Merge branch 'master' of https://github.com/Evolveum/midpoint

.editorconfig

@@ -813,14 +813,14 @@ ij_groovy_align_multiline_binary_operation = false
 ij_groovy_align_multiline_chained_methods = false
 ij_groovy_align_multiline_extends_list = false
 ij_groovy_align_multiline_for = true
-ij_groovy_align_multiline_list_or_map = true
+ij_groovy_align_multiline_list_or_map = false
 ij_groovy_align_multiline_method_parentheses = false
 ij_groovy_align_multiline_parameters = true
 ij_groovy_align_multiline_parameters_in_calls = false
 ij_groovy_align_multiline_resources = true
 ij_groovy_align_multiline_ternary_operation = false
 ij_groovy_align_multiline_throws_list = false
-ij_groovy_align_named_args_in_map = true
+ij_groovy_align_named_args_in_map = false
 ij_groovy_align_throws_keyword = false
 ij_groovy_array_initializer_new_line_after_left_brace = false
 ij_groovy_array_initializer_right_brace_on_new_line = false

infra/schema/src/main/java/com/evolveum/midpoint/schema/result/OperationResult.java

@@ -213,6 +213,7 @@ public class OperationResult
     public static final String PARAM_PROJECTION = "projection";
     public static final String PARAM_LANGUAGE = "language";
     public static final String PARAM_POLICY_RULE = "policyRule";
+    public static final String PARAM_POLICY_RULE_ID = "policyRuleId";
 
     public static final String RETURN_COUNT = "count";
     public static final String RETURN_COMMENT = "comment";

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/PolicyRuleTypeUtil.java

@@ -625,7 +625,8 @@ private static void computePathToRoot(List<String> path, PrismContainerValue<? e
         }
     }
 
-    public static void resolveConstraintReferences(List<PolicyRuleType> rules, Collection<? extends PolicyRuleType> otherRules) {
+    public static void resolveConstraintReferences(
+            List<PolicyRuleType> rules, Collection<? extends PolicyRuleType> otherRules) {
         LazyMapConstraintsResolver resolver =
                 new LazyMapConstraintsResolver(createConstraintsSupplier(rules), createConstraintsSupplier(otherRules));
         for (PolicyRuleType rule : rules) {

model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/complex/TestPolicyDrivenRoleLifecycle.java

@@ -171,7 +171,7 @@ public void test030AttemptToActivateCorrectRoleC34() throws Exception {
 
     private void dumpRules(Holder<LensContext<?>> contextHolder) {
         displayValue("focus policy rules",
-                contextHolder.getValue().dumpFocusPolicyRules(0, true));
+                contextHolder.getValue().dumpObjectPolicyRules(0, true));
     }
 
     /**

model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelExecuteOptions.java

@@ -540,15 +540,19 @@ private Object format(PartialProcessingOptionsType pp) {
         appendPpFlag(sb, pp.getAssignmentsOrg(), "AORG");
         appendPpFlag(sb, pp.getAssignmentsMembershipAndDelegate(), "AM&D");
         appendPpFlag(sb, pp.getAssignmentsConflicts(), "AC");
+        appendPpFlag(sb, pp.getFocusLifecycle(), "FL");
         appendPpFlag(sb, pp.getObjectTemplateAfterAssignments(), "OTAA");
         appendPpFlag(sb, pp.getFocusCredentials(), "FC");
         appendPpFlag(sb, pp.getFocusPolicyRules(), "FPR");
+        appendPpFlag(sb, pp.getPolicyRuleCounters(), "PRC");
         appendPpFlag(sb, pp.getProjection(), "P");
         appendPpFlag(sb, pp.getOutbound(), "O");
         appendPpFlag(sb, pp.getProjectionValues(), "PV");
         appendPpFlag(sb, pp.getProjectionCredentials(), "PC");
         appendPpFlag(sb, pp.getProjectionReconciliation(), "PR");
         appendPpFlag(sb, pp.getProjectionLifecycle(), "PL");
+        appendPpFlag(sb, pp.getProjectionPolicyRules(), "PPR");
+        appendPpFlag(sb, pp.getObjectTemplateAfterProjections(), "OTAP");
         appendPpFlag(sb, pp.getApprovals(), "APP");
         appendPpFlag(sb, pp.getExecution(), "E");
         appendPpFlag(sb, pp.getNotification(), "N");

