Merge branch 'master' into feature/multitenant-autz

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractRoleMainPanel.java

@@ -17,13 +17,15 @@
 
 import java.util.List;
 
+import javax.xml.namespace.QName;
+
 import org.apache.wicket.ajax.AjaxChannel;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.ajax.attributes.AjaxRequestAttributes;
 import org.apache.wicket.behavior.AttributeAppender;
 import org.apache.wicket.extensions.markup.html.tabs.ITab;
 import org.apache.wicket.markup.html.WebMarkupContainer;
-import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.model.Model;
 
 import com.evolveum.midpoint.gui.api.ComponentConstants;
 import com.evolveum.midpoint.gui.api.component.tabs.CountablePanelTab;
@@ -44,9 +46,6 @@
 import com.evolveum.midpoint.web.component.AjaxButton;
 import com.evolveum.midpoint.web.component.assignment.AssignmentEditorDto;
 import com.evolveum.midpoint.web.component.assignment.AssignmentsUtil;
-import com.evolveum.midpoint.web.component.breadcrumbs.Breadcrumb;
-import com.evolveum.midpoint.web.component.breadcrumbs.BreadcrumbPageClass;
-import com.evolveum.midpoint.web.component.breadcrumbs.BreadcrumbPageInstance;
 import com.evolveum.midpoint.web.component.prism.ContainerStatus;
 import com.evolveum.midpoint.web.component.prism.ObjectWrapper;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
@@ -56,10 +55,12 @@
 import com.evolveum.midpoint.web.page.admin.users.dto.FocusSubwrapperDto;
 import com.evolveum.midpoint.web.page.admin.users.dto.UserDtoStatus;
 import com.evolveum.midpoint.web.page.self.PageAssignmentShoppingCart;
-import com.evolveum.midpoint.web.page.self.PageAssignmentsList;
+import com.evolveum.midpoint.web.security.GuiAuthorizationConstants;
 import com.evolveum.midpoint.web.session.RoleCatalogStorage;
+import com.evolveum.midpoint.web.session.UserProfileStorage.TableId;
 import com.evolveum.midpoint.web.util.ExpressionUtil;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AreaCategoryType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
@@ -223,7 +224,7 @@ public String getCount(){
 		if (WebComponentUtil.isAuthorized(ModelAuthorizationAction.AUDIT_READ.getUrl()) && getObjectWrapper().getStatus() != ContainerStatus.ADDING){
 			authorization = new FocusTabVisibleBehavior<>(unwrapModel(), ComponentConstants.UI_FOCUS_TAB_OBJECT_HISTORY_URL, false, isFocusHistoryPage());
 			tabs.add(
-					new PanelTab(parentPage.createStringResource("pageAdminFocus.objectHistory"), authorization) {
+					new PanelTab<R>(parentPage.createStringResource("pageAdminFocus.objectHistory"), authorization) {
 
 						private static final long serialVersionUID = 1L;
 
@@ -236,7 +237,7 @@ public WebMarkupContainer createPanel(String panelId) {
 
 		authorization = new FocusTabVisibleBehavior<>(unwrapModel(),
 				ComponentConstants.UI_FOCUS_TAB_MEMBERS_URL, false, isFocusHistoryPage());
-		tabs.add(new PanelTab(parentPage.createStringResource("pageRole.members"), authorization) {
+		tabs.add(new PanelTab<R>(parentPage.createStringResource("pageRole.members"), authorization) {
 
 			private static final long serialVersionUID = 1L;
 
@@ -256,7 +257,7 @@ public boolean isVisible() {
 		authorization = new FocusTabVisibleBehavior<>(unwrapModel(),
 				ComponentConstants.UI_FOCUS_TAB_GOVERNANCE_URL, false, isFocusHistoryPage());
 
-		tabs.add(new PanelTab(parentPage.createStringResource("pageRole.governance"), authorization) {
+		tabs.add(new PanelTab<R>(parentPage.createStringResource("pageRole.governance"), authorization) {
 
 			private static final long serialVersionUID = 1L;
 
