Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/CertDecisionHelper.java

@@ -31,6 +31,7 @@
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
+import org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn;
 import org.apache.wicket.markup.repeater.Item;
 import org.apache.wicket.model.AbstractReadOnlyModel;
 import org.apache.wicket.model.IModel;
@@ -49,39 +50,29 @@
  */
 public class CertDecisionHelper implements Serializable {
 
-    IColumn createObjectNameColumn(final PageBase page, final String headerKey) {
-        IColumn column;
-        column = new LinkColumn<CertCaseOrDecisionDto>(page.createStringResource(headerKey),
-                AccessCertificationCaseType.F_OBJECT_REF.getLocalPart(), CertCaseOrDecisionDto.F_OBJECT_NAME) {
-
-            @Override
-            public void onClick(AjaxRequestTarget target, IModel<CertCaseOrDecisionDto> rowModel) {
-                CertCaseOrDecisionDto dto = rowModel.getObject();
-                dispatchToObjectDetailsPage(dto.getCertCase().getObjectRef(), page, false);
-            }
-        };
-        return column;
+    public enum WhichObject {
+        OBJECT, TARGET
     }
 
-    public IColumn createObjectOrTargetTypeColumn(final boolean isObject, final PageBase page) {		// isObject = true for object, false for target
+    IColumn createTypeColumn(final WhichObject which, final PageBase page) {
         IColumn column;
         column = new IconColumn<CertCaseOrDecisionDto>(page.createStringResource("")) {
             @Override
             protected IModel<String> createIconModel(IModel<CertCaseOrDecisionDto> rowModel) {
-                ObjectTypeGuiDescriptor guiDescriptor = getObjectTypeDescriptor(isObject, rowModel);
+                ObjectTypeGuiDescriptor guiDescriptor = getObjectTypeDescriptor(which, rowModel);
                 String icon = guiDescriptor != null ? guiDescriptor.getBlackIcon() : ObjectTypeGuiDescriptor.ERROR_ICON;
                 return new Model<>(icon);
             }
 
-            private ObjectTypeGuiDescriptor getObjectTypeDescriptor(boolean isObject, IModel<CertCaseOrDecisionDto> rowModel) {
-                QName targetType = isObject ? rowModel.getObject().getObjectType() : rowModel.getObject().getTargetType();
+            private ObjectTypeGuiDescriptor getObjectTypeDescriptor(WhichObject which, IModel<CertCaseOrDecisionDto> rowModel) {
+                QName targetType = rowModel.getObject().getObjectType(which);
                 return ObjectTypeGuiDescriptor.getDescriptor(ObjectTypes.getObjectTypeFromTypeQName(targetType));
             }
 
             @Override
             public void populateItem(Item<ICellPopulator<CertCaseOrDecisionDto>> item, String componentId, IModel<CertCaseOrDecisionDto> rowModel) {
                 super.populateItem(item, componentId, rowModel);
-                ObjectTypeGuiDescriptor guiDescriptor = getObjectTypeDescriptor(isObject, rowModel);
+                ObjectTypeGuiDescriptor guiDescriptor = getObjectTypeDescriptor(which, rowModel);
                 if (guiDescriptor != null) {
                     item.add(AttributeModifier.replace("title", page.createStringResource(guiDescriptor.getLocalizationKey())));
                     item.add(new TooltipBehavior());
@@ -91,10 +82,24 @@ public void populateItem(Item<ICellPopulator<CertCaseOrDecisionDto>> item, Strin
         return column;
     }
 
+    IColumn createObjectNameColumn(final PageBase page, final String headerKey) {
+        IColumn column;
+        column = new LinkColumn<CertCaseOrDecisionDto>(page.createStringResource(headerKey),
+                AccessCertificationCaseType.F_OBJECT_REF.getLocalPart(), CertCaseOrDecisionDto.F_OBJECT_NAME) {
+
+            @Override
+            public void onClick(AjaxRequestTarget target, IModel<CertCaseOrDecisionDto> rowModel) {
+                CertCaseOrDecisionDto dto = rowModel.getObject();
+                dispatchToObjectDetailsPage(dto.getCertCase().getObjectRef(), page, false);
+            }
+        };
+        return column;
+    }
+
     IColumn createTargetNameColumn(final PageBase page, final String headerKey) {
         IColumn column;
         column = new LinkColumn<CertCaseOrDecisionDto>(page.createStringResource(headerKey),
-                AccessCertificationCaseType.F_TARGET_REF.getLocalPart(), CertCaseOrDecisionDto.F_TARGET_NAME) {
+				AccessCertificationCaseType.F_TARGET_REF.getLocalPart(), CertCaseOrDecisionDto.F_TARGET_NAME) {
 
