel(IModel rowModel) {
+ return WebComponentUtil.createLocalizedModelForEnum(rowModel.getObject().getEventType(), AuditLogViewerPanel.this);
+ }
+ };
columns.add(eventTypeColumn);
if (!isHistory) {
@@ -580,10 +596,15 @@ public void populateItem(Item> item, String
IModel rowModel) {
AuditEventRecordType auditEventRecordType = (AuditEventRecordType) rowModel.getObject();
String channel = auditEventRecordType.getChannel();
- if (channel != null) {
- QName channelQName = QNameUtil.uriToQName(channel);
- String return_ = channelQName.getLocalPart();
- item.add(new Label(componentId, return_));
+ Channel channelValue = null;
+ for (Channel chan : Channel.values()) {
+ if (chan.getChannel().equals(channel)) {
+ channelValue = chan;
+ break;
+ }
+ }
+ if (channelValue != null) {
+ item.add(new Label(componentId, WebComponentUtil.createLocalizedModelForEnum(channelValue, AuditLogViewerPanel.this)));
} else {
item.add(new Label(componentId, ""));
}
@@ -592,8 +613,15 @@ public void populateItem(Item> item, String
};
columns.add(channelColumn);
- IColumn outcomeColumn = new PropertyColumn<>(
- createStringResource("PageAuditLogViewer.outcomeLabel"), "outcome");
+ IColumn outcomeColumn = new PropertyColumn(
+ createStringResource("PageAuditLogViewer.outcomeLabel"), "outcome"){
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public IModel getDataModel(IModel rowModel) {
+ return WebComponentUtil.createLocalizedModelForEnum(rowModel.getObject().getOutcome(), AuditLogViewerPanel.this);
+ }
+ };
columns.add(outcomeColumn);
return columns;
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/dto/AuditSearchDto.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/dto/AuditSearchDto.java
index 7953a2945fd..6eb8a3c2715 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/dto/AuditSearchDto.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/dto/AuditSearchDto.java
@@ -24,6 +24,8 @@
import javax.xml.namespace.QName;
import com.evolveum.midpoint.gui.api.component.path.ItemPathDto;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil.Channel;
import com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventStageType;
import com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
@@ -55,7 +57,7 @@ public class AuditSearchDto implements Serializable {
private XMLGregorianCalendar from;
private XMLGregorianCalendar to;
private ObjectReferenceType initiatorName;
- private QName channel;
+ private Channel channel;
private String hostIdentifier;
private List targetNames = new ArrayList<>();
private List targetNamesObjects = new ArrayList<>();
@@ -93,11 +95,11 @@ public void setInitiatorName(ObjectReferenceType initiatorName) {
this.initiatorName = initiatorName;
}
- public QName getChannel() {
+ public Channel getChannel() {
return channel;
}
- public void setChannel(QName channel) {
+ public void setChannel(Channel channel) {
this.channel = channel;
}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.html b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.html
new file mode 100644
index 00000000000..90f6c975190
--- /dev/null
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.html
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.java
new file mode 100644
index 00000000000..2454ca1ebce
--- /dev/null
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ShadowSummaryPanel.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010-2018 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.web.page.admin.resources;
+
+import com.evolveum.midpoint.gui.api.GuiStyleConstants;
+import com.evolveum.midpoint.gui.api.util.ModelServiceLocator;
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.web.component.ObjectSummaryPanel;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
+import org.apache.wicket.model.IModel;
+
+/**
+ * Created by Viliam Repan (lazyman).
