Merge branch 'master' of https://github.com/Evolveum/midpoint

infra/prism/src/main/java/com/evolveum/midpoint/prism/delta/DeltaSetTriple.java

@@ -24,6 +24,7 @@
 import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.Processor;
 import com.evolveum.midpoint.util.Transformer;
+import org.jetbrains.annotations.NotNull;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -47,25 +48,28 @@ public class DeltaSetTriple<T> implements DebugDumpable, Serializable, SimpleVis
     /**
      * Collection of values that were not changed.
      */
-    protected Collection<T> zeroSet;
+    @NotNull
+    protected final Collection<T> zeroSet;
 
     /**
      * Collection of values that were added.
      */
-    protected Collection<T> plusSet;
+	@NotNull
+	protected final Collection<T> plusSet;
 
     /**
      * Collection of values that were deleted.
      */
-    protected Collection<T> minusSet;
+	@NotNull
+	protected final Collection<T> minusSet;
 
     public DeltaSetTriple() {
         zeroSet = createSet();
         plusSet = createSet();
         minusSet = createSet();
     }
 
-    public DeltaSetTriple(Collection<T> zeroSet, Collection<T> plusSet, Collection<T> minusSet) {
+    public DeltaSetTriple(@NotNull Collection<T> zeroSet, @NotNull Collection<T> plusSet, @NotNull Collection<T> minusSet) {
         this.zeroSet = zeroSet;
         this.plusSet = plusSet;
         this.minusSet = minusSet;
@@ -108,7 +112,7 @@ protected static <T> void diff(Collection<T> valuesOld, Collection<T> valuesNew,
     }
 
     protected Collection<T> createSet() {
-        return new ArrayList<T>();
+        return new ArrayList<>();
     }
 
     public Collection<T> getZeroSet() {
@@ -319,15 +323,16 @@ public DeltaSetTriple<T> clone(Cloner<T> cloner) {
 	}
 
 	protected void copyValues(DeltaSetTriple<T> clone, Cloner<T> cloner) {
-		clone.zeroSet = cloneSet(this.zeroSet, cloner);
-		clone.plusSet = cloneSet(this.plusSet, cloner);
-		clone.minusSet = cloneSet(this.minusSet, cloner);
+    	clone.zeroSet.clear();
+		clone.zeroSet.addAll(cloneSet(this.zeroSet, cloner));
+		clone.plusSet.clear();
+		clone.plusSet.addAll(cloneSet(this.plusSet, cloner));
+		clone.minusSet.clear();
+		clone.minusSet.addAll(cloneSet(this.minusSet, cloner));
 	}
 
-	private Collection<T> cloneSet(Collection<T> origSet, Cloner<T> cloner) {
-		if (origSet == null) {
-			return null;
-		}
+	@NotNull
+	private Collection<T> cloneSet(@NotNull Collection<T> origSet, Cloner<T> cloner) {
 		Collection<T> clonedSet = createSet();
 		for (T origVal: origSet) {
 			clonedSet.add(cloner.clone(origVal));

infra/prism/src/main/java/com/evolveum/midpoint/prism/delta/PrismValueDeltaSetTriple.java

@@ -52,7 +52,7 @@ public PrismValueDeltaSetTriple(Collection<V> zeroSet, Collection<V> plusSet, Co
      * Compares two (unordered) collections and creates a triple describing the differences.
      */
     public static <V extends PrismValue> PrismValueDeltaSetTriple<V> diffPrismValueDeltaSetTriple(Collection<V> valuesOld, Collection<V> valuesNew) {
-    	PrismValueDeltaSetTriple<V> triple = new PrismValueDeltaSetTriple<V>();
+    	PrismValueDeltaSetTriple<V> triple = new PrismValueDeltaSetTriple<>();
         diff(valuesOld, valuesNew, triple);
         return triple;
     }
@@ -202,40 +202,28 @@ private void removeEmptyValues(Collection<V> set, boolean allowEmptyRealValues)
 	}
 