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java

@@ -9,6 +9,7 @@
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.Set;
+import java.util.stream.Collectors;
 import javax.xml.namespace.QName;
 
 import org.jetbrains.annotations.NotNull;
@@ -69,28 +70,36 @@ default AssignmentType getAssignmentType(boolean old) {
     boolean isPresentInOldObject();
 
     /**
-     * Returns all policy rules that apply to the focal object and are derived from this assignment
+     * Returns all policy rules that apply to the focal/projections objects and are derived from this assignment
      * - even those that were not triggered. The policy rules are compiled from all the applicable
      * sources (target, meta-roles, etc.)
      */
     @NotNull
-    Collection<? extends EvaluatedPolicyRule> getFocusPolicyRules();
+    Collection<? extends EvaluatedPolicyRule> getObjectPolicyRules();
 
     /**
      * Returns all policy rules that directly apply to the target object of this assignment
      * (and are derived from this assignment) - even those that were not triggered. The policy rules
      * are compiled from all the applicable sources (target, meta-roles, etc.)
      */
     @NotNull
-    Collection<? extends EvaluatedPolicyRule> getThisTargetPolicyRules();
+    default Collection<? extends EvaluatedPolicyRule> getThisTargetPolicyRules() {
+        return getAllTargetsPolicyRules().stream()
+                .filter(r -> r.getTargetType() == EvaluatedPolicyRule.TargetType.DIRECT_ASSIGNMENT_TARGET)
+                .collect(Collectors.toList());
+    }
 
     /**
      * Returns all policy rules that apply to some other target object of this assignment
      * (and are derived from this assignment) - even those that were not triggered. The policy rules
      * are compiled from all the applicable sources (target, meta-roles, etc.)
      */
     @NotNull
-    Collection<? extends EvaluatedPolicyRule> getOtherTargetsPolicyRules();
+    default Collection<? extends EvaluatedPolicyRule> getOtherTargetsPolicyRules() {
+        return getAllTargetsPolicyRules().stream()
+                .filter(r -> r.getTargetType() == EvaluatedPolicyRule.TargetType.INDIRECT_ASSIGNMENT_TARGET)
+                .collect(Collectors.toList());
+    }
 
     /**
      * Returns all policy rules that apply to any of the target objects provided by this assignment
@@ -99,16 +108,16 @@ default AssignmentType getAssignmentType(boolean old) {
      *
      * The difference to getThisTargetPolicyRules is that if e.g.
      * jack is a Pirate, and Pirate induces Sailor, then
-     * - getThisTargetPolicyRules will show rules that are attached to Pirate
-     * - getAllTargetsPolicyRules will show rules that are attached to Pirate and Sailor
-     * - getOtherTargetsPolicyRules will show rules that are attached to Sailor
+     *
+     * - `getThisTargetPolicyRules` will show rules that are attached to Pirate
+     * - `getAllTargetsPolicyRules` will show rules that are attached to Pirate and Sailor
+     * - `getOtherTargetsPolicyRules` will show rules that are attached to Sailor
      */
     @NotNull
     Collection<? extends EvaluatedPolicyRule> getAllTargetsPolicyRules();
 
     /**
-     * How many target policy rules are there. This is more efficient than getAllTargetsPolicyRules().size(), as the
-     * collection of all targets policy rules is computed on demand.
+     * How many target policy rules are there.
      */
     int getAllTargetsPolicyRulesCount();
 

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java

@@ -11,12 +11,15 @@
 import java.util.List;
 import java.util.function.Predicate;
 
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+
+import com.evolveum.midpoint.schema.util.PolicyRuleTypeUtil;
 import com.evolveum.midpoint.util.DebugDumpable;
 import com.evolveum.midpoint.util.LocalizableMessage;
 import com.evolveum.midpoint.util.TreeNode;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
 
 /**
  * @author semancik
@@ -56,19 +59,13 @@ default boolean isTriggered() {
 
     AssignmentPath getAssignmentPath();
 
-    /**
-     * Object that "directly owns" the rule. TODO. [consider if really needed]
-     */
-    @Nullable
-    ObjectType getDirectOwner();
-
     // TODO consider removing
     String getPolicySituation();
 
     Collection<PolicyExceptionType> getPolicyExceptions();
 
     void addToEvaluatedPolicyRuleBeans(
-            Collection<EvaluatedPolicyRuleType> rules,
+            Collection<EvaluatedPolicyRuleType> ruleBeans,
             PolicyRuleExternalizationOptions options,
             Predicate<EvaluatedPolicyRuleTrigger<?>> triggerSelector);
 