+ */
+public class ShadowSummaryPanel extends ObjectSummaryPanel {
+
+ private static final long serialVersionUID = 1L;
+
+ public ShadowSummaryPanel(String id, IModel> model, ModelServiceLocator locator) {
+ super(id, ShadowType.class, model, locator);
+
+ initLayoutCommon(locator);
+ }
+
+ @Override
+ protected void onBeforeRender() {
+ super.onBeforeRender();
+
+
+ // todo implement custom layout
+ }
+
+ @Override
+ protected String getIconCssClass() {
+ return GuiStyleConstants.CLASS_OBJECT_RESOURCE_ICON; //todo fix
+ }
+
+ @Override
+ protected String getIconBoxAdditionalCssClass() {
+ return "summary-panel-resource"; //todo fix
+ }
+
+ @Override
+ protected String getBoxAdditionalCssClass() {
+ return "summary-panel-resource"; //todo fix
+ }
+}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/accept.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/accept.png
deleted file mode 100644
index 89c8129a490..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/accept.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh.png
deleted file mode 100644
index 0de26566d41..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh_gray.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh_gray.png
deleted file mode 100644
index 060ba7383b6..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/arrow_refresh_gray.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go.png
deleted file mode 100644
index fc53379efcd..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go_gray.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go_gray.png
deleted file mode 100644
index 476bc7c2676..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/drive_go_gray.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceController.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceController.java
deleted file mode 100644
index 286fe90de6d..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceController.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.util.List;
-
-import com.evolveum.midpoint.schema.result.OperationResultStatus;
-
-import org.apache.commons.lang.Validate;
-
-import com.evolveum.midpoint.schema.constants.ConnectorTestOperation;
-import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AvailabilityStatusType;
-
-/**
- * @author mserbak
- */
-public class ResourceController {
-
- public static void updateResourceState(ResourceState state, OperationResult result) {
- Validate.notNull(result, "Operation result must not be null.");
-
- List subResults = result.getSubresults();
- state.setConConnection(getStatusFromResultType(ConnectorTestOperation.CONNECTOR_CONNECTION,
- subResults));
- state.setConfValidation(getStatusFromResultType(ConnectorTestOperation.CONNECTOR_CONFIGURATION,
- subResults));
- state.setConInitialization(getStatusFromResultType(ConnectorTestOperation.CONNECTOR_INITIALIZATION,
- subResults));
- state.setConSanity(getStatusFromResultType(ConnectorTestOperation.RESOURCE_SANITY, subResults));
- state.setConSchema(getStatusFromResultType(ConnectorTestOperation.RESOURCE_SCHEMA, subResults));
- }
-
- private static OperationResultStatus getStatusFromResultType(ConnectorTestOperation operation,
- List results) {
- OperationResultStatus status = OperationResultStatus.UNKNOWN;
-
- OperationResult resultFound = null;
- for (OperationResult result : results) {
- try {
- if (operation.getOperation().equals(result.getOperation())) {
- resultFound = result;
- break;
- }
- } catch (IllegalArgumentException ex) {
- //result.recordFatalError("Result operation name " + result.getOperation() + " returned from test connection is not type of " + ConnectorTestOperation.class + ".", ex);
- }
- }
-
- if (resultFound == null) {
- return status;
- }
-
- switch (resultFound.getStatus()) {
- case UNKNOWN:
- status = OperationResultStatus.UNKNOWN;
- break;
- case SUCCESS:
- status = OperationResultStatus.SUCCESS;
- break;
- case WARNING:
- status = OperationResultStatus.WARNING;
- break;
- case FATAL_ERROR:
- status = OperationResultStatus.FATAL_ERROR;
- break;
- case PARTIAL_ERROR:
- status = OperationResultStatus.PARTIAL_ERROR;
- break;
- case HANDLED_ERROR:
- status = OperationResultStatus.HANDLED_ERROR;
- break;
- case IN_PROGRESS:
- status = OperationResultStatus.IN_PROGRESS;
- break;
- default:
- status = OperationResultStatus.UNKNOWN;
- }
- return status;
- }
-
- public static void updateLastAvailabilityState(ResourceState state, AvailabilityStatusType lastAvailabilityStatus) {
- OperationResultStatus lastAvailability = OperationResultStatus.UNKNOWN;
-
- if (lastAvailabilityStatus == null) {
- if (state.getOverall().equals(OperationResultStatus.SUCCESS)) {
- lastAvailability = OperationResultStatus.SUCCESS;
- } else if ((state.getOverall().equals(OperationResultStatus.PARTIAL_ERROR)
- || state.getOverall().equals(OperationResultStatus.FATAL_ERROR)
- || state.getOverall().equals(OperationResultStatus.HANDLED_ERROR))) {
- lastAvailability = OperationResultStatus.PARTIAL_ERROR;
- }
- state.setLastAvailability(lastAvailability);
- return;
- }
-
- if (state.getOverall().equals(OperationResultStatus.SUCCESS)
- && !lastAvailabilityStatus.equals(AvailabilityStatusType.UP)) {