 	public PrismValueDeltaSetTriple<V> clone() {
-		PrismValueDeltaSetTriple<V> clone = new PrismValueDeltaSetTriple<V>();
+		PrismValueDeltaSetTriple<V> clone = new PrismValueDeltaSetTriple<>();
 		copyValues(clone);
 		return clone;
 	}
 
 	protected void copyValues(PrismValueDeltaSetTriple<V> clone) {
-		Cloner<V> cloner = new Cloner<V>() {
-			@Override
-			public V clone(V original) {
-				return (V) original.clone();
-			}
-		};
-		super.copyValues(clone, cloner);
+		super.copyValues(clone, original -> (V) original.clone());
 	}
 
 	public void checkConsistence() {
-		Visitor visitor = new Visitor() {
-			@Override
-			public void visit(Visitable visitable) {
-				if (visitable instanceof PrismValue) {
-					if (((PrismValue)visitable).isEmpty()) {
-						throw new IllegalStateException("Empty value "+visitable+" in triple "+PrismValueDeltaSetTriple.this);
-					}
+		Visitor visitor = visitable -> {
+			if (visitable instanceof PrismValue) {
+				if (((PrismValue)visitable).isEmpty()) {
+					throw new IllegalStateException("Empty value "+visitable+" in triple "+PrismValueDeltaSetTriple.this);
 				}
 			}
 		};
 		accept(visitor);
 
-		Processor<V> processor = new Processor<V>() {
-			@Override
-			public void process(V pval) {
-				if (pval.getParent() != null) {
-					throw new IllegalStateException("Value "+pval+" in triple "+PrismValueDeltaSetTriple.this+" has parent, looks like it was not cloned properly");
-				}
+		Processor<V> processor = pval -> {
+			if (pval.getParent() != null) {
+				throw new IllegalStateException("Value "+pval+" in triple "+PrismValueDeltaSetTriple.this+" has parent, looks like it was not cloned properly");
 			}
 		};
 		foreach(processor);

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java

@@ -503,4 +503,17 @@ public static Collection<ObjectDelta<? extends ObjectType>> cast(Collection<Obje
 		return deltas1;
 	}
 
+	public static PolyStringType getDisplayName(ObjectType object) {
+    	if (object instanceof AbstractRoleType) {
+    		return ((AbstractRoleType) object).getDisplayName();
+		} else if (object instanceof UserType) {
+    		return ((UserType) object).getFullName();
+		} else {
+    		return null;
+		}
+	}
+
+	public static ObjectType toObjectable(PrismObject object) {
+    	return object != null ? (ObjectType) object.asObjectable() : null;
+	}
 }

infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd

@@ -479,14 +479,20 @@
             <xsd:element name="constraintKind" type="tns:PolicyConstraintKindType" minOccurs="0" />
             <xsd:element name="constraint" type="tns:AbstractPolicyConstraintType" minOccurs="0" />
             <xsd:element name="message" type="xsd:string" minOccurs="0" />
-        </xsd:sequence>
+			<xsd:element name="assignmentPath" type="tns:AssignmentPathType" minOccurs="0" />
+			<xsd:element name="directOwnerRef" type="c:ObjectReferenceType" minOccurs="0" />
+			<xsd:element name="directOwnerDisplayName" type="t:PolyStringType" minOccurs="0" />
+		</xsd:sequence>
     </xsd:complexType>
 	<xsd:element name="evaluatedPolicyRuleTrigger" type="tns:EvaluatedPolicyRuleTriggerType" />
 
 	<xsd:complexType name="EvaluatedExclusionTriggerType">
 		<xsd:complexContent>
 			<xsd:extension base="tns:EvaluatedPolicyRuleTriggerType">
 				<xsd:sequence>
+					<xsd:element name="conflictingObjectRef" type="c:ObjectReferenceType" minOccurs="0" />
+					<xsd:element name="conflictingObjectDisplayName" type="t:PolyStringType" minOccurs="0" />
+					<xsd:element name="conflictingObjectPath" type="tns:AssignmentPathType" minOccurs="0" />
 					<xsd:element name="conflictingAssignment" type="tns:AssignmentType" minOccurs="0" />
 				</xsd:sequence>
 			</xsd:extension>
@@ -513,4 +519,22 @@
 	</xsd:complexType>
 	<xsd:element name="evaluatedPolicyRule" type="tns:EvaluatedPolicyRuleType" />
 