@@ -106,4 +103,47 @@ default boolean hasThreshold() {
     int getCount();
 
     void setCount(int value);
+
+    boolean isOverThreshold() throws ConfigurationException;
+
+    boolean hasSituationConstraint();
+
+    default boolean isApplicableToFocusObject() {
+        return PolicyRuleTypeUtil.isApplicableToObject(getPolicyRule());
+    }
+
+    default boolean isApplicableToProjection() {
+        return PolicyRuleTypeUtil.isApplicableToProjection(getPolicyRule());
+    }
+
+    default boolean isApplicableToAssignment() {
+        return PolicyRuleTypeUtil.isApplicableToAssignment(getPolicyRule());
+    }
+
+    /** To which object is the policy rule targeted and how. */
+    @NotNull TargetType getTargetType();
+
+    /**
+     * To which object is the policy rule targeted, from the point of assignment mechanisms - and how?
+     * For example, if it's assigned to the focus (to be applied either to the focus or the projections),
+     * then it's {@link #OBJECT}. If it's assigned directly to the assignment target, it's {@link #DIRECT_ASSIGNMENT_TARGET}.
+     */
+    enum TargetType {
+
+        /** Focus or projection */
+        OBJECT,
+
+        /** The rule applies directly to the target of the current evaluated assignment (attached to this rule!). */
+        DIRECT_ASSIGNMENT_TARGET,
+
+        /**
+         * The rule applies to a different target (induced to focus), stemming from the current evaluated assignment
+         * (attached to this rule).
+         *
+         * An example: Let `Engineer` induce `Employee` which conflicts with `Contractor`. An SoD rule is attached
+         * to `Employee`. But let the user have assignments for `Engineer` and `Contractor` only. So the target type
+         * for such rule is this one.
+         */
+        INDIRECT_ASSIGNMENT_TARGET
+    }
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/ModelContext.java

@@ -86,11 +86,11 @@ default String dumpAssignmentPolicyRules(int indent) {
 
     String dumpAssignmentPolicyRules(int indent, boolean alsoMessages);
 
-    default String dumpFocusPolicyRules(int indent) {
-        return dumpFocusPolicyRules(indent, false);
+    default String dumpObjectPolicyRules(int indent) {
+        return dumpObjectPolicyRules(indent, false);
     }
 
-    String dumpFocusPolicyRules(int indent, boolean alsoMessages);
+    String dumpObjectPolicyRules(int indent, boolean alsoMessages);
 
     Map<String, Collection<Containerable>> getHookPreviewResultsMap();
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/ModelCommonBeans.java

@@ -7,6 +7,7 @@
 
 package com.evolveum.midpoint.model.common;
 
+import com.evolveum.midpoint.common.LocalizationService;
 import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.common.mapping.metadata.MetadataMappingEvaluator;
@@ -62,4 +63,5 @@ public static ModelCommonBeans get() {
     @Autowired public ModelInteractionService modelInteractionService;
     @Autowired public MarkManager markManager;
     @Autowired public LightweightIdentifierGenerator lightweightIdentifierGenerator;
+    @Autowired public LocalizationService localizationService;
 }

model/model-common/src/test/java/com/evolveum/midpoint/model/common/mapping/TestMappingMetadata.java

@@ -1194,7 +1194,7 @@ public String dumpAssignmentPolicyRules(int indent, boolean alsoMessages) {
             }
 
             @Override
-            public String dumpFocusPolicyRules(int indent, boolean alsoMessages) {
+            public String dumpObjectPolicyRules(int indent, boolean alsoMessages) {
                 return null;
             }
 

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java

@@ -9,6 +9,8 @@
 
 import javax.annotation.PostConstruct;
 