- lastAvailability = OperationResultStatus.SUCCESS;
- } else if ((state.getOverall().equals(OperationResultStatus.PARTIAL_ERROR)
- || state.getOverall().equals(OperationResultStatus.FATAL_ERROR)
- || state.getOverall().equals(OperationResultStatus.HANDLED_ERROR))
- && !lastAvailabilityStatus.equals(AvailabilityStatusType.DOWN)) {
- lastAvailability = OperationResultStatus.PARTIAL_ERROR;
- }
-
- if (!lastAvailability.equals(OperationResultStatus.UNKNOWN)) {
- state.setLastAvailability(lastAvailability);
- return;
- }
-
- switch (lastAvailabilityStatus) {
- case UP:
- lastAvailability = OperationResultStatus.SUCCESS;
- break;
- case DOWN:
- lastAvailability = OperationResultStatus.PARTIAL_ERROR;
- break;
- }
- state.setLastAvailability(lastAvailability);
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceDto.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceDto.java
deleted file mode 100644
index 6bea5f3a4a6..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceDto.java
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import com.evolveum.midpoint.common.refinery.RefinedResourceSchemaImpl;
-import com.evolveum.midpoint.prism.PrismReference;
-import com.evolveum.midpoint.schema.result.OperationResultStatus;
-import com.evolveum.midpoint.web.component.data.column.InlineMenuable;
-import com.evolveum.midpoint.web.component.menu.cog.InlineMenuItem;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
-import org.apache.commons.lang.Validate;
-
-import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
-import com.evolveum.midpoint.prism.PrismContext;
-import com.evolveum.midpoint.prism.PrismObject;
-import com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition;
-import com.evolveum.midpoint.schema.processor.ResourceSchema;
-import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.web.component.util.Selectable;
-
-import javax.xml.namespace.QName;
-
-/**
- * @author lazyman
- */
-public class ResourceDto extends Selectable implements InlineMenuable {
-
- private static final String DOT_CLASS = ResourceDto.class.getName() + ".";
- private static final String OPERATION_LOAD_RESOURCE_DEFINITION = DOT_CLASS + "ResourceDto - load resource attribute container definition";
-
- private String oid;
- private String name;
- private String bundle;
- private String version;
- private String progress;
- private String type;
- private ResourceState state;
- private AvailabilityStatusType lastAvailabilityStatus;
- private List objectTypes;
- private List capabilities;
- private ResourceSync sync;
- private ResourceImport resImport;
- private QName defaultAccountObjectClass;
- private List menuItems;
-
- public ResourceDto() {
- }
-
- public ResourceDto(PrismObject resource) {
- oid = resource.getOid();
- name = WebComponentUtil.getName(resource);
-
- PrismReference ref = resource.findReference(ResourceType.F_CONNECTOR_REF);
- ConnectorType connector = null;
- if (ref != null && ref.getValue().getObject() != null) {
- connector = (ConnectorType) ref.getValue().getObject().asObjectable();
- }
- bundle = connector != null ? connector.getConnectorBundle() : null;
- version = connector != null ? connector.getConnectorVersion() : null;
- type = connector != null ? connector.getConnectorType() : null;
- lastAvailabilityStatus = resource.asObjectable().getOperationalState() != null ? resource.asObjectable().getOperationalState().getLastAvailabilityStatus() : null;
-
- if(resource.asObjectable().getFetchResult() != null && resource.asObjectable().getFetchResult().getStatus() != null){
- if(OperationResultStatusType.PARTIAL_ERROR.equals(resource.asObjectable().getFetchResult().getStatus())){
- lastAvailabilityStatus = null;
- }
- }
- }
-
- public ResourceDto(PrismObject resource, PrismContext prismContext, ConnectorType connector, List capabilities) {
- Validate.notNull(resource);
-
- OperationResult result = new OperationResult(OPERATION_LOAD_RESOURCE_DEFINITION);
-
- oid = resource.getOid();
- name = WebComponentUtil.getName(resource);
- bundle = connector != null ? connector.getConnectorBundle() : null;
- version = connector != null ? connector.getConnectorVersion() : null;
- type = connector != null ? connector.getConnectorType() : null;
- this.capabilities = capabilities;
-
- try {
- ResourceSchema resourceSchema = RefinedResourceSchemaImpl.getResourceSchema(resource, prismContext);
- Collection definitions = resourceSchema.getObjectClassDefinitions();
- for (ObjectClassComplexTypeDefinition definition : definitions) {
- if (!(definition instanceof ObjectClassComplexTypeDefinition)) {
- continue;
- }
- if(objectTypes == null){
- objectTypes = new ArrayList<>();
- }
- objectTypes.add(new ResourceObjectTypeDto(definition));
- }
-
- //default account object class qname
- ObjectClassComplexTypeDefinition def = resourceSchema.findDefaultObjectClassDefinition(ShadowKindType.ACCOUNT);
- defaultAccountObjectClass = def.getTypeName();
- } catch (Exception ex) {
- result.recordFatalError("Couldn't load resource attribute container definition.", ex);
- }
- }
-
- public QName getDefaultAccountObjectClass() {
- return defaultAccountObjectClass;
- }
-
- public String getBundle() {
- return bundle;
- }