@@ -274,8 +275,38 @@ public boolean isVisible() {
 		return tabs;
 	}
 
-	public abstract AbstractRoleMemberPanel<R> createGovernancePanel(String panelId);
 
+	public AbstractRoleMemberPanel<R> createMemberPanel(String panelId) {
+
+		return new AbstractRoleMemberPanel<R>(panelId, new Model<>(getObject().asObjectable())) {
+
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			protected List<QName> getSupportedRelations() {
+				List<QName> relations =  WebComponentUtil.getCategoryRelationChoices(AreaCategoryType.ADMINISTRATION, getDetailsPage());
+				List<QName> governance = WebComponentUtil.getCategoryRelationChoices(AreaCategoryType.GOVERNANCE, getDetailsPage());
+				governance.forEach(r -> relations.remove(r));
+				return relations;
+			}
+
+		};
+	}
+
+
+	public AbstractRoleMemberPanel<R> createGovernancePanel(String panelId) {
+
+		return new AbstractRoleMemberPanel<R>(panelId, new Model<>(getObject().asObjectable())) {
+
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			protected List<QName> getSupportedRelations() {
+				return WebComponentUtil.getCategoryRelationChoices(AreaCategoryType.GOVERNANCE, getDetailsPage());
+			}
+
+		};
+	}
 
 	private boolean isAllowedToReadRoleMembership(String abstractRoleOid, PageBase parentPage){
 		return isAllowedToReadRoleMembershipItemForType(abstractRoleOid, UserType.class, parentPage)
@@ -284,7 +315,7 @@ private boolean isAllowedToReadRoleMembership(String abstractRoleOid, PageBase p
 				|| isAllowedToReadRoleMembershipItemForType(abstractRoleOid, ServiceType.class, parentPage);
 	}
 
-	private boolean isAllowedToReadRoleMembershipItemForType(String abstractRoleOid, Class type, PageBase parentPage){
+	private <F extends FocusType> boolean isAllowedToReadRoleMembershipItemForType(String abstractRoleOid, Class<F> type, PageBase parentPage){
 		ObjectQuery query = QueryBuilder.queryFor(type, parentPage.getPrismContext())
 				.item(FocusType.F_ROLE_MEMBERSHIP_REF).ref(abstractRoleOid).build();
 		Task task = parentPage.createSimpleTask(OPERATION_CAN_SEARCH_ROLE_MEMBERSHIP_ITEM);
@@ -299,8 +330,7 @@ private boolean isAllowedToReadRoleMembershipItemForType(String abstractRoleOid,
         return isAllowed;
     }
 
-	public abstract AbstractRoleMemberPanel<R> createMemberPanel(String panelId);
-
+
 	private WebMarkupContainer createFocusPolicyRulesTabPanel(String panelId, PageAdminObjectDetails<R> parentPage) {
 		return new FocusPolicyRulesTabPanel<>(panelId, getMainForm(), getObjectModel(), parentPage);
 	}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerValueWrapper.java

@@ -411,7 +411,6 @@ public PrismContainerValue<C> createContainerValueAddDelta() throws SchemaExcept
 			} else {
 
 				PropertyOrReferenceWrapper propOrRef = (PropertyOrReferenceWrapper) item;
-				ItemPath path = propOrRef.getPath();
 				ItemDelta itemDelta = collectAddModifications(propOrRef);
 
 				ItemPath itemPath = itemDelta.getParentPath().remainder(getContainer().getPath());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapperFactory.java

@@ -250,7 +250,14 @@ private <C extends Containerable> List<ContainerValueWrapper<C>> createContainer
 	    	}
 
 	    	container.getValues().forEach(pcv -> {
-	    		ContainerValueWrapper<C> containerValueWrapper = createContainerValueWrapper(cWrapper, pcv, cWrapper.getObjectStatus(), cWrapper.getStatus() == ContainerStatus.ADDING ? ValueStatus.ADDED : ValueStatus.NOT_CHANGED, pcv.getPath(), task);
+	    		ValueStatus status = ValueStatus.NOT_CHANGED;
+	    		ItemPath pcvPath = pcv.getPath();
+	    		if (cWrapper.getStatus() == ContainerStatus.ADDING) {
+	    			status = ValueStatus.ADDED;
+	    			pcvPath = cWrapper.getPath();
+	    		}
+
+	    		ContainerValueWrapper<C> containerValueWrapper = createContainerValueWrapper(cWrapper, pcv, cWrapper.getObjectStatus(), status, pcvPath, task);
     			containerValueWrappers.add(containerValueWrapper);
 	    	});
 