             @Override
             public void onClick(AjaxRequestTarget target, IModel<CertCaseOrDecisionDto> rowModel) {
@@ -105,6 +110,11 @@ public void onClick(AjaxRequestTarget target, IModel<CertCaseOrDecisionDto> rowM
         return column;
     }
 
+    IColumn createConflictingNameColumn(final PageBase page, final String headerKey) {
+        return new PropertyColumn<CertCaseOrDecisionDto, String>(page.createStringResource(headerKey),
+                CertCaseOrDecisionDto.F_CONFLICTING_TARGETS);
+    }
+
     public IColumn createDetailedInfoColumn(final PageBase page) {
         IColumn column;
         column = new IconColumn<CertCaseOrDecisionDto>(page.createStringResource("")) {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/PageCertCampaign.java

@@ -16,6 +16,7 @@
 
 package com.evolveum.midpoint.web.page.admin.certification;
 
+import com.evolveum.midpoint.certification.api.AccessCertificationApiConstants;
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
@@ -61,6 +62,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import static com.evolveum.midpoint.web.page.admin.certification.CertDecisionHelper.WhichObject.OBJECT;
+import static com.evolveum.midpoint.web.page.admin.certification.CertDecisionHelper.WhichObject.TARGET;
 import static com.evolveum.midpoint.web.page.admin.certification.PageCertCampaigns.*;
 import static com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCasesStatisticsType.*;
 
@@ -264,13 +267,13 @@ private List<IColumn<CertCaseDto, String>> initColumns() {
 
 		IColumn column;
 
-		column = helper.createObjectOrTargetTypeColumn(true, this);
+		column = helper.createTypeColumn(OBJECT, this);
 		columns.add(column);
 
 		column = helper.createObjectNameColumn(this, "PageCertCampaign.table.objectName");
 		columns.add(column);
 
-		column = helper.createObjectOrTargetTypeColumn(false, this);
+		column = helper.createTypeColumn(TARGET, this);
 		columns.add(column);
 
 		column = helper.createTargetNameColumn(this, "PageCertCampaign.table.targetName");
@@ -279,6 +282,11 @@ private List<IColumn<CertCaseDto, String>> initColumns() {
 		column = helper.createDetailedInfoColumn(this);
 		columns.add(column);
 
+		if (AccessCertificationApiConstants.EXCLUSION_HANDLER_URI.equals(campaignModel.getObject().getHandlerUri())) {
+			column = helper.createConflictingNameColumn(this, "PageCertCampaign.table.conflictingTargetName");
+			columns.add(column);
+		}
+
 		column = new PropertyColumn(createStringResource("PageCertCampaign.table.reviewers"), CertCaseDto.F_REVIEWERS);
 		columns.add(column);
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/PageCertDecisions.java

@@ -72,6 +72,8 @@
 import java.util.Date;
 import java.util.List;
 
+import static com.evolveum.midpoint.web.page.admin.certification.CertDecisionHelper.WhichObject.OBJECT;
+import static com.evolveum.midpoint.web.page.admin.certification.CertDecisionHelper.WhichObject.TARGET;
 import static com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationResponseType.*;
 
 /**
@@ -182,13 +184,13 @@ private List<IColumn<CertDecisionDto, String>> initColumns() {
         column = new CheckBoxHeaderColumn<>();
         columns.add(column);
 
-		column = helper.createObjectOrTargetTypeColumn(true, this);
+		column = helper.createTypeColumn(OBJECT, this);
 		columns.add(column);
 
 		column = helper.createObjectNameColumn(this, "PageCertDecisions.table.objectName");
         columns.add(column);
 