-
- public String getName() {
- return name;
- }
-
- public String getOid() {
- return oid;
- }
-
- public String getVersion() {
- return version;
- }
-
- public String getProgress() {
- return progress;
- }
-
- public String getType() {
- return type;
- }
-
- public List getCapabilities() {
- return capabilities;
- }
-
- public ResourceState getState() {
- if (state == null) {
- state = new ResourceState();
- }
- return state;
- }
-
- public OperationResultStatus getOverallStatus() {
- if (state == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return state.getOverall();
- }
-
- public AvailabilityStatusType getLastAvailabilityStatus() {
- return lastAvailabilityStatus;
- }
-
- public List getObjectTypes() {
- if (objectTypes == null) {
- objectTypes = new ArrayList<>();
- }
- return objectTypes;
- }
-
- public ResourceSyncStatus getSyncStatus() {
- if (sync == null || !sync.isEnabled()) {
- return ResourceSyncStatus.DISABLE;
- }
- return ResourceSyncStatus.ENABLE;
- }
-
- public ResourceImportStatus getResImport() {
- if (resImport == null || !resImport.isEnabled()) {
- return ResourceImportStatus.DISABLE;
- }
- return ResourceImportStatus.ENABLE;
- }
-
- @Override
- public List getMenuItems() {
- if (menuItems == null) {
- menuItems = new ArrayList<>();
- }
- return menuItems;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImport.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImport.java
deleted file mode 100644
index c4284e9a0a9..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImport.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-public class ResourceImport {
- private boolean enabled;
-
- public boolean isEnabled() {
- return enabled;
- }
-
- public void setEnabled(boolean enabled) {
- this.enabled = enabled;
- }
-
- public String getImportTitle() {
- if (enabled) {
- return "Import running";
- }
- return "Import not running";
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportDto.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportDto.java
deleted file mode 100644
index e64c516f860..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportDto.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.io.Serializable;
-import java.util.Date;
-import com.evolveum.midpoint.schema.result.OperationResult;
-
-/**
- * @author Katuska
- */
-public class ResourceImportDto implements Serializable {
-
- private String name;
- private Date launchTime;
- private Date finishTime;
- private String lastStatus;
- private long numberOfErrors;
- private OperationResult lastError;
- private long progress;
- private boolean running;
-
- public ResourceImportDto(){
- //TODO
- }
-
- public String getName() {
- return name;
- }
-
- public Date getLaunchTime() {
- return launchTime;
- }
-
- public String getLaunchTimeString() {
- return launchTime.toString();
- }
-
- public String getFinishTimeString() {
- return finishTime.toString();
- }
-
- public Date getFinishTime() {
- return finishTime;
- }
-
- public String getLastStatus() {
- return lastStatus;
- }
-
- public OperationResult getLastError() {
- return lastError;
- }
-
- public long getProgress() {
- return progress;
- }
-
- public boolean isRunning() {
- return running;
- }
-
- public long getNumberOfErrors() {
- return numberOfErrors;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportStatus.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportStatus.java
deleted file mode 100644
index 96b0e6c6da1..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceImportStatus.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-/**
- * @author lazyman
- */
-public enum ResourceImportStatus {
-
- ENABLE("drive_go.png"),
-
- DISABLE("drive_go_gray.png");
-
- private String icon;
-
- private ResourceImportStatus(String icon) {
- this.icon = icon;
- }
-
- public String getIcon() {
- return icon;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceObjectTypeDto.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceObjectTypeDto.java
deleted file mode 100644
index caba741e096..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceObjectTypeDto.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.io.Serializable;
-
-import org.apache.commons.lang.Validate;
-
-import com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition;
-
-/**
- * @author lazyman
- */
-public class ResourceObjectTypeDto implements Serializable {
-
- private static final long serialVersionUID = 4664988785770149299L;
- private String displayName;
- private String nativeObjectClass;
- private String help;
- private String type;
-
- public ResourceObjectTypeDto(ObjectClassComplexTypeDefinition definition) {
- Validate.notNull(definition, "Resource object definition can't be null.");
-
- displayName = definition.getDisplayName();
- if(displayName == null){
- displayName = "-";
- }
-
- nativeObjectClass = definition.getNativeObjectClass();
- help = definition.getHelp();
- if (definition.getTypeName() != null) {
- this.type = definition.getTypeName().getLocalPart();
- }
- }
-
- public String getDisplayName() {
- if (displayName == null) {
- return "";
- }
- return displayName;
- }
-
- public String getNativeObjectClass() {