+    <xsd:complexType name="AssignmentPathType">
+        <xsd:sequence>
+			<xsd:element name="segment" type="tns:AssignmentPathSegmentType" minOccurs="0" maxOccurs="unbounded" />
+		</xsd:sequence>
+    </xsd:complexType>
+
+	<xsd:complexType name="AssignmentPathSegmentType">
+		<xsd:sequence>
+			<xsd:element name="sourceRef" type="c:ObjectReferenceType" minOccurs="0" />
+			<xsd:element name="sourceDisplayName" type="t:PolyStringType" minOccurs="0" />
+			<xsd:element name="assignment" type="c:AssignmentType" minOccurs="0" />
+			<xsd:element name="targetRef" type="c:ObjectReferenceType" minOccurs="0" />
+			<xsd:element name="targetDisplayName" type="t:PolyStringType" minOccurs="0" />
+			<xsd:element name="matchingOrder" type="xsd:boolean" minOccurs="0" />
+			<!-- TODO maybe also evaluation order -->
+		</xsd:sequence>
+	</xsd:complexType>
+
 </xsd:schema>

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java

@@ -17,7 +17,9 @@
 package com.evolveum.midpoint.model.api.context;
 
 import com.evolveum.midpoint.util.DebugDumpable;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPathType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import org.jetbrains.annotations.NotNull;
 
 import java.util.List;
 
@@ -26,6 +28,7 @@
  * @author mederly
  */
 public interface AssignmentPath extends DebugDumpable {
+
 	List<? extends AssignmentPathSegment> getSegments();
 
 	AssignmentPathSegment getFirstAssignmentSegment();
@@ -39,4 +42,21 @@ public interface AssignmentPath extends DebugDumpable {
 	AssignmentPathSegment last();
 
 	boolean containsTarget(ObjectType target);
+
+	/**
+	 * Returns a "user understandable" part of this path. I.e. only those objects that are of "order 1" above the focal object.
+	 * E.g. from chain of
+	 *
+	 * jack =(a)=> Engineer =(i)=> Employee =(a)=> PersonMetarole =(i2)=> Person =(i)=> Entity
+	 *
+	 * the result would be
+	 *
+	 * Engineer -> Employee -> Person -> Entity
+	 *
+	 * TODO find a better name
+	 */
+	@NotNull
+	List<ObjectType> getFirstOrderChain();
+
+	AssignmentPathType toAssignmentPathType();
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPathSegment.java

@@ -19,6 +19,7 @@
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.util.DebugDumpable;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPathSegmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 
@@ -42,4 +43,6 @@ public interface AssignmentPathSegment extends DebugDumpable {
 	ObjectType getOrderOneObject();
 
 	boolean isDelegation();
+
+	AssignmentPathSegmentType toAssignmentPathSegmentType();
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java

@@ -83,7 +83,7 @@ public interface EvaluatedAssignment<F extends FocusType> extends DebugDumpable
 	@NotNull
 	Collection<EvaluatedPolicyRule> getThisTargetPolicyRules();
 
-	public Collection<String> getPolicySituations();
+	Collection<String> getPolicySituations();
 
 	void triggerConstraint(@Nullable EvaluatedPolicyRule rule, EvaluatedPolicyRuleTrigger trigger) throws PolicyViolationException;
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignmentTarget.java

@@ -17,7 +17,6 @@
 
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.util.DebugDumpable;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 
@@ -31,6 +30,9 @@ public interface EvaluatedAssignmentTarget extends DebugDumpable {
 
 	boolean isDirectlyAssigned();
 