-        column = helper.createObjectOrTargetTypeColumn(false, this);
+        column = helper.createTypeColumn(TARGET, this);
         columns.add(column);
 
         column = helper.createTargetNameColumn(this, "PageCertDecisions.table.targetName");
@@ -197,7 +199,10 @@ private List<IColumn<CertDecisionDto, String>> initColumns() {
         column = helper.createDetailedInfoColumn(this);
         columns.add(column);
 
-		if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_CERTIFICATION_ALL_URL,
+        column = helper.createConflictingNameColumn(this, "PageCertDecisions.table.conflictingTargetName");
+        columns.add(column);
+
+        if (WebComponentUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_CERTIFICATION_ALL_URL,
 				AuthorizationConstants.AUTZ_UI_CERTIFICATION_CAMPAIGN_URL)) {
 
 			column = new LinkColumn<CertDecisionDto>(

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/dto/CertCaseOrDecisionDto.java

@@ -20,16 +20,15 @@
 import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
 import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
 import com.evolveum.midpoint.web.component.util.Selectable;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationStageType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+import com.evolveum.midpoint.web.page.admin.certification.CertDecisionHelper;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.time.DurationFormatUtils;
 import org.apache.commons.lang3.Validate;
 
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
-import java.util.Date;
+import java.util.*;
 
 /**
  * A common superclass for CertCaseDto + CertDecisionDto.
@@ -46,6 +45,7 @@ public class CertCaseOrDecisionDto extends Selectable {
     public static final String F_CAMPAIGN_NAME = "campaignName";
     public static final String F_REVIEW_REQUESTED = "reviewRequested";
     public static final String F_DEADLINE_AS_STRING = "deadlineAsString";
+    public static final String F_CONFLICTING_TARGETS = "conflictingTargets";
 
     private AccessCertificationCaseType certCase;
     private String objectName;
@@ -82,6 +82,14 @@ public QName getObjectType() {
 		return certCase.getObjectRef().getType();
 	}
 
+	public QName getObjectType(CertDecisionHelper.WhichObject which) {
+        switch (which) {
+            case OBJECT: return getObjectType();
+            case TARGET: return getTargetType();
+            default: return null;
+        }
+    }
+
     public String getTargetName() {
         return targetName;
     }
@@ -188,4 +196,34 @@ private String computeDeadlineAsString(PageBase page) {
     public String getDeadlineAsString() {
         return deadlineAsString;
     }
+
+	/**
+	 * Preliminary implementation. Eventually we will create a list of hyperlinks pointing to the actual objects.
+	 */
+	public String getConflictingTargets() {
+    	if (!(certCase instanceof AccessCertificationAssignmentCaseType)) {
+    		return "";
+		}
+		AccessCertificationAssignmentCaseType assignmentCase = (AccessCertificationAssignmentCaseType) certCase;
+		if (assignmentCase.getAssignment() == null) {
+			return "";
+		}
+		Set<String> exclusions = new TreeSet<>();
+		for (EvaluatedPolicyRuleTriggerType trigger : assignmentCase.getAssignment().getTrigger()) {
+			if (!(trigger instanceof EvaluatedExclusionTriggerType)) {
+				continue;
+			}
+			EvaluatedExclusionTriggerType exclusionTrigger = (EvaluatedExclusionTriggerType) trigger;
+			ObjectReferenceType conflicting = exclusionTrigger.getConflictingObjectRef();
+			if (conflicting == null) {
+				continue;
+			}
+			if (conflicting.getTargetName() != null) {
+				exclusions.add(conflicting.getTargetName().getOrig());
+			} else {
+				exclusions.add(conflicting.getOid());			// TODO try to resolve?
+			}
+		}
+		return StringUtils.join(exclusions, ", ");
+	}
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/handlers/DirectAssignmentCertGuiHandler.java

@@ -44,6 +44,7 @@
 public class DirectAssignmentCertGuiHandler implements CertGuiHandler {
     @Override
     public String getCaseInfoButtonTitle(IModel<? extends CertCaseOrDecisionDto> rowModel, PageBase page) {
+
         CertCaseOrDecisionDto dto = rowModel.getObject();
         AccessCertificationCaseType _case = dto.getCertCase();
         if (!(_case instanceof AccessCertificationAssignmentCaseType)) {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2016 Biznet, Evolveum
+ * Copyright (c) 2012-2017 Biznet, Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,9 +28,9 @@
 import org.apache.wicket.markup.html.form.RequiredTextField;
 import org.apache.wicket.model.Model;
 