- if (nativeObjectClass == null) {
- return "";
- }
- return nativeObjectClass;
- }
-
- public String getHelp() {
- if (help == null) {
- return "";
- }
- return help;
- }
-
- public String getType() {
- return type;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceState.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceState.java
deleted file mode 100644
index 4c25f19b3fe..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceState.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.io.Serializable;
-
-import com.evolveum.midpoint.schema.result.OperationResultStatus;
-import org.apache.commons.lang.StringUtils;
-
-/**
- * @author lazyman
- */
-public class ResourceState implements Serializable {
-
- private OperationResultStatus lastAvailability;
- private OperationResultStatus overall;
- private OperationResultStatus confValidation;
- private OperationResultStatus conInitialization;
- private OperationResultStatus conConnection;
- private OperationResultStatus conSanity;
- private OperationResultStatus conSchema;
- private OperationResultStatus extra;
- private String extraName;
-
- public OperationResultStatus getOverall() {
- overall = updateOverallStatus();
- if (overall == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return overall;
- }
-
- public OperationResultStatus getConfValidation() {
- if (confValidation == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return confValidation;
- }
-
- public void setConfValidation(OperationResultStatus confValidation) {
- this.confValidation = confValidation;
- }
-
- public OperationResultStatus getConInitialization() {
- if (conInitialization == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return conInitialization;
- }
-
- public void setConInitialization(OperationResultStatus conInitialization) {
- this.conInitialization = conInitialization;
- }
-
- public OperationResultStatus getConConnection() {
- if (conConnection == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return conConnection;
- }
-
- public void setConConnection(OperationResultStatus conConnection) {
- this.conConnection = conConnection;
- }
-
- public OperationResultStatus getConSanity() {
- if (conSanity == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return conSanity;
- }
-
- public void setConSanity(OperationResultStatus conSanity) {
- this.conSanity = conSanity;
- }
-
- public OperationResultStatus getConSchema() {
- if (conSchema == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return conSchema;
- }
-
- public void setConSchema(OperationResultStatus conSchema) {
- this.conSchema = conSchema;
- }
-
- public OperationResultStatus getExtra() {
- if (extra == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return extra;
- }
-
- public void setExtra(OperationResultStatus extra) {
- this.extra = extra;
- }
-
- public String getExtraName() {
- if (StringUtils.isEmpty(extraName)) {
- return "Unknown";
- }
- return extraName;
- }
-
- public void setExtraName(String extraName) {
- this.extraName = extraName;
- }
-
- public OperationResultStatus getLastAvailability() {
- if (lastAvailability == null) {
- return OperationResultStatus.UNKNOWN;
- }
- return lastAvailability;
- }
-
- public void setLastAvailability(OperationResultStatus lastAvailability) {
- this.lastAvailability = lastAvailability;
- }
-
- private OperationResultStatus updateOverallStatus() {
- OperationResultStatus overall = OperationResultStatus.UNKNOWN;
- overall = getOverallBasedOnPartialStatus(overall, getConConnection());
- overall = getOverallBasedOnPartialStatus(overall, getConfValidation());
- overall = getOverallBasedOnPartialStatus(overall, getConInitialization());
- overall = getOverallBasedOnPartialStatus(overall, getConSanity());
- overall = getOverallBasedOnPartialStatus(overall, getConSchema());
- overall = getOverallBasedOnPartialStatus(overall, getExtra());
-
- return overall;
- }
-
- private OperationResultStatus getOverallBasedOnPartialStatus(OperationResultStatus overall, OperationResultStatus partial) {
- switch (overall) {
- case UNKNOWN:
- case SUCCESS:
- if (!OperationResultStatus.UNKNOWN.equals(partial)) {
- overall = partial;
- }
- break;
- case WARNING:
- if (!OperationResultStatus.UNKNOWN.equals(partial) && !OperationResultStatus.SUCCESS.equals(partial)) {
- overall = partial;
- }
- break;
- case FATAL_ERROR:
- break;
- case PARTIAL_ERROR:
- break;
- case HANDLED_ERROR:
- break;
- case IN_PROGRESS:
- break;
- }
-
- return overall;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSync.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSync.java
deleted file mode 100644
index 8302c9fe91e..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSync.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-import java.io.Serializable;
-import java.util.Date;
-
-/**
- * @author lazyman
- */
-public class ResourceSync implements Serializable {
-
- private boolean enabled;
- private int pollingInterval;
- private Date lastRunTime;
- private long timeToProcess;
- private String message;
-
- public boolean isEnabled() {
- return enabled;
- }
-
- public int getPollingInterval() {
- return pollingInterval;
- }
-
- public Date getLastRunTime() {
