Object template for object subtypes

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -9413,7 +9413,17 @@
 			<xsd:element name="type" type="xsd:QName">
 				<xsd:annotation>
 					<xsd:documentation>
-						Specification of the type (class) of the object to apply this template to.
+						Specification of the type (class) of the object to apply this definition to.
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="subType" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>
+						Specification of the subtype of the object to apply this template to.
+						If no subtype is specified then this definition will be applied to all subtypes.
+						The subtype is compared agains the subType property but it is also compared to the
+						deprecated employeeType, roleType, orgType and serviceType properties.
 					</xsd:documentation>
 				</xsd:annotation>
 			</xsd:element>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java

@@ -244,7 +244,7 @@ public <O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(P
 
 		ObjectTemplateType objectTemplateType;
 		try {
-			objectTemplateType = schemaTransformer.determineObjectTemplate(object.getCompileTimeClass(), phase, result);
+			objectTemplateType = schemaTransformer.determineObjectTemplate(object, phase, result);
 		} catch (ConfigurationException | ObjectNotFoundException e) {
 			result.recordFatalError(e);
 			throw e;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelUtils.java

@@ -15,6 +15,9 @@
  */
 package com.evolveum.midpoint.model.impl.controller;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
@@ -31,6 +34,9 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectTemplateType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 
@@ -97,18 +103,34 @@ public static <O extends ObjectType> String getOperationUrlFromDelta(ObjectDelta
 		}
 		throw new IllegalArgumentException("Unknown delta type "+delta);
 	}
+
+	public static <O extends ObjectType> ObjectPolicyConfigurationType determineObjectPolicyConfiguration(PrismObject<O> object, SystemConfigurationType systemConfigurationType) throws ConfigurationException {
+		List<String> subTypes = determineSubTypes(object);
+		return determineObjectPolicyConfiguration(object.getCompileTimeClass(), subTypes, systemConfigurationType);
+	}
 
-	public static <O extends ObjectType> ObjectPolicyConfigurationType determineObjectPolicyConfiguration(Class<O> objectClass, SystemConfigurationType systemConfigurationType) throws ConfigurationException {
+	public static <O extends ObjectType> ObjectPolicyConfigurationType determineObjectPolicyConfiguration(Class<O> objectClass, List<String> objectSubtypes, SystemConfigurationType systemConfigurationType) throws ConfigurationException {
+		ObjectPolicyConfigurationType applicablePolicyConfigurationType = null;
 		for (ObjectPolicyConfigurationType aPolicyConfigurationType: systemConfigurationType.getDefaultObjectPolicyConfiguration()) {
 			QName typeQName = aPolicyConfigurationType.getType();
 			ObjectTypes objectType = ObjectTypes.getObjectTypeFromTypeQName(typeQName);
 			if (objectType == null) {
 				throw new ConfigurationException("Unknown type "+typeQName+" in default object policy definition in system configuration");
 			}
 			if (objectType.getClassDefinition() == objectClass) {
-				return aPolicyConfigurationType;
+				String aSubType = aPolicyConfigurationType.getSubType();
+				if (aSubType == null) {
+					if (applicablePolicyConfigurationType == null) {
+						applicablePolicyConfigurationType = aPolicyConfigurationType;
+					}
+				} else if (objectSubtypes != null && objectSubtypes.contains(aSubType)) {
+					applicablePolicyConfigurationType = aPolicyConfigurationType;
+				}
 			}
 		}
+		if (applicablePolicyConfigurationType != null) {
+			return applicablePolicyConfigurationType;
+		}
 