@@ -388,7 +395,7 @@ private <T, C extends Containerable> PropertyWrapper<T> createPropertyWrapper(
 			PrismProperty<T> newProperty = def.instantiate();
 			// We cannot just get path from newProperty.getPath(). The property is not added to the container, so it does not know its path.
 			// Definitions are reusable, they do not have paths either.
-			ItemPath propPath = containerValue.getPath().subPath(newProperty.getElementName());
+			ItemPath propPath = cWrapper.getPath().subPath(newProperty.getElementName());
 			return new PropertyWrapper(cWrapper, newProperty, propertyIsReadOnly, ValueStatus.ADDED, propPath);
 		}
 		return new PropertyWrapper(cWrapper, property, propertyIsReadOnly, cWrapper.getStatus() == ValueStatus.ADDED ? ValueStatus.ADDED: ValueStatus.NOT_CHANGED, property.getPath());
@@ -409,7 +416,7 @@ private <C extends Containerable> ReferenceWrapper createReferenceWrapper(PrismR
         if (reference == null) {
         	PrismReference newReference = def.instantiate();
         	refWrapper = new ReferenceWrapper(cWrapper, newReference, propertyIsReadOnly,
-                    ValueStatus.ADDED, containerValue.getPath().subPath(newReference.getElementName()));
+                    ValueStatus.ADDED, cWrapper.getPath().subPath(newReference.getElementName()));
         } else {
 
         	refWrapper = new ReferenceWrapper(cWrapper, reference, propertyIsReadOnly,

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceContentPanel.java

@@ -25,6 +25,7 @@
 import com.evolveum.midpoint.gui.api.component.PendingOperationPanel;
 import com.evolveum.midpoint.web.component.menu.cog.ButtonInlineMenuItem;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
@@ -39,6 +40,7 @@
 import org.apache.wicket.model.AbstractReadOnlyModel;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.apache.wicket.model.PropertyModel;
 import org.apache.wicket.model.StringResourceModel;
 import org.apache.wicket.model.util.ListModel;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
@@ -689,16 +691,7 @@ public void onClick(AjaxRequestTarget target, IModel<SelectableBean<ShadowType>>
 			@Override
 			public void populateItem(Item<ICellPopulator<SelectableBean<ShadowType>>> cellItem,
 									 String componentId, IModel<SelectableBean<ShadowType>> rowModel) {
-				cellItem.add(new PendingOperationPanel(componentId, new AbstractReadOnlyModel<List<PendingOperationType>>() {
-
-					private static final long serialVersionUID = 1L;
-
-					@Override
-					public List<PendingOperationType> getObject() {
-						SelectableBean<ShadowType> bean = rowModel.getObject();
-						return bean.getValue().getPendingOperation();
-					}
-				}));
+				cellItem.add(new PendingOperationPanel(componentId, new PropertyModel<List<PendingOperationType>>(rowModel, SelectableBean.F_VALUE + "." + ShadowType.F_PENDING_OPERATION.getLocalPart())));
 			}
 		});
 		return columns;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/AbstractRoleMemberPanel.java

@@ -18,6 +18,8 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
@@ -43,6 +45,7 @@
 import org.apache.wicket.markup.repeater.Item;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.springframework.security.access.AuthorizationServiceException;
 
 import com.evolveum.midpoint.gui.api.GuiStyleConstants;
 import com.evolveum.midpoint.gui.api.component.BasePanel;
@@ -88,6 +91,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 
 import static com.evolveum.midpoint.gui.api.util.WebComponentUtil.isAuthorized;
@@ -117,7 +121,6 @@ protected enum MemberOperation {
 	private static final String ID_OBJECT_TYPE = "type";
 	private static final String ID_TENANT = "tenant";
 	private static final String ID_PROJECT = "project";
-	private static final String ID_INDIRECT_MEMBERS_CONTAINER = "indirectMembersContainer";
 	private static final String ID_INDIRECT_MEMBERS = "indirectMembers";
 
