Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java

@@ -30,6 +30,7 @@
 import com.evolveum.midpoint.web.page.admin.configuration.*;
 import com.evolveum.midpoint.web.page.admin.reports.*;
 import com.evolveum.midpoint.web.page.self.*;
+import com.evolveum.midpoint.web.util.NewWindowNotifyingBehavior;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
@@ -274,14 +275,7 @@ public PageBase(PageParameters parameters) {
 
 		MidPointAuthWebSession.getSession().setClientCustomization();
 
-		add(new AjaxNewWindowNotifyingBehavior() {
-
-			@Override
-			protected void onNewWindow(AjaxRequestTarget target) {
-				LOGGER.debug("Page version already used in different tab, refreshing page");
-				setResponsePage(getPageClass(), getPageParameters());
-			}
-		});
+		add(new NewWindowNotifyingBehavior());
 
 		initializeModel();
 
@@ -499,6 +493,8 @@ public void renderHead(IHeaderResponse response) {
 		// this attaches jquery.js as first header item, which is used in our
 		// scripts.
 		CoreLibrariesContributor.contribute(getApplication(), response);
+
+//		response.render(JavaScriptHeaderItem.forScript("alert(window.name);", "windowNameScript"));
     }
 
     @Override

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageInstance.java

@@ -16,6 +16,7 @@
 
 package com.evolveum.midpoint.web.component.breadcrumbs;
 
+import com.evolveum.midpoint.web.util.NewWindowNotifyingBehavior;
 import org.apache.commons.lang.Validate;
 import org.apache.wicket.Component;
 import org.apache.wicket.IPageFactory;
@@ -26,6 +27,7 @@
 import org.apache.wicket.request.mapper.parameter.PageParameters;
 
 import java.util.Arrays;
+import java.util.List;
 
 /**
  * @author Viliam Repan (lazyman)
@@ -55,6 +57,12 @@ public PageParameters getParameters() {
 
     @Override
     public WebPage redirect() {
+        List<NewWindowNotifyingBehavior> behaviors = page.getBehaviors(NewWindowNotifyingBehavior.class);
+        behaviors.forEach(behavior -> page.remove(behavior));
+
+        page.add(new NewWindowNotifyingBehavior());
+
+
         return page;
     }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageLogin.java

@@ -32,6 +32,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RegistrationsPolicyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 
+import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.ajax.markup.html.AjaxLink;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
@@ -59,11 +60,6 @@ public class PageLogin extends PageBase {
     private static final String OPERATION_LOAD_REGISTRATION_POLICY = DOT_CLASS + "loadRegistrationPolicy";
 
     public PageLogin() {
-        if (SecurityUtils.getPrincipalUser() != null) {
-            MidPointApplication app = getMidpointApplication();
-            setResponsePage(app.getHomePage());
-        }
-
         BookmarkablePageLink<String> link = new BookmarkablePageLink<>(ID_FORGET_PASSWORD, PageForgotPassword.class);
         link.add(new VisibleEnableBehaviour() {
         	private static final long serialVersionUID = 1L;
@@ -157,4 +153,14 @@ protected void onConfigure() {
     protected void createBreadcrumb() {
         //don't create breadcrumb for login page
     }
+
+    @Override
+    protected void onBeforeRender() {
+        super.onBeforeRender();
+
+        if (SecurityUtils.getPrincipalUser() != null) {
+            MidPointApplication app = getMidpointApplication();
+            throw new RestartResponseException(app.getHomePage());
+        }
+    }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/NewWindowNotifyingBehavior.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2010-2017 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.web.util;
+
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
+import org.apache.wicket.ajax.AjaxNewWindowNotifyingBehavior;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.markup.html.WebPage;
+
+/**
+ * Created by lazyman on 13/03/2017.
+ */
+public class NewWindowNotifyingBehavior extends AjaxNewWindowNotifyingBehavior {
+
+    private static final Trace LOG = TraceManager.getTrace(NewWindowNotifyingBehavior.class);
+
+    @Override
+    protected void onNewWindow(AjaxRequestTarget target) {
+        LOG.debug("Page version already used in different tab, refreshing page");
+        WebPage page = (WebPage) getComponent();
+
+        page.setResponsePage(page.getPageClass(), page.getPageParameters());
+    }
+}

gui/admin-gui/src/main/resources/initial-objects/040-role-enduser.xml

@@ -160,5 +160,19 @@
             <type>ServiceType</type>
         </object>
     </authorization>
+    <authorization>
+    	<name>assignment-target-read-task</name>
+    	<description>
+    		Authorization that allows to read workflow status of tasks. This is used to display requests
+    		to the end users, especially in the "My Requests" box in user dashboard.
+    		This authorization is a temporary solution. It will be replaced by a finer-grained
+    		permissions in the future.
+    	</description>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+        <object>
+            <type>TaskType</type>
+        </object>
+        <item>workflowContext</item>
+    </authorization>
     <roleType>system</roleType>
 </role>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java

@@ -211,10 +211,11 @@ private <O extends ObjectType> SecurityPolicyType determineOrgSecurityPolicy(Pri
 		List<PrismReferenceValue> orgRefValues = orgRef.getValues();
 		SecurityPolicyType resultingSecurityPolicy = null;
 		List<PrismObject<OrgType>> orgs = new ArrayList<PrismObject<OrgType>>();
-		try {
-			for (PrismReferenceValue orgRefValue : orgRefValues) {
-				if (orgRefValue != null) {
 
+		for (PrismReferenceValue orgRefValue : orgRefValues) {
+			if (orgRefValue != null) {
+
+				try {
 					PrismObject<OrgType> org = objectResolver.resolve(orgRefValue, "resolving parent org ref", null, null, result);
 					orgs.add(org);
 					SecurityPolicyType securityPolicy = resolveOrgSecurityPolicy(org, task, result);
@@ -227,11 +228,14 @@ private <O extends ObjectType> SecurityPolicyType determineOrgSecurityPolicy(Pri
 									"Found more than one security policy for user. Please check your configuration");
 						}
 					}
+				} catch (ObjectNotFoundException ex) {
+					// Just log the error, but do not fail on that. Failing would prohibit login
+					// and that may mean the misconfiguration could not be easily fixed.
+					LOGGER.warn("Cannot find organization {} referenced in , cannot use it do determine security policy.", orgRefValue.getOid(), object);
 				}
 			}
-		} catch (ObjectNotFoundException ex) {
-			throw new IllegalStateException(ex);
 		}
+
 		// go deeper
 		if (resultingSecurityPolicy == null) {
 			for (PrismObject<OrgType> orgType : orgs) {