 		// Deprecated
 		for (ObjectPolicyConfigurationType aPolicyConfigurationType: systemConfigurationType.getObjectTemplate()) {
@@ -135,5 +157,29 @@ public static <O extends ObjectType> ObjectPolicyConfigurationType determineObje
 
 		return null;
 	}
+
+	public static <O extends ObjectType> List<String> determineSubTypes(PrismObject<O> object) {
+		if (object == null) {
+			return null;
+		}
+
+		// TODO: get subType (from ObjectType)
+
+		if (object.canRepresent(UserType.class)) {
+			return (((UserType)object.asObjectable()).getEmployeeType());
+		}
+		if (object.canRepresent(OrgType.class)) {
+			return (((OrgType)object.asObjectable()).getOrgType());
+		}
+		if (object.canRepresent(RoleType.class)) {
+			List<String> roleTypes = new ArrayList<>(1);
+			roleTypes.add((((RoleType)object.asObjectable()).getRoleType()));
+			return roleTypes;
+		}
+		if (object.canRepresent(ServiceType.class)) {
+			return (((ServiceType)object.asObjectable()).getServiceType());
+		}
+		return null;
+	}
 
 }

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java

@@ -213,7 +213,7 @@ public <O extends ObjectType> void applySchemasAndSecurity(PrismObject<O> object
 
 		ObjectTemplateType objectTemplateType;
 		try {
-			objectTemplateType = determineObjectTemplate(object.getCompileTimeClass(), AuthorizationPhaseType.REQUEST, result);
+			objectTemplateType = determineObjectTemplate(object, AuthorizationPhaseType.REQUEST, result);
 		} catch (ConfigurationException | ObjectNotFoundException e) {
 			result.recordFatalError(e);
 			throw e;
@@ -382,14 +382,29 @@ public AuthorizationDecisionType computeItemDecision(ObjectSecurityConstraints s
     	}
 	}
 
+    public <O extends ObjectType> ObjectTemplateType determineObjectTemplate(PrismObject<O> object, AuthorizationPhaseType phase, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException {
+    	PrismObject<SystemConfigurationType> systemConfiguration = Utils.getSystemConfiguration(cacheRepositoryService, result);
+    	if (systemConfiguration == null) {
+    		return null;
+    	}
+    	ObjectPolicyConfigurationType objectPolicyConfiguration = ModelUtils.determineObjectPolicyConfiguration(object, systemConfiguration.asObjectable());
+    	if (objectPolicyConfiguration == null) {
+    		return null;
+    	}
+    	ObjectReferenceType objectTemplateRef = objectPolicyConfiguration.getObjectTemplateRef();
+    	if (objectTemplateRef == null) {
+    		return null;
+    	}
+    	PrismObject<ObjectTemplateType> template = cacheRepositoryService.getObject(ObjectTemplateType.class, objectTemplateRef.getOid(), null, result);
+    	return template.asObjectable();
+    }
 
-
-    public <O extends ObjectType> ObjectTemplateType determineObjectTemplate(Class<O> objectType, AuthorizationPhaseType phase, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException {
+    public <O extends ObjectType> ObjectTemplateType determineObjectTemplate(Class<O> objectClass, AuthorizationPhaseType phase, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException {
     	PrismObject<SystemConfigurationType> systemConfiguration = Utils.getSystemConfiguration(cacheRepositoryService, result);
     	if (systemConfiguration == null) {
     		return null;
     	}
-    	ObjectPolicyConfigurationType objectPolicyConfiguration = ModelUtils.determineObjectPolicyConfiguration(objectType, systemConfiguration.asObjectable());
+    	ObjectPolicyConfigurationType objectPolicyConfiguration = ModelUtils.determineObjectPolicyConfiguration(objectClass, null, systemConfiguration.asObjectable());
     	if (objectPolicyConfiguration == null) {
     		return null;
     	}

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java

@@ -118,9 +118,10 @@ public <F extends ObjectType> void load(LensContext<F> context, String activityD
     	if (focusContext != null) {
 			loadObjectCurrent(context, result);
 