- return lastRunTime;
- }
-
- public long getTimeToProcess() {
- return timeToProcess;
- }
-
- public String getMessage() {
- return message;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncController.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncController.java
deleted file mode 100644
index b2a4e44ab0f..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncController.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-public class ResourceSyncController {
-
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncStatus.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncStatus.java
deleted file mode 100644
index e71e762fb32..00000000000
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ResourceSyncStatus.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2010-2013 Evolveum
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.evolveum.midpoint.web.page.admin.resources.dto;
-
-/**
- * @author lazyman
- */
-public enum ResourceSyncStatus {
-
- ENABLE("arrow_refresh.png"),
-
- DISABLE("arrow_refresh_gray.png");
-
- private String icon;
-
- private ResourceSyncStatus(String icon) {
- this.icon = icon;
- }
-
- public String getIcon() {
- return icon;
- }
-}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/error.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/error.png
deleted file mode 100644
index 628cf2dae3d..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/error.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/exclamation.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/exclamation.png
deleted file mode 100644
index c37bd062e60..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/exclamation.png and /dev/null differ
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/help.png b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/help.png
deleted file mode 100644
index 5c870176d4d..00000000000
Binary files a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/help.png and /dev/null differ
diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
index c04b69ee70b..6f6b7f50dd1 100644
--- a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
+++ b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
@@ -177,6 +177,12 @@ public static ObjectQuery createNameQuery(Class clazz,
.build();
}
+ public static ObjectQuery createOrgSubtreeQuery(PrismContext prismContext, String orgOid) throws SchemaException {
+ return QueryBuilder.queryFor(ObjectType.class, prismContext)
+ .isChildOf(orgOid)
+ .build();
+ }
+
public static ObjectQuery createRootOrgQuery(PrismContext prismContext) throws SchemaException {
return QueryBuilder.queryFor(ObjectType.class, prismContext).isRoot().build();
}
diff --git a/infra/schema/src/main/resources/localization/schema.properties b/infra/schema/src/main/resources/localization/schema.properties
index e395bb841b3..5b9406ae1f9 100755
--- a/infra/schema/src/main/resources/localization/schema.properties
+++ b/infra/schema/src/main/resources/localization/schema.properties
@@ -1172,4 +1172,14 @@ ObjectType.owner=Owner
ObjectType.consent=Consent
ObjectType.any=Any
SearchBoxScopeType.ONE_LEVEL=One level
-SearchBoxScopeType.SUBTREE=Subtree
\ No newline at end of file
+SearchBoxScopeType.SUBTREE=Subtree
+Channel.LIVE_SYNC=Live synchronization
+Channel.RECONCILIATION=Reconciliation
+Channel.DISCOVERY=Discovery
+Channel.WEB_SERVICE=Web Service
+Channel.IMPORT=Import
+Channel.REST=REST
+Channel.INIT=Initialization
+Channel.USER=User
+Channel.SELF_REGISTRATION=Self registration
+Channel.RESET_PASSWORD=Reset password
diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
index a60d6584cd0..55f3c983183 100644
--- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
+++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
@@ -151,6 +151,9 @@ public class TestSecurityAdvanced extends AbstractSecurityTest {
protected static final File ROLE_ASSIGN_ORG_FILE = new File(TEST_DIR, "role-assign-org.xml");
protected static final String ROLE_ASSIGN_ORG_OID = "be96f834-2dbb-11e8-b29d-7f5de07e7995";
+
+ protected static final File ROLE_READ_ORG_EXEC_FILE = new File(TEST_DIR, "role-read-org-exec.xml");
+ protected static final String ROLE_READ_ORG_EXEC_OID = "1ac39d34-e675-11e8-a1ec-37748272d526";
@Override
@@ -176,11 +179,12 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
repoAddObjectFromFile(ROLE_READ_ROLE_MEMBERS_FILE, initResult);
repoAddObjectFromFile(ROLE_READ_ROLE_MEMBERS_WRONG_FILE, initResult);
repoAddObjectFromFile(ROLE_READ_ROLE_MEMBERS_NONE_FILE, initResult);
+ repoAddObjectFromFile(ROLE_READ_ORG_EXEC_FILE, initResult);
setDefaultObjectTemplate(UserType.COMPLEX_TYPE, USER_TEMPLATE_SECURITY_OID, initResult);
}
- protected static final int NUMBER_OF_IMPORTED_ROLES = 16;
+ protected static final int NUMBER_OF_IMPORTED_ROLES = 17;
protected int getNumberOfRoles() {
return super.getNumberOfRoles() + NUMBER_OF_IMPORTED_ROLES;
@@ -3167,6 +3171,50 @@ public void test330AutzJackEndUserWithPrivacy() throws Exception {
assertGlobalStateUntouched();
}
+ /**
+ * Superuser role should allow everything. Adding another role with any (allow)
+ * authorizations should not limit superuser. Not even if those authorizations
+ * are completely loony.