+	// if this target applies to focus (by direct assignment or by some inducement)
+	boolean appliesToFocus();
+
 	/**
 	 * True for roles whose constructions are evaluated - i.e. those roles that are considered to be applied
 	 * to the focal object (e.g. to the user).
@@ -43,4 +45,6 @@ public interface EvaluatedAssignmentTarget extends DebugDumpable {
 	 * (https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-ConstructionVariables)
 	 */
 	AssignmentType getAssignment();
+
+	AssignmentPath getAssignmentPath();
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java

@@ -16,6 +16,7 @@
 
 package com.evolveum.midpoint.model.api.context;
 
+import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
 import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import org.jetbrains.annotations.NotNull;
@@ -27,12 +28,17 @@
  */
 public class EvaluatedExclusionTrigger extends EvaluatedPolicyRuleTrigger<ExclusionPolicyConstraintType> {
 
-	private final EvaluatedAssignment conflictingAssignment;
+	@NotNull private final EvaluatedAssignment conflictingAssignment;
+	private final ObjectType conflictingTarget;
+	private final AssignmentPath conflictingPath;
 
 	public EvaluatedExclusionTrigger(@NotNull ExclusionPolicyConstraintType constraint,
-			String message, EvaluatedAssignment conflictingAssignment) {
+			String message, @NotNull EvaluatedAssignment conflictingAssignment,
+			ObjectType thisTarget, ObjectType conflictingTarget, AssignmentPath thisPath, AssignmentPath conflictingPath) {
 		super(PolicyConstraintKindType.EXCLUSION, constraint, message);
 		this.conflictingAssignment = conflictingAssignment;
+		this.conflictingTarget = conflictingTarget;
+		this.conflictingPath = conflictingPath;
 	}
 
 	public <F extends FocusType> EvaluatedAssignment<F> getConflictingAssignment() {
@@ -61,16 +67,20 @@ protected void debugDumpSpecific(StringBuilder sb, int indent) {
 		// cannot debug dump conflicting assignment in detail, as we might go into infinite loop
 		// (the assignment could have evaluated rule that would point to another conflicting assignment, which
 		// could point back to this rule)
-		DebugUtil.debugDumpWithLabelToString(sb, "conflictingAssignment", conflictingAssignment, indent);
+		DebugUtil.debugDumpWithLabelToStringLn(sb, "conflictingAssignment", conflictingAssignment, indent);
+		DebugUtil.debugDumpWithLabelToStringLn(sb, "conflictingPath", conflictingPath, indent);
 	}
 
 	@Override
-	public EvaluatedExclusionTriggerType toEvaluatedPolicyRuleTriggerType() {
+	public EvaluatedExclusionTriggerType toEvaluatedPolicyRuleTriggerType(EvaluatedPolicyRule owningRule) {
 		EvaluatedExclusionTriggerType rv = new EvaluatedExclusionTriggerType();
-		fillCommonContent(rv);
-		if (conflictingAssignment != null) {
-			rv.setConflictingAssignment(conflictingAssignment.getAssignmentType());
+		fillCommonContent(rv, owningRule);
+		rv.setConflictingObjectRef(ObjectTypeUtil.createObjectRef(conflictingTarget));
+		rv.setConflictingObjectDisplayName(ObjectTypeUtil.getDisplayName(conflictingTarget));
+		if (conflictingPath != null) {
+			rv.setConflictingObjectPath(conflictingPath.toAssignmentPathType());
 		}
+		rv.setConflictingAssignment(conflictingAssignment.getAssignmentType());
 		return rv;
 	}
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java

@@ -21,6 +21,7 @@
 import com.evolveum.midpoint.util.DebugDumpable;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 
 /**
  * @author semancik
@@ -37,6 +38,13 @@ public interface EvaluatedPolicyRule extends DebugDumpable, Serializable {
 
 	AssignmentPath getAssignmentPath();
 
+	/**
+	 * Object that "directly owns" the rule. TODO. [consider if really needed]
+	 * @return
+	 */
+	@Nullable
+	ObjectType getDirectOwner();
+
 	PolicyConstraintsType getPolicyConstraints();
 
 	String getPolicySituation();