-	        loadFromSystemConfig(context, result);
-	        context.recomputeFocus();
-
+			context.recomputeFocus();
+
+			loadFromSystemConfig(context, result);
+
 	    	if (FocusType.class.isAssignableFrom(context.getFocusClass())) {
 		        // this also removes the accountRef deltas
 		        loadLinkRefs((LensContext<? extends FocusType>)context, task, result);
@@ -378,9 +379,13 @@ private <F extends ObjectType> void loadFromSystemConfig(LensContext<F> context,
 		SystemConfigurationType systemConfigurationType = systemConfiguration.asObjectable();
 
         if (context.getFocusContext() != null) {
+        	PrismObject<F> object = context.getFocusContext().getObjectAny();
             if (context.getFocusContext().getObjectPolicyConfigurationType() == null) {
-                ObjectPolicyConfigurationType policyConfigurationType =
-                        ModelUtils.determineObjectPolicyConfiguration(context.getFocusContext().getObjectTypeClass(), systemConfigurationType);
+                List<String> subTypes = ModelUtils.determineSubTypes(object);
+				ObjectPolicyConfigurationType policyConfigurationType =
+                        ModelUtils.determineObjectPolicyConfiguration(context.getFocusContext().getObjectTypeClass(), subTypes, 
+                        		systemConfigurationType);
+				LOGGER.trace("Selected policy configuration: {}", policyConfigurationType);
                 context.getFocusContext().setObjectPolicyConfigurationType(policyConfigurationType);
             }
         }

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java

@@ -80,7 +80,7 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final String USER_TEMPLATE_FILENAME = COMMON_DIR + "/user-template.xml";
 	protected static final String USER_TEMPLATE_OID = "10000000-0000-0000-0000-000000000002";
 
-	protected static final String USER_TEMPLATE_COMPLEX_FILENAME = COMMON_DIR + "/user-template-complex.xml";
+	protected static final File USER_TEMPLATE_COMPLEX_FILE = new File(COMMON_DIR, "user-template-complex.xml");
 	protected static final String USER_TEMPLATE_COMPLEX_OID = "10000000-0000-0000-0000-000000000222";
 
 	protected static final String USER_TEMPLATE_INBOUNDS_FILENAME = COMMON_DIR + "/user-template-inbounds.xml";

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractInitializedModelIntegrationTest.java

@@ -265,7 +265,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 
 		// User Templates
 		repoAddObjectFromFile(USER_TEMPLATE_FILENAME, ObjectTemplateType.class, initResult);
-		repoAddObjectFromFile(USER_TEMPLATE_COMPLEX_FILENAME, ObjectTemplateType.class, initResult);
+		repoAddObjectFromFile(USER_TEMPLATE_COMPLEX_FILE, ObjectTemplateType.class, initResult);
 		repoAddObjectFromFile(USER_TEMPLATE_INBOUNDS_FILENAME, ObjectTemplateType.class, initResult);
 		repoAddObjectFromFile(USER_TEMPLATE_COMPLEX_INCLUDE_FILENAME, ObjectTemplateType.class, initResult);
         repoAddObjectFromFile(USER_TEMPLATE_ORG_ASSIGNMENT_FILENAME, ObjectTemplateType.class, initResult);
@@ -384,30 +384,7 @@ protected void assertDummyAccountShadowModel(PrismObject<ShadowType> accountShad
 
 	protected void setDefaultUserTemplate(String userTemplateOid)
 			throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
-
-		PrismObjectDefinition<SystemConfigurationType> objectDefinition = prismContext.getSchemaRegistry()
-				.findObjectDefinitionByCompileTimeClass(SystemConfigurationType.class);
-
-		Collection<? extends ItemDelta> modifications;
-
-		if (userTemplateOid == null) {
-			modifications = ReferenceDelta.createModificationReplaceCollection(
-					SystemConfigurationType.F_DEFAULT_USER_TEMPLATE_REF,
-					objectDefinition, null);
-		} else {
-			PrismReferenceValue userTemplateRefVal = new PrismReferenceValue(userTemplateOid);
-			modifications = ReferenceDelta.createModificationReplaceCollection(
-						SystemConfigurationType.F_DEFAULT_USER_TEMPLATE_REF,
-						objectDefinition, userTemplateRefVal);
-		}
-
-		OperationResult result = new OperationResult("Aplying default user template");
-
-		repositoryService.modifyObject(SystemConfigurationType.class,
-				SystemObjectsType.SYSTEM_CONFIGURATION.value(), modifications, result);
-		display("Aplying default user template result", result);
-		result.computeStatus();
-		TestUtil.assertSuccess("Aplying default user template failed (result)", result);
+		setDefaultObjectTemplate(UserType.COMPLEX_TYPE, userTemplateOid);
 	}
 
 	protected void assertMonkeyIslandOrgSanity() throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException {

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestUserTemplate.java

@@ -63,6 +63,7 @@
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SecurityViolationException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectTemplateType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
@@ -81,10 +82,16 @@ public class TestUserTemplate extends AbstractInitializedModelIntegrationTest {
 
 	protected static final File ROLE_RASTAMAN_FILE = new File(TEST_DIR, "role-rastaman.xml");
 	protected static final String ROLE_RASTAMAN_OID = "81ac6b8c-225c-11e6-ab0f-87a169c85cca";
+
+	protected static final File USER_TEMPLATE_MAROONED_FILE = new File(TEST_DIR, "user-template-marooned.xml");
+	protected static final String USER_TEMPLATE_MAROONED_OID = "766215e8-5f1e-11e6-94bb-c3b21af53235";
+
 
 	private static final String ACCOUNT_STAN_USERNAME = "stan";
 	private static final String ACCOUNT_STAN_FULLNAME = "Stan the Salesman";
 
+	private static final String EMPLOYEE_TYPE_MAROONED = "marooned";
+
 	private static String jackEmployeeNumber;
 
 	@Override
@@ -94,7 +101,9 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 
         repoAddObjectFromFile(ROLE_RASTAMAN_FILE, RoleType.class, initResult);
 
-		setDefaultUserTemplate(USER_TEMPLATE_COMPLEX_OID);
+        repoAddObjectFromFile(USER_TEMPLATE_MAROONED_FILE, ObjectTemplateType.class, initResult);
+		setDefaultObjectTemplate(UserType.COMPLEX_TYPE, USER_TEMPLATE_COMPLEX_OID, initResult);
+		setDefaultObjectTemplate(UserType.COMPLEX_TYPE, EMPLOYEE_TYPE_MAROONED, USER_TEMPLATE_MAROONED_OID, initResult);
 	}
 
 	@Test
@@ -1143,6 +1152,39 @@ public void test174ModifyUserGuybrushHonorificPrefixNone() throws Exception {
 		assertAssignedNoRole(userAfter);
 	}
 
+	/**
+	 * Setting employee type to marooned. This should cause switch to different user template.
+	 */
+	@Test
+    public void test180ModifyUserGuybrushEmployeeTypeMarooned() throws Exception {
+		final String TEST_NAME = "test180ModifyUserGuybrushEmployeeTypeMarooned";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(TestUserTemplate.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        PrismObject<UserType> userBefore = getUser(USER_GUYBRUSH_OID);
+        display("User before", userBefore);
+        assertAssignedNoRole(userBefore);
+
+		// WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modifyUserReplace(USER_GUYBRUSH_OID, UserType.F_EMPLOYEE_TYPE, task, result, EMPLOYEE_TYPE_MAROONED);
+
+		// THEN
+		TestUtil.displayThen(TEST_NAME);
+		result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+		PrismObject<UserType> userAfter = modelService.getObject(UserType.class, USER_GUYBRUSH_OID, null, task, result);
+		display("User after", userAfter);
+
+		assertEquals("Wrong costCenter", "NOCOST", userAfter.asObjectable().getCostCenter());
+
+		assertAssignedNoRole(userAfter);
+	}
+
 	@Test
     public void test200AddUserRapp() throws Exception {
 		final String TEST_NAME = "test200AddUserRapp";

model/model-intest/src/test/resources/object-template/user-template-marooned.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<objectTemplate oid="766215e8-5f1e-11e6-94bb-c3b21af53235"
+   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+   xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+   xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+   xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
+   xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+   xmlns:piracy='http://midpoint.evolveum.com/xml/ns/samples/piracy'>
+    <name>Marooned User Template</name>
+
+    <item>
+    	<ref>costCenter</ref>
+    	<mapping>
+	    	<strength>strong</strength>
+	    	<expression>
+	            <value>NOCOST</value>    	
+	    	</expression>
+	    </mapping>
+    </item>
+
+</objectTemplate>