+ *
+ * MID-4931
+ */
+ @Test
+ public void test340AutzJackSuperUserAndExecRead() throws Exception {
+ final String TEST_NAME = "test340AutzJackSuperUserAndExecRead";
+ displayTestTitle(TEST_NAME);
+ // GIVEN
+ cleanupAutzTest(USER_JACK_OID);
+
+ assignRole(USER_JACK_OID, ROLE_SUPERUSER_OID);
+ assignRole(USER_JACK_OID, ROLE_READ_ORG_EXEC_OID);
+
+ // preconditions
+ assertSearch(UserType.class, createOrgSubtreeQuery(ORG_MINISTRY_OF_OFFENSE_OID), USER_LECHUCK_OID, USER_GUYBRUSH_OID, userCobbOid, USER_ESTEVAN_OID);
+ assertSearch(UserType.class, createOrgSubtreeAndNameQuery(ORG_MINISTRY_OF_OFFENSE_OID, USER_GUYBRUSH_USERNAME), USER_GUYBRUSH_OID);
+ assertSearch(ObjectType.class, createOrgSubtreeAndNameQuery(ORG_MINISTRY_OF_OFFENSE_OID, USER_GUYBRUSH_USERNAME), USER_GUYBRUSH_OID);
+
+ login(USER_JACK_USERNAME);
+
+ // WHEN
+ displayWhen(TEST_NAME);
+
+ assertSearch(UserType.class, createOrgSubtreeQuery(ORG_MINISTRY_OF_OFFENSE_OID), USER_LECHUCK_OID, USER_GUYBRUSH_OID, userCobbOid, USER_ESTEVAN_OID);
+ assertSearch(UserType.class, createOrgSubtreeAndNameQuery(ORG_MINISTRY_OF_OFFENSE_OID, USER_GUYBRUSH_USERNAME), USER_GUYBRUSH_OID);
+ assertSearch(ObjectType.class, createOrgSubtreeAndNameQuery(ORG_MINISTRY_OF_OFFENSE_OID, USER_GUYBRUSH_USERNAME), USER_GUYBRUSH_OID);
+
+ assertSuperuserAccess(NUMBER_OF_ALL_USERS);
+
+ assertGlobalStateUntouched();
+ }
+
+ private ObjectQuery createOrgSubtreeAndNameQuery(String orgOid, String name) {
+ return queryFor(ObjectType.class)
+ .isChildOf(orgOid)
+ .and()
+ .item(ObjectType.F_NAME).eqPoly(name)
+ .build();
+ }
+
private void modifyJackValidTo() throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException {
Task task = createTask("modifyJackValidTo");
OperationResult result = task.getResult();
diff --git a/model/model-intest/src/test/resources/security/role-read-org-exec.xml b/model/model-intest/src/test/resources/security/role-read-org-exec.xml
new file mode 100644
index 00000000000..74017cb2c88
--- /dev/null
+++ b/model/model-intest/src/test/resources/security/role-read-org-exec.xml
@@ -0,0 +1,31 @@
+
+
+
+ Read org exec
+
+ read-org-exec
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
+ execution
+
+
+
diff --git a/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java b/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
index 3936e220682..a8a4776eeeb 100644
--- a/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
+++ b/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
@@ -1142,6 +1142,12 @@ protected ObjectQuery createShadowQueryByAttribute(ObjectClassComplexTypeDefinit
.and().item(ShadowType.F_RESOURCE_REF).ref(resource.getOid())
.build();
}
+
+ protected ObjectQuery createOrgSubtreeQuery(String orgOid) throws SchemaException {
+ return queryFor(ObjectType.class)
+ .isChildOf(orgOid)
+ .build();
+ }
protected PrismObjectDefinition getObjectDefinition(Class type) {
return prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(type);
diff --git a/repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java b/repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
index 2805da710cb..69c475af9d4 100644
--- a/repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
+++ b/repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
@@ -1097,9 +1097,9 @@ public ObjectFilter preProcessObjec
if (origFilter == null) {
origFilter = AllFilter.createAll();
}
- ObjectFilter finalFilter;
+ ObjectFilter securityFilter;
if (phase != null) {
- finalFilter = preProcessObjectFilterInternal(principal, operationUrls, phase,
+ securityFilter = preProcessObjectFilterInternal(principal, operationUrls, phase,
true, searchResultType, object, true, origFilter, limitAuthorizationAction, "search pre-process", task, result);
} else {
ObjectFilter filterBoth = preProcessObjectFilterInternal(principal, operationUrls, null,
@@ -1108,8 +1108,9 @@ public ObjectFilter preProcessObjec
false, searchResultType, object, true, origFilter, limitAuthorizationAction, "search pre-process", task, result);
ObjectFilter filterExecution = preProcessObjectFilterInternal(principal, operationUrls, AuthorizationPhaseType.EXECUTION,
false, searchResultType, object, true, origFilter, limitAuthorizationAction, "search pre-process", task, result);
- finalFilter = ObjectQueryUtil.filterOr(filterBoth, ObjectQueryUtil.filterAnd(filterRequest, filterExecution));
+ securityFilter = ObjectQueryUtil.filterOr(filterBoth, ObjectQueryUtil.filterAnd(filterRequest, filterExecution));
}
+ ObjectFilter finalFilter = ObjectQueryUtil.filterAnd(origFilter, securityFilter);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("AUTZ: evaluated search pre-process principal={}, objectType={}: {}",
getUsername(principal), getObjectType(searchResultType), finalFilter);
@@ -1126,29 +1127,30 @@ public ObjectFilter preProcessObjec
*/
@Override
public boolean canSearch(String[] operationUrls,