-import com.evolveum.midpoint.common.policy.ValuePolicyGenerator;
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
+import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyGenerator;
 import com.evolveum.midpoint.prism.Item;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismProperty;
@@ -51,6 +51,8 @@
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.Producer;
+import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
@@ -66,6 +68,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
@@ -344,18 +347,19 @@ public OperationResult run() {
 				task.setOwner(user.asPrismObject());
 				OperationResult result = new OperationResult("generateUserNonce");
 				ProtectedStringType nonceCredentials = new ProtectedStringType();
-				nonceCredentials.setClearValue(generateNonce(noncePolicy, task, result));
-
-				NonceType nonceType = new NonceType();
-				nonceType.setValue(nonceCredentials);
-
-				ObjectDelta<UserType> nonceDelta;
 				try {
+					nonceCredentials.setClearValue(generateNonce(noncePolicy, task, user.asPrismObject(), result));
+
+					NonceType nonceType = new NonceType();
+					nonceType.setValue(nonceCredentials);
+
+					ObjectDelta<UserType> nonceDelta;
+
 					nonceDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, user.getOid(),
 							SchemaConstants.PATH_NONCE, getPrismContext(), nonceType);
 
 					WebModelServiceUtils.save(nonceDelta, result, task, PageForgotPassword.this);
-				} catch (SchemaException e) {
+				} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException e) {
 					result.recordFatalError("Failed to generate nonce for user");
 					LoggingUtils.logException(LOGGER, "Failed to generate nonce for user: " + e.getMessage(),
 							e);
@@ -368,7 +372,7 @@ public OperationResult run() {
 		});
 	}
 
-	private String generateNonce(NonceCredentialsPolicyType noncePolicy, Task task, OperationResult result) {
+	private <O extends ObjectType> String generateNonce(NonceCredentialsPolicyType noncePolicy, Task task, PrismObject<O> user, OperationResult result) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException {
 		ValuePolicyType policy = null;
 
 		if (noncePolicy != null && noncePolicy.getValuePolicyRef() != null) {
@@ -377,7 +381,8 @@ private String generateNonce(NonceCredentialsPolicyType noncePolicy, Task task,
 			policy = valuePolicy.asObjectable();
 		}
 
-		return ValuePolicyGenerator.generate(policy != null ? policy.getStringPolicy() : null, 24, result);
+		return getModelInteractionService().generateValue(policy != null ? policy.getStringPolicy() : null, 
+				24, false, user, "nonce generation", task, result);
 	}
 
 	// Check if the user exists with the given email and username in the idm

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageSecurityQuestions.java

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2012-2016 Biznet, Evolveum
+ * Copyright (c) 2012-2017 Biznet, Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,11 +41,11 @@
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.evolveum.midpoint.common.policy.ValuePolicyGenerator;
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.model.api.ModelService;
+import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyGenerator;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismObjectDefinition;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
@@ -484,9 +484,9 @@ private void resetPassword(UserType user, AjaxRequestTarget target) {
 							systemConfig.asObjectable().getGlobalPasswordPolicyRef().getOid(), options, task,
 							result);
 					LOGGER.trace("password policy {}", valPolicy);
-					newPassword = ValuePolicyGenerator.generate(valPolicy.asObjectable().getStringPolicy(),
-							valPolicy.asObjectable().getStringPolicy().getLimitations().getMinLength(),
-							result);
+					newPassword = getModelInteractionService().generateValue(valPolicy.asObjectable().getStringPolicy(),
+							valPolicy.asObjectable().getStringPolicy().getLimitations().getMinLength(), false,
+							user.asPrismObject(), "security questions password generation", task, result);
 				} else {
 					// TODO What if there is no policy? What should be done to
 					// provide a new automatic password
@@ -502,7 +502,7 @@ private void resetPassword(UserType user, AjaxRequestTarget target) {
 				throw new RestartResponseException(PageLogin.class);
 
 			}
-		} catch (ObjectNotFoundException e1) {
+		} catch (ObjectNotFoundException | ExpressionEvaluationException e1) {
 			LoggingUtils.logUnexpectedException(LOGGER, "Couldn't reset password", e1);
 
 		} catch (SchemaException e1) {