 	protected static final String ID_SEARCH_SCOPE = "searchScope";
@@ -128,15 +131,24 @@ protected enum MemberOperation {
 
 
 	protected static final String ID_SEARCH_BY_RELATION = "searchByRelation";
-	private TableId tableId;
-	private Map<String, String> authorizations;
-
+//	private TableId tableId;
+	private static Map<QName, Map<String, String>> authorizations = new HashMap<>();
+	private static Map<QName, TableId> tablesId = new HashMap<>();
 
+	static {
+		tablesId.put(RoleType.COMPLEX_TYPE, TableId.ROLE_MEMEBER_PANEL);
+		tablesId.put(ServiceType.COMPLEX_TYPE, TableId.SERVICE_MEMEBER_PANEL);
+		tablesId.put(OrgType.COMPLEX_TYPE, TableId.ORG_MEMEBER_PANEL);
+	}
+
+	static {
+		authorizations.put(RoleType.COMPLEX_TYPE, GuiAuthorizationConstants.ROLE_MEMBERS_AUTHORIZATIONS);
+		authorizations.put(ServiceType.COMPLEX_TYPE, GuiAuthorizationConstants.SERVICE_MEMBERS_AUTHORIZATIONS);
+		authorizations.put(OrgType.COMPLEX_TYPE, GuiAuthorizationConstants.ORG_MEMBERS_AUTHORIZATIONS);
+	}
 
-	public AbstractRoleMemberPanel(String id, IModel<R> model, TableId tableId, Map<String, String> authorizations) {
+	public AbstractRoleMemberPanel(String id, IModel<R> model) {
 		super(id, model);
-		this.tableId = tableId;
-		this.authorizations = authorizations;
 	}
 
 	@Override
@@ -153,11 +165,8 @@ protected void initLayout() {
 		initMemberTable(form);
 		setOutputMarkupId(true);
 
-//		initCustomLayout(form, getPageBase());
 	}
 
-//	protected abstract void initCustomLayout(Form<?> form, ModelServiceLocator serviceLocator);
-
 	protected Form<?> getForm() {
 		return (Form) get(ID_FORM);
 	}
@@ -170,7 +179,7 @@ private void initMemberTable(Form<?> form) {
 
 		PageBase pageBase =  getPageBase();
 		MainObjectListPanel<ObjectType> childrenListPanel = new MainObjectListPanel<ObjectType>(
-				ID_MEMBER_TABLE, ObjectType.class, tableId, getSearchOptions(), pageBase) {
+				ID_MEMBER_TABLE, ObjectType.class, getTableId(getComplexTypeQName()), getSearchOptions(), pageBase) {
 
 			private static final long serialVersionUID = 1L;
 
@@ -235,6 +244,18 @@ protected ObjectQuery createContentQuery() {
         childrenListPanel.setOutputMarkupId(true);
         memberContainer.add(childrenListPanel);
     }
+
+	private TableId getTableId(QName complextType) {
+		return tablesId.get(complextType);
+	}
+
+	private Map<String, String> getAuthorizations(QName complexType) {
+		return authorizations.get(complexType);
+	}
+
+	private QName getComplexTypeQName() {
+		return getModelObject().asPrismObject().getComplexTypeDefinition().getTypeName();
+	}
 
     private List<InlineMenuItem> createRowActions() {
         List<InlineMenuItem> menu = new ArrayList<>();
@@ -343,7 +364,8 @@ public void onClick(AjaxRequestTarget target) {
 	protected abstract List<QName> getSupportedRelations();
 
 	private boolean isAuthorized(String action) {
-		return WebComponentUtil.isAuthorized(authorizations.get(action));
+		Map<String, String> memeberAuthz = getAuthorizations(getComplexTypeQName());
+		return WebComponentUtil.isAuthorized(memeberAuthz.get(action));
 	}
 
 	protected <O extends ObjectType> void assignMembers(AjaxRequestTarget target, List<QName> availableRelationList) {