- AuthorizationPhaseType phase, Class searchResultType, PrismObject object, boolean includeSpecial, ObjectFilter filter, Task task, OperationResult result)
+ AuthorizationPhaseType phase, Class searchResultType, PrismObject object, boolean includeSpecial, ObjectFilter origFilter, Task task, OperationResult result)
throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
MidPointPrincipal principal = getMidPointPrincipal();
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("AUTZ: evaluating search permission principal={}, searchResultType={}, object={}: filter {}",
- getUsername(principal), searchResultType, object, filter);
+ getUsername(principal), searchResultType, object, origFilter);
}
- if (filter == null) {
+ if (origFilter == null) {
return true;
}
- ObjectFilter finalFilter;
+ ObjectFilter securityFilter;
if (phase != null) {
- finalFilter = preProcessObjectFilterInternal(principal, operationUrls, phase,
- true, searchResultType, object, includeSpecial, filter, null, "search permission", task, result);
+ securityFilter = preProcessObjectFilterInternal(principal, operationUrls, phase,
+ true, searchResultType, object, includeSpecial, origFilter, null, "search permission", task, result);
} else {
ObjectFilter filterBoth = preProcessObjectFilterInternal(principal, operationUrls, null,
- false, searchResultType, object, includeSpecial, filter, null, "search permission", task, result);
+ false, searchResultType, object, includeSpecial, origFilter, null, "search permission", task, result);
ObjectFilter filterRequest = preProcessObjectFilterInternal(principal, operationUrls, AuthorizationPhaseType.REQUEST,
- false, searchResultType, object, includeSpecial, filter, null, "search permission", task, result);
+ false, searchResultType, object, includeSpecial, origFilter, null, "search permission", task, result);
ObjectFilter filterExecution = preProcessObjectFilterInternal(principal, operationUrls, AuthorizationPhaseType.EXECUTION,
- false, searchResultType, object, includeSpecial, filter, null, "search permission", task, result);
- finalFilter = ObjectQueryUtil.filterOr(filterBoth, ObjectQueryUtil.filterAnd(filterRequest, filterExecution));
+ false, searchResultType, object, includeSpecial, origFilter, null, "search permission", task, result);
+ securityFilter = ObjectQueryUtil.filterOr(filterBoth, ObjectQueryUtil.filterAnd(filterRequest, filterExecution));
}
+ ObjectFilter finalFilter = ObjectQueryUtil.filterAnd(origFilter, securityFilter);
finalFilter = ObjectQueryUtil.simplify(finalFilter);
boolean decision = !(finalFilter instanceof NoneFilter);
if (LOGGER.isTraceEnabled()) {
@@ -1158,6 +1160,9 @@ public boolean canSearch(String[] o
return decision;
}
+ /**
+ * @return additional security filter. This filter is supposed to be added (operation "AND") to the original filter.
+ */
private ObjectFilter preProcessObjectFilterInternal(MidPointPrincipal principal, String[] operationUrls,
AuthorizationPhaseType phase, boolean includeNullPhase,
Class objectType, PrismObject object, boolean includeSpecial, ObjectFilter origFilter, String limitAuthorizationAction, String desc, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
@@ -1492,9 +1497,8 @@ private ObjectFilter preProcessObje
return secFilter;
}
- ObjectFilter origWithAllowFilter;
if (hasAllowAll) {
- origWithAllowFilter = origFilter;
+ securityFilterAllow = AllFilter.createAll();
} else if (securityFilterAllow == null) {
// Nothing has been allowed. This means default deny.
if (LOGGER.isTraceEnabled()) {
@@ -1504,20 +1508,18 @@ private ObjectFilter preProcessObje
NoneFilter secFilter = NoneFilter.createNone();
traceFilter("secFilter", null, secFilter);
return secFilter;
- } else {
- origWithAllowFilter = ObjectQueryUtil.filterAnd(origFilter, securityFilterAllow);
}
if (securityFilterDeny == null) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: allow\n Filter:\n{}",
phase, getUsername(principal), prettyActionUrl(operationUrls), desc,
- origWithAllowFilter==null?"null":origWithAllowFilter.debugDump(2));
+ securityFilterAllow==null?"null":securityFilterAllow.debugDump(2));
}
- traceFilter("origWithAllowFilter", null, origWithAllowFilter);
- return origWithAllowFilter;
+ traceFilter("securityFilterAllow", null, securityFilterAllow);
+ return securityFilterAllow;
} else {
- ObjectFilter secFilter = ObjectQueryUtil.filterAnd(origWithAllowFilter, NotFilter.createNot(securityFilterDeny));
+ ObjectFilter secFilter = ObjectQueryUtil.filterAnd(securityFilterAllow, NotFilter.createNot(securityFilterDeny));
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: allow (with deny clauses)\n Filter:\n{}",
phase, getUsername(principal), prettyActionUrl(operationUrls), desc,
diff --git a/weblogic-build/pom.xml b/weblogic-build/pom.xml
index eb2370df2d4..b38f24da683 100644
--- a/weblogic-build/pom.xml
+++ b/weblogic-build/pom.xml
@@ -40,8 +40,9 @@
com.evolveum.midpoint.gui
admin-gui
- 3.9
+ 4.0-SNAPSHOT
war
+ executable
org.apache.abdera