+import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleProcessor;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
@@ -38,8 +40,6 @@
 import com.evolveum.midpoint.model.impl.lens.projector.focus.ProjectionValueMetadataCreator;
 import com.evolveum.midpoint.model.impl.lens.projector.loader.ContextLoader;
 import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingEvaluator;
-import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEnforcer;
-import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleSuspendTaskExecutor;
 import com.evolveum.midpoint.model.impl.lens.projector.policy.scriptExecutor.PolicyRuleScriptExecutor;
 import com.evolveum.midpoint.model.impl.migrator.Migrator;
 import com.evolveum.midpoint.model.impl.security.SecurityHelper;
@@ -127,8 +127,7 @@ public static ModelBeans get() {
     @Autowired public PersonaProcessor personaProcessor;
     @Autowired public ChangeExecutor changeExecutor;
     @Autowired public Projector projector;
-    @Autowired public PolicyRuleEnforcer policyRuleEnforcer;
-    @Autowired public PolicyRuleSuspendTaskExecutor policyRuleSuspendTaskExecutor;
+    @Autowired public PolicyRuleProcessor policyRuleProcessor;
     @Autowired public ClockworkHookHelper clockworkHookHelper;
     @Autowired public SecurityHelper securityHelper;
     @Autowired public CorrelatorFactoryRegistryImpl correlatorFactoryRegistry;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java

@@ -11,6 +11,7 @@
 import java.util.List;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule.TargetType;
 import com.evolveum.midpoint.schema.util.*;
 import com.evolveum.prism.xml.ns._public.query_3.PagingType;
 
@@ -125,7 +126,7 @@ private EvaluatedPolicyRule evaluatePolicyRule(
         String ruleId = PolicyRuleTypeUtil.createId(collection.getOid(), assignmentType.getId());
 
         EvaluatedPolicyRuleImpl evaluatedPolicyRule =
-                new EvaluatedPolicyRuleImpl(policyRuleType.clone(), ruleId, assignmentPath, null);
+                new EvaluatedPolicyRuleImpl(policyRuleType.clone(), ruleId, assignmentPath, TargetType.OBJECT);
 
         PolicyConstraintsType policyConstraints = policyRuleType.getPolicyConstraints();
         if (policyConstraints == null) {

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/Clockwork.java

@@ -17,6 +17,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleProcessor;
 import com.evolveum.midpoint.model.impl.simulation.FullOperationSimulationDataImpl;
 
 import com.evolveum.midpoint.task.api.SimulationTransaction;
@@ -35,8 +36,6 @@
 import com.evolveum.midpoint.model.impl.ModelBeans;
 import com.evolveum.midpoint.model.impl.lens.projector.Projector;
 import com.evolveum.midpoint.model.impl.lens.projector.focus.FocusConstraintsChecker;
-import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEnforcer;
-import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleSuspendTaskExecutor;
 import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
@@ -73,8 +72,7 @@ public class Clockwork {
     @Autowired private ProvisioningService provisioningService;
     @Autowired private EventDispatcher eventDispatcher;
     @Autowired private Tracer tracer;
-    @Autowired private PolicyRuleEnforcer policyRuleEnforcer;
-    @Autowired private PolicyRuleSuspendTaskExecutor policyRuleSuspendTaskExecutor;
+    @Autowired private PolicyRuleProcessor policyRuleProcessor;
     @Autowired private CacheConfigurationManager cacheConfigurationManager;
     @Autowired private SecurityEnforcer securityEnforcer;
     @Autowired private OperationExecutionRecorderForClockwork operationExecutionRecorder;
@@ -331,8 +329,7 @@ public <F extends ObjectType> LensContext<F> previewChanges(LensContext<F> conte
                 throw new SystemException("Unexpected execution conflict detected: " + e.getMessage(), e);
             }
             clockworkHookHelper.invokePreview(context, task, result);
-            policyRuleEnforcer.execute(context, result);
-            policyRuleSuspendTaskExecutor.execute(context, task, result);
+            policyRuleProcessor.enforce(context, result);
 
         } catch (ConfigurationException | SecurityViolationException | ObjectNotFoundException | SchemaException |
                 CommunicationException | PolicyViolationException | RuntimeException | ObjectAlreadyExistsException |

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkClick.java

@@ -205,10 +205,9 @@ private HookOperationMode moveStateForward(OperationResult parentResult,
     }
 
     private void processInitialToPrimary(OperationResult result)
-            throws PolicyViolationException, SchemaException, ObjectNotFoundException {
+            throws PolicyViolationException, ConfigurationException {
         // To mimic operation of the original enforcer hook, we execute the following only in the initial state.
-        beans.policyRuleEnforcer.execute(context, result);
-        beans.policyRuleSuspendTaskExecutor.execute(context, task, result);
+        beans.policyRuleProcessor.enforce(context, result);
 
         switchState(ModelState.PRIMARY);
     }